Protection
Introduction
• In computer systems, lot of user’s information is stored and the objective of the
operating system is to safeguard the data of the user from the improper access to
the system.
• Protection can be provided in number of ways.
• For a single laptop system, we might provide protection by locking the computer
in a desk drawer or file cabinet.
• For multi-user systems, different mechanisms are used for the protection.
�Types of Access
• The files which have direct access of the any user have the need of protection. The
files which are not accessible to other users doesn’t require any kind of protection.
• The mechanism of the protection provide the facility of the controlled access by
just limiting the types of access to the file.
• Access can be given or not given to any user depends on several factors, one of
which is the type of access required. Several different types of operations can be
controlled:
Read – Reading from a file.
Write – Writing or rewriting the file.
Execute – Loading the file and after loading the execution process starts.
Append – Writing the new information to the already existing file, editing must be end at the
end of the existing file.
Delete – Deleting the file which is of no use and using its space for the another data.
List – List the name and attributes of the file.
�• Other operations like renaming, editing the existing file, copying; these can also
be controlled.
• There are many protection mechanism and each of them mechanism have
different advantages and disadvantages and must be appropriate for the intended
application.
�Access Control
• There are different methods used by different users to access any file. The
general way of protection is to associate ---identity-dependent access with
all the files and directories-- an list called access-control list (ACL)
• ACL specify the names of the users and the types of access associate with
each of the user. The main problem with the access list is their length. If
we want to allow everyone to read a file, we must list all the users with the
read access.
• This technique has two undesirable consequences:
• Constructing such a list may be tedious and unrewarding task, especially if
we do not know in advance the list of the users in the system.
• Previously, the entry of the any directory is of the fixed size but now it
changes to the variable size which results in the complicates space
management.
�• These problems can be resolved by the use of a reduced version of the access list.
To reduce the length of the access-control list, many systems recognize three
classification of users in connection with each file:
• Owner – Owner is the user who has created the file.
• Group – A group is a set of members who has similar needs and they are sharing
the same file.
• Universe – In the system, all other users are under the category called universe.
• The most common recent approach is to combine access-control lists with the
normal general owner, group, and universe access control scheme.
• For example: Solaris uses the three categories of access by default but
allows access-control lists to be added to specific files and directories when more
fine-grained access control is desired.
�Other Protection Approaches:
• The access to any system is also controlled by the password. If the use of
password is random and it is changed often, this may be result in limit the
effective access to a file.
• The use of passwords has a few disadvantages:
• The number of passwords are very large so it is difficult to remember the large
passwords.
• If one password is used for all the files, then once it is discovered, all files are
accessible; protection is on all-or-none basis.
