Protection

• File Protection. It is up to the OS to manage the system security so that files are only accessible to authorized users. Files in UNIX are protected by assigning each one a 9-bit binary protection code.
  • Three bit fields, one for owner, one for other members of the owner's group, and one for everyone else.
  • Each field has a bit for read access, a bit for write access, and a bit for execute access.
  • $(d)rwxr-x-x$
• OS Protection. OS must protect itself from users; reserved memory only accessible by OS. The OS is responsible for allocating access to memory space and CPU time and peripherals etc., and it will control dedicated hardware facilities:
  • The memory controller, control to detect and prevent unauthorized access.
  • A timer will also be under OS control to manage CPU time allocation to programs competing for resources.
• User Protection. OS may protect users from another user. A fundamental requirement of multiple users of a shared computer system is that they do not interfere with each other. This gives rise to the need for separation of the programs in terms of their resource use and access:
  • If one program attempts to access main memory allocated to some other program, the access should be denied and an exception raised.
  • If one program attempts to gain a larger proportion of the shared CPU time, this should be prevented.
• One approach to implementing resource allocation is to have at least two modes of CPU operation (see 2.5.1)