Security & protection

We've glossed over lots of the messy stuff, and one of the messy things you have to deal with as an operating system designer, is the people who actually use the system. Firstly they will do stupid things (which is a case of designing the system interface to be robust), and secondly they will do malicious things.

At home, my family share a Mac and a PC, but they do tend to be very trusting people, my family. Even then, even on a system where one trusts the motives of the other people using it, it can be foolish to trust the technical competance of the other people using it. We need protection. And security.

Protection refers to a mechanism for protecting something from the Wrong Things happening, whereas
Security is how confident we are that the integrity of a system, and its data will be preserved.

Protection is also important when we have any large, complex system (as operating systems are), in which many pieces are interacting. Protection between subsystems stops a small glitch in one part bringing down the whole edifice.

Protection matrix

Big table (conceptually) linking domains to objects and rights:

domain	file1	file2	file3	file4	printer1	printer2	screen	mouse
1	read/ write	read						read
2			read	read/ execute	write			read
3	read				write	write	write	read

Usually not stored this way (as a large array), since it tends to be very sparse. In systems which make use of the concept, however, table is usually sorted by row, or by column. Storing by column, it is an access control list; storing by row, it is a capability list.

Simplifications

Access Control Lists: each object has a list of domains (or people) who have access to it, and exactly what form that access may take.

UNIX protection bits: each domain is formed from the pair (user-id, group-id). (In general a single user may belong to many groups.) Associated with every object (inode) is a set of 9 protection bits which specify whether that object is RWX for each of

the user-id who owns the file
the group-id used by the user to create the file
everybody else

The UNIX system is a very compressed form of access control list. Since in UNIX, devices are named as part of the root filesystem, protection bits are applied uniformly to files, directories, filesystems, devices. Devices include network connections, access to raw physical memory, direct access to blocks on the disk... It is a simple scheme, uniformly applied, and adequate for most purposes, though not fully general.

last updated 30 April 1998