Professional Documents
Culture Documents
Goals of Protection
Domain of Protection
Access Matrix
Implementation of Access Matrix
Revocation of Access Rights
Capability-Based Systems
Language-Based Protection
Protection
Operating system consists of a collection of
objects, hardware or software
User
Process
Procedure
Access Matrix
View protection as a matrix (access matrix)
Figure A
Use of Access Matrix
If a process in Domain Di tries to do “op” on object
Oj, then “op” must be in the access matrix.
Figure B
Access Matrix with Copy Rights
Access Matrix With Owner Rights
Modified Access Matrix of Figure B
Implementation of Access Matrix
Global Table:
Simplest
Consists set of ordered triples
<domain,object,right-set>
Table is usually large so cant kept in memory.
Access List for Objects
Each column can be implemented as an Access List for
Objects
Empty entries can be discarded
<domain, right-set>
Each column = Access-control list for one object
Defines who can perform what operation.