Principles of Protection
- The principle of least privilege commands that users, programs and systems be given just an adequate amount of privileges to perform their tasks.
- This make sure that failures do the slightest amount of harm and allow the least of harm to be done.
- Normally, each user is given their own account, and has only adequate privilege to modify their own files.
- The root-account should not be used for usual day to day events. The System Administrator should also have a normal account, and standby use of the root account for only those tasks which need the root privileges
Domain of Protection
- A computer might be noticed as a collection of processes and objects both HW & SW.
- The requisite to know principle states that a process should only have access to those objects it desires to accomplish its task, and moreover only in the manners for which it needs access and only during the time frame when it requires access.
- The approaches available for a specific object may depend upon its type.
- The ideal of protection that have been discussing might be viewed as an access matrix, in which columns signify different system resources and rows denote different protection domains. Entries within the matrix specify what access that domain has to that resource.
Figure: Matrix Access
Implementation of Access Matrix
Access matrix can be implemented by given practices:
- Global table
- Access lists for objects
- Capability lists for domains
- A lock and key mechanism
- Role-Based Access Control (RBAC) allocates privileges to programs, users or roles as suitable, where “privileges” refer to the right to call certain system calls, or to use certain restrictions with those calls.
- RBAC supports the principle of least-privilege, and decreases the susceptibility to abuse as opposed to SGID or SUID programs.