Scribd
Upload
43 views

OS Finals Quiz Assignment TOPIC 10

Protection goals in modern systems include ensuring only authorized access to resources, preventing malicious misuse, and minimizing damage from attacks. Protection domains and access matrices specify which resources a process can access. Capability systems pass capabilities between processes to control access, while language-based systems specify policies in programming languages. Protection mechanisms like Java's separate domains for each class and digital signatures help mitigate attacks by confining untrusted code and verifying trusted sources.

Uploaded by

Jhong Jhong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
43 views

OS Finals Quiz Assignment TOPIC 10

Protection goals in modern systems include ensuring only authorized access to resources, preventing malicious misuse, and minimizing damage from attacks. Protection domains and access matrices specify which resources a process can access. Capability systems pass capabilities between processes to control access, while language-based systems specify policies in programming languages. Protection mechanisms like Java's separate domains for each class and digital signatures help mitigate attacks by confining untrusted code and verifying trusted sources.

Uploaded by

Jhong Jhong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

JULIUS C.

LEBITA CPE 3103


BSCpE - III Engr. Joehaima Jul

OS Finals Quiz Assignment TOPIC 10

1. Discuss the goals and principles of protection in a modern computer system.

Protection’s goal is to ensure that each object in the operating system is only accessible only by
authorized and required process. This includes the prevention of malicious misuse of the system by users or
programs. To ensure that each shared resource is used only in accordance with system policies, which may be
set either by system designers or by system administrators. To ensure that malicious programs cause the
minimal amount of damage possible. Protection systems only provide the instructions for enforcing policies
and ensuring reliable systems. It is up to administrators and users to implement and follow those instructions
effectively. The principle of least privilege dictates that programs, users, and systems be given just enough
privileges to perform their tasks. This ensures that failures do the least amount of harm and allow the least of
harm to be done. For example, if a program needs special privileges to perform a task, it is better to make it
program with group ownership of "network" or "backup" or some other pseudo group, rather than with root
ownership. This limits the amount of damage that can occur if something goes wrong.

2. Explain how protection domains combined with access matrix are used to specify the resources a process may
access.

Domain Structure states that, a computer can be


viewed as a collection of processes and objects (both HW &
SW). The need to know principle states that a process should
only have access to those objects it needs to accomplish its
task, and furthermore only in the modes for which it needs
access and only during the time frame when it needs access.
The model of protection that been discussed in the powerpoint
can be viewed as an access matrix, in which columns represent
different system resources and rows represent different
protection domains. Entries within the matrix indicate what
access that domain has to that resource.

3. Examine capability – and language – based protection systems.

In a capability-based system, the capabilities themselves are passed between processes and storage
using a mechanism that is known by the operating system to maintain the integrity of those capabilities. Data
capability - provides standard read, write, execute of individual storage segments associated with object
Software capability -interpretation left to the subsystem, through its protected procedures. Language-Based
Protection Specification of protection in a programming language allows the high-level description of policies for
the allocation and use of resources Language implementation can provide software for protection enforcement
when automatic hardware-supported checking is unavailable Interpret protection specifications to generate
calls on whatever protection system is provided by the hardware and the operating system.

4. Describe how protection mechanisms can mitigate system attacks.

In this question, I would like to relate it to the protection in Java 2. Java was designed from the very
beginning to operate in a distributed environment, where code would be executed from a variety of trusted and
untrusted sources. As a result the Java Virtual Machine, JVM incorporates many protection mechanisms. When a
Java program runs, it load up classes dynamically, in response to requests to instantiates objects of particular
types. These classes may come from a variety of different sources, some trusted and some not, which requires
that the protection mechanism be implemented at the resolution of individual. As each class is loaded, it is
placed into a separate protection domain. The capabilities of each domain depend upon whether the source URL
is trusted or not, the presence or absence of any digital signatures on the class ( Chapter 15 ), and a configurable
policy file indicating which servers a particular user trusts, etc.

You might also like