DISTRIBUTED SYSTEM

PROTECTION IN OS

Protection in an operating system (OS) refers to mechanisms for controlling access to resources (such as memory, files, and CPU time) to ensure that only authorized processes or users can access them. This is crucial for maintaining system stability, security, and integrity.

Protection Domain:

• Defines the set of resources a process can access and the type of operations permitted on those resources.
• Each process operates within a protection domain, which can be based on the user, group, or role.

Access Control:

• Mechanisms to control who can access what resources and in what manner.
• Common models include discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC).

Principle of Least Privilege:

• Ensures that processes have the minimum privileges necessary to perform their tasks.
• Reduces the risk of accidental or malicious misuse of resources.

Need of Protection in OS

Security risks, such as unauthorized reading, writing, modification, or interference with system functionality for authorized users, pose significant threats. Ensuring data security, process security, and program security against unauthorized user or program access is essential. It is crucial to prevent breaches of access rights, protect against viruses, and block unauthorized access to existing data. The primary goal is to ensure that only authorized policies, programs, resources, and data are accessed according to the system's policies.

Example of Role-Based Access Control (RBAC):

Roles:
- Administrator: full access to all resources
- Editor: read and write access to documents
- Viewer: read-only access to documents

User Assignments:
- Alice: Administrator
- Bob: Editor
- Carol: Viewer