<< Chapter < Page Chapter >> Page >

A sampling of protection mechanisms

The idea of protection domains originated with Multics and is a key one for understanding computer security. Imagine a matrixof all protection domains on one axis and all system resources (files) on another. The contents of each cell in the matrix are the operations permitted bya process (or thread) in that domain on that process.

Domain File 1 File 2 Domain 1 Domain 2
1 RW RWX - Enter
2 R - - -

Notice that once domains are defined, the ability to change domains becomes another part of the domain system. Processes in givendomains are allowed to enter other domains. A process's initial domain is a function of the user who starts the process and the process itself.

While the pure domain model makes protection easy to understand, it is almost never implemented. Holding the domains as a matrixdoesn't scale.

Some domains and rings

UNIX divides processes into 2 parts, a user part and a kernel part. When running as a user the process has limited abilities, andto access hardware, it has to tap into the kernel. The kernel can access all OS and hardware, and decides what it will do on a user's behalf based oncredentials stored in the PCB.

This is a simplification of the MULTICS system of protection rings. Rather than 2 levels, MULTICS had a 64 ring system where eachring was more privileged than the ones surrounding it, and checked similar credentials before using its increased powers.

Security improvements, encryption

Security improvements

Solutions: nothing works perfectly, but here are some possibilities:

  • Logging: record all important actions and uses of privilege in an indelible file. Can be used to catch imposters during their initial attemptsand failures. E.g. record all attempts to specify an incorrect password, all super-user logins. Even better is to get humans involved at key steps (this isone of the solutions for EFT).
  • Principle of minimum privilege ("need-to-know" principle): each piece of the system has access to the minimum amount of information, for theminimum possible amount of time. E.g. file system cannot touch memory map, memory manager cannot touch disk allocation tables. This reduces the chances ofaccidental or intentional damage. Note that capabilities are an implementation of this idea. It is very hard to provide fool-proof information containment:e.g. a trojan horse could write characters to a tty, or take page faults, in Morse code, as a signal to another process.
  • Correctness proofs. These are very hard to do. Even so, this only proves that the system works according to spec. It does not mean that thespec. is necessarily right, and it does not deal with Trojan Horses.


Key technology: encryption. Store and transmit information in an encoded form that does not make any sense.

The basic mechanism:

  • Start with text to be protected. Initial readable text is called clear text.
  • Encrypt the clear text so that it does not make any sense at all. The nonsense text is called cipher text. The encryption is controlled by asecret password or number; this is called the encryption key.

Questions & Answers

how to know photocatalytic properties of tio2 nanoparticles...what to do now
Akash Reply
it is a goid question and i want to know the answer as well
Do somebody tell me a best nano engineering book for beginners?
s. Reply
what is fullerene does it is used to make bukky balls
Devang Reply
are you nano engineer ?
fullerene is a bucky ball aka Carbon 60 molecule. It was name by the architect Fuller. He design the geodesic dome. it resembles a soccer ball.
what is the actual application of fullerenes nowadays?
That is a great question Damian. best way to answer that question is to Google it. there are hundreds of applications for buck minister fullerenes, from medical to aerospace. you can also find plenty of research papers that will give you great detail on the potential applications of fullerenes.
what is the Synthesis, properties,and applications of carbon nano chemistry
Abhijith Reply
Mostly, they use nano carbon for electronics and for materials to be strengthened.
is Bucky paper clear?
so some one know about replacing silicon atom with phosphorous in semiconductors device?
s. Reply
Yeah, it is a pain to say the least. You basically have to heat the substarte up to around 1000 degrees celcius then pass phosphene gas over top of it, which is explosive and toxic by the way, under very low pressure.
Do you know which machine is used to that process?
how to fabricate graphene ink ?
for screen printed electrodes ?
What is lattice structure?
s. Reply
of graphene you mean?
or in general
in general
Graphene has a hexagonal structure
On having this app for quite a bit time, Haven't realised there's a chat room in it.
what is biological synthesis of nanoparticles
Sanket Reply
what's the easiest and fastest way to the synthesize AgNP?
Damian Reply
types of nano material
abeetha Reply
I start with an easy one. carbon nanotubes woven into a long filament like a string
many many of nanotubes
what is the k.e before it land
what is the function of carbon nanotubes?
I'm interested in nanotube
what is nanomaterials​ and their applications of sensors.
Ramkumar Reply
what is nano technology
Sravani Reply
what is system testing?
preparation of nanomaterial
Victor Reply
Yes, Nanotechnology has a very fast field of applications and their is always something new to do with it...
Himanshu Reply
good afternoon madam
what is system testing
what is the application of nanotechnology?
In this morden time nanotechnology used in many field . 1-Electronics-manufacturad IC ,RAM,MRAM,solar panel etc 2-Helth and Medical-Nanomedicine,Drug Dilivery for cancer treatment etc 3- Atomobile -MEMS, Coating on car etc. and may other field for details you can check at Google
anybody can imagine what will be happen after 100 years from now in nano tech world
after 100 year this will be not nanotechnology maybe this technology name will be change . maybe aftet 100 year . we work on electron lable practically about its properties and behaviour by the different instruments
name doesn't matter , whatever it will be change... I'm taking about effect on circumstances of the microscopic world
how hard could it be to apply nanotechnology against viral infections such HIV or Ebola?
silver nanoparticles could handle the job?
not now but maybe in future only AgNP maybe any other nanomaterials
I'm interested in Nanotube
this technology will not going on for the long time , so I'm thinking about femtotechnology 10^-15
can nanotechnology change the direction of the face of the world
Prasenjit Reply
how did you get the value of 2000N.What calculations are needed to arrive at it
Smarajit Reply
Privacy Information Security Software Version 1.1a
Got questions? Join the online conversation and get instant answers!
QuizOver.com Reply

Get the best Algebra and trigonometry course in your pocket!

Source:  OpenStax, Operating systems. OpenStax CNX. Aug 13, 2009 Download for free at http://cnx.org/content/col10785/1.2
Google Play and the Google Play logo are trademarks of Google Inc.

Notification Switch

Would you like to follow the 'Operating systems' conversation and receive update notifications?