Revocation of Access Rights

Revocation of Access Rights

In a dynamic protection system, we may sometimes need to revoke access rights to objects shared by different users. Various questions about revocation may arise:
Immediate versus delayed. Does revocation occur immediately, or is it delayed? If revocation is delayed, can we find out when it will take place?
Selective versus general. When an access right to an object is revoked, does it affect all the users who have an access right to that object, or can we specify a select group of users whose access rights should be revoked?
Partial versus total. Can a subset of the rights associated with an object be revoked, or must we revoke all access rights for this object?
Temporary versus permanent. Can access be revoked permanently (that is, the revoked access right will never again be available), or can access be revoked and later be obtained again?
With an access-list scheme, revocation is easy. The access list is searched for any access rights to be revoked, and they are deleted from the list. Revocation is immediate and can be general or selective, total or partial, and permanent or temporary.

Comments

Post a Comment

Popular posts from this blog

Stable-Storage

Image
Stable-Storage Implementation in Operating system By definition, information residing in the  Stable-Storage  is never lost. Even, if the disk and CPU have some errors, it will never lose any data. Stable-Storage Implementation : To achieve such storage, we need to replicate the required information on multiple storage devices with independent failure modes. The writing of an update should be coordinate in such a way that it would not delete all the copies of the state and that, when we are recovering from a failure, we can force all the copies to a consistent and correct value, even if another failure occurs during the recovery. In these, we discuss how to meet these needs. The disk write operation results to one of the following outcome: Successful completion – The data will written correctly on disk. Partial Failure – In this case, failure is occurred in the middle of the data transfer, so that only some sectors were written with the new data, and the s...
Read more

concurrency control

It’s the ability to run multiple processes or threads at the same time. This requires careful memory management, that is, any application running on it’s own should not interfere with other applications. It’s easy when it’s all yours but it becomes a lot harder to share with others. Then you need to be able to run 2 pieces of code together and schedule these. So that they all get their fair share of time on the CPU. There are other factors that come into play here, for example, when you receive input through something like a network device or a peripheral device like a mouse or keyboard. You have to stop what you were doing and deal with that input. All modern operating systems allow multiple programs to run at the same time. This is called concurrency. A running program is known as a process. In fact modern operating systems even allow a single program to execute different routines at the same time or to put it another way, they allow a process to execute several threads of ...
Read more