CSE 7343/5343, Spring 2003
Topic 2-4: Protection and Security
Prof. Jeff Tian, CSE/SEAS/SMU, Dallas, TX 75275
tian@engr.smu.edu; www.engr.smu.edu/~tian/class/7343.03s
- Dates: 4/24-29/03
- Reading: Ch.18, Ch.19
Protection and Security: Concepts
- authorized vs. unauthorized access
- internal vs. external
- protection: typically internal
- security: typically external
- accidental vs malicious
typically dealt in security
- files and other resources
protection: mostly file focus
security: general resources (data, code, etc.)
- security broader, more general
mostly associate with higher integrity level
- our focus:
mechanism/implementation to provide protection and security
Protection: Basics
- previous examples of protection
- memory boundary check in memory management
contiguous allocation
segmentation
(but not in paging, why?)
- sharing and protection at page/segment/block level
- file access in UNIX example
- protection concept
- mechanism for access control
authorized vs unauthorized
- subject: programs, processes, or users
access policies need to be followed
- object: (general system) resources
memory and file example above
most often files
hw and s/w objects
- also: language based protection possible
typing, boundary checking, etc.
- general goals of protection
- basic: correct access control (above)
- protect against incorrect access
- mechanism to ensure access policies
- historical perspectives
- single user/program: no need for protection
full access to everything
- multiprogramming: correct sharing
not everything shared
- previous examples
- modern OS: general reliability
guard against both accidental & malicious misuse
Protection Domain
- objects: h/w and s/w objects
- domain:
- collection of objects
- each with certain types of accesses
access right: read, write, etc.
- as viewed from users/processes
domain implementation based on
(in increasingly finer granularity) user, process, procedure
- pairs: (object_i, access rights)
- example: Fig 18.1 (p.631)
- disjoint or overlapping
- organization: domain structure
- domain structure
- single domain
- multiple domains
- ring
inner ones have more privileges
example: MULTICS Fig 18.2 (p.634)
- simplified ring
example: UNIX file system protection
- general overlapping: access matrix
- domain realization/implementation:
- user,
- process,
- procedure (local variable, program scope)
- (in increasingly finer granularity)
- related domain switching
Protection: Access Matrix
- general protection scheme: access matrix
- row: domain
- column: object (or resources)
- cell: type of authorized accesses
- general domain structure
- example: Fig 18.3 (p.636)
- generalization: domain switching
example: Fig 18.4 (p.637)
- other generalization: subdomain etc.
- types of access rights
- related to access matrix
- usually: read, write
- other rights possible
- associate with objects or domains
- execute (Unix example: rwx)
- copy, transfer, limited copy, etc
- owner (can change access rights)
- switch (domain switch)
- subdomain
- implementation of access matrix
- global table
- access lists for objects
- capability lists for domains
- lock-key mechanism
- comparison
- flexibility
- level of protection
- implementation overhead
Security
- security: extend protection to handle external problems as well
- security problem
- intention: accidental vs. malicious
- operation: reading/writing/destruction
- security measures: physical and user level
- authentication as a security measure
- use of passwords
- problems and alleviation
- program and system threats
- Trojan horse/trap door
- worms/viruses
- dealing with security threats
- threat monitoring via audit log etc.
- encryption
- SMU followup courses
- computer security
- network security
- software security
- related certificates
Exam Review
- scope and general information:
- comprehensive but
- more emphasis on material after Exam#2
- 6 questions
- 2 hours long
- type of questions: similar to Exams #1 and #2 before
- date: 5/7/03
- time: 9-11am
- location: same classroom.
- video students: to be arranged with your proctor on or before 5/18/03.
- new topics:
- files: more idea/concept, less implementation details
- I/O: three generic methods and comparison
- mass storage: focus on disk scheduling
- distributed systems and distributed OS:
general concepts,
advantages,
classification by service/topology/distance/protocol
- distributed coordination, focus on:
ME problem solutions
deadlock handling
event ordering
- protection: concepts, access domain/matrix
- security: general concepts/ideas, less on details
- comprehensive topics
- coordination/management of shared resources
- logical conditions and how to ensure?
- non-sharable: scheduling
- allocation of shared resources
- centralized vs distributed differences
- overall organization and management of resources
- user vs. system views => mapping between the two
- hierarchy and organization
- physical resources: CPU, memory (frame/page), I/O (disk) scheduling
- logical resources: processes, events, virtual memory, etc.
- overall understanding
- interconnection of similar ideas/solutions
in different settings
distributed vs single-CPU
centralized solution possibility and drawbacks
Prepared by Jeff Tian
(tian@engr.smu.edu).
Last update April 24, 2003.