Page 273 - DCAP103_Principle of operating system
P. 273
Principles of Operating Systems
Notes Objectives
After studying this unit, you will be able to:
• Discuss goals of protection of system protection
• Explain access matrix
• Understand implementation of access matrix
• Discuss access control
• Explain revocation of access rights
• Understand capability based system
Introduction
The processes in an operating system must be protected from one another’s activities. To provide
such protection, we can use various mechanisms to ensure that only processes that have gained
proper authorization from the operating system can operate on the files, memory segments,
CPU, and other resources of a system. Protection refers to a mechanism for controlling the
access of programs, processes, or users to the resources defined by a computer system. This
mechanism must provide a means for specifying the controls to be imposed, together with a
means of enforcement. We distinguish between protection and security, which is a measure of
confidence that the integrity of a system and its data will be preserved.
8.1 Goals of Protection
Implementation of protection in an OS generally involves three factors. The interface to the user,
the interface to the hardware, and the decision making process with regard to filling requests.
If we expand our thinking, we can make the same statement about protection in any
environment where there are external users, underlying capabilities, and a protection function
to be performed.
Because the external interface is so heterogeneous and so little has been done to model its effect
on protection systems, it is difficult to cover it at more than a cursory level. Hardware protection
and the decision making mechanisms are fairly well developed arts, however, so we will cover
them here at length.
8.1.1 Computer Architecture to Support OS Protection
The implementation of protection in OSs almost always depends heavily on a hardware separation
mechanisms. A separation mechanism is a way to partition information into areas that only
communicate through well-defined and controlled channels. In order to enforce separation
against a serious attacker, it is insufficient to make information flow inconvenient or available
only to the knowledgeable as is the case in most personal computer systems.
One way to provide protection is to simulate a hypothetical machine on a physical machine so
that all operations of the hypothetical machine are controlled by the simulation. This could be
as secure a system as any purely physical system, but the performance of the physical machine
is severely reduced because most of the time is spent in controlling the simulation rather than
266 LOVELY PROFESSIONAL UNIVERSITY
