Page 280 - DCAP103_Principle of operating system
P. 280
Unit 8: System Protection
• Separation of Duty (SOD): The principle that no user should be given enough privileges to Notes
misuse the system. For example, the person authorizing a paycheck should not also be the
one who can prepare it. Separation of duties can be enforced either statically by defining
conflicting roles (i.e., roles which cannot be executed by the same user) or dynamically
by enforcing the control at access time. An example of dynamic separation of duty is the
two-person rule. The first user to execute a two-person operation can be any authorized
user, whereas the second user can be any authorized user different from the first. There are
various types of SOD; an important one is a history-based SOD that regulates, for example,
the same subject (role) cannot access the same object for a certain number of times.
• Safety: Measures that the access control configuration (e.g., access control mechanism or
model) will not result in the leakage of permissions to an unauthorized principal. Thus,
a configuration is said to be safe if no permission can be leaked to an unauthorized or
unintended principal.
• Domain and Type Enforcement: The grouping of processes into domains, and objects into
types, such that access operations (such as read, write, execute, and create) are restricted
from domains to types and between domains. A process belongs to one domain at any
given time and transits to other domains by sending signals or executing a file in a new
domain.
Give the way of protection used in operating system.
8.3.2 Policies, Models and Mechanisms
When planning an access control system, three abstractions of controls should be considered—
access control policies, models, and mechanisms. Access control policies are high-level
requirements that specify how access is managed and who, under what circumstances, may
access what information. While access control policies can be application-specific and thus taken
into consideration by the application vendor, policies are just likely to pertain to user actions
within the context of an organizational unit or across organizational boundaries. For instance,
policies may pertain to resource usage within or across organizational units or may be based
on need-to-know, competence, authority, obligation, or conflict-of-interest factors. Such policies
may span multiple computing platforms and applications.
At a high level, access control policies are enforced through a mechanism that translates a user’s
access request, often in terms of a structure that a system provides. There are a wide variety of
structures; for example, a simple table lookup can be performed to grant or deny access. Although
no well-accepted standard yet exists for determining their policy support, some access control
mechanisms are direct implementations of formal access control policy concepts.
Rather than attempting to evaluate and analyze access control systems exclusively at the
mechanism level, security models are usually written to describe the security properties of an
access control system. A model is a formal presentation of the security policy enforced by the
system and is useful for proving theoretical limitations of a system. Access control models are
of general interest to both users and vendors. They bridge the rather wide gap in abstraction
between policy and mechanism. Access control mechanisms can be designed to adhere to the
properties of the model. Users see an access control model as an unambiguous and precise
expression of requirements. Vendors and system developers see access control models as
design and implementation requirements. On one extreme, an access control model may be
rigid in its implementation of a single policy. On the other extreme, a security model will allow
for the expression and enforcement of a wide variety of policies and policy classes. As stated
previously, the focus of this document is on the practical side of the access control system;
detailed descriptions of access control models are not included in this publication.
LOVELY PROFESSIONAL UNIVERSITY 273
