Page 204 - DCAP403_Operating System
P. 204

Unit 10: System Protection






          a clearly bad thing. Matters can be much simplified by giving nurses certificates that entitle them   Notes
          to access the files associated with their current ward. Such a system is starting to be fielded at our


          university hospital.
          One point to bear in mind is that as public key certificates are often considered to be “crypto”

          rather than “access control,” their implications for access control policies and architectures are
          not always thought through. The unit that could have been learned from the capability systems
          of the 1970s are generally having to be rediscovered (the hard way). In general, the boundary
          between crypto and access control is a fault line where things can easily go wrong. The experts
          often come from different backgrounds, and the products from different suppliers.

          10.8 Summary

               Access control mechanisms operate at a number of levels in a system, from applications
               down through the operating system to the hardware.

               Higher-level mechanisms can be more expressive, but also tend to be more vulnerable
               to attack, for a variety of reasons ranging from intrinsic complexity to implementer skill
               levels.

               Most attacks involve the opportunistic exploitation of bugs; and software that is very large,
               very widely used, or both (as with operating systems) is particularly likely to have security
               bugs found and publicized.
               Operating systems are also vulnerable to environmental changes that undermine the
               assumptions used in their design.

          10.9 Keywords



          Access control: It is the process by which users are identified and granted certain privileges to
          information, systems, or resources.
          Access control device: It properly identifies people, and verifies their identity through an


          authentication process so they can be held accountable for their actions.
          Authentication: It is a process by which you verify that someone is who they claim they are.

          Authorization: It is finding out if the person, once identified, is permitted to have the resource.

          Smart card: It is a device typically the size and shape of a credit card and contains one or more
          integrated chips that perform the functions of a computer with a microprocessor, memory, and
          input/output.

          10.10 Self Assessment


          State whether the following statements are true or false:
          1.   An automated system can also offer new kinds of access control.
          2.   Information should not be used only for the purposes for which it is intended and shared.
          3.   The access matrix model for computer protection is based on abstraction of operating
               system structures.
          4.   Role-based access control enforces access controls does not depends upon a user’s role(s).
          5.   Take-grant models use graphs to model access control.







                                           LOVELY PROFESSIONAL UNIVERSITY                                   197
   199   200   201   202   203   204   205   206   207   208   209