csc205 os protection

Domain - {user-id}
least rights needed

1) unix
rws owner ... filename (s -> setid)
s on -> when file run, change domain to owner
s off -> when file run, change domain to executer

2) multics (rings)
Domains i < j -> i more priority (smaller more permissions)

Abstract Model) AccessMatrix

object1, o2, o3
domain1 rw , ,
d2 r , ,
d3 , ro , read*,exe

process in d1 can only run op inside matrix on object i
ie d1 can read, write object1 but cannot touch o2, o3

o -> owner (can add/remove right on object)
ie owner of o2 can add rw to d2 on o2

read* -> copy operation to other domain on same object
ie d3 can copy read, exe to d1 (no *)

extended access matrix
o1 o2 | d1 d2
d1 r switch
d2 w control

switch -> allow switch to another domain
ie d1 can switch to d2 but d2 cannot switch to other

control -> modify(add/remove) rights in a row
ie d2 can change the rights of d1 (ie add write to d1,o1)
but d1 cannot change d2

Implementation of access matrix
-access control list(ACL) define for object[column] ie acl for o1
-capability list for domain[row] ie list for d1

ACL [user-oriented]
-ie o1 = d1 {rw}, d3{r} [o2 no op->not needed]
-when obj first created, owner specify which domain can access
-slow for many operation with many users[linked-list]
-unix (rwx)

Capability list [process-oriented]
-opposite of acl
-when obj first created, os gives all rights to owner
-stored by os and protected from being tampered[not viewable]