The processes in an operating system must be protected from one another’s
tải về 252.86 Kb. Chế độ xem pdf
|
| Figure 14.3 Access matrix.
14.4 Access Matrix 633 domain D 1 ; but in addition, it can also write onto files F 1 and F 3 . The laser printer can be accessed only by a process executing in domain D 2 . The access-matrix scheme provides us with the mechanism for specifying a variety of policies. The mechanism consists of implementing the access matrix and ensuring that the semantic properties we have outlined hold. More specifically, we must ensure that a process executing in domain D i can access only those objects specified in row i, and then only as allowed by the access-matrix entries. The access matrix can implement policy decisions concerning protection. The policy decisions involve which rights should be included in the (i, j) th entry. We must also decide the domain in which each process executes. This last policy is usually decided by the operating system. The users normally decide the contents of the access-matrix entries. When a user creates a new object O j , the column O j is added to the access matrix with the appropriate initialization entries, as dictated by the creator. The user may decide to enter some rights in some entries in column j and other rights in other entries, as needed. The access matrix provides an appropriate mechanism for defining and implementing strict control for both static and dynamic association between processes and domains. When we switch a process from one domain to another, we are executing an operation ( switch ) on an object (the domain). We can control domain switching by including domains among the objects of the access matrix. Similarly, when we change the content of the access matrix, we are performing an operation on an object: the access matrix. Again, we can control these changes by including the access matrix itself as an object. Actually, since each entry in the access matrix can be modified individually, we must consider each entry in the access matrix as an object to be protected. Now, we need to consider only the operations possible on these new objects (domains and the access matrix) and decide how we want processes to be able to execute these operations. Processes should be able to switch from one domain to another. Switching from domain D i to domain D j is allowed if and only if the access right switch ∈ access (i, j). Thus, in Figure 14.4, a process executing in domain D 2 can switch laser printer read read execute read write read write read switch switch switch switch F 1 D 1 D 1 D 2 D 2 D 3 D 3 D 4 D 4 F 2 F 3 object domain tải về 252.86 Kb. Chia sẻ với bạn bè của bạn:
|