628
Chapter 14
Protection
For example, when process
p invokes procedure
A()
, the procedure should be
allowed to access only its own variables and the formal parameters passed to it;
it should not be able to access all the variables of process
p. Similarly, consider
the case in which process
p invokes a compiler to compile a particular file. The
compiler should not be able to access files arbitrarily but should have access
only to a well-defined subset of files (such as the source file, listing file, and
so on) related to the file to be compiled. Conversely, the compiler may have
private files used for accounting or optimization purposes that process
p should
not be able to access. The need-to-know principle is similar to the principle of
least privilege discussed in Section 14.2 in that the goals of protection are to
minimize the risks of possible security violations.
14.3.1 Domain Structure
To facilitate the scheme just described, a process operates within a
Chia sẻ với bạn bè của bạn: