SlideShare une entreprise Scribd logo

Security & Protection

Télécharger en tant que PPT, PDF
vinay arora
vinay arora
Formation
1  sur  21
Protection & Security Organized By: V.A. V.A. CSED,TU
Disclaimer This is NOT A COPYRIGHT MATERIAL Content has been taken mainly from the following books: Operating Systems Concepts By Silberschatz & Galvin , Operating systems By D M Dhamdhere, System Programming By John J Donovan etc… VA. CSED,TU
Protection – Goals & Principle  Each Object has a Unique Name and can be accessed through a well-defined set of Operations.  Ensure that each Object is accessed correctly and only by those Processes that are allowed to do so.  Guiding Principle – Principle of Least Privilege  Programs, users and systems should be given just enough privileges to perform their tasks VA. CSED,TU
Domain Structure  Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object.  Domain = Set of Access-Rights  Domain can be realized in variety of ways: Each User, Each Process and Each Procedure. VA. CSED,TU
Access Matrix  View Protection as a MATRIX (access matrix)  Rows represent Domains  Columns represent Objects  Access (i, j) is the Set Of Operations that a process executing in Domaini can invoke on Objectj VA. CSED,TU
Access Control Matrix  Access control matrix consists of triple parts such as subject, object, and access operation.  A SUBJECT is an Active Entity in a computer system such as User, Program, Process and Thread.  An OBJECT is a Passive Entity or System Resource such as File, Directory, Database Record and Printer.  In Access Control Matrix’s schema, the Subjects and Objects are placed in a table. Each row represents a Subject and each column represents an Object.  The data inside the table are Set Of Access Operations such as read, write, and execute. The access operations are responsible for interactions between subjects and objects. VA. CSED,TU
Access Matrix VA. CSED,TU
Use of Access Matrix  If a Process in Domain Di tries to do “op” on object Oj, then “op” must be in the ACCESS MATRIX.  Can be Expanded to DYNAMIC PROTECTION.  Operations to ADD, DELETE access rights.  Special Access Rights:  Owner of Oi  Copy op from Oi to Oj  Control – Di can modify Dj access rights  Transfer – Switch from domain Di to Dj VA. CSED,TU
Access Matrix – Showing Switch VA. CSED,TU
Role Based Access Control VA. CSED,TU
Sample Access Matrix The Derivative forms of access control matrix such as Access Control List (ACL) and Capability List (C-list) are better applied. VA. CSED,TU
Access Control List VA. CSED,TU
ACL When we look for Insurance Data we can write: VA. CSED,TU
C-List VA. CSED,TU
C-List When we look for Alice’s C-list we can write: VA. CSED,TU
ACL vs CL VA. CSED,TU
Security  Security must consider External Environment of the System and protect the system resources  Intruders (crackers) attempt to breach security  THREAT is potential security violation  ATTACK is attempt to breach security  Attack can be accidental or malicious  Easier to protect against accidental than malicious misuse VA. CSED,TU
Security Violations  Categories  Breach of confidentiality  Breach of integrity  Breach of availability  Theft of service  Denial of service  Methods  Masquerading (breach authentication)  Replay attack  Message modification  Man-in-the-middle attack  Session hijacking VA. CSED,TU
Security Attacks VA. CSED,TU
Reference List Operating Systems Concepts By Silberschatz & Galvin, Operating systems By D M Dhamdhere, System Programming By John J Donovan, www.os-book.com www.cs.jhu.edu/~yairamir/cs418/os2/sld001.htm http://gaia.ecs.csus.edu/~zhangd/oscal/pscheduling.html http://www.edugrid.ac.in/iiitmk/os/os_module03.htm http://williamstallings.com/OS/Animations.html etc… VA. CSED,TU
Thnx… VA. CSED,TU

Recommandé

Process Synchronization
Process SynchronizationProcess Synchronization
Process Synchronizationvinay arora
 
4 java - decision
4 java - decision4 java - decision
4 java - decisionvinay arora
 
Uta005 lecture1
Uta005 lecture1Uta005 lecture1
Uta005 lecture1vinay arora
 
2 java - operators
2 java - operators2 java - operators
2 java - operatorsvinay arora
 
1 java - data type
1 java - data type1 java - data type
1 java - data typevinay arora
 
6 java - loop
6 java - loop6 java - loop
6 java - loopvinay arora
 
Search engine and web crawler
Search engine and web crawlerSearch engine and web crawler
Search engine and web crawlervinay arora
 
3 java - variable type
3 java - variable type3 java - variable type
3 java - variable typevinay arora
 

Recommandé

Process Synchronization
Process SynchronizationProcess Synchronization
Process Synchronizationvinay arora
 
4 java - decision
4 java - decision4 java - decision
4 java - decisionvinay arora
 
Uta005 lecture1
Uta005 lecture1Uta005 lecture1
Uta005 lecture1vinay arora
 
2 java - operators
2 java - operators2 java - operators
2 java - operatorsvinay arora
 
1 java - data type
1 java - data type1 java - data type
1 java - data typevinay arora
 
6 java - loop
6 java - loop6 java - loop
6 java - loopvinay arora
 
Search engine and web crawler
Search engine and web crawlerSearch engine and web crawler
Search engine and web crawlervinay arora
 
3 java - variable type
3 java - variable type3 java - variable type
3 java - variable typevinay arora
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - ProtectionWayne Jones Jnr
 
Protection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemProtection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemMeghaj Mallick
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 
OSCh18
OSCh18OSCh18
OSCh18Joe Christensen
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18Supriya Shrivastava
 
Chapter23
Chapter23Chapter23
Chapter23gourab87
 
Trusted systems1
Trusted systems1Trusted systems1
Trusted systems1Sumita Das
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Protection
ProtectionProtection
ProtectionBellal Hossain
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6AfiqEfendy Zaen
 
14.Protection
14.Protection14.Protection
14.ProtectionSenthil Kanth
 
Surviving Web Security
Surviving Web SecuritySurviving Web Security
Surviving Web SecurityGergely Németh
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injectionA. Shamel
 
Security Policies
Security PoliciesSecurity Policies
Security Policiesphanleson
 
E content ns
E content nsE content ns
E content nsNIVEDHINIMANIVANNAN
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorizationzakieh alizadeh
 
multilevel security Database
multilevel security Database multilevel security Database
multilevel security DatabaseVrundaBhavsar
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
Use case diagram (airport)
Use case diagram (airport)Use case diagram (airport)
Use case diagram (airport)vinay arora
 
Use case diagram
Use case diagramUse case diagram
Use case diagramvinay arora
 

Contenu connexe

Similaire à Security & Protection

Protection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemProtection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemMeghaj Mallick
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OSC.U
 
Trusted systems1
Trusted systems1Trusted systems1
Trusted systems1Sumita Das
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6AfiqEfendy Zaen
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injectionA. Shamel
 
Security Policies
Security PoliciesSecurity Policies
Security Policiesphanleson
 
multilevel security Database
multilevel security Database multilevel security Database
multilevel security DatabaseVrundaBhavsar
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 

Similaire à Security & Protection (20)

Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
Protection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating SystemProtection Structures & Capabilities in Operating System
Protection Structures & Capabilities in Operating System
 
Ch18 OS
Ch18 OSCh18 OS
Ch18 OS
 
OSCh18
OSCh18OSCh18
OSCh18
 
OS_Ch18
OS_Ch18OS_Ch18
OS_Ch18
 
Chapter23
Chapter23Chapter23
Chapter23
 
Trusted systems1
Trusted systems1Trusted systems1
Trusted systems1
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Protection
ProtectionProtection
Protection
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
 
14.Protection
14.Protection14.Protection
14.Protection
 
Surviving Web Security
Surviving Web SecuritySurviving Web Security
Surviving Web Security
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injection
 
Security Policies
Security PoliciesSecurity Policies
Security Policies
 
E content ns
E content nsE content ns
E content ns
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
multilevel security Database
multilevel security Database multilevel security Database
multilevel security Database
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systems
 

Plus de vinay arora

Use case diagram (airport)
Use case diagram (airport)Use case diagram (airport)
Use case diagram (airport)vinay arora
 
Use case diagram
Use case diagramUse case diagram
Use case diagramvinay arora
 
Lab exercise questions (AD & CD)
Lab exercise questions (AD & CD)Lab exercise questions (AD & CD)
Lab exercise questions (AD & CD)vinay arora
 
SEM - UML (1st case study)
SEM - UML (1st case study)SEM - UML (1st case study)
SEM - UML (1st case study)vinay arora
 
CG - Output Primitives
CG - Output PrimitivesCG - Output Primitives
CG - Output Primitivesvinay arora
 
CG - Display Devices
CG - Display DevicesCG - Display Devices
CG - Display Devicesvinay arora
 
CG - Input Output Devices
CG - Input Output DevicesCG - Input Output Devices
CG - Input Output Devicesvinay arora
 
CG - Introduction to Computer Graphics
CG - Introduction to Computer GraphicsCG - Introduction to Computer Graphics
CG - Introduction to Computer Graphicsvinay arora
 
C Prog. - Strings (Updated)
C Prog. - Strings (Updated)C Prog. - Strings (Updated)
C Prog. - Strings (Updated)vinay arora
 
C Prog. - Structures
C Prog. - StructuresC Prog. - Structures
C Prog. - Structuresvinay arora
 
A&D - Object Oriented Design using UML
A&D - Object Oriented Design using UMLA&D - Object Oriented Design using UML
A&D - Object Oriented Design using UMLvinay arora
 
C Prog - Strings
C Prog - StringsC Prog - Strings
C Prog - Stringsvinay arora
 
C Prog - Pointers
C Prog - PointersC Prog - Pointers
C Prog - Pointersvinay arora
 
A&D - Input Design
A&D - Input DesignA&D - Input Design
A&D - Input Designvinay arora
 
A&D - Object Oriented Analysis using UML
A&D - Object Oriented Analysis using UMLA&D - Object Oriented Analysis using UML
A&D - Object Oriented Analysis using UMLvinay arora
 

Plus de vinay arora (20)

Use case diagram (airport)
Use case diagram (airport)Use case diagram (airport)
Use case diagram (airport)
 
Use case diagram
Use case diagramUse case diagram
Use case diagram
 
Lab exercise questions (AD & CD)
Lab exercise questions (AD & CD)Lab exercise questions (AD & CD)
Lab exercise questions (AD & CD)
 
SEM - UML (1st case study)
SEM - UML (1st case study)SEM - UML (1st case study)
SEM - UML (1st case study)
 
Uta005 lecture3
Uta005 lecture3Uta005 lecture3
Uta005 lecture3
 
Uta005 lecture2
Uta005 lecture2Uta005 lecture2
Uta005 lecture2
 
CG - Output Primitives
CG - Output PrimitivesCG - Output Primitives
CG - Output Primitives
 
CG - Display Devices
CG - Display DevicesCG - Display Devices
CG - Display Devices
 
CG - Input Output Devices
CG - Input Output DevicesCG - Input Output Devices
CG - Input Output Devices
 
CG - Introduction to Computer Graphics
CG - Introduction to Computer GraphicsCG - Introduction to Computer Graphics
CG - Introduction to Computer Graphics
 
C Prog. - Strings (Updated)
C Prog. - Strings (Updated)C Prog. - Strings (Updated)
C Prog. - Strings (Updated)
 
C Prog. - Structures
C Prog. - StructuresC Prog. - Structures
C Prog. - Structures
 
A&D - UML
A&D - UMLA&D - UML
A&D - UML
 
A&D - Object Oriented Design using UML
A&D - Object Oriented Design using UMLA&D - Object Oriented Design using UML
A&D - Object Oriented Design using UML
 
C Prog - Strings
C Prog - StringsC Prog - Strings
C Prog - Strings
 
C Prog - Pointers
C Prog - PointersC Prog - Pointers
C Prog - Pointers
 
C Prog - Array
C Prog - ArrayC Prog - Array
C Prog - Array
 
C Prog - Array
C Prog - ArrayC Prog - Array
C Prog - Array
 
A&D - Input Design
A&D - Input DesignA&D - Input Design
A&D - Input Design
 
A&D - Object Oriented Analysis using UML
A&D - Object Oriented Analysis using UMLA&D - Object Oriented Analysis using UML
A&D - Object Oriented Analysis using UML
 

Dernier

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Dernier (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

Security & Protection

  • 1. Protection & Security Organized By: V.A. V.A. CSED,TU
  • 2. Disclaimer This is NOT A COPYRIGHT MATERIAL Content has been taken mainly from the following books: Operating Systems Concepts By Silberschatz & Galvin , Operating systems By D M Dhamdhere, System Programming By John J Donovan etc… VA. CSED,TU
  • 3. Protection – Goals & Principle  Each Object has a Unique Name and can be accessed through a well-defined set of Operations.  Ensure that each Object is accessed correctly and only by those Processes that are allowed to do so.  Guiding Principle – Principle of Least Privilege  Programs, users and systems should be given just enough privileges to perform their tasks VA. CSED,TU
  • 4. Domain Structure  Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object.  Domain = Set of Access-Rights  Domain can be realized in variety of ways: Each User, Each Process and Each Procedure. VA. CSED,TU
  • 5. Access Matrix  View Protection as a MATRIX (access matrix)  Rows represent Domains  Columns represent Objects  Access (i, j) is the Set Of Operations that a process executing in Domaini can invoke on Objectj VA. CSED,TU
  • 6. Access Control Matrix  Access control matrix consists of triple parts such as subject, object, and access operation.  A SUBJECT is an Active Entity in a computer system such as User, Program, Process and Thread.  An OBJECT is a Passive Entity or System Resource such as File, Directory, Database Record and Printer.  In Access Control Matrix’s schema, the Subjects and Objects are placed in a table. Each row represents a Subject and each column represents an Object.  The data inside the table are Set Of Access Operations such as read, write, and execute. The access operations are responsible for interactions between subjects and objects. VA. CSED,TU
  • 7. Access Matrix VA. CSED,TU
  • 8. Use of Access Matrix  If a Process in Domain Di tries to do “op” on object Oj, then “op” must be in the ACCESS MATRIX.  Can be Expanded to DYNAMIC PROTECTION.  Operations to ADD, DELETE access rights.  Special Access Rights:  Owner of Oi  Copy op from Oi to Oj  Control – Di can modify Dj access rights  Transfer – Switch from domain Di to Dj VA. CSED,TU
  • 9. Access Matrix – Showing Switch VA. CSED,TU
  • 10. Role Based Access Control VA. CSED,TU
  • 11. Sample Access Matrix The Derivative forms of access control matrix such as Access Control List (ACL) and Capability List (C-list) are better applied. VA. CSED,TU
  • 12. Access Control List VA. CSED,TU
  • 13. ACL When we look for Insurance Data we can write: VA. CSED,TU
  • 14. C-List VA. CSED,TU
  • 15. C-List When we look for Alice’s C-list we can write: VA. CSED,TU
  • 16. ACL vs CL VA. CSED,TU
  • 17. Security  Security must consider External Environment of the System and protect the system resources  Intruders (crackers) attempt to breach security  THREAT is potential security violation  ATTACK is attempt to breach security  Attack can be accidental or malicious  Easier to protect against accidental than malicious misuse VA. CSED,TU
  • 18. Security Violations  Categories  Breach of confidentiality  Breach of integrity  Breach of availability  Theft of service  Denial of service  Methods  Masquerading (breach authentication)  Replay attack  Message modification  Man-in-the-middle attack  Session hijacking VA. CSED,TU
  • 19. Security Attacks VA. CSED,TU
  • 20. Reference List Operating Systems Concepts By Silberschatz & Galvin, Operating systems By D M Dhamdhere, System Programming By John J Donovan, www.os-book.com www.cs.jhu.edu/~yairamir/cs418/os2/sld001.htm http://gaia.ecs.csus.edu/~zhangd/oscal/pscheduling.html http://www.edugrid.ac.in/iiitmk/os/os_module03.htm http://williamstallings.com/OS/Animations.html etc… VA. CSED,TU