OS Protection

  • Post author:
Download PDF
Advertisement

OS Protection

Principles of Protection

  • The principle of least privilege commands that users, programs and systems be given just an adequate amount of privileges to perform their tasks.
  • This make sure that failures do the slightest amount of harm and allow the least of harm to be done.
  • Normally, each user is given their own account, and has only adequate privilege to modify their own files.
  • The root-account should not be used for usual day to day events. The System Administrator should also have a normal account, and standby use of the root account for only those tasks which need the root privileges

Domain of Protection

  • A computer might be noticed as a collection of processes and objects both HW & SW.
  • The requisite to know principle states that a process should only have access to those objects it desires to accomplish its task, and moreover only in the manners for which it needs access and only during the time frame when it requires access.
  • The approaches available for a specific object may depend upon its type.

Access Matrix

  • The ideal of protection that have been discussing might be viewed as an access matrix
    Advertisement
    in which columns signify different system resources and rows denote different protection domains. Entries within the matrix specify what access that domain has to that resource.
Object/Domain F1 F2 F3 F4
D1 Read Read
D2 Print
D3 Read Execute
D4 Read/Write Read/write

Figure: Matrix Access

Implementation of Access Matrix

Access matrix can be implemented by given practices:

  • Global table
  • Access lists for objects
  • Capability lists for domains
  • A lock and key mechanism
  • Comparison

Access Control

  • Role-Based Access Control (RBAC) allocates privileges to programs, users or roles as suitable, where “privileges” refer to the right to call certain system calls, or to use certain restrictions with those calls.
  • RBAC supports the principle of least-privilege, and decreases the susceptibility to abuse as opposed to SGID or SUID programs.

OS Protection

Operating System Security

Advertisement