Ch.14 Flashcards
(17 cards)
Goals of protection
Each object is accessed correctly and inky by those processes that are allowed to do so
How does UNIX handle domain switching(3):
Via file system ( setuid)
Via passwords (su)
Via commands (sudo)
Multics benefits
- provides better granularity than simple user/kernel models
- organized in hierarchical rings
Multics limitations
- doesn’t allow strict need to know
- more complex, causes performance overhead
How to implement an access matrix
Option 1- global table
Option 2- access lists for objects
Option 3- capability list a for domains
Option 4- lock key
Dynamic ( principles of protection )
Domain switching
Privilege escalation
What is a domain
Set of access rights
Access matrix design separates —— from ——-
Mechanism( how protection is enforced)
FROM
policy( what protection rules to enforce)
Access matrix design doesn’t solve what problem ?
General confinement problem
Issues of global table
Large
Difficult to group objects
Advantages of access lists of objects
Easily extended to contain default set
Lock key ( components )
Locks —> objects
Keys —> domains
Access rules
Comparison of implementation
Global table; simple, but large
Access list: user centric, but slow
Capability list: process centric, but hard to revoke rights
Lock key: effective and flexible
Key features of hydras capability system
Auxiliary rights
Capability requirement
Rights amplification
User defined rights
Procedural access
Solves mutual distrust
Security library
Process isolation key points
Prevents unauthorized access
Implemented using virtual address spaces
Limited or no inter process communication (IPC)
OS that implement process isolation via separate address spaces(3):
- UNIX like systems( Linux macOS Solaris)
VMS( virtual memory system)
Windows NT
