Morse theory

Types of Access

The need to protect files is a direct result of the ability to access files. Systems that do not permit access to the files of other users do not need protection. Thus, we could provide complete protection by prohibiting access. Alternatively, we could provide free access with no protection.

Both approaches are too extreme for general use. What is needed is controlled access.

Protection mechanisms provide controlled access by limited the types of file access that can be made. Access is permitted or denied depending on several factors, one of which is the type of access requested. Several different types of operations may be controlled:

 Read: Read from a file.

 Write: Write or rewrite the file.

 Execute: Load the file into memory and execute it.

 Append: Write new information at the end of the file.

 Delete: Delete the file and free its space for possible reuse.

 List: List the name and attributes of the file.

Other operations, such as renaming, copying, or editing the file, may also be controlled.

3.1 Hardware protection

A properly designed OS must ensure that an incorrect (or malicious) program cannot cause other programs to execute incorrectly.

Many programming errors are detected by the hardware. These errors are normally handled by the operating system. If a user program fails in some way, such as by making an attempt either to execute an illegal instruction, or to access memory that is not in the user’s address space, then the hardware will trap to the operating system, just like an interrupt.

Whenever a program error occurs, the operating system must normally terminate the program.

The following will be discussed: I/O Protection, Memory Protection and CPU Protection.

I/O Protection

A user program may disrupt the normal operation of the system by issuing illegal I/O instructions, by accessing memory locations within the operating system itself, or by refusing to relinquish the CPU. We can use various mechanisms to ensure that such disruptions cannot take place in the system. To prevent users from performing illegal I/O, we define all I/O instructions to privileged instructions. Thus, users cannot issue I/O instructions directly, they must do it through the operating system.

Memory Protection

To ensure correct operation, we must protect the interrupt vector from Modification by a user program. In addition, we must also protect the interrupt-service routines in the operating system from modification. Even if the user did not gain unauthorized control of the computer, modifying the interrupt service routines would probably disrupt the proper operation of the computer system.

We see that we must provide memory protection at least for the interrupt vector and the

interrupt-service routines of the operating system. In general, we want to protect the operating system from access by user programs, and in addition, to protect user programs from one another. This protection must be provided by the hardware.

CPU Protection

In addition to protecting I/O and memory, we must ensure that the operating system maintains control. We must prevent a user program from getting stuck in an infinite loop or not calling system services, and never returning control to the operating system. To accomplish this goal, we can use a timer. A timer can be set to interrupt the computer after a specified period. The period may be fixed or variable.

Before turning over control to the user, the OS ensures that the timer is set to interrupt. If the timer interrupts, control transfers automatically to the OS, which may treat the interrupt as a fatal error or may give the program more time. Clearly, instructions that modify the operation of the timer are privileged.

One of the most published threats to security is the intruder (the other is viruses), generally referred to as a hacker or cracker. The front of defense against intruders is the password system.

Activity A

Write short notes on the different types of protection mechanism.

4.0 Conclusion

The need to protect files is a direct result of the ability to access files. Systems that do not permit access to the files of other users do not need protection. To prevent users from performing illegal I/O, we define all I/O instructions to privileged instructions. Thus, users cannot issue I/O instructions directly, they must do it through the operating system. To ensure correct operation, we must protect the interrupt vector from modification by a user program. In addition to protecting I/O and memory, we must ensure that the operating system maintains control of the system resources. We must prevent a user program from getting stuck in an infinite loop or not calling system services, and never returning control to the operating system

5.0 Summary

In this unit, we have learnt:

(a) about file access prohibition methods for the purpose of file security.

(b) that I/O protection mechanism can be used to prevent users from performing illegal I/O.

(c) the protection of memory, CPU and OS from unauthorized access by user’s programs.

6.0 Tutor Marked Assignment

Describe protection mechanism for any two (2) of the following: memory, I/O device, Programs, Data, file.