Operating System Security

Vishal Patel Amlan Das

Bachelors of technology Bachelors of technology Varsha Yadav
(CSE) (CSE) Bachelors of technology
Lovely Professional University Lovely Professional University (CSE)
Jalandhar, India Jalandhar, India Lovely Professional University
[email protected] [email protected] Jalandhar, India
[email protected]
Muskaan Singh Gagandeep kaur
Bachelors of technology Bachelor of technology
(CSE) (CSE)
Lovely Professional University Lovely Profesional University
Jalandhar, India Jalandhar, India
[email protected] [email protected]

Abstract— Operating systems (OS) security is a very be bypassed. The OS should confine an application to a unique
important aspect of the protection of computer systems and their security domain.
data’s integrity, confidentiality and availability. Consequently, this
Applications with special privileges that perform security-
research manuscript seeks to provide a comprehensive analysis of
related functions are called trusted applications. Such applications
OS security in order to enhance understanding, establish challenges
should only be allowed the lowest level of privileges required to
and understand the best way forward. The research method proc-
perform their functions. For example, type enforcement is a
ess involves major areas of studies through the literature review,
mandatory security mechanism that can be used to restrict a trusted
data collection, case studies analysis, experimental and
application to the lowest level of privileges.
comparative evaluations and qualitative analyses. From the theatre
of experimentalism, various theoretical underpinnings are applied
in studying on the historical backgrounds and contemporary frames
of work on OS security with the most emphasized questions. Using
real-life data, the data acquisition process incorporates information
gathered through report surveys, security bulletins, and case-study
research as well as interviews with experts. The application of
security policies is demonstrated in the contextual studies when
case studies are presented; on the other hand, the efficiency of the
security measures is examined in the experimental evaluation of
the security controls. Qualitative comparisons with competitors and
industry segments illustrate what is occurring in OS security and
give insight into its vulnerabilities and future development. The
analysis and integration of results provide practical implications for
improving OS security, recommendations on policy, and Fig. 1
recommendations for future research. This research enriches the
knowledge about OS security and also assists in the development Enforcing mandatory security through mechanisms left to the
of the right measures to prevent future contingencies and risks in discretion of users could lead to a breach of security due not only
computer systems. [1][2]. to malicious intent but also carelessness or lack of understanding.
Discretionary mechanisms place the burden of security
I. INTRODUCTION on individual users. Moreover, an application may change a
An operating system (OS) allows multiple applications to share the carefully defined discretionary policy without the consent of the
hardware resources of a physical system, subject to a set of user, whereas a mandatory policy can only be changed by a system
policies. A critical function of an OS is to protect applications administrator.
against a wide range of malicious attacks such as unauthorized
Unfortunately, commercial operating systems do not
access to privileged information, tempering with executable code,
support multilayered security; such systems only distinguish
and spoofing. Such attacks can now target even single-user systems
between a completely privileged security domain and a completely
such as personal computers, tablets, or smartphones. Data brought
unprivileged one. Some operating systems, such as Windows NT,
into the system may contain malicious code; this could occur via a
allow a program to inherit all the privileges of the program
Java applet, or data imported by a browser from a malicious Web
invoking it, regardless of the level of trust in that program.
site [1].
The existence of trusted paths, mechanisms supporting user
The mandatory security of an OS is considered to be “any
interactions with trusted software, is critical to system security. If
security policy where the definition of the policy logic and the
such mechanisms do not exist, malicious software can impersonate
assignment of security attributes is tightly controlled by a system
trusted software. Some systems provide trust paths for a few
security-policy administrator” [209].Access
functions such as login authentication and password changing and
control, authentication usage, and cryptographic usage policies are
allow servers to authenticate their clients [2].
all elements of mandatory OS security. The first policy specifies
how the OS controls the access to different system objects, the The solution discussed in [209] is to decompose a complex
second defines the authentication mechanisms the OS uses to mechanism into several components with well-defined roles. For
authenticate a principal, and the last specifies the cryptographic example, the access control mechanism for the application space
mechanisms used to protect the data. A necessary but not sufficient could consist of enforcer and decider components. To access a
condition for security is that the subsystems tasked with protected object, the enforcer will gather the required information
performing security-related functions are temper-proof and cannot about the agent attempting the access and will pass this information
to the decider, together with the information about the object and

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

the elements of the policy decision. Finally, it will carry out the cannot determine whether a request comes from an authorized user
actions requested by the decider. or from a malicious program; in turn, a human user cannot
distinguish a response from a malicious program impersonating the
A trusted-path mechanism is required to prevent malicious service from the response provided by the service itself [4].
software invoked by an authorized application to tamper with the
attributes of the object and/or with the policy rules. A trusted path
is also required to prevent an impostor from impersonating the
decider agent. A similar solution is proposed for cryptography
usage, which should be decomposed into an analysis of the
invocation mechanisms and an analysis of the cryptographic
mechanism.
Another question is how an OS can protect itself and the
applications running under it from malicious mobile code
attempting to gain access to the data and the other resources and
compromise system confidentiality and/or integrity. Java Security
Manager uses the type-safety attributes of Java to prevent
unauthorized actions of an application running in a “sandbox.” Yet,
the Java Virtual Machineja (JVM) accepts byte code in violation
of language semantics; moreover, it cannot protect itself from
tampering by other applications.

Fig. 3

II. PRINCIPLES OF OPERATING SYSTEM SECURITY

Operating System (OS) Security is built on a set of
fundamental principles designed to protect the integrity,
confidentiality, and availability of computing systems.
Understanding these principles is crucial for anyone involved in the
development, administration, or use of operating systems [6].
Fig. 2
A. Least Privilege:
Even if all these security problems could be eliminated, good The principle of least privilege dictates that users and programs
security relies on the ability of the file system to preserve the should operate using the least amount of privilege necessary to
integrity of Java class code. The approach to require digitally complete a task. This limits the potential damage from accidents or
signed applets and accept them only from trusted sources could fail malicious actions by reducing the access and permissions to the
due to the all-or-nothing security model. A solution to securing minimum required.
mobile communication could be to confine a browser to a distinct
security domain. B. Defense In Depth:
Defense in depth is a strategy that employs multiple layers of
Specialized closed-box platforms such as the ones on security controls and defenses throughout the system. If one layer
some cellular phones, game consoles, and automated teller fails, others still stand, providing a comprehensive approach to
machines (ATMs) could have embedded cryptographic keys that security that addresses potential physical, technical, and
allow themselves to reveal their true identity to remote systems and administrative vulnerabilities.
authenticate the software running on them. Such facilities are not
available to open-box platforms, the traditional hardware designed
for commodity operating systems [3].
A highly secure operating system is necessary but not sufficient
unto itself; application-specific security is also necessary.
Sometimes security implemented above the operating system is
better. This is the case for electronic commerce that requires a
digital signature on each transaction.
We conclude that commodity operating systems offer low
assurance. Indeed, an OS is a complex software system consisting
of millions of lines of code, and it is vulnerable to a wide range of
malicious attacks. An OS poorly isolates one application from
another, and once an application is compromised, the entire
physical platform and all applications running on it can be affected. Fig. 4
The platform security level is thus reduced to the security level of
the most vulnerable application running on the platform. C. Fail-Safe Defaults:
Operating systems provide only weak mechanisms for Systems should be designed to default to a state of security if they
applications to authenticate to one another and do not have a fail. Access decisions should deny by default, and permissions
trusted path between users and applications. These shortcomings should not be granted unless explicitly allowed. This ensures that if
add to the challenges of providing security in a distributed a failure occurs, the system remains secure [3].
computing environment. For example, a financial application
 D. Economy Of Mechanism:
The design of security mechanisms should be as simple and small
as possible. Complex systems are harder to secure because they
potentially have more vulnerabilities. Simplification aids in the
verification and validation of security properties.
E. Complete Mediation:
Every access to every resource must be checked for authorization.
This principle ensures that attackers cannot bypass security
controls to access sensitive resources. It requires the system to
verify permission for an action each time that action is attempted.
III. METHOLOGY
Operating System (OS) security methodology involves a
structured approach to protecting the integrity, confidentiality, and
availability of an OS and its resources. Key components include:
A. Access Control:
Implementing strict user authentication and authorization
mechanisms ensures that only authorized users can access system
resources. This includes using passwords, biometric data, and role-
based access controls [3].
Fig. 5
B. Security Policies:
Establishing clear security policies helps define acceptable use,
data protection standards, and incident response strategies. Policies
guide users in maintaining security and compliance [7].
C. Regular Updates and Patch Management:
Keeping the OS and applications up-to-date with the latest
security patches mitigates vulnerabilities that can be exploited by
attackers [8].
D. Intrusion Detection and Prevention Systems (IDPS):
Deploying IDPS can monitor system activities for suspicious
behaviour and respond to potential threats in real-time [9].
E. Encryption:
Utilizing encryption for data at rest and in transit protects
sensitive information from unauthorized access.
F. Auditing and Monitoring:
Regularly reviewing logs and system activities helps identify
anomalies and potential security breaches.
G. User Education and Training:
Educating users about security best practices and potential
threats is crucial in fostering a security-aware culture.
IV. EASE OF USE
Implementing a security measure that automatically deletes
data from a system upon unauthorized access attempts and sends it
to the owner's linked account is a challenging endeavour. It
necessitates the establishment of a robust monitoring system
capable of detecting unauthorized access in real-time. Once an
attempt is identified, the system must initiate a secure data transfer
protocol to relocate the data to a designated secure account, which
may be cloud-based or hosted on a different server. This process
must guarantee data integrity and confidentiality during transfer,
thereby preventing any risk of data leakage or corruption [14].
Fig. 6
Furthermore, the system should incorporate a mechanism to
authenticate the legitimacy of the access attempt to prevent
accidental data deletion due to false positives. This could involve
multi-factor authentication or other verification techniques to
validate the user's identity. Additionally, the system owner should
receive immediate notifications regarding the unauthorized access
attempt and the subsequent data transfer, enabling them to take
further action if necessary.
Establishing a backup strategy is also essential prior to
implementing such a security measure. This ensures that even if
data is removed from the original system, it is not permanently lost
and can be restored if needed. The backup system should be secure
and regularly updated to reflect the latest data.
Finally, legal and privacy considerations must be addressed
when designing and implementing this system. Depending on the
jurisdiction, there may be regulations governing data breach
responses and the protection of personal information that must be
followed. It is advisable to consult with legal experts and
cybersecurity professionals to ensure compliance and to create a
system that effectively safeguards against unauthorized access while
respecting privacy rights and regulations. Implementing such a
system requires meticulous planning, a comprehensive
understanding of potential risks, and a commitment to preserving
the security and privacy of the involved data.
V. WHAT ARE WE PROTECTING?
We aren’t likely to achieve good protection unless we have a fairly
comprehensive view of what we’re trying to protect when we say
our operating system should be secure. Fortunately, that question is
easy to answer for an operating system, at least at the high level:
everything. That answer isn’t very comforting, but it is best to have
a realistic understanding of the broad implications of operating
system security [12]. A typical commodity operating system has
complete control of all (or almost all) hardware on the machine and
is able to do literally anything the hardware permits. That means it
can control the processor, read and write all registers, examine any
main memory location, and perform any operation one of its
peripherals supports. As a result, among the things the OS can do
are:
 Examine or alter any process’s memory
 Read, write, delete or corrupt any file on any writeable
persistent storage medium, including hard disks and flash
drives
 Change the scheduling or even halt execution of any
process
 Send any message to anywhere, including altered
versions of those a process wished to send
 Enable or disable any peripheral device
Methodology
 Give any process access to any other process’s resources
 Arbitrarily take away any resource a process control
 Respond to any system call with a maximally harmful lie
In essence, processes are at the mercy of the operating system. It is
nearly impossible for a process to ’protect’ any part of itself from a
malicious operating system. We typically assume our operating
system is not actually malicious, but a flaw that allows a malicious
process to cause the operating system to misbehave is nearly as
bad, since it could potentially allow that process to gain any of the
powers of the operating system itself. This point should make you
think very seriously about the importance of designing secure
operating systems and, more commonly, applying security patches
to any operating system you are running. Security flaws in your
operating system can completely compromise everything about the
machine the system runs on, so preventing them and patching any
that are found is vitally important
VI. FUNDAMENTAL PRINCIPLES OF OPERATING
SYSYTEM SECURITY
Operating system (OS) security relies on a set of core principles
that guide its design and implementation. These principles are
crucial for establishing a robust security posture and mitigating
potential threats [7].
A. Economy Of Mechanism:
 Security mechanisms should be designed with
simplicity and minimality in mind.
 Complex systems are inherently more difficult to
secure due to increased potential for vulnerabilities
and unforeseen interactions.
 A simpler design facilitates easier understanding,
implementation, and verification of security
properties.
 For instance, a straightforward access control model
is easier to audit and maintain compared to a
convoluted system with numerous exceptions and
special cases.
B. Least Privilege:
 This principle restricts user and process privileges to
the minimum necessary for performing their tasks.
 By limiting access rights, the potential damage from
errors, malfunctions, or malicious activities is
significantly reduced.
 Implementation involves fine-grained access control
mechanisms, role-based permissions, and privilege
separation techniques.
 For example, a user account responsible for web
server maintenance should not have access to
sensitive financial data.
Fig. 7
C. Defense In Depth:
 This strategy advocates for a layered security
approach, combining multiple security mechanisms to
protect the system.
 If one layer is compromised, others remain in place to
prevent complete system compromise.
 This approach encompasses diverse security controls,
including firewalls, intrusion detection systems,
access controls, encryption, and regular security
audits.
 For instance, a secure system might employ firewall
to block unauthorized network traffic, intrusion
detection to identify suspicious activities, and strong
passwords to prevent unauthorized access.
D. Fail-Safe Defaults:
 This principle emphasizes the importance of
defaulting to a secure state in case of errors or
unexpected situations.
 Access decisions should deny by default, and
permissions should be explicitly granted only when
necessary.
 This approach ensures that security is maintained
even in the event of system failures or
misconfigurations.
 For example, a newly created user account should
have minimal privileges by default, requiring explicit
authorization for accessing specific resources.
E. Complete Mediation:
 These principal mandates that every access attempt
to any resource must be verified for authorization.
 This prevents attackers from circumventing security
controls and gaining unauthorized access to sensitive
information.
 Complete mediation requires continuous monitoring
and enforcement of access control policies.
 For example, even if a user has previously accessed a
file, the system should re-validate their permissions
every time they attempt to access it again.
By adhering to these fundamental principles, operating system
developers and administrators can create a secure foundation for
protecting valuable data and maintaining system integrity. However,
it is crucial to recognize that security is an ongoing process that
requires continuous adaptation and improvement to address the
evolving threat landscape.
VII. DESIGNIG SECURE SYSTEMS
Few of you will ever build your own operating system, nor even
make serious changes to any existing operating system, but we
expect many of you will build large software systems of some kind.
Experience of many computer scientists with system design has
shown that there are certain design principles that are helpful in
building systems with security requirements [6]. These principles
were originally laid out by Jerome Saltzer and Michael Schroeder in
an influential paper [SS75], though some of them come from earlier
observations by others. While neither the original authors nor later
commentators would claim that following them will guarantee that
your system is secure, paying attention to them has proven to lead to
more secure systems, while you ignore them at your own peril.
We’ll discuss them briefly here. If you are actually building a large
software system, it would be worth your while to look up this paper
(or more detailed commentaries on it) and study the concepts
carefully.
Fig. 8
A. Economy of mechanism —
This basically means keep your system as small and simple as
possible. Simple systems have fewer bugs and it’s easier to
understand their behavior. If you don’t understand your system’s
behavior, you’re not likely to know if it achieves its security goals.
B. Fail-safe defaults —
Default to security, not insecurity. If policies can be set to
determine the behavior of a system, have the default for those
policies be more secure, not less.
C. Complete mediation –
This is a security term meaning that you should check if an action
to be performed meets security policies every single time the action
is taken.
D. Open design –
Assume your adversary knows every detail of your design. If the
system can achieve its security goals anyway, you’re in good
shape. This principle does not necessarily mean that you actually
tell everyone all the details, but base your security on the
assumption that the attacker has learned everything. He often has,
in practice.
E. Separation of privilege –
Require separate parties or credentials to perform critical actions.
For example, two-factor authentication, where you use both a
password and possession of a piece of hardware to determine
identity, is more secure than using either one of those methods
alone.
F. Least privilege –
Give a user or a process the minimum privileges required to
perform the actions you wish to allow. The more privileges you
give to a party, the greater the danger that they will abuse those
privileges. Even if you are confident that the party is not malicious,
if they make a mistake, an adversary can leverage their error to use
their superfluous privileges in harmful ways.
G. Least common mechanism –
For different users or processes, use separate data structures or
mechanisms to handle them. For example, each process gets its own
page table in a virtual memory system, ensuring that one process
cannot access another’s pages.
H. Acceptability –
A critical property not dear to the hearts of many programmers. If
your users won’t use it, your system is worthless. Far too many
promising secure systems have been abandoned because they asked
too much of their users.
These are not the only useful pieces of advice on designing secure
systems out there. There is also lots of good material on taking the
next step, converting a good design into code that achieves the
security you intended, and other material on how to evaluate
whether the system you have built does indeed meet those goals.
These issues are beyond the scope of this course, but are extremely
important when the time comes for you to build large, complex
systems. For discussion of approaches to secure programming, you
might start with Seacord [SE13], if you are working in C. If you are
working in another language, you should seek out a similar text
specific to that language, since many secure coding problems are
related to details of the language. For a comprehensive treatment on
how to evaluate if your system is secure, start with Dowd et al.’s
work [D+07].
VIII. THE BASICS OF OS SECURITY
In a typical operating system, then, we have some set of security
goals, centered around various aspects of confidentiality, integrity,
and availability. Some of these goals tend to be built in to the
operating system model, while others are controlled by the owners
or users of the system. The built-in goals are those that are
extremely common, or must be ensured to make the more specific
goals achievable [3][4]. Most of these built-in goals relate to
controlling process access to pieces of the hardware. That’s because
the hardware is shared by all the processes on a system, and unless
the sharing is carefully controlled, one process can interfere with the
security goals of another process. Other built-in goals relate to
services that the operating system offers, such as file systems,
memory management, and communications. If these services are not
carefully controlled, processes can subvert the system’s security
goals. Clearly, a lot of system security is going to be related to
process handling. If the operating system can maintain a clean
separation of processes that can only be broken with the operating
system’s help, then neither shared hardware nor operating system
services can be used to subvert our security goals [6]. That
requirement implies that the operating system needs to be careful
about allowing use of hardware and of its services. In many cases,
the operating system has good opportunities to apply such caution.
For example, the operating system controls virtual memory, which
in turn completely controls which physical memory addresses each
process can access. Hardware support prevents a process from even
naming a physical memory address that is not mapped into its
virtual memory space. (The software folks among us should
remember to regularly thank the hardware folks for all the great
stuff they’ve given us to work with.)
When a process performs a system call, then, the operating system
will use the process identifier in the process control block or
similar structure to determine the identity of the process. The OS
can then use access control mechanisms to decide if the identified
process is authorized to perform the requested action. If so, the OS
either performs the action itself on behalf of the process or arranges
for the process to perform it without further system intervention
[2]. If the process is not authorized, the OS can simply generate an
error code for the system call and return control to the process, if
the scheduling algorithm permits.
 Fig. 9 awareness training, and continuous monitoring for
suspicious activities.
IX. FUNDAMENTAL SECURITY REQUIREMENTS OF These four security requirements are fundamental to building a
OPERATING SYSTEMS secure OS. Addressing them comprehensively requires a multi-
faceted approach that combines strong security mechanisms,
Operating system (OS) security is built upon a foundation of core
proactive threat mitigation strategies, and continuous monitoring
requirements that ensure the confidentiality, integrity, availability,
and adaptation to the evolving threat landscape.
and authenticity of system resources. These requirements are not
merely isolated objectives but rather interconnected aspects of a X. ENHANCING OPERATING SYSTEM SECURITY
comprehensive security strategy [13].
A Multi-Layered Approach Protecting an operating system (OS)
A. Confidentiality: from security threats requires a multi-faceted strategy that
 Beyond Secrecy: Confidentiality goes beyond simply encompasses both proactive and reactive measures. Here's a
preventing unauthorized access to information. It breakdown of essential methods [6]:
encompasses controlling all forms of disclosure,
including reading, printing, displaying, and even
revealing the existence of data or resources.
 Enforcement Mechanisms: Achieving confidentiality
requires a multi-layered approach. This includes access
control mechanisms like access control lists (ACLs) and
mandatory access control (MAC), encryption techniques
to protect data in transit and at rest, and secure storage
solutions to prevent unauthorized physical access.
 Challenges: Maintaining confidentiality in modern
computing environments is challenging due to factors
like insider threats, sophisticated malware, and the
increasing use of cloud storage and mobile devices.
B. Integrity:
 Preserving Data Fidelity: Integrity ensures that only
authorized parties can modify system assets,
encompassing actions like writing, changing, deleting,
and creating data or resources. This ensures data
accuracy and reliability.
 Protection Mechanisms: Integrity is enforced through
various mechanisms, including access controls, data
validation techniques, version control systems, and digital
signatures to detect unauthorized modifications.
 Challenges: Ensuring data integrity in the face of
malware attacks, software bugs, and accidental data
corruption requires robust error detection and correction
mechanisms, secure backup and recovery procedures, Fig. 10
and comprehensive data validation routines.
A. Data Backup and Recovery:
C. Availability:
 Regularly backing up critical data ensures recoverability
 Guaranteed Access: Availability guarantees that in case of data corruption, ransomware attacks, or system
authorized users have timely and reliable access to failures.
system resources. This includes ensuring the system's  Employing diverse backup strategies (e.g., local backups,
operational continuity and resilience against disruptions. cloud backups, offsite backups) enhances resilience
 Supporting Mechanisms: Achieving high availability against data loss.
involves measures like redundancy (e.g., RAID for  Implementing versioning allows restoration to previous
storage, failover clusters for servers), disaster recovery states, mitigating the impact of malware infections or
planning, load balancing, and robust network accidental modifications.
infrastructure.
 Challenges: Maintaining availability is increasingly B. Secure User Practices:
challenging due to threats like denial of-service attacks,  Exercise caution when interacting with emails and web
hardware failures, natural disasters, and the growing links, avoiding suspicious or unknown sources. • Employ
complexity of distributed systems. strong, unique passwords and utilize multi-factor
authentication wherever possible.
D. Authenticity:
 Regularly update software to patch vulnerabilities and
 Reliable Verification: Authenticity focuses on verifying minimize exposure to exploits.
the identity of users and the origin of information. This is
crucial for establishing trust and accountability within the C. Robust Access Control:
system.  Implement strong authentication and authorization
 Implementation Techniques: Authenticity is commonly mechanisms to restrict access to system resources.
achieved through authentication mechanisms like  Utilize access control lists (ACLs), role-based access
passwords, biometrics, multi-factor authentication, and control (RBAC), or mandatory access control (MAC) to
digital certificates. enforce granular access permissions.
 Challenges: Ensuring authenticity in the face of  Regularly review and update user privileges to ensure
sophisticated phishing attacks, identity theft, and social least privilege principal adherence.
engineering requires robust authentication protocols, user
 D. Network Security:.
 Connect only to trusted and secure Wi-Fi networks,
avoiding public or unsecured networks that can expose
data to interception.
 Utilize Virtual Private Networks (VPNs) to encrypt
network traffic and enhance privacy, especially on public
Wi-Fi.
 Implement network segmentation to isolate sensitive data
and limit the impact of potential breaches.
E. Malware Protection:
 Implement network segmentation to isolate sensitive data
and limit the impact of potential breaches.
 Keep anti-malware definitions updated to counter
emerging threats.
 Utilize sandboxing techniques to isolate potentially
harmful programs and limit their system impact.
F. Application Control:
 Carefully manage application permissions, granting only
necessary access to system resources. • Employ
application whitelisting to restrict execution to trusted
programs.
 Regularly monitor application activity and resource
usage to detect anomalies.
G. Firewall Implementation:
 Utilize firewalls to monitor and filter network traffic,
blocking unauthorized access attempts.
 Configure firewall rules to allow only legitimate
connections and services.
 Employ intrusion detection and prevention systems
(IDPS) to identify and respond to malicious network
activity.
H. Data Encryption:
 Encrypt sensitive data both in transit and at rest to protect
against unauthorized access.
 Utilize strong encryption algorithms and secure key
management practices.
 Employ full-disk encryption to protect the entire system
drive from unauthorized access.
I. Secure Information Handling:
 Exercise caution when sharing personal information
online, limiting exposure to potential phishing attacks or
social engineering.
 Be aware of data privacy policies and practices of
websites and online services.
 Utilize privacy-enhancing tools and techniques to
minimize online tracking and data collection.
By implementing these comprehensive security measures, users
and organizations can significantly enhance the protection of their
operating systems and mitigate the risks associated with cyber
threats.
XI. ESSENTIAL TOOLS FOR OPERATING SYSTEM
SECURITY
Maintaining a robust security posture for operating systems requires
a multi-layered approach utilizing a variety of specialized tools.
These tools address different facets of OS security, working in
concert to protect against diverse threats [5].
A. Antivirus/Anti-malware Software:
 Function: These tools form the first line of defense,
proactively scanning for and eliminating malicious
software like viruses, worms, Trojans, ransomware, and
spyware.
 Mechanism: Employ signature-based detection, heuristic
analysis, and behavioral monitoring to identify and
quarantine malicious code.
 Considerations: Require regular updates to stay abreast
of emerging threats. Advanced malware may employ
evasion techniques to bypass detection.
B. Firewalls:
 Function: Act as gatekeepers, monitoring and controlling
network traffic based on predefined rules.
 Mechanism: Inspect incoming and outgoing network
packets, blocking or allowing traffic based on
source/destination IP addresses, ports, and protocols.
 Considerations: Can be implemented in hardware or
software. Effectiveness depends on well-defined rules
and regular updates to address new threats.
Fig. 11
C. Intrusion Detection/Prevention Systems (IDS/IPS):
 Function: IDS passively monitors network traffic for
suspicious patterns, alerting administrators to potential
intrusions. IPS actively blocks malicious traffic.
 Mechanism: Employ anomaly-based detection
(deviations from normal behavior) and signature-based
detection (matching known attack patterns).
 Considerations: IDS generates alerts requiring human
analysis, while IPS takes automated action. Fine-tuning
is crucial to minimize false positives/negatives.
D. File Integrity Checkers:
 Function: Monitor critical system files for unauthorized
modifications, ensuring their integrity.
 Mechanism: Create baseline hashes of files and
periodically compare them to detect any changes.
 Considerations: Effective for detecting tampering with
system files but may not detect sophisticated attacks that
replace files with malicious versions having the same
hash.
E. Encryption Tools:
 Function: Encode sensitive data, rendering it unreadable
without the decryption key.
 Mechanism: Utilize various encryption algorithms (e.g.,
AES, RSA) to protect data at rest and in transit.
 Considerations: Key management is crucial for effective
encryption. Loss of the decryption key can result in
permanent data loss.
F. Patch Management Software:
 Function: Automate the process of applying security
updates and patches to OS and applications.
 Mechanism: Scan for missing patches, download
updates, and install them with minimal user intervention.
 Considerations: Regular patching is essential to mitigate
vulnerabilities. However, patch testing is crucial to avoid
compatibility issues.
G. Vulnerability Scanners:
 Function: Proactively identify weaknesses and
misconfigurations in the OS and software.
 Mechanism: Scan systems for known vulnerabilities,
outdated software, and insecure settings.
  Considerations: Provide valuable insights into potential
security gaps but require regular updates to stay current
with newly discovered vulnerabilities.
H. Log Management and Analysis Tools:
 Function: Collect, store, and analyze log data from
various sources to detect and investigate security
incidents.
 Mechanism: Centralize log data, correlate events, and
identify suspicious patterns.
 Considerations: Effective log analysis requires expertise
and knowledge of attack techniques.
I. Authentication Tools:
 Function: Verify user identities and control access to the
system.
 Mechanism: Employ various authentication methods (e.g.,
passwords, multi-factor authentication, biometrics) to
ensure only authorized users gain access.
 Considerations: Strong authentication is crucial to
prevent unauthorized access. Implementing robust
password policies and multi-factor authentication
enhances security.
The effectiveness of these tools hinges on proper configuration,
regular maintenance, and integration into a comprehensive security
strategy. Organizations must proactively assess their security needs
and deploy a combination of these tools to create a multi-layered
defense against evolving threats.
XII. VARIOUS ATTACKS ON OPERATING SYSTEM
SECURITY
Operating systems are prone to cyberattacks because of their
complex features, which include many programs. These attacks
exploit them and get access to the target network. Buffer overflows,
bugs, and an unmatched operating design are some system
vulnerabilities that are easily affected. Cyber-attacks are also carried
out by cracking passwords and encryptions, breaching file system
security, and exploiting system authentication [8][9].
Fig. 12
A. Buffer Overflow:
It is one such major operating system attack. When an application
lacks well-defined boundaries or restrictions about the data capacity
it can handle or the type of data needed, buffer overflow problems
like denial of service, rebooting, freezing, and unrestricted access
occur. Buffers are memory regions that temporarily store the data
when it gets transferred from one location to another. They affect all
types of software. They usually result from failing to allocate space
for the buffer.
B. Masquerade:
A masquerade attack can occur when one entity pretends to be
another entity. It is one of the forms of active attack. A masquerade
attack always uses a fake identity, such as a network identity, to get
access to the system. It gets unauthorized access through legitimate
access identification. So when an authorization process is not
secured correctly, it is effortless for a masquerade attack to happen.
C. SQL Injection:
SQL, otherwise known as Structured Query Language, is a
programming language. It manages data from the database
management system. In SQL injections, the hackers insert malicious
codes into the servers that use SQL, thereby stealing their sensitive
information. They are usually prevented by regularly monitoring the
user using the application with the help of white-listing and black-
listing. You can also use SQL injections for firewall protection.
D. Zero-Day Attacks:
When there is an attack, the IT team announces the network
vulnerability. The hackers try to exploit the vulnerability before the
security experts fix it. As a result, constant monitoring is required
to protect against any cyberattack. So, before the hackers can find
the vulnerabilities, infrastructure penetration testing can help
identify the vulnerabilities. Securing those vulnerabilities could
thereby reduce the risk of attacks.
E. Man-in-the-middle Attack:
A MITM (man-in-the-middle) attack happens when a hacker
intercepts and reads all the messages between two users who are
interacting. They believe the data travels only between those two
users, but the hackers steal their information. It is also called an
“eavesdropping attack.” Once they are in the conversation, they
can filter and manipulate sensitive data. So, data encryption is the
only way to protect the organization from such attacks. Also,
regular auditing and monitoring can help prevent attacks.
F. Misconfiguration Attacks:
They are common among operating systems, mainly in their sector.
For example, the administrator must change the default
configurations when installing a new system. Still, if they are in the
default setting, any user can access them, which can lead to an
attack. As a result, it is critical to ensure that the systems are
regularly updated. Usually, making the organization name a
username and password makes it easy for hackers to attack, so
avoid such practices.
G. Shrink Wrap Code:
It is another way to access a system. In this attack, systems with
weak software are targeted. If it has a bug in the original software
version, it is more vulnerable to shrink-wrap code attacks.
Unpatched operating systems are always at risk and are highly
prone to cyberattacks. When the hacker attacks the operating
system software, it also affects the insecure test pages and
debugging scripts. So the developers need to be very careful when
removing all the vulnerabilities.
H. Password Attack:
It is yet another major threat that takes advantage of the user’s
authentication. The most common password attack methods
include DNS cache poisoning, URL hijacking, tab catching, UI
redressing, clone phishing, brute force attacks, password spraying,
dictionary attacks, credential stuffing, and keylogger attacks.
Usually, hackers use the software to crack or guess passwords.
Repeating passwords makes it easy for hackers to compromise the
system.
I. Distributed Denial Of Service Attack:
A distributed denial of service (DDoS) attack denies access to our
website by overloading it, making it difficult to load, or completely
blocking it. The attackers build a botnet, a network of hacked
devices, to attack by sending remote instructions. DDoS attacks
can last for hours, days, or even weeks, depending on the intensity
of the attacks. It’s challenging to find a DDoS attack because the
symptoms are very common, such as slow loading and network
issues. A large-volume DDoS attack can generate traffic of nearly
ten gigabytes per second.
 XIII. SUMMARY
The security of the operating system is vital for both its own and its
applications’ sakes. Security failures in this software allow
essentially limitless bad consequences. While achieving system
security is challenging, there are known design principles that can
help. These principles are useful not only in designing operating
systems, but in designing any large software system. Achieving
security in operating systems depends on the security goals one has.
These goals will typically include goals related to confidentiality,
integrity, and availability. In any given system, the more detailed
particulars of these security goals vary, which implies that different
systems will have different security policies intended to help them
meet their specific security goals. As in other areas of operating
system design, we handle these varying needs by separating the
specific policies used by any particular system from the general
mechanisms used to implement the policies for all systems. The
next question to address is, what mechanisms should our operating
system provide to help us support general security policies? The
virtualization of processes and memory is one helpful mechanism,
since it allows us to control the behavior of processes to a large
extent. We will describe several other useful operating system
security mechanisms in the upcoming chapters [10].
Fig. 13
XIV. CONCLUSION
Foundations Of a Trusted Operating System. Ensuring the
security of an operating system (OS) hinges on the effective
provision of fundamental security services. These services form the
bedrock of a trusted OS, one that instills confidence in its users by
reliably safeguarding their information and resources. Key
primitive security services provided by operating systems include:
A. Memory Protection:
 Isolates processes from each other, preventing
unauthorized access or modification of another process’s
memory space.
 Employs mechanisms like virtual memory, address space
layout randomization (ASLR), and memory management
units (MMUs) to enforce memory boundaries.
 Crucial for preventing malicious code from corrupting or
hijacking other processes.
B. File Protection:
 Controls access to files and directories, ensuring that
only authorized users or processes can read, write, or
execute them.
 Utilizes access control lists (ACLs), permissions, and
ownership attributes to manage file access [11].
 Protects sensitive data from unauthorized disclosure,
modification, or deletion.
C. General Object Access Protection:
 Extends access control principles to other system objects,
such as semaphores, shared memory segments, and I/O
devices.
 Provides a unified framework for managing access to all
system resources.
 Ensures that objects are accessed only in authorized
ways, preventing misuse or interference.
D. User Authentication:
 Verifies the identity of users attempting to access the
system.
 Employs mechanisms like passwords, biometrics, and
multi-factor authentication to confirm user credentials.
 Establishes accountability and prevents unauthorized
access by impersonation.
Fig. 14
However, simply providing these services is not enough. A truly
trusted operating system rests on four key pillars:
a) Policy: A well-defined security policy outlines the rules
and regulations governing access to system resources and
information. It establishes the security goals and the
permissible actions within the system.
b) Model: A security model provides a formal
representation of the security policy, enabling rigorous
analysis and verification of its properties. Common
models include Bell-LaPadula, Biba, and Clark-Wilson.
c) Design: The OS design should incorporate security
considerations from the outset, integrating security
mechanisms seamlessly into its architecture. This
includes secure coding practices, minimized attack
surfaces, and defense-in-depth strategies.
d) Trust: Trustworthiness is built upon a foundation of
assurance, demonstrating that the OS has been rigorously
evaluated and certified to meet its security requirements.
This involves formal verification, penetration testing, and
code audits.
By adhering to these principles, operating system developers
can create secure and trustworthy platforms that protect user data
and maintain system integrity in the face of evolving threats.
REFERENCES
[1] Abraham Silberschatz, Greg Gange, and Peter B. Galvin:
Operating System Concept (1983)
[2] Andrew S. Tanenbaum and Herbert Bos: Modern Operating
Systems (1992)
[3] Computer Security and Principles and Practice (2008): William
Stallings and Lawrie Brown
[4] Internals and Design Principles (1985): William Stallings
[5] Guide to Operating Systems Security (2003): Michael Palmer
[6] Security Engineering, A Guide to Building Dependable
Distributed Systems (2001): Ross Anderson
[7] Josef Pieprzyk, Thomas Hardjono, and Jennifer Seberry:
Fundamentals of Computer Security (2002)
[8] Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J.
(2019). Survey of intrusion detection systems: techniques,
datasets and challenges. Cybersecurity, 2(20).
[9] Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection
and Prevention Systems (IDPS). National Institute of
Standards and Technology (NIST).
[10] Walsh, T., & Healy, M. (2012)
[11] Data Security on Mobile Devices: Current State of the Art,
Open Problems, and Proposed Solutions Maximilian Zinkus,
Tushar M. Jois, Matthew Green
[12] Data exfiltration: A review of external attack vectors and M Mubeen, M Arslan, G Anandhi
countermeasures [14] Fundamentals of Computer Security
F Ullah, M Edwards, R Ramdhany
[13] Strategies to Avoid Illegal Data Access