An Operating Systems Vade Mecum

More documents

Recommendations

Info

196 File Structures Chapter 62.1 A formal model of access controlOur formal model deals with subjects, which are the entities that wish to access data, andobjects, which are the units of data that may be accessed. For our purposes, the subjectsare users (or processes acting on their behalf). Subjects can be represented by useridentifiers, which are associated with all the processes running on behalf of a particularuser. The objects we will deal with are entire files. We will not deal with access controlon a finer grain than entire files, although database applications often impose controls onthe record or byte level of granularity. We will allow a process to access either a wholefile or none of it.The formal model of subjects and objects can be applied to other situations besidesfile systems. For example, one can describe the scope of identifiers in a Pascal programby considering procedures as subjects and identifiers as objects. As a second example,one can describe the interplay of a community of cooperating processes by lettingprocesses be both subjects and objects.In each of these subject-object worlds, individual objects may have several accessmodes. Files can be read or written. (A more complete list will be presented shortly.)Identifiers can be invoked (if they are procedures), read or written (if they are variables),only read (if they are constants), or applied to new declarations (if they are types).Cooperating processes can be asked to perform different tasks, depending on the programthat the process is running.Our formal access model will allow us to specify which access modes are allowedbetween each subject and each object. In the file world, for example, Mary Smith maynot care who looks at her histology notes (mode = read) as long as only she can modifythem (mode = write). But she doesn’t want anyone else even to look at her thesis, exceptpossibly her adviser. Her mail file should be available for people to add messages (mode= append) but not to overwrite in the middle and certainly not to inspect.We will therefore determine whether to allow a given access by considering threefactors:the subjectthe objectthe access mode.To perform an access of a given mode, the subject must have the appropriate accessright. We will use the term privilege as a synonym for ‘‘access right.’’ For files, theaccess modes that might be provided include the following.Read: Derive information from the object.Write: Initialize or modify the information in the object.Append: Add new information to the object.Execute: Treat the object as a load image.Delete: Remove the object.Privilege: Modify the rights that subjects have to the object.SetOwner: Establish which subject owns the object.
Access control 197Execute privilege is different from Read privilege. One way to distinguish programsfrom data files is by granting Execute privilege over programs. In addition, proprietarysoftware is often licensed by the manufacturer to be used but not to be copied. In orderto copy a file, a subject must be able to read it. Separating the Execute and the Readprivileges lets us prohibit copying but not execution.The Privilege privilege allows a subject to grant new privileges or revoke oldprivileges. It is rarely granted to any subject but the owner because it is so powerful.The SetOwner privilege is even more powerful and may be reserved for administrators.We can represent the state of all access rights by constructing an access matrix, asshown in Figure 6.4. Each row in the access matrix represents one subject, and eachcolumn represents one object. The subjects are users, and the objects are files. Theinformation stored in the entry for a given row and column is the list of privileges thatsubject has over that object. Figure 6.4 only uses the Read, Write, Append, Delete, andExecute privileges and abbreviates each to one letter.All the users in Figure 6.4 may read the news file, and all may execute the editorfile. Marduk is allowed to read or write any file. Fred may read, write, or delete his ownmail file. Many other users may append to that mail file but not read it. Mottl isn’t evenallowed to append to Fred’s mail file. Ramon and Cheri share letters/love.text.Ramon may read and write this file, and Cheri may read it and delete it. Kealoha mayread, write, and delete her prog.text file, and she has allowed Murali to read it aswell.The access matrix is purely a logical construct that we can use to reason about theaccess control situation. It would be unreasonable to store the matrix in one piece, eitherin main store or on secondary store, because it is so large. However, we can divide it upand store it in pieces.objectsfred/letters/mail news love.text editor prog.textfredRWDREmuraliARERsubjectsramonARRWEcheriARRDElottaAREmottlREmardukRWD RWD RWD RWED RWDkealohaARERWDFigure 6.4 <strong>An</strong> access matrix
Page 5 and 6:
ContentsvWhich page should be swapp
Page 7 and 8:
Contentsvii1.3 Interacting with pro
Page 9:
ContentsixBalance is a registered t
Page 12 and 13:
12 Prefaceareas of current activity
Page 14 and 15:
2 Introduction Chapter 1We will giv
Page 16 and 17:
4 Introduction Chapter 1Another way
Page 18 and 19:
6 Introduction Chapter 1executing j
Page 20 and 21:
8 Introduction Chapter 1The running
Page 22 and 23:
10 Introduction Chapter 1waiting fo
Page 24 and 25:
12 Introduction Chapter 1During log
Page 26 and 27:
14 Introduction Chapter 1transput d
Page 28 and 29:
16 Introduction Chapter 1processesA
Page 30 and 31:
18 Introduction Chapter 1Various ev
Page 32 and 33:
20 Introduction Chapter 1decomposit
Page 34 and 35:
22 Introduction Chapter 1created fo
Page 36 and 37:
24 Introduction Chapter 1(The trap
Page 38 and 39:
26 Introduction Chapter 111. How ca
Page 40 and 41:
28 Time Management Chapter 2runread
Page 42 and 43:
30 Time Management Chapter 2the use
Page 44 and 45:
32 Time Management Chapter 2Unfortu
Page 46 and 47:
34 Time Management Chapter 2109FBRR
Page 48 and 49:
36 Time Management Chapter 2How wel
Page 50 and 51:
38 Time Management Chapter 23C81111
Page 52 and 53:
40 Time Management Chapter 2Instead
Page 54 and 55:
42 Time Management Chapter 2middle-
Page 56 and 57:
44 Time Management Chapter 23C81B10
Page 58 and 59:
46 Time Management Chapter 2Process
Page 60 and 61:
48 Time Management Chapter 23.1 Cla
Page 62 and 63:
50 Time Management Chapter 2tapepri
Page 64 and 65:
52 Time Management Chapter 23.4 Cou
Page 66 and 67:
54 Time Management Chapter 25 EXERC
Page 68 and 69:
56 Time Management Chapter 2startin
Page 70 and 71:
58 Space Management Chapter 3Proces
Page 72 and 73:
60 Space Management Chapter 38 bits
Page 74 and 75:
62 Space Management Chapter 3called
Page 76 and 77:
64 Space Management Chapter 3Whethe
Page 78 and 79:
66 Space Management Chapter 320K33K
Page 80 and 81:
68 Space Management Chapter 3bytes
Page 82 and 83:
70 Space Management Chapter 3would
Page 84 and 85:
72 Space Management Chapter 3transl
Page 86 and 87:
74 Space Management Chapter 30 13K0
Page 88 and 89:
76 Space Management Chapter 3When i
Page 90 and 91:
78 Space Management Chapter 3instru
Page 92 and 93:
80 Space Management Chapter 3virtua
Page 94 and 95:
82 Space Management Chapter 3segmen
Page 96 and 97:
84 Space Management Chapter 3unusab
Page 98 and 99:
86 Space Management Chapter 31 cons
Page 100 and 101:
88 Space Management Chapter 3first
Page 102 and 103:
90 Space Management Chapter 3Page t
Page 104 and 105:
92 Space Management Chapter 3the pa
Page 106 and 107:
descriptor base registervirtual add
Page 108 and 109:
96 Space Management Chapter 3This t
Page 110 and 111:
98 Space Management Chapter 3Virtua
Page 112 and 113:
100 Space Management Chapter 3The c
Page 114 and 115:
102 Space Management Chapter 3entir
Page 116 and 117:
104 Space Management Chapter 3To il
Page 118 and 119:
106 Space Management Chapter 33000R
Page 120 and 121:
108 Space Management Chapter 310000
Page 122 and 123:
110 Space Management Chapter 37.6 S
Page 124 and 125:
112 Space Management Chapter 3chang
Page 126 and 127:
114 Space Management Chapter 3When
Page 128 and 129:
116 Space Management Chapter 3Anoth
Page 130 and 131:
118 Space Management Chapter 3lengt
Page 132 and 133:
120 Space Management Chapter 319. S
Page 134 and 135:
122 Resource Deadlock Chapter 4file
Page 136 and 137:
124 Resource Deadlock Chapter 42 DE
Page 138 and 139:
126 Resource Deadlock Chapter 4Atap
Page 140 and 141:
128 Resource Deadlock Chapter 4dead
Page 142 and 143:
130 Resource Deadlock Chapter 41253
Page 144 and 145:
132 Resource Deadlock Chapter 41253
Page 146 and 147:
134 Resource Deadlock Chapter 4to b
Page 148 and 149:
136 Resource Deadlock Chapter 4the
Page 150 and 151:
138 Resource Deadlock Chapter 4most
Page 152 and 153:
140 Resource Deadlock Chapter 4and
Page 154 and 155:
142 Resource Deadlock Chapter 4We m
Page 156 and 157:
144 Resource Deadlock Chapter 4by d
Page 158 and 159: 146 Resource Deadlock Chapter 4(d)
Page 160 and 161: 148 Transput Chapter 5comes from sp
Page 162 and 163: 150 Transput Chapter 5be made. By t
Page 164 and 165: 152 Transput Chapter 5Many operatin
Page 166 and 167: 154 Transput Chapter 5one bit and t
Page 168 and 169: 156 Transput Chapter 52 THE DEVICE
Page 170 and 171: 158 Transput Chapter 5processeskern
Page 172 and 173: 160 Transput Chapter 5language. The
Page 174 and 175: 162 Transput Chapter 5page onto bac
Page 176 and 177: 164 Transput Chapter 5error. After
Page 178 and 179: 166 Transput Chapter 5on the way ou
Page 180 and 181: 168 Transput Chapter 54 DATA MODIFI
Page 182 and 183: 170 Transput Chapter 5If we want B
Page 184 and 185: 172 Transput Chapter 5within a reas
Page 186 and 187: 174 Transput Chapter 5transfer, in
Page 188 and 189: 176 Transput Chapter 5Input buffers
Page 190 and 191: 178 Transput Chapter 5The kernel ca
Page 192 and 193: 180 Transput Chapter 5usersbuffer p
Page 194 and 195: 182 Transput Chapter 5Security: Enc
Page 196 and 197: 184 Transput Chapter 513. The text
Page 198 and 199: 186 File Structures Chapter 6distin
Page 200 and 201: 188 File Structures Chapter 6A flat
Page 202 and 203: 190 File Structures Chapter 6Master
Page 204 and 205: 192 File Structures Chapter 6Figure
Page 206 and 207: 194 File Structures Chapter 6/ (the
Page 210 and 211: 198 File Structures Chapter 6Whenev
Page 212 and 213: 200 File Structures Chapter 6file,
Page 214 and 215: 202 File Structures Chapter 6One si
Page 216 and 217: 204 File Structures Chapter 6Access
Page 218 and 219: 206 File Structures Chapter 6early
Page 220 and 221: 208 File Structures Chapter 6a stud
Page 222 and 223: 210 File Structures Chapter 6file v
Page 224 and 225: 212 File Structures Chapter 6Synchr
Page 226 and 227: 214 File Structures Chapter 6comple
Page 228 and 229: 216 File Structures Chapter 6When a
Page 230 and 231: 218 File Structures Chapter 6descri
Page 232 and 233: 220 File Structures Chapter 6If ext
Page 234 and 235: 222 File Structures Chapter 6Figure
Page 236 and 237: 224 File Structures Chapter 6159234
Page 238 and 239: 226 File Structures Chapter 6machin
Page 240 and 241: 228 File Structures Chapter 6disk i
Page 242 and 243: 230 File Structures Chapter 610 typ
Page 244 and 245: 232 File Structures Chapter 61. Imp
Page 246 and 247: chapter 7THE USER INTERFACEWe have
Page 248 and 249: 236 The User Interface Chapter 7ins
Page 250 and 251: 238 The User Interface Chapter 7Use
Page 252 and 253: 240 The User Interface Chapter 7cop
Page 254 and 255: 242 The User Interface Chapter 7Pro
Page 256 and 257: 244 The User Interface Chapter 7int
Page 258 and 259:
246 The User Interface Chapter 7sim
Page 260 and 261:
248 The User Interface Chapter 7acr
Page 262 and 263:
250 The User Interface Chapter 7ref
Page 264 and 265:
252 The User Interface Chapter 7The
Page 266 and 267:
254 The User Interface Chapter 7pro
Page 268 and 269:
chapter 8CONCURRENCYAs operating sy
Page 270 and 271:
258 Concurrency Chapter 8process Ap
Page 272 and 273:
260 Concurrency Chapter 8ABCDEFGHFi
Page 274 and 275:
262 Concurrency Chapter 82.2 Busy w
Page 276 and 277:
264 Concurrency Chapter 8to arbitra
Page 278 and 279:
266 Concurrency Chapter 8The Intere
Page 280 and 281:
268 Concurrency Chapter 8It is libe
Page 282 and 283:
270 Concurrency Chapter 8share the
Page 284 and 285:
272 Concurrency Chapter 8Variables
Page 286 and 287:
274 Concurrency Chapter 8scope (a b
Page 288 and 289:
276 Concurrency Chapter 816 guard p
Page 290 and 291:
278 Concurrency Chapter 8These rule
Page 292 and 293:
280 Concurrency Chapter 8time, a re
Page 294 and 295:
282 Concurrency Chapter 8 Read(E) r
Page 296 and 297:
284 Concurrency Chapter 81 type2 Se
Page 298 and 299:
286 Concurrency Chapter 8To represe
Page 300 and 301:
288 Concurrency Chapter 822 procedu
Page 302 and 303:
290 Concurrency Chapter 8The parame
Page 304 and 305:
292 Concurrency Chapter 86. Prove t
Page 306 and 307:
chapter 9CO-OPERATING PROCESSESIn C
Page 308 and 309:
296 Co-operating Processes Chapter
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
REFERENCESJ. E. ALLCHIN, M.S.MCKEND
Page 336 and 337:
324 ReferencesR. FINKEL, M.SOLOMON,
Page 338 and 339:
326 ReferencesG. L. PETERSON, ‘
Page 340 and 341:
GLOSSARYMany standard English words
Page 342 and 343:
330 GlossaryBacking store. The larg
Page 344 and 345:
332 GlossaryCiphertext. The result
Page 346 and 347:
334 GlossaryDatabase. A collection
Page 348 and 349:
336 GlossaryEncryption. A data tran
Page 350 and 351:
338 GlossaryHint. Usually but not n
Page 352 and 353:
340 GlossaryLocal. (1) A local page
Page 354 and 355:
342 GlossaryOpen shop. A style for
Page 356 and 357:
344 GlossaryProcess. The execution
Page 358 and 359:
346 GlossaryRotational latency. The
Page 360 and 361:
348 GlossaryStarvation. The situati
Page 362 and 363:
350 GlossaryTrap-door encryption. A
show all

An Operating Systems Vade Mecum

Create successful ePaper yourself

Delete template?

Save as template?