Unit V
Topic 3: Protection
Protection is especially important in a multiuser environment when multiple users use
computer resources such as CPU, memory, etc. It is the operating system's responsibility to
offer a mechanism that protects each process from other processes.
Goals of Protection
The primary goals of protection in operating systems are to ensure the confidentiality,
integrity, and availability of system resources and data. Here are the key goals in detail:
o Confidentiality: Ensure that only authorized users and processes can access
sensitive information.
o Integrity: Ensure that data is not altered or tampered with by unauthorized
users or processes.
o Availability: Ensure that system resources (CPU, memory, disk space, etc.) are
available for authorized users and processes when needed.
o Controlled Access: Allow the specification of detailed access controls to
system resources.
o Isolation: Ensure that processes run in isolated environments to prevent them
from interfering with each other.
Principles of Protection
The principles of protection in operating systems are foundational guidelines that help design
and implement security mechanisms to safeguard system resources and data. Here are the
key principles:
Least Privilege: Each user or process should have the minimum level of access rights
necessary to perform their tasks. Assign minimal permissions and escalate privileges only
when required, reducing the risk of unauthorized access or damage.
Separation of Duties: Divide responsibilities among multiple users or processes to prevent
any single entity from having excessive control. Ensure that critical tasks require collaboration
or approval from multiple parties, reducing the risk of insider threats and errors.
�Economy of Mechanism: Security mechanisms should be as simple and straightforward as
possible.Simplify design and implementation to reduce complexity, making it easier to
understand, verify, and manage.
Complete Mediation: Every access to a resource must be checked for proper authorization.
Ensure that access control checks are performed every time a resource is accessed,
preventing bypassing of security checks.
Separation of Privilege: system should not grant permission based on a single condition.:
Require multiple conditions to be met before granting access, such as two-factor
authentication or multi-party approval processes.
Least Common Mechanism: Minimize the sharing of mechanisms among users to prevent
indirect attacks. Reduce shared resources and interfaces, isolating users and processes as
much as possible.
Domian of Protection
A computer system is a collection of processes and objects. Objects are both hardware objects
(such as the CPU, memory segments, printers, disks, and tape drives) and software objects (such as
files, programs, and semaphores). Each object (resource) has a unique name that differentiates it
from all other objects in the system.
The operations that are possible may depend on the object. For example, a CPU can only be
executed on. Memory segments can be read and written, whereas a CD-ROM or DVD-ROM can only
be read. Tape drives can be read, written, and rewound. Data files can be created, opened, read,
written, closed, and deleted; program files can be read, written, executed, and deleted.
A process should be allowed to access only those resources for which it has authorization and
currently requires to complete process . This requirement is known as need to know principle.
Domain Structure
A domain is a set of objects and types of access to these objects. Each domain is an ordered
pair of . <objects set,Rights set>
� Example, if domain D has the access right <File f,{read.write}>, then all process executing in
domain D can both read and write file F, and cannot perform any other operation on that
object.
Domains do not need to be disjoint; they may share access rights. For example, in below
figure, we have three domains: D1 D2, and D3. The access right < O4, (print}> is shared by D2
and D3,it implies that a process executing in either of these two domains can print object O4.
A domain can be realized in different ways, it can be a user, process or a procedure. ie. each
user as a domain, each process as a domain or each procedure as a domain.
