Operating System unit 8

Que:-1    What do you mean by security? Discuss in brief access control list.

Ans:-

Security

OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions.

Access control list

• Most of domains have no access at all to most objects, so storing a very large, mostly empty, Access matrix is a waste of disk space.
• Two methods are practical; the first is storing the matrix by rows and the second method is storing the matrix by columns, and then storing only the nonempty elements.
• The two approaches are surprisingly different.
• The first technique consists of associating with each object an (ordered) list containing all the domains that may access the object, and how.
• This list is called the Access Control List or ACL.
• Here we see three processes A, b, and C, each belonging to a different domain. There are three files F1, F2, and F3.
• For simplicity, we will assume that each domain corresponds to exactly one user, in this case, users are A, B, and C.
• Often in the security literature, the users are called subjects or principals, to contrast them with the things owned, the objects, such us files.
• Each file has an ACL associated with it. File F1 has two entries in its ACL (separated by a semicolon).
• The first entry says that any process owned by user A may read and write the file. The second entry says that any process owned by user B may read the file.
• All other accesses by these users and all accesses by other users are forbidden.
• Note that the rights are granted by user, not by process.
• As far as the protection system goes, any process owned by user A can read and write file F1. It does not matter if there is one such process or 100 of them. It is the owner, not the process ID that matters.
• File F2 has three entries in its ACL: A, B, and C can all read the file, and in addition B can also write it.
• No other accesses are allowed, File F3 is apparently an executable program, since B and C can both read and execute it. B can also write it.
• Many systems support the concept of a group of users. Groups have names and can be included in ACLs.

Que:-2    Explain domain protection mechanism in brief.

Ans:-    Domain of Protection :

• The protection policies limit the access of each process with respect to their resource handling. A process is bound to use only those resources which it requires to complete its task, in the time limit that it requires and also the mode in which it is required. That is the protected domain of a process.  
• A computer system has processes and objects, which are treated as abstract data types, and these objects have operations specific to them. A domain element is described as <object, {set of operations on object}>. 
• Each domain consists of a set of objects and the operations that can be performed on them. A domain can consist of either only a process or a procedure or a user. Then, if a domain corresponds to a procedure, then changing domain would mean changing procedure ID. Objects may share a common operation or two. Then the domains overlap.