Operating System Assignment (Based on Protection and Security

Chapters)

A1.

Security in an operating system (OS) involves protecting the system and its
resources from unauthorized access, attacks, and ensuring the
confidentiality, integrity, and availability of data.

Various aspects of security in an OS include:

 Authentication: Verifying the identity of users or systems.
 Authorization: Controlling access based on user privileges.
 Data Encryption: Protecting data by converting it into a coded form.
 Firewalls: Monitoring and controlling network traffic.
 Security Updates/Patches: Regularly updating to patch
vulnerabilities.
 Secure Boot: Ensuring only trusted code is loaded during boot.
 User Education and Awareness: Training users to recognize and
avoid security threats.

Security Attacks and Program Threats:

 Malware: Viruses, worms, trojan horses, ransomware, etc.
 DoS Attacks: Overloading a system to make it unavailable.
 Man-in-the-Middle Attacks: Intercepting and altering
communication.
 Phishing: Social engineering attacks for information theft.
 SQL Injection: Exploiting web application vulnerabilities.
 Masquerading: Acommon attack in which the attacker pretends to be
a trusted third party.
 Replay attack: It involves repeating a valid transmission. Sometimes
this can be the entire attack, ( such as repeating a request for a
money transfer ), or other times the content of the original message is
replaced with malicious content.

A2.
Various categories of viruses (related to Operating systems):
• Boot Sector Viruses: Infect the master boot record of storage
devices.
• File Infectors: Attach themselves to executable files.
• Macro Viruses: Attach to documents and use macro scripting
languages.
• Multipartite Viruses: Infect both boot sectors and files.
• Polymorphic Viruses: Change their code to avoid detection.
• Metamorphic Viruses: Completely rewrite themselves to avoid
detection.
• Resident Viruses: Lodge themselves in the computer's memory.
• Non-Resident Viruses: Activate only when the infected file is
executed.

A3.
Securing an operating system (OS) is crucial to protect against various
cyber threats and ensure the confidentiality, integrity, and availability of
system resources. There are several security defenses implemented at
different levels to safeguard an operating system.
Here are some key security defenses:

 Authentication and Authorization: Verifying the identity of users

or processes. Granting appropriate permissions and access levels
based on user roles.

 Access Control: Restricting access to resources based on user

privileges.

 Encryption: Encrypting sensitive data to protect it from

unauthorized access.

 Firewalls: Monitoring and controlling incoming and outgoing

network traffic.

 Security Patching and Updates: Regularly updating the OS and

software to patch known vulnerabilities.
  Secure Boot: Verifying the integrity of the OS and bootloader
during the boot process.

 Audit Logging: Recording and monitoring system activities to

identify and investigate security incidents

 Network Security: Implementing protocols like VPNs for secure

communication.

 Backup and Recovery: Regularly backing up critical data to

prevent data loss. Establishing recovery procedures to restore the
system in case of a security incident.

A4.

Srategies for implementing the Access Matrix:

• Global Table: The simplest implementation of the access matrix is a

global table consisting of a set of ordered triples . Whenever an
operation M is executed on an object Oj within domain Di, the global
table is searched for a triple< Di, Oj, Rk>, with M ∈ Rk. If this triple is
found, the operation is allowed to continue; otherwise, an exception
(or error) condition is raised.

• Access Lists for Objects: Each column in the access matrix can be
implemented as an access list for one object. The empty entries can
be discarded. The resulting list for each object consists of ordered
pairs , which define all domains with a nonempty set of access rights
for that object.

• Capability Lists for Domains: A capability list for a domain is a list

of objects together with the operations allowed on those objects. An
object is often represented by its physical name or address, called a
capability. To execute operation M on object Oj , the process
executes the operation M, specifying the capability (or pointer) for
object Oj as a parameter. Simple possession of the capability means
that access is allowed.
 • A Lock –Key Mechanism: The lock–key scheme is a compromise
between access lists and capability lists. Each object has a list of
unique bit patterns, called locks. Similarly, each domain has a list of
unique bit patterns, called keys. A process executing in a domain can
access an object only if that domain has a key that matches one of
the locks of the object

A5.

Different techniques for Free-Space Management under Disk

management:

• Bit Vector (Bitmap): Allocates one bit for each block, indicating free
or allocated.
• Linked List: Keeps a linked list of free disk blocks.
• Counting Method: Keeps track of the number of free blocks.
• Grouping Method: Groups adjacent free blocks into a single entry.
• Indexed Free Space List: Maintains an index of all free blocks.
Implementing these strategies helps manage disk space efficiently
and ensures the security and integrity of the operating system and its
resources.