-> Each object has a unique name by which it is referenced, and a finite set of operations that processes are allowed to carry out on it. The read and write operations are appropriate to a file; up and down make sense on a semaphore.
-> It is obvious that a way is needed to prohibit processes from accessing objects that they are not authorized to access.
-> Furthermore, this mechanism must also make it possible to restrict processes to a subset of the legal operations when that is needed. For example, process A may be entitled to read, but not write, file F.
=> A domain is a set of (object, rights) pairs. Each pair specifies an object and some subset of the operations that can be performed on it.
-> A right in this context means permission to perform one of the operations. Often a domain corresponds to a single user, telling what the user can do and not do, but a domain can also be more general than just one user.
-> How objects are allocated to domains depends on the specifics of who needs to know what. One basic concept, however, is the POLA (Principle of Least Authority) or need to know.
-> Figure shows three domains, showing the objects in each domain and the rights (Read, Write, EXecute) available on each object. Note that Printer1 is in two domains at the same time, with the same rights in each. File1 is also in two domains, with different rights in each one.
-> At every instant of time, each process runs in some protection domain. In other words, there is some collection of objects it can access, and for each object it has some set of rights.
-> Processes can also switch from domain to domain during execution. The rules for domain switching are highly system dependent.
-> Furthermore, each process in UNIX has two halves: the user part and the kernel part.
-> When the process does a system call, it switches from the user part to the kernel part. The kernel part has access to a different set of objects from the user part.
-> At least, one can envision a large matrix, with the rows being domains and the columns being objects. Each box lists the rights, if any, that the domain contains for the object.
-> Domain switching itself can be easily included in the matrix model by realizing that a domain is itself an object, with the operation enter. Figure shows the matrix of other Fig. again, only now with the three domains as objects themselves.
-> Processes in domain 1 can switch to domain 2, but once there, they cannot go back.
-> No other domain switches are permitted in this example.
Post a Comment