Operating System Security

The security of a computer system is a crucial task. It is a process of

ensuring the confidentiality and integrity of the OS. Security is one of most
important as well as the major task in order to keep all the threats or other
malicious tasks or attacks or program away from the computer’s software
system.
A system is said to be secure if its resources are used and accessed as
intended under all the circumstances, but no system can guarantee absolute
security from several of various malicious threats and unauthorized access. 
The security of a system can be threatened via two violations: 
 Threat: A program that has the potential to cause serious damage to the
system.
 Attack: An attempt to break security and make unauthorized use of an
asset.
Security violations affecting the system can be categorized as malicious and
accidental threats. Malicious threats, as the name suggests are a kind of
harmful computer code or web script designed to create system
vulnerabilities leading to back doors and security breaches. Accidental
Threats, on the other hand, are comparatively easier to be protected
against.
Example: Denial of Service DDoS attack . 
Security can be compromised via any of the breaches mentioned:  
 Breach of confidentiality: This type of violation involves the
unauthorized reading of data.
 Breach of integrity: This violation involves unauthorized modification of
data.
 Breach of availability: It involves unauthorized destruction of data.
 Theft of service: It involves the unauthorized use of resources.
 Denial of service: It involves preventing legitimate use of the system. As
mentioned before, such attacks can be accidental in nature.

Security System Goal: 

Henceforth, based on the above breaches, the following security goals are
aimed:  
1. Integrity: 
The objects in the system mustn’t be accessed by any unauthorized user
& any user not having sufficient rights should not be allowed to modify the
important system files and resources.
2. Secrecy: 
The objects of the system must be accessible only to a limited number of
authorized users. Not everyone should be able to view the system files.
3. Availability: 
All the resources of the system must be accessible to all the authorized
users i.e. only one user/process should not have the right to hog all the
 system resources. If such kind of situation occurs, denial of service could
happen. In this kind of situation, malware might hog the resources for
itself & thus preventing the legitimate processes from accessing the
system resources.
Threats can be classified into the following two categories:  
1. Program Threats: 
A program was written by a cracker to hijack the security or to change the
behavior of a normal process. In other words, if a user program is altered
and further made to perform some malicious unwanted tasks, then it is
known as Program Threats.
2. System Threats: 
These threats involve the abuse of system services. They strive to create
a situation in which operating-system resources and user files are
misused. They are also used as a medium to launch program threats.

Types of Program Threats:

 
1. Virus: 
An infamous threat, known most widely. It is a self-replicating and
malicious thread that attaches itself to a system file and then rapidly
replicates itself, modifying and destroying essential files leading to a
system breakdown. 
Further, Types of computer viruses can be described briefly as follows: 
– file/parasitic – appends itself to a file 
– boot/memory – infects the boot sector 
– macro – written in a high-level language like VB and affects MS Office
files 
– source code – searches and modifies source codes 
– polymorphic – changes in copying each time 
– encrypted – encrypted virus + decrypting code 
– stealth – avoids detection by modifying parts of the system that can be
used to detect it, like the read system 
call 
– tunneling – installs itself in the interrupt service routines and device
drivers 
– multipartite – infects multiple parts of the system 
 
2. Trojan Horse: 
A code segment that misuses its environment is called a Trojan
Horse. They seem to be attractive and harmless cover programs but are
really harmful hidden programs that can be used as the virus carrier. In
one of the versions of Trojan, the User is fooled to enter confidential login
details on an application. Those details are stolen by a login emulator and
can be further used as a way of information breaches. One of the major
as well as a serious threat or consequences of the Trojan horse is that it
will actually perform proper damage once installed or run on the
 computer’s system but at first, a glance will appear to be useful software
and later turns out to be maliciously unwanted one. 
Another variance is Spyware, Spyware accompanies a program that the
user has chosen to install and download ads to display on the user’s
system, thereby creating pop-up browser windows and when certain sites
are visited by the user, it captures essential information and sends it over
to the remote server. Such attacks are also known as Convert
Channels. 
 
3. Trap Door: 
The designer of a program or system might leave a hole in the software
that only he is capable of using, the Trap Door works on similar principles.
Trap Doors are quite difficult to detect as to analyze them, one needs to
go through the source code of all the components of the system. In other
words, if we may have to define a trap door then it would be like, a trap
door is actually a kind of a secret entry point into a running or static
program that actually allows anyone to gain access to any system without
going through the usual security access procedures.
 
4. Logic Bomb: 
A program that initiates a security attack only under a specific
situation. To be very precise, a logic bomb is actually the most malicious
program which is inserted intentionally into the computer system and that
is triggered or functions when specific conditions have been met for it to
work. 

5. Worm:                                                                                                        
  A computer worm is a type of malware that replicates itself and infects
other computers while remaining active on affected systems. A computer
worm replicates itself in order to infect machines that aren’t already
infested. It frequently accomplishes this by taking advantage of
components of an operating system that are automatic and unnoticed by
the user. Worms are frequently overlooked until their uncontrolled
replication depletes system resources, slowing or stopping other
activities.

Types of System Threats – 

Aside from the program threats, various system threats are also endangering
the security of our system:  
1. Worm: 
An infection program that spreads through networks. Unlike a virus, they
target mainly LANs. A computer affected by a worm attacks the target
system and writes a small program “hook” on it. This hook is further used to
copy the worm to the target computer. This process repeats recursively, and
soon enough all the systems of the LAN are affected. It uses the spawn
mechanism to duplicate itself. The worm spawns copies of itself, using up a
majority of system resources and also locking out all other processes. 
The basic functionality of the worm can be represented as: 
2. Port Scanning: 
It is a means by which the cracker identifies the vulnerabilities of the system
to attack. It is an automated process that involves creating a TCP/IP
connection to a specific port. To protect the identity of the attacker, port
scanning attacks are launched from Zombie Systems, that is systems that
were previously independent systems that are also serving their owners
while being used for such notorious purposes. 

3. Denial of Service: 
Such attacks aren’t aimed for the purpose of collecting information or
destroying system files. Rather, they are used for disrupting the legitimate
use of a system or facility. 
These attacks are generally network-based. They fall into two categories: 
– Attacks in this first category use so many system resources that no useful
work can be performed. 
For example, downloading a file from a website that proceeds to use all
available CPU time. 
– Attacks in the second category involve disrupting the network of the facility.
These attacks are a result of the abuse of some fundamental TCP/IP
principles. 
the fundamental functionality of TCP/IP. 
Security Measures Taken – 
To protect the system, Security measures can be taken at the following
levels:  
 Physical: 
The sites containing computer systems must be physically secured
against armed and malicious intruders. The workstations must be
carefully protected.
 Human: 
Only appropriate users must have the authorization to access the system.
Phishing(collecting confidential information) and Dumpster
Diving(collecting basic information so as to gain unauthorized access)
must be avoided.
 Operating system: 
The system must protect itself from accidental or purposeful security
breaches.
 Networking System: 
Almost all of the information is shared between different systems via a
network. Intercepting these data could be just as harmful as breaking into
a computer. Henceforth, Network should be properly secured against
such attacks.
Usually, Anti Malware programs are used to periodically detect and remove
such viruses and threats. Additionally, to protect the system from Network
Threats, a Firewall is also be used.