Text Exercise

Text Exercise
Meghana Oruganti
SEC 6030
Wilmington University

Text Exercise

2
Chapter-5

1.
Give an example of the use of physical separation for security in a computing
Environment.
Physical separation use different physical objects for different users. It is very easy to implement
but very expensive.
2. Give an example of the use of temporal separation for security in a computing
environment.
Temporal separation executes different programs at different times.
3. Give an example of an object whose sensitivity may change during execution.
Compiler-based systems
4. Respond to the allegation An operating system requires no protection for its executable
code (in memory) because that code is a duplicate of code maintained on disk.
I think the given statement is false.
5. Explain how a fence register is used for relocating a users program.
Fencing is an early type of memory management intended to guarantee applications and
client information don't degenerate the working framework. The soonest, and most essential type
of fencing basically isolated the working framework and client information into two segments,
making limits on either side. While compelling for isolating the OS from information, the limits
were altered so neither one of the sides could grow past a specific point making a wall
exceptionally prohibitive.
6. Can any number of concurrent processes be protected from one another by
just one pair of base/bounds registers?
User processes is restricted to access only memory locations, which belong to one
particular process.
The base and bound registers give an essential capability of connection exchanging.
Users are shielded from their own particular projects and in addition the projects of different
clients.
Can be utilized to move code and information separately.
7. The discussion of base/bounds registers implies that program code is execute only
and that data areas are read-write-only. Is this ever not the case? Explain your answer.
No,
8. A design using tag bits presupposes that adjacent memory locations hold dissimilar
things: a line of code, a piece of data, a line of code, two pieces of data, and so forth. Most

Text Exercise

programs do not look like that. How can tag bits be appropriate in a situation in which
programs have the more conventional arrangement of code and data?
One memory location may be protected as execute-only (for example, the object code of
instructions), whereas another is protected for fetch-only (for example, read) data access, and
another accessible for modification (for example, write). In this way, two adjacent locations can
have different access rights.
Furthermore, with a few extra tag bits, different classes of data (numeric, character,
address, or pointer, and undefined) can be separated, and data fields can be protected for
privileged (operating system) access only.
This protection technique has been used on a few systems, although the number of tag
bits has been rather small. The Burroughs B6500-7500 system used three tag bits to separate data
words, descriptors (pointers), and control words (stack pointers and addressing control words).
The IBM System/38 used a tag to control both integrity and access.
9. What are some other modes of access that users might want to apply to code or data, in
addition to the common read, write, and execute permission?
There are three sets of read/write/execute permissions: one set for the user of the file, one
set for the group of the file, and one set for everyone else (other). These permissions are
determined by 9 bits in the i-node information, and are represented by the characters
"rwxrwxrwx." The first three characters specify the user, the middle three the group, and the last
three the world. If the permission is not true, a dash is used to indicate lack of privilege. If you
wanted to have a data file that you could read or write, but don't want anyone else to see, the
permission would be "rw-------."
10. If two users share access to a segment, they must do so by the same name. Must their
protection rights to it be the same? Why or why not?
Two processes that need to share access to a single segment would have the same
segment name and address in their segment tables. Two or more users can share access to a
segment, with potentially different access rights.
11. A problem with either segmented or paged address translation is timing. Suppose a user
wants to read some data from an input device into memory. For efficiency during data
transfer, often the actual memory address at which the data are to be placed is provided to
an I/O device. The real address is passed so that time consuming address translation does
not have to be performed during a very fast data transfer. What security problems does
this approach bring?
With a segmentation approach, a programmer must be conscious of segments. However, a
programmer is oblivious to page boundaries when using a paging-based operating system.
Moreover, with paging there is no logical unity to a page; a page is simply the next 2n bytes of
the program. This shift is not something about which the programmer need be concerned,
because the entire mechanism of paging and address translation is hidden from the programmer.

Text Exercise

However, when we consider protection, this shift is a serious problem. Because segments
are logical units, we can associate different segments with individual protection rights, such as
read-only or execute-only. The shifting can be handled efficiently during address translation. But
with paging, there is no necessary unity to the items on a page, so there is no way to establish
that all values on a page should be protected at the same level, such as read-only or execute-only.
12. A directory is also an object to which access should be controlled. Why is it not
appropriate to allow users to modify their own directories?
A directory is a mechanism by which access control rights can be maintained. In
particular, a list is kept on a per user basis of which files that user has access to. If the user also
had write permissions to the directory itself, he or she could modify his or her own permissions
to any file on the system. This clearly could be used to subvert the access control policies of
other users on the system and therefore cannot be allowed.
13. Why should the directory of one user not be generally accessible to other users (not
even for read-only access)?
Each file has a unique identity which has "control" access right and to deny access to any
individual at any time. Every user has a file directory, which lists all the data files to which that
user has access.
Clearly, no user can be permitted to write in the file directory since that would be an
approach to forge access to a file. The operating systems must keep up all file entities and
directories, under charges from the owners of the files. The rights to files are the common read,
write and execute commonplace on many-shared system. Besides, another right, owner, is
controlled by the owner, allowing the user to give and deny access rights.

14. File access control relates largely to the secrecy dimension of security. What is the
relationship between an access control matrix and the integrity of the objects to which
access is being controlled?
File and I/O device access control: The operating system must protect user and system
files from access by unauthorized users. Similarly, I/O device use must be protected. Data
protection is usually achieved by table lookup, as with an access control matrix. In order to
prevent the damage caused by breach of security, it is very essential to achieve Confidentiality,
Integrity and Availability of the system.

15. One feature of a capability-based protection system is the ability of one process to
transfer a copy of a capability to another process. Describe a situation in which one process
should be able to transfer a capability to another.
One possible way to access right to an object is transfer or propagate. A subject having
this privilege can pass duplicates of capabilities to different subjects. Thus each of these

Text Exercise

capabilities has a rundown of allowed sorts of gets to, one of which may likewise be transfer. In
this example, handle A can pass a duplicate of a capability to B, who can then pass a duplicate to
C. B can forestall further conveyance of ability by overlooking the exchange right from the rights
went in the capacity to C. B may even now pass certain entrance right to C, yet not the rights to
propagate access rights to different subjects.
As a procedure executes, it works in a space. The domain is the gathering of items to
which the process has admittance. As execution proceeds with, the procedure may call a
subprocedure, passing some of the objects to which it has admittance as contentions to the sub
system. A calling strategy may pass just some of its objects to the sub technique and may have
entry rights to different items not accessible to the calling procedure. The caller may pass just
some of its access rights for the object it goes to the sub procedure.

16. Describe a mechanism by which an operating system can enforce limited transfer of
capabilities. That is, process A might transfer a capability to process B, but A wants to
prevent B from transferring the capability to any other processes.
Your design should include a description of the activities to be performed by A and B, as
well as the activities performed by and the information maintained by the operating
system.

17. List two disadvantages of using physical separation in a computing system. List two
disadvantages of using temporal separation in a computing system.
In physical separation, different processors use different physical objects. Disadvantages
are:
i) This technique prompts the poor usage of resources, which drives to performance debasement
of the system.
ii) System prerequisites are much higher when contrasted with other methods, because of need of
independent physical objects for various procedure

18. Explain why asynchronous I/O activity is a problem with many memory protection
schemes, including base/bounds and paging. Suggest a solution to the problem.
The biggest advantage to the operating system with fence register is to relocate the
system. We can solve this problem by using another pair of base/bound registers, one for the
instruction of the program and a second for the data space. Then only instruction fetches are
relocated and checked with the first register pair and only data accesses are relocated and
checked with the second register pair. Although two pair of register does not prevent all program
errors, they limit the effect of data manipulating instruction to the data space. The pair of register

Text Exercise

offers another more important advantage: the ability to split a program into two pieces that can
relocated separately.
19. Suggest an efficient scheme for maintaining a per-user protection scheme. That is, the
system maintains one directory per user, and that directory lists all the objects to which the
user is allowed access. Your design should address the needs of a system with 1000 users, of
whom no more than 20 are active at any time. Each user has an average of 200 permitted
objects; there are 50,000 total objects in the system.

20. A flaw in the protection system of many operating systems is argument passing. Often a
common shared stack is used by all nested routines for arguments as well as for the
remainder of the context of each calling process.
(a) Explain what vulnerabilities this flaw presents.
(b) Explain how the flaw can be controlled. The shared stack is still to be used for passing
arguments and storing context.
Vulnerabilities May have these flaws:
(a)
Utilizing a typical stack may be once in a while in order to delude the procedures.
One procedure may utilize different procedure contentions and assets
The contents of the stack might be debased by whatever other process, which may interfere with
alternate procedure execution.
(b) The defect can be controlled by partitioning the stack and distributing the stack to every
process. The access restrictions can be connected to the procedures with the goal that they cannot
get to different procedure stack content.