CSUN COMP 424 - General Object Protection (28 pages)

Previewing pages 1, 2, 3, 26, 27, 28 of 28 page document View the full content.
View Full Document

General Object Protection



Previewing pages 1, 2, 3, 26, 27, 28 of actual document.

View the full content.
View Full Document
View Full Document

General Object Protection

105 views

Lecture Notes


Pages:
28
School:
California State University, Northridge
Course:
Comp 424 - Comp Systm Secrty

Unformatted text preview:

COMP 424 Lecture 10 General Object protection Its more than Memory now Since computers have evolved to provide sophisticated multiuser multiprocess capabilities the number and types of things that are shared has increased Memory Files Executing code Hardware devices Authentication information Memory is Easy Generally speaking memory is rather easy to control and protect All requests for it come through a single point of access Access point is controlled by a central authority Operating system General Object may not be If we talk about protecting objects in general the problem can be much more difficult Access might be available through a much larger number of access points Centralized control may be lacking or impossible Control may require finer granularity or difference concepts than simple read write and execute Goals for Protecting Objects Check Every Access We may want to override previous authorizations So every access by a user to an object should be checked Enforce Least Privilege Grant access to ONLY those objects need to accomplish the authorized task Verify Acceptable Usage Authorization is a yes or no decision Also check that the activity requested is allowed Example A user is granted authroized access to a stack They should only be allowed perform push and pop operations Directories A simple method of protecting objects is with directories Objects are owned by users A list of rights is maintained for each user Benefits of Directories Simple to implement Can become too large when many objects need to be shared Revocation of rights can be difficult If owner A passes on rights to B then B may continue to have rights even if A s rights are removed May require complicated dependency information May require inspection modification of all directories entries Namespaces and scope may be difficult If A and B both have a file named file and want to give access rights to C then C s directory entries have to account for complications involving namespace A file and



View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view General Object Protection and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view General Object Protection and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?