Open In App

Protection in OS : Domain of Protection, Association, Authentication

Improve
Improve
Like Article
Like
Save
Share
Report

In this, we will cover the overview of Protection in OS, it’s need and Goals of protection. And mainly will focus on Protection in OS like Domain of Protection, Association, Authentication in details. Let’s discuss it one by one.

Need of protection OS :

  • To ensure data safety, process and program safety against illegal user access, or even program access, we need protection. 
  • It is to ensure that programs, resources and data are accessed only according to the systems’ policies. 
  • It is also to ensure that there are no access rights’ breach, no unauthorized access to the existing data, no virus or worms. 
  • There can be security threats such as unauthorized reading, writing, modification or preventing the system to work properly for the authorized users themselves. 

Goals of Protection :

  • Therefore, protection is a method of safeguarding data and processes against malicious and intentional intrusion. For that purpose, we have protection policies that are either designed by the system itself or specified by the management itself or are imposed by the programmers individually to protect their programs with extra safety. 
  • It also gives a multiprogramming OS the sense of safety that is required by its users to share common space like files or directories.
  • The policies bind how the processes are to access the resources present in the computer system, resources like CPU, memory, software and even the OS. Both the OS designer and the application programmer are responsible for this. However, these policies always change from time to time.  

Domain of Protection :

  • The protection policies limit the access of each process with respect to their resource handling. A process is bound to use only those resources which it requires to complete its task, in the time limit that it requires and also the mode in which it is required. That is the protected domain of a process.  
  • A computer system has processes and objects, which are treated as abstract data types, and these objects have operations specific to them. A domain element is described as <object, {set of operations on object}>. 
  • Each domain consists of a set of objects and the operations that can be performed on them. A domain can consist of either only a process or a procedure or a user. Then, if a domain corresponds to a procedure, then changing domain would mean changing procedure ID. Objects may share a common operation or two. Then the domains overlap.

Association between process and domain :
Processes switch from one domain to other when they have the access right to do so. It can be of two types as follows.

  1. Fixed or static –
    In fixed association, all the access rights can be given to the processes at the very beginning but that give rise to a lot of access rights for domain switching. So, a way of changing the contents of the domain are found dynamically. 
     
  2. Changing or dynamic –
    In dynamic association where a process can switch dynamically, creating a new domain in the process, if need be.  

Security Measures :

  • Security measures at different levels are taken against malpractices, such as no person should be allowed on the premises or allowed access to the systems. 
  • The network that is used for the transfer of files must be secure at all times. No alien software must be able to extract information from the network while the transfer. This is known as Network Sniffing, and it can be prevented by introducing encrypted channels of data transfer. Also, the OS must be able to resist against forceful or even accidental violations.
  • The best ways of authentication are using a username password combination, using fingerprint, eye retina scan or even user cards to access the system. 
  • Passwords are a good method to authenticate, but it is also one of the most common as well as vulnerable methods. To crack passwords is not too hard. While there are weak passwords, but even hard passwords can be cracked by either sniffing around or giving access to multiple users or even network sniffing as mentioned above. 

Security Authentication :
To make passwords strong and a formidable authentication source, one time passwords, encrypted passwords and Cryptography are used as follows.

  1. One Time Passwords
    It is used in such a way that it is unique at every instance of login by the user. It is a pair of passwords combined to give the user access. The system generates a random number and the user provides a complementary one or the system and the user are provided a random number by an algorithm and through a common function that the two share they match the output and thus get access.
     
  2. Encrypted Passwords –
    It is also a very way to authenticate access. Encrypted data is passed over the network which does the transfer and checking of the passwords that helps in the data passage without interruption or interception.
     
  3. Cryptography –
    It is another method of ensuring that data transfer over a network is not available to the unauthorized users. This helps in transfer of data with full protection. It protects the data by introducing the concept of a key. The key is very important here. When a user sends the data, he encodes it using a computer possessing the key and the receiver also has to decode the data using the very same key. Thus, even if the data is stolen mid-way, there’s still a big possibility that the unauthorized user cannot access it.

Protection is an essential aspect of an operating system, which ensures the safety and security of system resources and data. It provides a way to control access to resources and ensure that unauthorized access is prevented.

There are three main components of protection in an operating system: domain of protection, association, and authentication.

  1. Domain of Protection: The domain of protection is the set of resources that are controlled by a particular protection mechanism. In an operating system, a domain can be defined as a set of objects that are accessed by a set of subjects. Objects are resources, such as files, memory, and I/O devices, while subjects are entities that access these resources, such as processes, users, and groups. Each domain has a specific set of rules that govern the access to its objects by its subjects.
  2. Association: Association is the mapping of a subject to a domain of protection. In other words, it is the relationship between a subject and the set of resources that it is authorized to access. In an operating system, association can be defined as the process of assigning a subject to a domain of protection based on its authentication credentials. Authentication credentials can be a password, a digital certificate, or a biometric identifier.
  3. Authentication: Authentication is the process of verifying the identity of a subject before granting access to protected resources. Authentication is an essential component of protection because it ensures that only authorized subjects can access protected resources. In an operating system, authentication can be implemented using various methods, such as passwords, digital certificates, smart cards, and biometric identifiers.
  4. In summary, protection in an operating system is achieved through the combination of domain of protection, association, and authentication. The domain of protection defines the set of resources that are controlled by the protection mechanism, association maps subjects to domains of protection, and authentication ensures that only authorized subjects can access protected resources.

Last Updated : 24 Apr, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads