Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CMPT 300 > Protection, Pt. 2 > Flashcards

Protection, Pt. 2 Flashcards

1
Q

Policy vs. Mechanism with a Matrix

A

Mechanism
-Operating system provides access matrix + rules
-Matrix is only manipulated by authorized users
-Rules are strictly enforced
Policy
-Users/admins dictate policy (who can access what object in what mode)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Implementation of Access Matrix

A
  • Global Table
  • Access Control List
  • Capability List
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Global Table

A
  • The matrix is large and sparse - additional I/O
  • Grouping can help reduce the size
  • Repetition of access rights for defaults
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Control List (ACL)

A
  • Each column has a list of domains that can access it and what type of access
  • Can support default rights
  • Difficult to determine access rights of a domain
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Capability List

A
  • Each row has a list of objects and what operations are allowed on them
  • Difficult to revoke capabilities of an object
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Schemes to Implement Revocation

A
  • Back-pointers (pointers maintained to object with capabilities)
  • Indirection (capabilities point to entry in global table)
  • Reacquisition (periodically delete capability from each domain)
  • Keys (objects have a master key, capabilities have a copy of the key, revocation is done by changing the master key, objects can hold multiple keys)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Capabilities/ACL

A
  • When a process tries to access object, ACL is searched
  • If approved, a capability is created and attached to that process
  • Subsequent accesses use the capability for faster check
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Protection in Unix

A

ACL can be long and time consuming to search, so Unix has three classes: owner, group, and universe (rwx stuff)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Problems with rwx

A
  • If you want more than three different classes, you need to do something else
  • Solaris and Linux create on-demand ACL if more access classes are required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A user in one domain may need to execute a command allowed only in ____

A

Another domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Temporary Domain Switching

A
  • Each executable file has a setuid bit associated with it
  • When setuid bit is set to 1, any user will execute the file with the same privileges as the owner of the file
  • Use ā€œsā€ in place of the x bit
  • setgid is the same, but for groups instead of users
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CMPT 300 (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions