Open In App

Access matrix in Operating System

Improve
Improve
Like Article
Like
Save
Share
Report

Access Matrix is a security model of protection state in computer system. It is represented as a matrix. Access matrix is used to define the rights of each process executing in the domain with respect to each object. The rows of matrix represent domains and columns represent objects. Each cell of matrix represents set of access rights which are given to the processes of domain means each entry(i, j) defines the set of operations that a process executing in domain Di can invoke on object Oj.

Different types of rights:

There are different types of rights the files can have. The most common ones are:

  1. Read- This is a right given to a process in a domain, which allows it to read the file.
  2. Write- Process in domain can write into the file. 
  3. Execute- Process in domain can execute the file. 
  4. Print- Process in domain only has access to printer.

Sometimes, domains can have more than one right, i.e. combination of rights mentioned above. 

Let us now understand how an access matrix works from the example given below. 

  F1 F2 F3 Printer
D1 read   read  
D2       print
D3   read execute  
D4 read write   read write  

Observations of above matrix: 

  • There are four domains and four objects– three files(F1, F2, F3) and one printer. 
  • A process executing in D1 can read files F1 and F3. 
  • A process executing in domain D4 has same rights as D1 but it can also write on files. 
  • Printer can be accessed by only one process executing in domain D2.
  • A process executing in domain D3 has the right to read file F2 and execute file F3.

Mechanism of access matrix: 

The mechanism of access matrix consists of many policies and semantic properties. Specifically, we must ensure that a process executing in domain Di can access only those objects that are specified in row i. Policies of access matrix concerning protection involve which rights should be included in the (i, j)th entry. We must also decide the domain in which each process executes. This policy is usually decided by the operating system. The users decide the contents of the access-matrix entries. Association between the domain and processes can be either static or dynamic. Access matrix provides a mechanism for defining the control for this association between domain and processes.

Switch operation: When we switch a process from one domain to another, we execute a switch operation on an object(the domain). We can control domain switching by including domains among the objects of the access matrix. Processes should be able to switch from one domain (Di) to another domain (Dj) if and only if a switch right is given to access(i, j). This is explained using an example below: 

  F1 F2 F3 Printer D1 D2 D3 D4
D1 read   read     switch    
D2       print     switch switch
D3   read execute          
D4 read write   read write   switch      

According to the above matrix, a process executing in domain D2 can switch to domain D3 and D4. A process executing in domain D4 can switch to domain D1 and process executing in domain D1 can switch to domain D2.

This is all about the basics of the access matrix. To know more about the implementation of access matrix in operating systems, kindly refer to this article https://www.geeksforgeeks.org/implementation-of-access-matrix-in-distributed-os/


Last Updated : 31 May, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads