Understanding Access Matrix Implementation Techniques

IMPLEMENTATION OF ACCESS MATRIX By:Shalaka 411158 Refer :Galvin Pg:602-604

Various methods of implementing access matrix Global table: The simplest implementation of access matrix is a global table consisting of a set of ordered triples< domain , object, right-set>. when an operation M is executed the global table is searched for triple<Di,Oj,Rk> with m Rk. If this is found operation is allowed to continue,otherwise an exception condition is raised. The main drawback of this is that the table is very large so it cannot be kept in main memory.

Access lists for objects:when an operation M on object Oj is attempted in domain Di, we search the access list for object Oj,looking for an entry<Di,Rk> with M Rk. If entry is found,allow operation ,if not, we check default set. If M is in default set we allow access otherwise the access is denied and an exception condition occurs.

Capability lists for domains: rather than associating the columns of the access matrix with the objects as access list, we can associate each row with its domain. A capability list for a domain is a list of objects together with the operations allowed on those objects. An object is often represented by physical name called capability. A capacility list is itself a protected object maintained by OS and accessed by user indirectly.

Contd To provide inherent protection we must distinguish capabilities from other kinds of objects and they must be interpreted by an abstract machine on which higher level programs run. Capabilities are distinguished as follows: Each object has a tag to denote whether it is accessible. the tags themselves are not accessible. Although only one bit is enough to distinguish between capabilities and other objects, more bits are often used.

The address space associated with a program can be split into two parts. One part is accessible to the program and contains the programs data and instructions. The other part containing the capability list is accessible only by the OS. Lock-key mechanism: it s a comparison between access lists and capability list. Each object has a unique bit pattern called locks similarly every domain has a unique bit pattern called keys. A process can access only if that domain has a key that matches one of the locks of the object.

Comparison:using a global table is simple however the table can be quiet large and often cannot take advantage of special groupings of objects and domains. Use of access lists can also be done but since access rights information for a particular domain is not localized,determining the set of access rights for each domain is difficult. Capability list do not correspond directly to the needs of users. the process attempting access must present a capability for access. The lock key is a compromise between access lists and capability lists. The mechanism is both effective and flexible depending on the length of the keys.

Questions Explain the various methods of implementing access matrix. Give a comparison between all methods of implementing access matrix.

THANK-YOU