Multiprogrammed Operating Systems

• Manage and protect resources
• memory
• file systems
• I/O devices
• Oversee execution of programs
• Enforce controlled sharing

Security by Separation

• Physical
• Temporal
• Logical
• Cryptographic
• Separation leads to poor resource utilization
• too expensive
• complex to implement

Security with Degrees of Sharing

• Sensitive procedures run at different times
• Processes confined to their own domain
• Objects are strictly public or private
• Control access of objects
• Share by user capabilities
• Limit use of objects

Protecting Memory

• Relocation
• Variable fence registers (base and bounds registers)
• Segmentation
• Paging
• Combined segmentation and paging

Segmentation

• Accomplishes hiding of addresses
• Each segment has a unique name
• Addresses are pairs <name, offset>
• OS maintains a table of segment addresses in physical memory
• User program does not know what the true address is

Advantages of Hiding Addresses

• OS can move segments around
• only needs to update segment address table
• OS can remove a segment from memory if its not being used
• OS has a built in opportunity to check every address reference
• Programmer can assign protection levels

Paging

• Transparent to the programmer and process
• Addresses are pairs <page, offset>
• OS maintains a table of pages’ physical addresses
• Scalable -- there can be a hierarchy of page tables
• Good address hiding

Access Control

• Access control mechanisms enforce security policies
• controls permission to access an object
• Discretionary and Mandatory
• Permission mechanisms and Access Matrices
• Procedure-oriented access control
• A procedure controls access to an object
• Implements information hiding -- all accesses must go through the procedure

Access Control List and Capability Mechanisms

• Access control list (ACL)
• A list of valid subjects (users) is assigned to each object
• Usually a DAC mechanism
• Capabilities
• A list of assessable objects is assigned to each subject (user)
• Likely to be MAC

File System Protection

• Group protection
• files are shared with members of the group
• outsiders may have read only privileges
• Single permissions
• password (owner of file can assign a password)
• temporary permission (usually procedure oriented)

Identification and Authentication

• Identification -- procedures and mechanisms that allow subjects to notify a system of their identity
• Authentication -- procedures and mechanisms that allow the system to ensure that the stated identity of a subject is correct