1. What is the difference between protection and security?

Protection Security
Protection deals with access to the Security grants the system access
system resources. to the appropriate users only.
Internal threats are involved. External threats are involved.
Simple queries are handled. More complex queries are
handled.
Protection determines what files Security illustrates that which
can be accessed or permeated by person is granted for using the
a special user. system.
an authorization mechanism is Encryption and
implemented. certification(authentication)
mechanisms are used
a technique used in operating a technique used in operating
systems to control hazards and systems to address threats from
maintain the system's proper outside the system to maintain its
functioning. proper functioning.
It offers a technique for controlling It offers a technique for protecting
access to processes, programs, system and user resources from
and user resources. unauthorized access.

2. Define the principle of least privileged using protection.

The principle of least privilege is the idea that at any user, program, or
process should have only the bare minimum privileges necessary to
perform its function. The principle of least privilege works by allowing
only enough access to perform the required job. For example, in a small
office, the receptionist has access to the front desk phone directory for
handling incoming calls, while the janitor only has access to cleaning
supplies in the storage closet.

3. Describe the domain of protection.

4. Define Access Matrix.
Access Matrix is a security model of protection state in computer system.
It is represented as a matrix. Access matrix is used to define the rights of
each process executing in the domain with respect to each object.

5. Describe the implementation of Access Matrix.

Access Matrix is a security model of protection state in computer system.
It is represented as a matrix. Access matrix is used to define the rights of
each process executing in the domain with respect to each object.

There are various methods of implementing the access matrix in the

operating system. These methods are as follows:

1. Global Table
2. Access Lists for Objects
3. Capability Lists for Domains

Global Table

It is the most basic access matrix implementation. A set of ordered

triples <domain, object, rights-set> is maintained in a file. When an
operation M has been performed on an object Oj within domain Di, the table
is searched for a triple <Di, Oj, Rk>. The operation can proceed if this triple
is located; otherwise, an exception (or error) condition has arrived. This
implementation has various drawbacks. The table is generally large and
cannot be stored in the main memory, so additional input and output are
required.

Access Lists for Objects

Every access matrix column may be used as a single object's access list. It
is possible to delete the blank entries. For each object, the resulting list
contains ordered pairs <domain, rights-set> that define all domains for
that object and a nonempty set of access rights.

We may start by checking the default set and then find the access list. If the
item is found, we enable the action; if it isn't, we verify the default set. If M is
in the default set, we grant access. Access is denied if this is not the case,
and an extraordinary scenario arises.

Capability Lists for Domains

A domain's capability list is a collection of objects and the actions that can
be done on them. A capacity is a name or address that is used to define an
object. If you want to perform operation M on object Oj, the process runs
operation M, specifying the capability for object Oj. The simple possession
of the capability implies that access is allowed.

In most cases, capabilities are separated from other data in one of two
ways. Every object has a tag to indicate its type as capability data.
Alternatively, a program's address space can be divided into two portions.
The programs may access one portion, including the program's normal
instructions and data. The other portion is a capability list that is only
accessed by the operating system.

6. What do you mean by access control?

Access control involves identifying a user based on their credentials and
then authorizing the appropriate level of access once they are
authenticated. Passwords, pins, security tokens—and even biometric
scans—are all credentials commonly used to identify and authenticate a
user.

7. What are the different type of revocation of access rights?

• The need to revoke access rights dynamically raises several
questions:
o Immediate versus delayed - If delayed, can we determine when
the revocation will take place?
o Selective versus general - Does revocation of an access right to
an object affect all users who have that right, or only some
users?
o Partial versus total - Can a subset of rights for an object be
revoked, or are all rights revoked at once?
o Temporary versus permanent - If rights are revoked, is there a
mechanism for processes to re-acquire some or all of the
revoked rights?
• With an access list scheme revocation is easy, immediate, and can
be selective, general, partial, total, temporary, or permanent, as
desired.
• With capabilities lists the problem is more complicated, because
access rights are distributed throughout the system. A few schemes
that have been developed include:
o Reacquisition - Capabilities are periodically revoked from each
domain, which must then re-acquire them.
o Back-pointers - A list of pointers is maintained from each
object to each capability which is held for that object.
o Indirection - Capabilities point to an entry in a global table
rather than to the object. Access rights can be revoked by
changing or invalidating the table entry, which may affect
multiple processes, which must then re-acquire access rights
to continue.
o Keys - A unique bit pattern is associated with each capability
when created, which can be neither inspected nor modified by
the process.
▪ A master key is associated with each object.
▪ When a capability is created, its key is set to the object's
master key.
▪ As long as the capability's key matches the object's key,
then the capabilities remain valid.
▪ The object master key can be changed with the set-key
command, thereby invalidating all current capabilities.
▪ More flexibility can be added to this scheme by
implementing a list of keys for each object, possibly in a
global table.
8. What are the different levels of security breach?

There are two types of security breaches that can harm the system:
malicious and accidental. Malicious threats are a type of destructive
computer code or web script that is designed to cause system
vulnerabilities that lead to back doors and security breaches. On the other
hand, Accidental Threats are comparatively easier to protect against.

Security may be compromised through the breaches. Some of the breaches

are as follows:

1. Breach of integrity

This violation has unauthorized data modification.

2. Theft of service

It involves the unauthorized use of resources.

3. Breach of confidentiality

It involves the unauthorized reading of data.

4. Breach of availability

It involves the unauthorized destruction of data.

5.Denial of service

It includes preventing legitimate use of the system. Some attacks may be

accidental.

[refer Q.11 for detail ]

9. What do you mean by attackers?

A person or other entity such as a computer program that attempts to
cause harm to an information system, for example, by unauthorized
access or denial of service.

10. What is masquerading?

Masquerade is a type of cybersecurity attack in which an attacker
pretends to be someone else in order to gain access to systems or data.
This can involve impersonating a legitimate user or system to trick other
users or systems into providing sensitive information or granting access
to restricted areas.

11. What are the different level of security measures to protect the
system?
1. Breach of Confidentiality:
• This type of violation involves unauthorized reading of data. It is
done by intruders.
• They capture secret data from the system.
• Encryption: Implementing encryption algorithms to protect
sensitive data from unauthorized access.
• Access Control: Setting permissions and access levels to
restrict access to confidential information only to authorized
users.
• Authentication: Implementing strong authentication
mechanisms such as passwords, biometrics, or two-factor
authentication to verify the identity of users.
2. Breach of Integrity:
• This violation involves unauthorized modification of data or
source code.
• Data Validation: Checking data inputs to ensure they are valid
and have not been tampered with.
• Digital Signatures: Using digital signatures to verify the integrity
of files and documents.
• Version Control: Implementing version control systems to
track changes and prevent unauthorized modifications to files
and software.
3. Breach of Availability:
• It involves unauthorized destruction of data.
• Redundancy: Implementing redundancy in hardware and
networks to ensure availability in case of failures.
• Disaster Recovery: Developing disaster recovery plans and
backup systems to minimize downtime and ensure continuity
of operations.
• Load Balancing: Distributing network traffic evenly across
multiple servers to prevent overload and ensure availability.
4. Theft of Service:
 • It involves unauthorized use of resources.
• Network Security: Implementing firewalls, intrusion detection
systems, and network monitoring tools to detect and prevent
unauthorized access and usage of network resources.
• Resource Monitoring: Monitoring system resources such as
CPU, memory, and bandwidth usage to detect and prevent
abuse or unauthorized consumption.
• Usage Policies: Establishing usage policies and guidelines to
educate users about acceptable behavior and prevent misuse
of system resources.

12. Define program threat.

A program that is written by a cracker to hijack the security or to change the
behaviour of a normal process. In other words, if a user program is altered
and further made to perform some malicious unwanted tasks, then it is
known as Program Threats.

Types of program threats:

Trojan Horse − Such program traps user login credentials and stores them
to send to malicious user who can later login to computer and can access
system resources.
Trap Door − If a program which is designed to work as required, have a
security hole in its code and perform illegal action without knowledge of
user then it is called to have a trap door.
Logic Bomb − Logic bomb is a situation when a program misbehaves only
when certain conditions met otherwise it works as a genuine program. It is
harder to detect.
Virus − Virus as name suggest can replicate themselves on computer
system. They are highly dangerous and can modify/delete user files, crash
systems. A virus is generally a small code embedded in a program. As user
accesses the program, the virus starts getting embedded in other files/
programs and can make system unusable for user.

13. Define Role Based access control.

Role Based Access Control (RBAC)- Privileges are assigned to roles and
then further users are assigned to roles, allowing users to run a program to
accomplish a task.

14. Explain network threat.

15. Explain cryptography as a security tool.
Cryptography in operating systems (OS) serves as a fundamental security
tool to protect data confidentiality, integrity, and authenticity. It involves
techniques for secure communication and storage by encoding
information in such a way that only authorized parties can access it.

Here's a brief overview of how cryptography functions as a security tool in

operating systems:
1. Confidentiality: Cryptography ensures that data remains
confidential by encrypting it. Encryption converts plain text into
ciphertext using mathematical algorithms and keys. Without the
appropriate key, unauthorized users cannot decipher the ciphertext
back into its original form.
2. Integrity: Cryptography helps maintain data integrity by detecting
any unauthorized changes made to the data. Techniques like
message authentication codes (MACs) or digital signatures ensure
that data remains unaltered during transmission or storage. Any
tampering with the data can be detected by verifying the integrity
checks.
 3. Authentication: Cryptography enables authentication mechanisms
to verify the identity of communicating parties. Digital signatures,
certificates, and public key infrastructure (PKI) are used to
authenticate users, ensuring that data exchanges occur only
between trusted entities.
4. Non-repudiation: Cryptography provides non-repudiation, which
means that a sender cannot deny sending a message and a receiver
cannot deny receiving it. Digital signatures play a crucial role in
establishing non-repudiation by providing proof of the origin and
integrity of the data.
5. Key Management: Cryptography in operating systems involves
managing cryptographic keys securely. Key management practices
include key generation, distribution, storage, and revocation. Proper
key management ensures that encryption keys are kept confidential
and are only accessible to authorized users.

16. What do you mean by user authentication?

User authentication is the process of verifying the identity of an individual
or entity attempting to access a system, application, or resource. It
ensures that the person or entity requesting access is who they claim to
be. Authentication is typically performed by presenting credentials, such
as a username and password, to a system or application.
Here's how the user authentication process generally works:

1. User provides credentials: The user enters identifying information,

such as a username or email address, along with a secret piece of
information, such as a password or PIN.
2. Credentials are verified: The system or application compares the
provided credentials against stored records to verify their
authenticity. This verification process typically involves comparing
the entered password against a securely stored and hashed version
of the user's password.
3. Access is granted or denied: If the provided credentials match the
stored records, access is granted to the user. Otherwise, access is
denied, and the user may be prompted to re-enter their credentials
or take other actions to verify their identity.
User authentication is a fundamental component of security in computer
systems and networks, as it helps prevent unauthorized access and
protects sensitive information from being compromised.

17. Describe fire walling that is used to protect system and network.
Firewall is a network security device that observes and filters incoming and
outgoing network traffic, adhering to the security policies defined by an
organization. Essentially, it acts as a protective wall between a private
internal network and the public Internet.

18. Illustrate the working of Access Matrix.

Same as Q.5