Access Matrix in Operating System
Last Updated :
10 Aug, 2024
An Access Matrix is a digital model utilized to control and manage permissions. This model defines the rights each user has for different resources. In simple terms, it’s a table that shows what actions an individual or a group of users can perform on specific objects within a system.
It represents the access control mechanism that specifies which actions (e.g., read, write, execute) are allowed or denied for each subject on each object.
Different Types of Rights
There are different types of rights the files can have. The most common ones are:
- Read- This is a right given to a process in a domain that allows it to read the file.
- Write- Process in the domain can be written into the file.
- Execute- The process in the domain can execute the file.
- Print- Process in the domain only has access to a printer.
Sometimes, domains can have more than one right, i.e. combination of rights mentioned above.
Let us now understand how an access matrix works from the example given below.
| | F1 | F2 | F3 | Printer |
|---|
| D1 | read | | read | |
| D2 | | | | print |
| D3 | | read | execute | |
| D4 | read write | | read write | |
Observations of Above Matrix
- There are four domains and four objects– three files(F1, F2, F3) and one printer.
- A process executing in D1 can read files F1 and F3.
- A process executing in domain D4 has same rights as D1 but it can also write on files.
- Printer can be accessed by only one process executing in domain D2.
- A process executing in domain D3 has the right to read file F2 and execute file F3.
Mechanism of Access Matrix
The mechanism of access matrix consists of many policies and semantic properties. Specifically, we must ensure that a process executing in domain Di can access only those objects that are specified in row i. Policies of access matrix concerning protection involve which rights should be included in the (i, j)th entry. We must also decide the domain in which each process executes. This policy is usually decided by the operating system. The users decide the contents of the access-matrix entries. Association between the domain and processes can be either static or dynamic. Access matrix provides a mechanism for defining the control for this association between domain and processes.
Switch operation: When we switch a process from one domain to another, we execute a switch operation on an object(the domain). We can control domain switching by including domains among the objects of the access matrix. Processes should be able to switch from one domain (Di) to another domain (Dj) if and only if a switch right is given to access(i, j). This is explained using an example below:
| | F1 | F2 | F3 | Printer | D1 | D2 | D3 | D4 |
|---|
| D1 | read | | read | | | switch | | |
| D2 | | | | print | | | switch | switch |
| D3 | | read | execute | | | | | |
| D4 | read write | | read write | | switch | | | |
According to the above matrix, a process executing in domain D2 can switch to domain D3 and D4. A process executing in domain D4 can switch to domain D1 and process executing in domain D1 can switch to domain D2.
Implementations
There are various methods of implementing the access matrix in the operating system such as.
- Global Table
- Access Lists for Objects
- Capability Lists for Domains
Global Table:
A single table with rows and columns, where rows represents subjects and columns represents objects. Each cell of the global table contains the access for the subject-object pair.
Example
Python
class AccessMatrix:
def __init__(self, subjects, objects):
self.subjects = subjects
self.objects = objects
self.matrix = {subject: {obj: set() for obj in objects} for subject in subjects}
def set_permission(self, subject, obj, right):
if subject in self.matrix and obj in self.matrix[subject]:
self.matrix[subject][obj].add(right)
def check_permission(self, subject, obj, right):
return right in self.matrix.get(subject, {}).get(obj, set())
# Example usage
subjects = ['user1', 'user2']
objects = ['file1', 'file2']
am = AccessMatrix(subjects, objects)
am.set_permission('user1', 'file1', 'read')
print(am.check_permission('user1', 'file1', 'read')) # Output: True
print(am.check_permission('user2', 'file1', 'read')) # Output: False
Access Lists for Objects:
This is a column wise representation of access matrix and allows subjects to access specific objects according to the access list.
Example
Python
class ACL:
def __init__(self):
self.acl = {}
def add_object(self, obj):
if obj not in self.acl:
self.acl[obj] = {}
def set_permission(self, obj, subject, right):
if obj in self.acl:
if subject not in self.acl[obj]:
self.acl[obj][subject] = set()
self.acl[obj][subject].add(right)
def check_permission(self, obj, subject, right):
return right in self.acl.get(obj, {}).get(subject, set())
# Example usage
acl = ACL()
acl.add_object('file1')
acl.set_permission('file1', 'user1', 'read')
print(acl.check_permission('file1', 'user1', 'read')) # Output: True
print(acl.check_permission('file1', 'user2', 'read')) # Output: False
Capability Lists for Domains:
This is a row wise representation of access matrix. Each subject has a capability list, where each capability specifies an object and the rights the subject has to that object.
Example
Python
class Capability:
def __init__(self):
self.capabilities = {}
def add_subject(self, subject):
if subject not in self.capabilities:
self.capabilities[subject] = {}
def add_capability(self, subject, obj, right):
if subject in self.capabilities:
if obj not in self.capabilities[subject]:
self.capabilities[subject][obj] = set()
self.capabilities[subject][obj].add(right)
def check_capability(self, subject, obj, right):
return right in self.capabilities.get(subject, {}).get(obj, set())
# Example usage
cap = Capability()
cap.add_subject('user1')
cap.add_capability('user1', 'file1', 'read')
print(cap.check_capability('user1', 'file1', 'read')) # Output: True
print(cap.check_capability('user2', 'file1', 'read')) # Output: False
Conclusion
The Access Matrix is a foundational model for managing access control in operating systems, providing a clear framework for defining and enforcing security policies. Access Matrix ensures that only authorized users can perform specific actions on protected objects. Its flexibility allows for various implementation strategies, such as Access Control Lists (ACLs) and capabilities, to suit different system needs. While the model offers fine-grained control, it also presents challenges in scalability and complexity. Nevertheless, the Access Matrix remains a crucial tool in maintaining robust and secure operating systems.
Similar Reads
File Access Methods in Operating System
File access methods in an operating system are the techniques and processes used to read from and write to files stored on a computer's storage devices. There are several ways to access this information in the file. Some systems provide only one access method for files. Other systems, such as those
10 min read
Device Management in Operating System
The process of implementation, operation, and maintenance of a device by an operating system is called device management. When we use computers we will have various devices connected to our system like mouse, keyboard, scanner, printer, and pen drives. So all these are the devices and the operating
9 min read
Disk Management in Operating System
Disk management is one of the critical operations carried out by the operating system. It deals with organizing the data stored on the secondary storage devices which includes the hard disk drives and the solid-state drives. It also carries out the function of optimizing the data and making sure tha
8 min read
Interactive Operating System
Interactive operating systems are computers that accept human inputs. Users give commands or some data to the computers by typing or by gestures. Some examples of interactive systems include MS Word and Spreadsheets, etc. They facilitate interactive behavior. Mac and Windows OS are some examples of
5 min read
Concurrency in Operating System
Concurrency in operating systems refers to the capability of an OS to handle more than one task or process at the same time, thereby enhancing efficiency and responsiveness. It may be supported by multi-threading or multi-processing whereby more than one process or threads are executed simultaneousl
6 min read
Last Minute Notes – Operating Systems
An Operating System (OS) is a system software that manages computer hardware, software resources, and provides common services for computer programs. It acts as an interface between the user and the computer hardware. Table of Content Types of Operating System (OS): ThreadsProcessCPU Scheduling Algo
15+ min read
MS-DOS Operating System
IBM was looking for an operating system for their new line of personal computers. Bill Gates's mother Marry M Gates served on the national board of United Way alongside the CEO of IBM. IBM got in touch with Bill Gates through his mother when he convinced IBM that his company Microsoft could deliver
7 min read
Kernel in Operating System
A kernel is the core part of an operating system. It acts as a bridge between software applications and the hardware of a computer. The kernel manages system resources, such as the CPU, memory, and devices, ensuring everything works together smoothly and efficiently. It handles tasks like running pr
10 min read
What is an Operating System?
An Operating System is a System software that manages all the resources of the computing device. Acts as an interface between the software and different parts of the computer or the computer hardware. Manages the overall resources and operations of the computer. Controls and monitors the execution o
9 min read
Architecture of linux operating system
Linux is an open-source UNIX-based operating system. The main component of the Linux operating system is Linux kernel. It is developed to provide low-cost or free operating system service to personal system users, which includes an X-window system, Emacs editor, IP/TCP GUI, etc. Linux distribution:L
4 min read