14.4
Access Matrix
635
object
read*
owner
write
owner
execute
read*
owner
write
execute
F
1
D
1
D
2
D
3
F
2
F
3
domain
(a)
object
owner
read*
write*
write
owner
execute
read*
owner
write
F
1
D
1
D
2
D
3
F
2
F
3
domain
(b)
write
write
Figure 14.6 Access matrix with
owner
rights.
any right in any entry in column
j. For example, in Figure 14.6(a), domain
D
1
is the owner of
F
1
and thus can add and delete any valid right in column
F
1
.
Similarly, domain
D
2
is the owner of
F
2
and
F
3
and thus can add and remove
any valid right within these two columns. Thus, the access matrix of Figure
14.6(a) can be modified to the access matrix shown in Figure 14.6(b).
The
copy
and
owner
rights allow a process to change the entries in a
column. A mechanism is also needed to change the entries in a row. The
control
right is applicable only to domain objects. If
access
(
i,
j) includes the
control
right, then a process executing in domain
D
i
can remove any access
right from row
j. For example, suppose that, in Figure 14.4, we include the
control
right in
access
(
D
2
,
D
4
). Then, a process executing in domain
D
2
could modify domain
D
4
, as shown in Figure 14.7.
The
copy
and
owner
rights provide us with a mechanism to limit the
propagation of access rights. However, they do not give us the appropriate tools
for preventing the propagation (or disclosure) of information. The problem of
guaranteeing that no information initially held in an object can migrate outside
of its execution environment is called the
Chia sẻ với bạn bè của bạn: