Introduction to Access Matrix in Operating System
Imagine an operating system where multiple users interact with different files and directories. To ensure security and access control, the system employs an Access Matrix. This matrix is a grid where the rows represent files and directories (objects), and the columns represent users or processes (subjects). Overall, this efficient tool maps domains or subjects to objects to ensure only authorized domains or subjects have the necessary access rights to resources in the operating system.
For Example, Each entry in the Access Matrix specifies the access rights a user or process has for a particular file or directory. For instance, User A might have “read” and “write” access to a specific file, while User B may only have “read” access. Meanwhile, User C could be denied any access to that file altogether.
This Access Matrix is a fundamental tool for managing permissions within the operating system, allowing administrators to define who can perform what actions on which resources. It enforces strict access control, ensuring only authorized users or processes can interact with specific files or directories.
In our exploration of the Access Matrix in Operating System, we will delve into its structure, access control mechanisms, and its pivotal role in maintaining system security and data integrity.
Table of Contents
Key Takeaways
- Control access permission in the operating system with crucial security measures.
- Ensure system authorization by mapping domain, resources, and access rights.
- Provides exact specifications for accessing each cell.
- Define and deploy both static and dynamic access rights.
- Maintain data integrity and confidentiality with different security levels.
What is an Access Matrix?
An access matrix is a fundamental security model that systematically governs permissions for operations in an operating system. A two-dimensional matrix represents it, where the rows represent domains (or subjects), the columns represent objects, and the matrix cells specify the access rights granted to domain processes to perform actions on the corresponding objects.
In the matrix, each cell entry (i, j) defines the set of actions that a process in domain Di may perform on object Oj. The operating system utilizes the access matrix to determine the rights in each entry (i, j), guiding the actions a domain can invoke on an object. This model provides a structured approach to managing and controlling access to resources in a system.
Components of an Access Matrix
The two-dimensional Access matrix works on three components:
– Subjects: Rows of the matrix represent subjects that perform some operation on objects. From the perspective of operating systems, subjects are usually users or processes.
– Objects: objects are the resources that the subject accesses to perform some operations, and matrix columns represent objects. Objects are typically files, devices, or any other system resources.
– Rights: Rights are the permissions that specify the operations or actions a subject can perform on an object. The matrix cell depicting access rights to perform operations on objects makes the subject-object pair; subjects can read, write, perform operations, execute, etc.
Illustrative examples to explain the concept
Let’s take an example to understand the concept of an access matrix, where the system grants different access rights to three users to perform operations on three files. Here, users represent subjects, and files represent objects:
Access Matrix:
Object\Domain | File 1 | File 2 | File 3 |
User 1 | Read | Read | Write |
User 2 | Write | — | Read |
User 3 | Read | Write | Delete |
Explanation:
The above matrix represents a set of access rights given to each user:
- User 1 has Read access to File 1 and File 2 and Write access to File 3
- User 2 has Write access to File 1 and Read access to File 3
- User 3 has Read access to File 1, Write access to File 2 and Delete access to File 3
Access Matrix Structure (with Examples)
The access matrix specifies the permission granted to each domain to process some operations on each object. TRows represent the domain, and columns represent the objects in the structure of the access matrix in the Operating System. The matrix cell with (i,j)th pair represents the action that each domain process may invoke on each object.
Structure of Matrix:
Rows: Rows define the domain processes that perform some operation on each object. The domain is usually a user or process.
Column: columns are the objects on which domain processes perform operations. Objects can be files, devices, or any system resources.
Cells: cells represent the access right granted to domain processes to operate on objects. Examples are Read, write, delete, execute, etc.
Let us understand the structure of the access matrix with an example of a system command where different user roles have additional access rights to perform some operations on the system command.
Domain: Domain represents the users with different roles such as manager, employee, and staff.
Object: The object represents the system command.
Access rights: access rights are the rights granted to different users for performing some operation on commands that are read, executed, and have no access.
Access Matrix:
Object\Domain | System command 1 | System command 2 | System command 3 |
Manager | Read, Execute | Read, Execute | Read, Execute |
Employee | Read, Execute | Read | Read |
Staff | Read | No Access | No Access |
Explanation:
- The manager has read and executed access to all three commands.
- The employee has read access to all three commands and runs access to only command 1.
- The staff has read command one and cannot access commands 2 and 3.
The above matrix types give access to system resources to users with different authorized levels; accordingly, these matrices are used in operating systems to maintain resource security.
Types of Access Matrices (Operating System)
1. Discretionary Access Control Matrix:
In Discretionary access control, the file owner and resources set the access right permission. The data owner can grant permission to other users to access or perform any action on resources. For example, any operating system owner can set access permissions for other users, which allows flexibility and user preference.
Example: let’s take an example where the owner of a personal computer sets access rights permission to other users to use his system documents.
Here,
Subject: user A, user B, user C
Object: Document 1, Document 2, Document 3
Access rights: Read, Write, Print
Access Matrix:
Object\Domain | Document 1 | Document 2 | Document 3 |
User A | Read | Write | |
User B | – | Read | |
User C | Write | – |
Explanation:
In the above observation, the owner of an object (documents) sets access right permission for a subject (User) to perform some operations on objects at their discretion.
Ø User A has read access to Document 1, print access to Document 2, and write access to Document 3
Ø User B has print access to document 1 and read access to document 3
Ø User C has Write access to document 1 and print access to document 2
2. Mandatory Access Control Matrix:
In Mandatory Access Control, the security policies or the system administrator decides the access permission based on the object’s sensitivity. Access control assigns access according to the security levels of the subject and object; no user or owner can change access. The military or government uses these access rights for data protection and security.
Example: let’s take an example where the owner of a personal computer sets access rights permission to other users to use his system documents
Here,
Subject: user A, user B, user C
Object: Document 1, Document 2, Document 3
Access rights: Read, Write, Print
Access Matrix:
Object\Domain | Document 1 | Document 2 | Document 3 |
User A | Read | Write | |
User B | – | Read | |
User C | Write | – |
Explanation:
Ø User A has read access to Document 1, print access to Document 2, and write access to Document 3
Ø User B has print access to document 1 and read access to document 3
Ø User C has write access to document 1 and print access to document 2
3. Role-based Access control matrix:
Roles based on their responsibilities grant access permission to users. Role-based access control is common in enterprise systems, some organizations, and healthcare systems with diverse roles.
Example: Let’s take an example of health care with different users accessing system resources according to their roles
Here,
Subject: Doctor, Nurse, Receptionist
Object: Patient Information, Medicine records, Appointment
Access rights: Read, Edit
Access Matrix:
Object\Domain | Patient Information | Medicine Record | Appointment |
Doctor | Read write | Read Write | Read Write |
Nurse | Read Write | Read | Read |
Receptionist | Read Write | – | Read Write |
Explanation:
From the above matrix, we can observe that different roles are granted additional access rights to Hospital resources as
Ø Doctor has read and Write access to patient information, medicine records, and appointments.
Ø Nurse has Read and write access to patient information and only read access to medicine records and appointments.
Ø Receptionists have read and write access to patient information and appointments.
4. Attribute-based Access control matrix
Access permission is granted based on different attributes and policies of subject, object, and environment. Here, attributes can be a role, resources, time, system type, and location. Modern environments commonly use this matrix where access is given or denied based on different attributes like the time and location of the user.
Example: Let’s take an example where company HR, Team lead, and Employee have different access controls according to time attributes to utilize company resources.
Here,
Subject: HR, Team Lead, and Employee
Object: Office Computer, Files
Access Matrix:
Subject | Attribute: Time | Object: Office Computer | Object: Files |
HR | 24/7 | Access | Access |
Team lead | 9 am-5 pm | Access | Access |
Employee | 9 am-5 pm | Access | No access |
Explanation:
In the above observation, objects with different roles have access to subjects according to time attribute:
Ø Company HR has access to Company Computers and files all the time
Ø Team lead has access to a computer and files in the office working hour
Ø Employees have access to Company Computers during working hours
Mechanism of Access Matrix (Operating System):
A combination of policies and contextual properties defines the mechanism of the access matrix. Policies set by the operating system determine the rights incorporated into the (i, j) entry of the access matrix. Users then populate the access matrix with specific elements based on these policies.
Access matrices implement both static and dynamic access rights. Static rights are initially associated with access, while dynamic rights may change during runtime as processes switch between domains. The processes perform switch operations on objects facilitated by the access matrix.
Domain switching involves processes transitioning from one domain to another, executing operations on objects associated with the new domain. Users, defining the elements of the access matrix and the domains in which each process completes, allow processes to switch from domain (Di) to domain (Dj) if granted switch access rights to (i, j). When adding a new object, the access matrix incorporates a new column, and users provide appropriate entries for the new object.
Access Matrix:
Object\Domain | File 1 | File 2 | File 3 | D1 | D2 | D3 |
D1 | Read | Read | Write | Switch | ||
D2 | Write | Read | Switch | |||
D3 | Read | Write | Delete | Switch |
Explanation:
The above matrix represents domain switches
- Domain D1 switches the process executing to Domain D3.
- A process running in Domain D2 switches to Domain D1.
- The process executing in domain D3 switches to Domain D2.
- The access right object column can switch the access right from the domain
Implementation of Access Matrix in OS
The access matrix manages system security effectively and occupies considerable storage space. Resourceful access control management divides the access matrix into rows and columns. Sometimes, most of the entries in the access matrix are zero or null. The operating system employs four distinct access matrices for executing decomposing methods. This process entails consolidating columns and rows by removing null values.
Global Table
This access control method is very simple; it maintains an ordered entry of domain, object, and rights in a file, i.e., <domain, object, right-set>, where the domain Di performs an operation M on the object Oj with the access right. The global table searches for the tripled entries <Domain(Di), Object(Oj), right-set(RK)>, and if the system locates these entries, the operation proceeds; otherwise, it throws an exception error, where M € Rk, which works great for smaller entries. The main drawback of this method is that it cannot handle large datasets with vast numbers of subject-object pairs, leading to scalability issues.
Tree Form of Global Table:
Explanation:
Here,
- Domain: represents subjects or users requesting access to objects
- Objects: represents the file or resources that the subject will access
- Right-set: means access right for the domain to perform operations on objects.
- Global table stores access rights associated with all subject-object pairs for Domain 1 and Domain 2
- Each entry represents the < Domain(Di), Object(Oj), right-set(RK)>. If operation M is present in the right set, it grants access and the operation proceeds.
- The exception raises otherwise.
-Access Lists
Access List maintains the list associated with each object that specifies the domain and the corresponding access rights of the object. Each entry in the access list has the domain identifier with its granted access right, and there is an ordered pair of <domain, right-set> in the access list for corresponding objects. Operation M, executed by domain Di on object Oj, searches for the entry <Domain(Di), right-set(RK)>, with M€RK in the object Oj access list. The operation proceeds or verifies the default set if the triple set is present. Access authorization occurs if “M” is found in the default set; otherwise, an exception triggers.
Tree Form of Access List:
Explanation:
Here,
- Objects: represents the file or resources that the subject will access
- Domain: defines subjects or users requesting access to objects
- Right-set: means access right for the domain to perform operations on objects.
- It simply searches for the access list of object (Oj) to find the <Domain (Di), right-set(RK)>, with operation M€RK.
- The system verifies or searches for the default set upon discovering the domain identifier with the corresponding access rights set.
-Capability Lists
A Capability list outlines accessible objects and the operations that every domain can execute. It is performing Operation M on Object Oj. A process runs on operation M, which states the object Oj capability. When a subject possesses the specified object’s capability, it grants access.
Tree Form of Capability List:
Explanation:
Here,
- Objects: represents the file or resources that the subject will access
- Domain: represents subjects or users requesting access to objects
- Right-set: represents access right for the domain to perform operations on objects.
- Capability List: A domain carries out access only if it possesses the capability for the object.
-Lock-Key Mechanism
The lock-key mechanism works by locks associating with objects and keys associating with subject-by-bit patterns. A domain can only access objects if it has key-fitting object locks. The process cannot make any key modifications. A domain (Di) process tries to access an object (Oj). If the key of the domain pairs with the lock of object Oj, then only a process can access the object.
Tree Form of Lock-Key Mechanism:
Explanation:
Here,
- Objects Lock List: Each has a list of object locks that corresponds to access permission
- Domain Lock List: Each holds a key that fits the object lock
- Access: Access is granted to the domain only if its key satisfies the lock requirement
Security Models in Access Matrix (Operating System)
The fundamental security models to define the security level of access rights between subject and object:
- Bell-LaPadula (BLP) Model:
BPL models focus on maintaining confidentiality in computer systems. These models set rules to prevent the information from flowing from a higher security level to a lower one. With this model, a User with a security level can read or write to a file at their level, cannot read a file at a higher level, and cannot write to a file at their lower level. These models assign different security levels according to the user’s role to maintain an unauthorized flow of confidential data. BPL follows two fundamental properties:
Simple security property: At a designated security level, a subject can read an object at an equivalent security level and access an object at a lower level of protection. However, the subject restricts reading an object at a higher security level. This arrangement serves to safeguard sensitive data.
Star property: a subject can write to a file at their same level of security and write to an object at their higher level but cannot write to an object at their lower level of security. These maintain confidentiality.
Example:
Let’s understand two security levels, the top secret tier, and the secret tier, so we conclude:
A subject with a top-secret tier can read an object at the top and secret tier.
Subjects at the secret tier can write to an object at the secret and top secret tier.
- Biba Integrity Model:
These models prevent the unauthorized modification of information to maintain data integrity. Established rules restrict any subject from writing on any object based on the integrity level. A subject grants write access to an object only if its integrity level is equal to or lower than the object’s. Establishing high, medium, and low integrity levels serves as a preventive measure against data corruption.
Here, subjects with a given integrity level can read an object at their own and higher integrity levels, not at a lower one. Subjects at a given integrity level can write to an object at their integrity level and write at a lower one, not a higher one.
For example, let us assume there are files that users can access, read, and write—assigning specified integrity levels as “High,” “Medium,” and “Low” to these users. A user with a High integrity level can read access to a file at a High integrity level and write access to a file at a High, Medium, and Low integrity level.
Users with Medium integrity levels can read access to a file at Medium and High integrity levels and write access to a file at Medium and Low integrity levels.
Users with Low integrity levels can read access to a file at Low, Medium, and High integrity levels and write access to a file at a Low integrity level.
- Clark-Wilson Model:
Clark-Wilson model ensures data integrity with well-defined transactions. Subjects can perform transaction operations and Define objects as constrained and unconstrained data items. This model ensures that only authorized transactions can access data. Authorized transactions can modify constrained data. Banking systems widely use it.
- Lattice-Based Model:
The security policy of these models follows lattice-based architecture to represent the security level. Determining access rights is based on the lattice hierarchy, where a higher level is more privileged. Assigning subject and object security levels is done according to the lattice structure. Subject requests to access objects, and if the subject access level is equal to or higher than any object access granted, it handles complex relationships with sensitive data.
Example: The example below illustrates different security levels given to objects in a lattice-based hierarchical architecture
Explanation:
- Different projects receive varying levels of security assignments.: Top Secret, Secret, Confidential, and Unclassified.
- Objects or Users can access these projects if they have a security level the same or higher than the object’s security level.
Real-world Applications
1) RBAC – Role-based access control is a highly used company administration process. The working methodology is quite simple. Example: A company has many employees distributed in different departments like IT, HR, Finance, Logistics, Maintenance, etc. Now, RBAC is responsible for allowing or denying employees access to specific files based on their role. Doing this makes it easy for the company to avoid unauthorized people entering restricted files. For example, finance people will have access to files with financial data and won’t be allowed to enter IT sector data.
2) Access Matrix in DBMS – DBMS is a database management system that stores an organization’s data. Organizations consider today’s data as their most essential and highly secure asset. The access matrix permits users to fulfill their roles consistent with the specified permissions. Not everyone in the company has access to every segment of the database. Some have permission to view only the data, while others have permission to write or execute data Operations. Access matrices help database access to the responsibilities of each user, safeguarding the organization’s valuable data and maintaining a secure and controlled environment.
3) Production management – In manufacturing companies where different materials undergo daily production, Access Matrix actively plays an important role. The manufacturing process is fully automatic, with operators handling the machine system. The centralized system has a Matrix chart where all the information regarding the employee details, machine details, and product details are stored. When an employee tries to operate a machine, the system asks for verification. The employee ( operator ) provides their identification to the system, and the system matches the identity with the Matrix to find out the role and work profile linked with the submitted identification. In this system, decide whether to allow or deny permission to the corresponding employee to perform actions on products with the machine.
4) App permissions – Access Matrix is valuable in smartphones where the system has default settings regarding what newly installed applications can access the smartphone. Generally, newly installed applications, such as photo libraries, cameras, files, etc., are denied access to the system’s application. Whenever we download a new application from the Play Store, after installation, we get a notification on whether to allow the application to interact with different segments of the phone. So, if we set the app’s permission to access other systems’ applications, then the access Matrix changes its settings accordingly so that the app doesn’t need to ask permission every time. Permission is requested only when there are specific updates in an application that do not match the earlier permission criteria
Advantages and disadvantages
Advantages-
1) Fine-grained access control: Consider you have a system where there are multiple users (subjects) and different files or processes (objects) they can engage with. Access matrix allows the Sysadmin (system administrator) to be very particular about actions each subject could perform with the object. The least privilege principle can be applied, which doesn’t give the subject a free hand when interacting with objects.
2) Flexibility: A designated person who can access system administration has the power to make changes in the access matrix as per security protocols. For security reasons, denying access to a particular object may be necessary for some users. The access matrix permits them to make such changes. Similarly, we need to give more access to a specific subject than the access matrix allows us to execute such actions.
3) Centralized Administration: The access matrix has a chart showing which subject can engage with which object. A centralized system keeps these rules, allowing the designated person to locate and make changes whenever necessary.
4) Scalability: Modifying the access matrix to handle large amounts of subjects and objects without getting saturated and overwhelmed. This feature becomes handy when multiple devices actively spread subjects and objects.
Disadvantages-
1) Scant Matrix chart: In some cases, users may only fill some of the cells of the matrix chart, meaning they need access, leading to inefficiency in the matrix’s storage process.
2) Complexity: When the number of subjects and objects increases, handling complexity by a matrix, but there have been errors while providing access.
3) System Storage: Due to the administration of many subjects and objects, the access matrix occupies much of the system’s memory, affecting its efficiency.
4) Security vulnerabilities: The implementation of the access matrix should be handled with care and by professionals only, or else this can cause significant compromises in security and allow extra privileges to subjects.
Conclusion
In conclusion, exploring a powerful subject-predicate-object trio emphasizes system security and user Authorization. It’s a robust working mechanism, and multiple types ensure organizations regarding their confidential data. Access Matrix has covered various use cases ranging from industries to smartphones. In our digital era, using Access Matrix, prioritizing Authorization management is a must.
Frequently Asked Questions (FAQs)
Q1)- What is polyinstantiation? How does it work in the Access matrix?
Answer: Polyinstantiation is creating multiple instances of the same object ( file ) to provide access to different subjects (users) according to their roles. For security reasons, the system carries out this process. In the access matrix, polyinstantiation occurs, creating multiple copies of the same files. When users try to access the file, according to their permits and roles, copies of objects are provided to them so that they can engage with the files.
Q2)- What is a heterogeneous computing environment?
Answer: The heterogeneous computing environment is a centralized system with many processing units, devices, and architectures performing actions on different objects. It is a complex network, and the access matrix is important in deciding which units or devices have the permissions on which objects and files.
Q3)- Explain the term “Access control triple“?
Answer: The access control triple contains three building blocks of the access matrix. They are as follows.
Subject (S) – The users or process engaging with the files and objects.
Predicate (P) – The predicate is the “action” the user will perform on the object.
Object (O) – The Object is the file in the system on which the user will perform actions.
Recommended Articles
We hope that this EDUCBA information on “Access Matrix in Operating System” was beneficial to you. You can view EDUCBA’s recommended articles for more information,