Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Domain of Protection

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 7

By: Ghulam Rabbani

Domain of Protection
A computer can be viewed as a collection of processes and objects ( both HW & SW ).

The need to know principle states that a process should only have access to those objects it needs to accomplish its task, and furthermore only in the modes for which it needs access and only during the time frame when it needs access.
The modes available for a particular object may

depend upon its type.

Domain Structure
A protection domain specifies the resources that a process may access. Each domain defines a set of objects and the types of operations that may be invoked on

each object. An access right is the ability to execute an operation on an object. A domain is defined as a set of < object, { access right set } > pairs, as shown below. Note that some domains may be disjoint while others overlap.

Diagram

The association between a process and a domain may be static or dynamic. If the association is static, then the need-to-know principle requires a way of changing the contents of the domain dynamically. If the association is dynamic, then there needs to be a mechanism for domain switching. Domains may be realized in different fashions - as users, or as processes, or as procedures. E.g. if each user corresponds to a domain, then that domain defines the access of that user, and changing domains involves changing user ID.

Understanding Protection Domains


There are two protection domains in the operating system:

the user protection domain and the kernel mode protection domain.

User Protection Domain


Application programs run in the user protection domain,

which provides: Read and write access to the data region of the process Read access to the text and shared text regions of the process Access to shared data regions using the shared memory functions

KERNEL PROTECTION DOMAIN


The code in the kernel and kernel

extensions run in the kernel protection domain. This code includes interrupt handlers, kernel processes, device drivers, system calls, and file

You might also like