Access Control - Access 2 Learn

A computer system consists of a set of hardware and software objects. The protection domain is a set of pairs of objects and rights needed to access those objects.

An access matrix is a representation of protection domains. (It is more conceptual than actual however.) Each row specified the object, and a right that can be performed as defined by the OS.

This includes things such as the ability to add other rights for a different user, allowing access to an object (like a file), and defining the type of access (read, write, modify, execute, etc).

An access list (AL) associated with an object O contains entries of the form (D, rights), where rights specify what operations a process in domain D may apply to object O.

A capability list (CL) associated with a domain D contents entries of the form (O, rights), where rights specify what operations a process in domain D may apply to object O.

Notice that an AL is object-centric, and CL is domain-centric.

Before access is allowed, the object checks to see if the user is allowed access by looking up what it allows, and what domain the user is under.

Different OSes allow different types of access depending upon their needs. More security slows down a system, where less security is simpler and faster, but it may limit what can be done.

Unix is very simple in allowing a file (for example) to belong to a User, a Group, and the World. Each domain is allowed either no access, or a combination of read, write (modify), and execute access. The file owner and group can be changed during the lifetime of the file.

Windows is much more complex. It allows a file to “belong” to multiple groups by allowing multiple groups to have access. Access can be granted, or prevented, among more types of access than Unix. Additionally, multiple individuals can be granted direct access, even if they are not in one of the “special” groups.

The biggest question is what happens in Windows if a user belongs to two groups. One which is allowed access, and one which is denied?

Access Control was originally found on Access 2 Learn

Walter Wimberly

Assistant Professor

Walter Wimberly is an Assistant Professor at a regional college in Tennessee, teaching Computer Science in the Software Engineering track. He works as a student advisor, oversees curriculum changes, develops new courses, and manages the advisory panel.
Walter taught full time for about 7 years, before going back into “industry” as a full stack Software Developer for a dozen years. There he focused on web based projects coding in JavaScript/jQuery and utilizing the Bootstrap CSS Framework on the front-end, and coding in PHP, ASP/ASP.Net, SQL on the back-end.

Since he loves teaching, he taught as an adjunct web and digital media classes for eight (8) years, while working in industry, and has since returned to teaching full time.

He has been married for over 25 years, and is father to several special needs boys. As such, he is working on some projects to help others who have special needs to be self-sufficient, and support the care givers of those with special needs. Check out his Autism blog for more info.

Operating Systems

Processes

ByWalter Wimberly September 2, 2020September 2, 2020

A process is an instance of a program being executed by an OS. The OS manages the processes in something called a Process Control Block (PCB). This helps it keep track of what is running, how much memory is being used and where, the program being run, the current instruction address, etc. Your operating system as a…

Operating Systems

System Resources

ByWalter Wimberly September 9, 2020September 10, 2020

The OS has to track resources so that it knows when those resources are available for use. If it “just let” processes use resources, they could step on the resources and crash the system as a resource can only be used by a single process at a time. So the OS uses an Resource Control…

Operating Systems

Combined Approaches

ByWalter Wimberly September 16, 2020September 16, 2020

If you work with a system that only has batch processes, or only does real time applications, then your scheduling algorithm selection is much easier. You pick an appropriate choice and go with it… However, the modern desktop OS will often include a combination of batch, interactive, and real-time applications. Therefore picking “a” solution isn’t…

Operating Systems

Managing Insufficient Memory

ByWalter Wimberly October 6, 2020October 6, 2020

One guarantee is that if you add RAM, you’ll find a way to use it up. Between running more programs and more complex programs, RAM is always a resource that is in short supply. External memory fragmentation is the loss of usable memory space due to holes between allocated blocks of variable sizes. The 50% rule…

Operating Systems

Implementation of File Directories

ByWalter Wimberly October 26, 2020October 26, 2020

In addition to the file name, file type, and other meta data, the file system has to keep track of various other pieces of data. How much data is stored is dependent upon the OS and it’s needs. Size – of the file Type – directory / executable file / data file / etc Location…

Operating Systems

Dynamic Deadlock Avoidance

ByWalter Wimberly July 4, 2021July 4, 2021

One approach to dealing with deadlocks is to allow deadlocks to occur and to provide means for detection and recovery. Recovery from a deadlock can be accomplished by destroying one or more of the processes involved in the deadlock, or by removing some of the resources held by the deadlocked processes. The banker’s algorithm emulates…

Similar Posts