Page 191 - DCAP403_Operating System
P. 191
Operating System
Notes Information contained in an automated system must be protected from three kinds of threats:
1. Unauthorised disclosure of information,
2. Unauthorised modification of information and
3. Unauthorised withholding of information (usually called denial of service).
To protect the computer systems, you often need to apply some security models. Let us see in the
next section about the various security models available.
10.2 Goals of Protection
The goals of protection are to ensure secrecy, privacy, authenticity and integrity of information.
Table 10.1 provides descriptions of these goals.
Secrecy is a security concern because it is threatened by entities outside an operating system. An
OS addresses it using the authentication service. Privacy is a protection concern. An OS address
addresses privacy through the authorization service and the service and resource manager.
The authorization service determines privileges of a user and the service and resource manager
disallows request that exceed a user’s privileges. It is up to the users to ensure privacy of their
information using this set up. A user who wishes to share his programs and data with a few other
users should set the authorization for his information accordingly. You call it controlled sharing
of information. It is based on the need-to-know principle.
Table 10.1: Goals of Computer Security and Protection
Goals Description
Secrecy Only authorized users should be able to access information. This goal is also called
confi dentiality.
Privacy Information should be used only for the purposes for which it is intended and
shared.
Authenticity It should be possible to verify the source or sender of information, and also verify
that the information is preserved in the form in which it was created or sent.
Integrity It should not be possible to destroy or corrupt information
10.3 Access Matrix and its Implementation
The access matrix model for computer protection is based on abstraction of operating system
structures. Because of its simplicity and generality, it allows a variety of implementation
techniques, as has been widely used.
There are three principal components in the access matrix model:
1. A set of passive objects,
2. A set of active subjects, which may manipulate the objects and
3. A set of rules governing the manipulation of objects by subjects.
Objects are typically files, terminals, devices, and other entities implemented by an operating
system. A subject is a process and a domain (a set of constraints within which the process may
access certain objects). It is important to note that every subject is also an object; thus it may be
read or otherwise manipulated by another subject. The access matrix is a rectangular array with
one row per subject and one column per object. The entry for a particular row and column refl ects
the mode of access between the corresponding subject and object. The mode of access allowed
depends on the type of the object and on the functionality of the system; typical modes are read,
write, append, and execute.
184 LOVELY PROFESSIONAL UNIVERSITY
