Module18: Protection(保护) Goals of protection(保护的目的) Domain of protection(保护域) ● Access Matrⅸx(存取矩阵) mplementation of Access Matrix(存取矩阵的实现) ° Revocation of Access Rights(取消存取权限) Capability-Based Systems(基于权限的系统) Language-Based Protection(基于语言的保护 Applied Operating System Concepts Silberschatz, Galvin, and Gagne @1999
18.1 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Module 18: Protection(保护) • Goals of Protection (保护的目的) • Domain of Protection (保护域) • Access Matrix (存取矩阵) • Implementation of Access Matrix (存取矩阵的实现) • Revocation of Access Rights (取消存取权限) • Capability-Based Systems (基于权限的系统) • Language-Based Protection(基于语言的保护)
Protection(保护) Operating system consists of a collection of objects, hardware or software(操作系统由一组对象、硬件或者软件构成) Each object has a unique name and can be accessed through a well-defined set of operations.(每个对象都具有唯一的名称,并 且可以通过一组良好定义的操作访问) Protection problem -ensure that each object is accessed correctly and only by those processes that are allowed to do so (保护问题——确认每个对象均被正确的访问、并且只被那些得 到授权的进程访问) Applied Operating System Concepts Silberschatz, Galvin, and Gagne @1999
18.2 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Protection(保护) • Operating system consists of a collection of objects, hardware or software(操作系统由一组对象、硬件或者软件构成) • Each object has a unique name and can be accessed through a well-defined set of operations.(每个对象都具有唯一的名称,并 且可以通过一组良好定义的操作访问) • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. (保护问题——确认每个对象均被正确的访问、并且只被那些得 到授权的进程访问)
Domain structure(域的结构) 限集>ht=< cobject-name, rights-set>(访问权=<对象名,权 Access-ri Rights-set is a subset of all valid operations that can be performed on the object.(权限集是所有可能作用于某个对象的 操作集合的一个子集 D <Oa, ( read, write)> < O, execute)> <O iread, write)> <O, ( write)>(<O4, (print)> 1 <O,, (read> <O,(execute> Applied Operating System Concepts Silberschatz, Galvin, and Gagne @1999
18.3 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Domain Structure(域的结构) • Access-right = <object-name, rights-set>(访问权=<对象名,权 限集>) Rights-set is a subset of all valid operations that can be performed on the object. (权限集是所有可能作用于某个对象的 操作集合的一个子集) • Domain = set of access-rights (域=访问权限的集合)
Domain Implementation(域的实现) System consists of2 domains:(系统由2个域构成) User(用户) Supervisor(管理者) ●UNⅨ Domain=user-id(域=用户标识) Domain switch accomplished via file systen.(域变换通过 文件系统完成) Each file has associated with it a domain bit (setuid bit) (每一个文件均和一个域的信息位相联系: setuid位) When file is executed and setuid on. then user-id is set to owner of the file being executed. When execution completes user-id is reset.(当文件被执行并且 setuid 为on,于是用户标识被设置成该文件的属主。当执行完 之后用户标识被重置) Applied Operating System Concepts Silberschatz, Galvin, and Gagne @1999
18.4 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Domain Implementation (域的实现) • System consists of 2 domains:(系统由2个域构成) – User(用户) – Supervisor(管理者) • UNIX – Domain = user-id(域=用户标识) – Domain switch accomplished via file system. (域变换通过 文件系统完成) Each file has associated with it a domain bit (setuid bit). (每一个文件均和一个域的信息位相联系:setuid位) When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. (当文件被执行并且setuid 为on,于是用户标识被设置成该文件的属主。当执行完 之后用户标识被重置)
Multics Rings(多环) Let D; and D, be any two domain rings.(令D和D为任意两个域 的环)一 ring O ring 1 ring N-1 Applied Operating System Concepts Silberschatz, Galvin, and Gagne @1999
18.5 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Multics Rings(多环) • Let Di and Dj be any two domain rings.(令Di 和 Dj 为任意两个域 的环) • If j < I Di Dj