Modern Operating Systems by Herbert Bos ...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Showing 636-637 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 636
SEC. 9.3
CONTROLLING ACCESS TO RESOURCES
605
This situation models executing a SETUID program in UNIX.
No other domain
switches are permitted in this example.
Object
Domain2
Domain3
Domain1
Enter
Printer1
Plotter2
Domain
1
2
3
File1
File2
File3
File4
File5
File6
Read
Read
Read
Write
Read
Write
Read
Write
Execute
Read
Write
Execute
Write
Write
Write
Figure 9-5.
A protection matrix with domains as objects.
9.3.2 Access Control Lists
In practice, actually storing the matrix of Fig. 9-5 is rarely done because it is
large and sparse. Most domains have no access at all to most objects, so storing a
very large, mostly empty, matrix is a waste of disk space. Two methods that are
practical, however, are storing the matrix by rows or by columns, and then storing
only the nonempty elements. The two approaches are surprisingly different. In this
section we will look at storing it by column; in the next we will study storing it by
row.
The first technique consists of associating with each object an (ordered) list
containing all the domains that may access the object, and how. This list is called
the
ACL
(
Access Control List
) and is illustrated in Fig. 9-6. Here we see three
processes, each belonging to a different domain,
A
,
B
, and
C
, and three files
F1
,
F2
, and
F3
.
For simplicity, we will assume that each domain corresponds to exact-
ly one user, in this case, users
A
,
B
, and
C
.
Often in the security literature the users
are called
subjects
or
principals
, to contrast them with the things owned, the
objects
, such as files.
Each file has an ACL associated with it. File
F1
has two entries in its ACL
(separated by a semicolon).
The first entry says that any process owned by user
A
may read and write the file. The second entry says that any process owned by user
B
may read the file. All other accesses by these users and all accesses by other
users are forbidden.
Note that the rights are granted by user, not by process.
As
far as the protection system goes, any process owned by user
A
can read and write
file
F1
.
It does not matter if there is one such process or 100 of them.
It is the
owner, not the process ID, that matters.
File
F2
has three entries in its ACL:
A
,
B
, and
C
can all read the file, and
B
can
also write it.
No other accesses are allowed. File
F3
is apparently an executable
program, since
B
and
C
can both read and execute it.
B
can also write it.


Page 637
606
SECURITY
CHAP. 9
A
B
C
Process
Owner
F1
A: RW;
B: R
F2
A: R;
B:RW;
C:R
F3
B:RWX;
C: RX
File
User
space
Kernel
space
ACL
Figure 9-6.
Use of access control lists to manage file access.
This example illustrates the most basic form of protection with ACLs. More
sophisticated systems are often used in practice.
To start with, we have shown only
three rights so far: read, write, and execute. There may be additional rights as well.
Some of these may be generic, that is, apply to all objects, and some may be object
specific. Examples of generic rights are
destroy object
and
copy object
.
These
could hold for any object, no matter what type it is. Object-specific rights might in-
clude
append message
for a mailbox object and
sort alphabetically
for a directory
object.
So far, our ACL entries have been for individual users. Many systems support
the concept of a
group
of users. Groups have names and can be included in ACLs.
Two variations on the semantics of groups are possible.
In some systems, each
process has a user ID (UID) and group ID (GID).
In such systems, an ACL entry
contains entries of the form
UID1, GID1: rights1; UID2, GID2: rights2; ...
Under these conditions, when a request is made to access an object, a check is
made using the caller’s UID and GID.
If they are present in the ACL, the rights
listed are available. If the (UID, GID) combination is not in the list, the access is
not permitted.
Using groups this way effectively introduces the concept of a
role
.
Consider a
computer installation in which Tana is system administrator, and thus in the group
sysadm
.
However, suppose that the company also has some clubs for employees
and Tana is a member of the pigeon fanciers club. Club members belong to the
group
pigfan
and have access to the company’s computers for managing their
pigeon database.
A portion of the ACL might be as shown in Fig. 9-7.
If Tana tries to access one of these files, the result depends on which group she
is currently logged in as. When she logs in, the system may ask her to choose
which of her groups she is currently using, or there might even be different login


Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades

Students also viewed documents