|
|
|
Modern Operating Systems by Herbert Bos and Andrew S. Tanenb...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf
Showing 643 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 643
612
SECURITY
CHAP. 9
Compiler
Mailbox 7
Objects
Secret
Read
Execute
Read
Execute
Read
Write
Read
Execute
Read
Write
Eric
Henry
Robert
Compiler
Mailbox 7
Objects
Secret
Read
Execute
Read
Execute
Read
Write
Read
Read
Execute
Read
Write
Eric
Henry
Robert
(a)
(b)
Figure 9-10.
(a) An authorized state. (b) An unauthorized state.
It should now be clear that the set of all possible matrices can be partitioned
into two disjoint sets: the set of all authorized states and the set of all unauthorized
states. A question around which much theoretical research has revolved is this:
‘‘Given an initial authorized state and a set of commands, can it be proven that the
system can never reach an unauthorized state?’’
In effect, we are asking if the available mechanism (the protection commands)
is adequate to enforce some protection policy. Giventhis policy, some initial state
of the matrix, and the set of commands for modifying the matrix, what we would
like is a way to prove that the system is secure. Such a proof turns out quite dif-
ficult to acquire; many general-purpose systems are not theoretically secure.
Har-
rison et al. (1976) proved that in the case of an arbitrary configuration for an arbi-
trary protection system, security is theoretically undecidable. However, for a spe-
cific system, it may be possible to prove whether the system can ever move from
an authorized state to an unauthorized state. For more information, see Landwehr
(1981).
9.4.1 Multilevel Security
Most operating systems allow individual users to determine who may read and
write their files and other objects. This policy is called
discretionary access con-
trol
.
In many environments this model works fine, but there are other environ-
ments where much tighter security is required, such as the military, corporate pa-
tent departments, and hospitals.
In the latter environments, the organization has
stated rules about who can see what, and these may not be modified by individual
soldiers, lawyers, or doctors, at least not without getting special permission from
the boss (and probably from the boss’ lawyers as well). These environments need
mandatory access controls
to ensure that the stated security policies are enforced
by the system, in addition to the standard discretionary access controls. What these
mandatory access controls do is regulate the flow of information, to make sure that
it does not leak out in a way it is not supposed to.
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
