The processes in an operating system must be protected from one another’s
tải về 252.86 Kb. Chế độ xem pdf
|
- Điều hướng trang này:
- Figure 14.7
| confinement problem
. This problem is in general unsolvable (see the bibliographical notes at the end of the chapter). These operations on the domains and the access matrix are not in them- selves important, but they illustrate the ability of the access-matrix model to allow us to implement and control dynamic protection requirements. New objects and new domains can be created dynamically and included in the 636 Chapter 14 Protection laser printer read read execute write write read switch switch switch switch control F 1 D 1 D 1 D 2 D 2 D 3 D 3 D 4 D 4 F 2 F 3 object domain Figure 14.7 Modified access matrix of Figure 14.4. access-matrix model. However, we have shown only that the basic mechanism exists. System designers and users must make the policy decisions concerning which domains are to have access to which objects in which ways. 14.5 Implementation of the Access Matrix How can the access matrix be implemented effectively? In general, the matrix will be sparse; that is, most of the entries will be empty. Although data- structure techniques are available for representing sparse matrices, they are not particularly useful for this application, because of the way in which the protection facility is used. Here, we first describe several methods of implementing the access matrix and then compare the methods. 14.5.1 Global Table The simplest implementation of the access matrix is a global table consisting of a set of ordered triples < domain, object, rights-set > . Whenever an operation M is executed on an object O j within domain D i , the global table is searched for a triple <D i , O j , R k > , with M ∈ R k . If this triple is found, the operation is allowed to continue; otherwise, an exception (or error) condition is raised. This implementation suffers from several drawbacks. The table is usually large and thus cannot be kept in main memory, so additional I/O is needed. Virtual memory techniques are often used for managing this table. In addition, it is difficult to take advantage of special groupings of objects or domains. For example, if everyone can read a particular object, this object must have a separate entry in every domain. 14.5.2 Access Lists for Objects Each column in the access matrix can be implemented as an access list for one object, as described in Section 11.6.2. Obviously, the empty entries can be discarded. The resulting list for each object consists of ordered pairs < domain, rights-set > , which define all domains with a nonempty set of access rights for that object. This approach can be extended easily to define a list plus a default set of access rights. When an operation M on an object O j is attempted in domain |