Protection Domain

security

Definition

Protection Domain

A protection domain defines the set of objects a subject may access and the operations permitted on each.

A subject operates within exactly one domain at any time. The domain determines the boundaries of what the subject can do.

Domain Switching

A process may switch domains during execution. This occurs when privileges need to change, for example to access restricted resources.

Unix Domain Switching via SETUID

In Unix, a protection domain is defined by the User ID (UID) and Group ID (GID). A process switches domains by executing a file with the SETUID bit set. The process temporarily assumes the UID of the file owner, acquiring the corresponding rights.