Term
| Principle of Least Privilege |
|
Definition
| Programs, users and systems only be given just enough privileges to perform their tasks. |
|
|
Term
| Object (with respect to protection) |
|
Definition
| Has two main categories, Hardware objects and software objects. Hardware objects are CPU, Memory segments, printers, disks, and other things. Software objects are files, programs and semaphores. |
|
|
Term
|
Definition
| Specifies the resources that a process may access. |
|
|
Term
|
Definition
| The ability to execute an operation on an object. |
|
|
Term
| Static (Association between process and domain) |
|
Definition
| The list of resources available to the process is fixed throughout the process lifetime. |
|
|
Term
| Dynamic (Association between process and domain) |
|
Definition
| The list of resources available to the process is not fixed throughout the process lifetime. |
|
|
Term
|
Definition
| An abstract way to view protection. The rows of the matrix represent the domains, and the columns represent objects. |
|
|
Term
| Copy (With respect to access rights) |
|
Definition
| Allows the copying of the access right only within the column for which the right is selected. |
|
|
Term
| Transfer (With respect to access rights) |
|
Definition
| Moving a right from one domain to another. |
|
|
Term
| Limited copy (With respect to access rights) |
|
Definition
| A copy of some of the rights but not all of them. |
|
|
Term
| Owner (With respect to access rights) |
|
Definition
| If a process has this right then it can add or remove any right in any entry for the object. |
|
|
Term
| Control (With respect to access rights) |
|
Definition
| If a process has control rights then it can remove access rights for other processes. |
|
|
Term
|
Definition
| The problem of guaranteeing that no information initially held in an object can migrate outside its execution environment. It is generally unsolvable. |
|
|
Term
|
Definition
| A list of ordered pairs of (domain, rights-set). Stores permissions with the object. Makes answering the question of who can access this object easy. Makes the question of "what objects can I, as a process, access" hard. |
|
|
Term
|
Definition
| Stores the permissions with domain. |
|
|
Term
|
Definition
| List of keys for each domain, list of locks for each objects. Allows operation is there is a match. |
|
|
Term
| Revocation (of access rights) |
|
Definition
| Taking away access rights to on object from a domain. Main questions about it: Immediate versus delayed, selective versus general, partial versus total, temporary versus permanent. |
|
|
Term
| Language-Based Protection |
|
Definition
| More fine-grained protection. Differs based on the operating system. |
|
|
Term
| Stack Inspection (With respect to language-based protection) |
|
Definition
| Looks for some code to take responsibility for a protected action. |
|
|
Term
|
Definition
| Allowing processes to change their domain if it is permitted. |
|
|
