PROTECTION PROBLEMS

various protection problctns ate discussed

below :
L Modification
a user an object as an argument to
a procedutc, it may be neceqqry to enwre that the
procedurvcannot modify (he object,
tvstrictioncan bc casily implctncnfcd
by pauing an accc« right that not the
tnodifieation(iSTitc)tight, Ilosvcu•r, if
amplification may occur, tbc right to m«i'fy may be
reinstated. the oscr pmtcction rcquircmcnt
can bc circumvcntcd,
2. limiting of access rights
the ncr of an object S&antsto allow
some uscrs to share access to its ob}cct.it may
to cnstue that those users cannot in
tum propagatethe access rights to other unauthorized
filis can bc accotnplished by associating
the copy and owner rights only W'th the owner of
Ihc ohiect.
Note : 1his rvstriction does not completely solve the problem,since tJscr A (*ho ha•
Btmtission)tnay allow ti<er B (ssbo docs not
have access permission)to log in as uwt A and
access the object.
3. RCAocation
a number of different reasons, a user of a system may want to revoke a previously grar.tcd
tight to an object.
åCCCSS
4. Trojan Ilorse

A code segunent which misuses its environment is called a Trojan

Many s»tetns have tnechanisms for allowing programs written by users to bc uscd bv othcr use-rv
if lhcse progra:ns are executed in a domain which provides the access rights of the c.sccutjng uscr,
they may misuse these rights.
lixamp/e •
Insidea lcxt editor program, there may be code to search the file to be edited for certajn
If any are found, the entire file may be copied to a special area accessible to the crcator of the
cd ilor.
S. Mutual Suspicion :
Consider case where a program is provided that can be insokcd as a ice by a number
dillcrcnl usvrs. service program may be a subroutineto sort an array. a an
or a WI,cn uscrs insole this ser', ice program, they take the risk that the
malfunctionand either darnage their data or retain sarne access right to thcur tilc» to be uxd
authority) latcr. S;iniilurly,the scrvice prograjn tnay proatc that &hould
not be accessed ditcctly by the caijing user progranu, his probj<ili is caijcd the mutually
suspicious subsptclli probi<lii,
6. Confinement
copy and rights pro', ide us a jncchanislnto jonic propagation ot rtghtx
do not provide b\illi the appropriate tools pro enung peopagalioooi infortrtaiion.
tlhe problemof guaranteeing no injbrnjalioninitially held in an can migrate oubide of
its execution environjnent is called the conjinegnvntprobion.
12' software segjnent tneant for doing mischievous in its environment only uhcn a
panicular sequence ofescnts occur is called as
(a) Mutual suspicion (b) Trojan house
(c) Logic bombs (d) Virus
(c)
 SECURITY
Security requires not only an
adequate protection system, but congidcrationOf the
environment within whifh the system operates.

Internal protection i} not useful if the operator's eongole ig expoged to unauthorized

personnel, or if files can simply be removed from the computcr gystcm and taken to
a system with no protection.

The jnajor security problem for operating system is the authcntication problem, Thc protcction
system depends on an ability to properly identify the programs and processes that arc cxccuting,
The nujst common approach to authenticating a user identity is the use oc uscr passwords. WJjcn
users identify themselves, they are asked for a password. It is assumed that thc ugcr Jcgitimatc
if (he oscr—suppliedpassword matches the password stored in the system,
Passwords are often used to protect objects in the computer system, in the computcr in the
absence of more complete protccti01)schemes. They can be considcrcd a special caw of cithcr
key or capabilities.
Passwords are extremely common, because they are easy to understandand use.
One probletn with password approachesis the difficulty of keeping the password (or Ji%tof
password pairs or algorithms) secret.
"cwo Inanagejnent (echniques can be used to irnprove the security of a system.
Threat monitoring : The system can check for suspiciouspatterns of activity in an attemptto
detect a security violation.
Audit log: An audit log silnply records the tijne, user and type of all accesses to an objcct. After
security has been violated, the audit log can be used to dctcrminc how and when the problem
occurred and perhaps the ajnount of damage done.
A
I I)is in ion can be useful, both for recovery from the violation and possibly in 'the dcvelopmcnt
ol' better security Ineasures to prevent future problems.
l'he Inos•tconunonly exploited vulnerability in password authentication systems is password theft.
Passwords can be stolen by guessing them or by observing thetn.
One—tinte systelns alleviate some of the weaknesses of password authentication. Each tirnc
a user authenticates, a different password is calculated using some function and a sced value,
seed value nnaybe chosen at random by the computerand be supplied to the user, or it may be based
on the current tinne. For exarnple, let the function be to squarc the seed value, then return thc middlc
live digits oc the result. If the computer supplied the user with a seed value of 12345, the user would
have (o respond with 23990(12345 = 152399025).Since passwordsarc only used once, an attacker
cannot reuse the password to gain entry to the system.
I lowever, an attacker may be able to deduce the function given one or more copies of inputs and the
corresponding results. Functions should bc sufficientlycomplex so they may not be easily deduced.
OneAilne passwords are also vulnerable to theft if a device for computing or recording the function
exists and its security is broken.
Snuwt card system use both a password (or passcode) and a function. The user supplies the card with
the passcode. The card calculates a password using the passcode and the current time. The password
is presented to the computer which has performed the same calculation. An attacker must obtain both
the card and the passcode to penetrate the system.
13. Audit log maintained by the OS, is useful to the administrator because
(a) nvaintainhistory ofuser behaviour
(b) to determipe how and when the problem occurred
(c) used for clåta recovery in case of system crash
(d) all the above
Ans : (d)
 The jnost desirable outcome
of a
penetratingthe systenfs security. security system is for it to prevent intruders from successfully
Preventive measures include
Liniiting new passwords the following.
to those that pass
check a password for length, a series of quality checks. Software exists that can
diversity of characters, and
the presence of words or permutations of
Requiring passwords to be
changed at periodic intervals.
Encrypting data, either when
it is transmitted or when it is
conununications to and from
a remote site to be encrypted.
stored. Programs like ssh allow
Turing off unused or
duplicate
probability of find ing an entry services. Reducingthe number of system entry points reduces the
point that can be exploited.
hnplementing an internal
firewall. Programs like tcpwrapper
access, based on the remote can be configured to deny network
location and/or the service to be accessed.
Monitoring security advisories
Groups such as CERT and and updating software and configuration information as needed.
Bug Traq provide informationon security vulnerabilitiesand how to
fix thenu

SECURITYTHREATS
The area of computer security is
a broad concept and encompasses physical and administrative
controlsas well as automated controls.
'11)understand the types of threats to security
that exist, we need to have a definition of security
requirelnents. and network security address four requirements:
l. Confidentiability:
Requiresthat the information in a computer system only be accessible for reading by authorized
parties. This type of access includes printing, displaying and other forms of disclosure, including
sinoplyrevealing the existence of an object.
2. Integrity :
Requires that computer system assets can be modified only by authorized parties. Modification
includes writing, changing, changing status, deleting and creating
3. Availability :
Requires that colliputer system assets are available to authorized parties.
4. Authenticity :
Requires that a computer system be able to verify the identity of a user.
Typesof Threats :

Information Information
source destination
(a) Normal flow

(b) Interruption (c) Interception

o O
(d) Modification (e) Fabrication
Vidyalankar CS/IT/OS/Protection and Security

'I'he types of attacks on the security oc a computer system or network are best characterizedby
viewing the function of the conu»utcrsystem as providing information, In gencral, there is a flow of
ion from a source; such as a file or a rcgion of main memory, to a destination, such as another
file or a user. This is as shown in figure above.
Interruption :
An asset of the systetn is destroyed or becomes unavailableor unusable."Ibis is an attack on
availability.
Interception:
An unauthorized party gains access to an assct. "I'llis is an attack on confidcntiality.The
unauthorized party could be a person, a program or a computer,
Modification :
An unauthorizedparty not only gains access to but tampers with an asset. enlis is an attack on
integrity.
Fabrication :
An unauthorized party counterfeit objects into the system. This is an attack on authenticity.

14. Authenticity of infonnation indicates

(a) information available to authorized parties
(b) be able to verify the identity of the sender
(c) ensure the integrity of data received
(d) all of the above
(b)

SECURITY THREATS AND ASSETS

Availability Secrecy Integrity/Authenticity

I lardv.are Equipment is stolen or Hardware is used by Hardware components
disabled thus denying everyone are modified
services.
Software Programs are deleted, All unauthorized copy of A working program is
denying access to users. software is made modified, either to cause it
to fail during execution or
to cause it to do some
unintended task.
Data Files are deleted, denying An unauthorized read of Existing tiles
access to users. data is performed. An modified or new tiles
analysis of statistical data are fabricated
reveals underlying data
Cotnjnuni— Messages are dcstroyed or Messages are read. Messages are modified.
cation Lines deleted, Communication traffic pattern of message is delayed, reordered or
lincs or networks are observed, duplicated. False
rendered unavailable mcssages are fabricated.