Chapter 14 Protection
Protecting processes from one another as operated on resources including files, memory, segments, & CPU
Protection in an internal issue while security also considers the external environment
Protection distinguishes between authorized and unauthorized use
Policies vs. Mechanism
Principle of least privilege
Fine-grained access control
Hardware & software objects
Need-to-know principle (vs. security through obscurity)
Protection Domain
Access rights
Static vs. dynamic
Can be based on user, process, procedure
Unix: setuid bit
Multics: ring structure
Access Matrix -- read, write, execute
Domains (rows) vs. objects
(columns)
Copy, Owner, Control
Confinement problem
Implementing Access Matrix
Global table -- <domain, object, rights>
Too large to be kept in memory, special grouping problems
Access Lists (for objects) -- <domain, rights>
Easy to add defaults
Capability List (for domains) -- <object, rights>, managed by OS
Lock-key Scheme
Comparison (p544)
Access Control
Revocation of Rights
Immediate vs. delayed, selective vs. general, partial vs. total, temporary vs. permanent
Language-based protection
Compiler-based -- declarative, independent of facilities, enforcement need not be specified by designer, natural, easy to update
Comparison with OS (p551)