<< Chapter < Page Chapter >> Page >

A sampling of protection mechanisms

The idea of protection domains originated with Multics and is a key one for understanding computer security. Imagine a matrixof all protection domains on one axis and all system resources (files) on another. The contents of each cell in the matrix are the operations permitted bya process (or thread) in that domain on that process.

Domain File 1 File 2 Domain 1 Domain 2
1 RW RWX - Enter
2 R - - -

Notice that once domains are defined, the ability to change domains becomes another part of the domain system. Processes in givendomains are allowed to enter other domains. A process's initial domain is a function of the user who starts the process and the process itself.

While the pure domain model makes protection easy to understand, it is almost never implemented. Holding the domains as a matrixdoesn't scale.

Some domains and rings

UNIX divides processes into 2 parts, a user part and a kernel part. When running as a user the process has limited abilities, andto access hardware, it has to tap into the kernel. The kernel can access all OS and hardware, and decides what it will do on a user's behalf based oncredentials stored in the PCB.

This is a simplification of the MULTICS system of protection rings. Rather than 2 levels, MULTICS had a 64 ring system where eachring was more privileged than the ones surrounding it, and checked similar credentials before using its increased powers.

Security improvements, encryption

Security improvements

Solutions: nothing works perfectly, but here are some possibilities:

  • Logging: record all important actions and uses of privilege in an indelible file. Can be used to catch imposters during their initial attemptsand failures. E.g. record all attempts to specify an incorrect password, all super-user logins. Even better is to get humans involved at key steps (this isone of the solutions for EFT).
  • Principle of minimum privilege ("need-to-know" principle): each piece of the system has access to the minimum amount of information, for theminimum possible amount of time. E.g. file system cannot touch memory map, memory manager cannot touch disk allocation tables. This reduces the chances ofaccidental or intentional damage. Note that capabilities are an implementation of this idea. It is very hard to provide fool-proof information containment:e.g. a trojan horse could write characters to a tty, or take page faults, in Morse code, as a signal to another process.
  • Correctness proofs. These are very hard to do. Even so, this only proves that the system works according to spec. It does not mean that thespec. is necessarily right, and it does not deal with Trojan Horses.


Key technology: encryption. Store and transmit information in an encoded form that does not make any sense.

The basic mechanism:

  • Start with text to be protected. Initial readable text is called clear text.
  • Encrypt the clear text so that it does not make any sense at all. The nonsense text is called cipher text. The encryption is controlled by asecret password or number; this is called the encryption key.

Questions & Answers

What fields keep nano created devices from performing or assimulating ? Magnetic fields ? Are do they assimilate ?
Stoney Reply
why we need to study biomolecules, molecular biology in nanotechnology?
Adin Reply
yes I'm doing my masters in nanotechnology, we are being studying all these domains as well..
what school?
biomolecules are e building blocks of every organics and inorganic materials.
anyone know any internet site where one can find nanotechnology papers?
Damian Reply
sciencedirect big data base
Introduction about quantum dots in nanotechnology
Praveena Reply
what does nano mean?
Anassong Reply
nano basically means 10^(-9). nanometer is a unit to measure length.
do you think it's worthwhile in the long term to study the effects and possibilities of nanotechnology on viral treatment?
Damian Reply
absolutely yes
how to know photocatalytic properties of tio2 nanoparticles...what to do now
Akash Reply
it is a goid question and i want to know the answer as well
characteristics of micro business
for teaching engĺish at school how nano technology help us
Do somebody tell me a best nano engineering book for beginners?
s. Reply
there is no specific books for beginners but there is book called principle of nanotechnology
what is fullerene does it is used to make bukky balls
Devang Reply
are you nano engineer ?
fullerene is a bucky ball aka Carbon 60 molecule. It was name by the architect Fuller. He design the geodesic dome. it resembles a soccer ball.
what is the actual application of fullerenes nowadays?
That is a great question Damian. best way to answer that question is to Google it. there are hundreds of applications for buck minister fullerenes, from medical to aerospace. you can also find plenty of research papers that will give you great detail on the potential applications of fullerenes.
what is the Synthesis, properties,and applications of carbon nano chemistry
Abhijith Reply
Mostly, they use nano carbon for electronics and for materials to be strengthened.
is Bucky paper clear?
carbon nanotubes has various application in fuel cells membrane, current research on cancer drug,and in electronics MEMS and NEMS etc
so some one know about replacing silicon atom with phosphorous in semiconductors device?
s. Reply
Yeah, it is a pain to say the least. You basically have to heat the substarte up to around 1000 degrees celcius then pass phosphene gas over top of it, which is explosive and toxic by the way, under very low pressure.
Do you know which machine is used to that process?
how to fabricate graphene ink ?
for screen printed electrodes ?
What is lattice structure?
s. Reply
of graphene you mean?
or in general
in general
Graphene has a hexagonal structure
On having this app for quite a bit time, Haven't realised there's a chat room in it.
what is biological synthesis of nanoparticles
Sanket Reply
what's the easiest and fastest way to the synthesize AgNP?
Damian Reply
how did you get the value of 2000N.What calculations are needed to arrive at it
Smarajit Reply
Privacy Information Security Software Version 1.1a
Got questions? Join the online conversation and get instant answers!
Jobilize.com Reply

Get the best Algebra and trigonometry course in your pocket!

Source:  OpenStax, Operating systems. OpenStax CNX. Aug 13, 2009 Download for free at http://cnx.org/content/col10785/1.2
Google Play and the Google Play logo are trademarks of Google Inc.

Notification Switch

Would you like to follow the 'Operating systems' conversation and receive update notifications?