Implementation of Access Matrix in Distributed OS

As earlier discussed access matrix is likely to be very sparse and takes up a large chunk of memory. Therefore direct implementation of access matrix for access control is storage inefficient.

The inefficiency can be removed by decomposing the access matrix into rows or columns.Rows can be collapsed by deleting null values and so for the columns to increase efficiency. From these approaches of decomposition three implementation of access matrix can be formed which are widely used. They are as follows:

1. Capabilities
2. Access Control List
3. Lock and Key Method 

So we are going to discuss in brief about the above implementation.
Its worth remembering that we are denoting subjects by s and objects by O and putting them on columns and rows respectively.

  1. Capabilities:
    This method refers to row wise decomposition of the access matrix. Each Subject is assigned with a list of tuples (o, M[s, o]) for all objects o that it is allowed to access. This tuples are called Capabilities. If a subject possess a capability (o, M[s, o]) then it is allowed to access object o in the manner which is described in M[s, o]. A subject is allowed to access any objects for which it holds the capabilities.Capabilities are not meant to be forged.

    Capabilities contain two fields:



    (i) Object Descriptor, 
    (ii) Access Rights 

    Object Descriptor may contain the address of the objects and Access Rights may contain the rights which the subject has on object, mainly read write, execute. Since object Descriptor contains address it may be used as an addressing mechanism also.

    Below is the format of capability.

  2. Access Control List:
    This method refers to column wise decomposition of the access matrix . Each object o has a list containing tuples like (s, M[s, o]) for all subjects s which can access the object.P[s, o] denotes the rights of the subject s on the object o.

    when a subject s request to access \alpha to the object o it is executed in the following manner.

    • The system searches the access control list of o to find out if an entry (s, \phi) exist for subject s
    • If and entry (s, \phi) exists for subject s then the system checks to see if the requested access is permitted or not.(i.e., \alpha \epsilon \phi)
    • If the requested access is permitted then the request is executed else an appropriate exception is raised.

    Below is a sample implementation of Access Control List of an object o.

    ;

    Subjects Access Right
    ravi Read, Write, Execute
    rana Read
    jeffy Write
    alice Execute

    Easy revocation and Easy review of an access are the major feature of access control list.

  3. Lock and key Method:
    The lock and key method is an hybrid of the access control list and capabilities method.

    In the lock and key method, every subject has a capability list that contains tuples of the form (o, key), indicating the subject can access object o using key key. Objects has an access control list that contains tuples of the form (lock, \phi), called a lock entry indicating lock lock can be accessed by modes in the set \phi.

    When the subject makes the request to access object o in mode \alpha, the system executes in the following manner.

    • The system locates the tuple (o, key) in the capability list of the subject. If no such tuple id found, the access is not permitted.
    • Otherwise the access is permitted only if there exists a lock entry (lock, \phi) in the access control list of object o such that key=lock and \alpha \epsilon \phi

So this were the the implementations of the access matrix that are most commonly used . We have have Discussed the Processes in a brief and compact way. The usage, advantages and disadvantages can be covered in later posts.

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.