D686: Operating Systems for Computer Scientists (chapter 16)

mechanisms

implement the enforcement of protection policies and control access to resources

policies

set rules for how resources should be accessed and used, providing guidelines for access control

principle of least privilege

A design principle stating that every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.

permissions

An entity's access rights to an object (e.g., a user's access rights to a file).

compartmentalization

The process of protecting each system component through the use of specific permissions and access restrictions.

audit trail

The collection of activities in a log for monitoring or review.

defense in depth

The theory that more layers of defense provide stronger defense than fewer layers.

privilege separation

a security technique that divides system operations into different levels of access or privileges, restricting higher-privileged tasks to certain users or processes to reduce the risk of unauthorized access or damage to critical system components

protection rings

a model for privilege separation where concentric rings represent different privilege levels, with inner rings having higher privileges

ring 3

the outermost ring with the lowest privileges, where user-mode code runs with restricted access

ring 0

the innermost ring with the highest privileges, where the kernel operates with full access

hypervisor

The computer function that manages the virtual machine; also called a virtual machine manager (VMM).

TrustZone (TZ)

ARM processor implementation of the most secure protection ring.

secure monitor call (SMC)

An ARM processor special instruction that can be used by the kernel to request services from the TrustZone.

hardware objects

The CPU, memory devices, input/output (I/O) devices, and any other physical components that are part of a computer

software objects

The software components that make up a computer or device (files, programs, semaphores, etc.).

need-to-know principle

The principle that only those resources currently needed should be available to use at a given time.

protection domain

In protection, a set of resources that a process may access. In virtualization, a virtual machine manager creates a protection domain for each guest to inform the CPU of which physical memory pages belong to that guest.

access right

The ability to execute an operation on an object.

domain switching

The mechanism for switching dynamic domains

access matrix

An abstract model of protection in which each row represents a domain, each column an object, and each entry a set of access rights.

confinement problem

The problem of guaranteeing that no information initially held in an object can migrate outside of its execution environment.

access list

a set of rules that controls the permissions granted to users or systems for accessing various resources, such as files, directories, or network services

capability list

a protection mechanism listing objects and the permitted operations on each

capability

a token or key representing an object's access rights in a capability list

role-based access control (RBAC)

a method of access control in which roles rather than individual users directly receive permissions, enhancing security and simplifying administration

mandatory access control (MAC)

security settings enforced by system policies that restrict access based on predefined rules and labels.

role

a predefined set of permissions assigned to users based on their organizational position or function within RBAC systems

discretionary access control (DAC)

permission system that allows users to decide who can access files and resources

labels

identifiers assigned to objects or users in a system; used to enforce security policies