Unit 6

File protection & security

OS uses two sets of techniques to counter threats to information namely:
Protection
Protection tackles the system's internal threats. It provides a mechanism for controlling
access to processes, programs, and user resources. In simple words, It specifies which files a
specific user can access or view and modify to maintain the proper functioning of the system.
It allows the safe sharing of common physical address space or common logical address
space which means that multiple users can access the memory due to the physical address
space.
Example: In a small organization there are four employees p1, p2, p3, p4, and two data
resources r1 and r2. The various departments frequently exchange information but not
sensitive information between all employees. The employees p1 and p2 can only access r1
data resource and employees p3 and p4 can only access r2 resource. If the employee p1 tries
to access the data resource r2, then the employee p1 is restricted from accessing that
resource. Hence, p1 will not be able to access the r2 resource.
Security
Security tackles the system's external threats. The safety of their system resources such as
saved data, disks, memory, etc. is secured by the security systems against harmful
modifications, unauthorized access, and inconsistency. It provides a mechanism (encryption
and authentication) to analyze the user before allowing access to the system.
As earlier discussed in the previous example, In the organization data resources are shared
with many employees but a user who does not work for that specific company cannot access
this information. Security can be achieved by three attributes: confidentiality (prevention
of unauthorized resources and modification), integrity (prevention of all unauthorized
users), and availability (unauthorized withholding of resources).

Goals of Protection
Protection is especially important in a multiuser environment when multiple users use
computer resources such as CPU, memory, etc. It is the operating system's responsibility to
offer a mechanism that protects each process from other processes.
Various goals of protection in the operating system are as follows:

 The policies define how processes access the computer system's resources, such as
the CPU, memory, software, and even the operating system. It is the responsibility of

PROF. BHUSHAN L RATHI (SARASWATI COLLEGE, SHEGAON) 1

 both the operating system designer and the app programmer. Although, these policies
are modified at any time.
 Protection is a technique for protecting data and processes from harmful or
intentional infiltration. It contains protection policies either established by itself, set
by management or imposed individually by programmers to ensure that their
programs are protected to the greatest extent possible.
 It also provides a multiprogramming OS with the security that its users expect when
sharing common space such as files or directories.

Principles of Protection
Programs, users and systems should be given just enough privileges to perform their tasks
This ensures that failures do the least amount of harm and allow the least of harm to be done.
For example, if a program needs special privileges to perform a task, it is better to make it a
SGID (Set Group ID up on execution) program with group ownership of "network" or
"backup" or some other pseudo group, rather than SUID (Set-user Identification) with root
ownership. This limits the amount of damage that can occur if something goes wrong.
Typically, each user is given their own account, and has only enough privilege to modify their
own files.
The root account should not be used for normal day to day activities – The System
Administrator should also have an ordinary account, and reserve use of the root account for
only those tasks which need the root privileges

Revocation of Access Rights

In a dynamic protection system, we may sometimes need to revoke access rights to objects
shared by different users.
 Reacquisition
Periodically, all capabilities are deleted from each domain. If a process wants to use a
capability, it may find that that capability has been deleted. The process may then try to
reacquire the capability. If access has been revoked, the process will not be able to reacquire
the capability.

PROF. BHUSHAN L RATHI (SARASWATI COLLEGE, SHEGAON) 2

  Back-pointers
A list of pointers is maintained with each object, pointing to all capabilities associated with
that object. When revocation is required, we can follow these pointers, changing the
capabilities as necessary.
 Indirection
The capabilities point indirectly to the objects. Each capability points to a unique entry in a
global table, which in turn points to the object. We implement revocation by searching the
global table for the desired entry and deleting it. Then, when an access is attempted, the
capability is found to point to an illegal table entry.
 Keys
A key is a unique bit pattern that can be associated with a capability. This key is defined when
the capability is created, and it can be neither modified nor inspected by the process owning
the capability. A master key is associated with each object; it can be defined or replaced with
the set-key operation.
When a capability is created, the current value of the master key is associated with the
capability. When the capability is exercised, its key is compared with the master key. If the
keys match, the operation is allowed to continue; otherwise, an exception condition is raised.
In key-based schemes, the operations of defining keys, inserting them into lists, and deleting
them from lists should not be available to all users.

Security Problem
The process of ensuring OS availability, confidentiality, integrity is known as operating
system security. OS security refers to the processes or measures taken to protect the
operating system from dangers, including viruses, worms, malware, and remote hacker
intrusions. Operating system security comprises all preventive-control procedures that
protect any system assets that could be stolen, modified, or deleted if OS security is breached.
Security refers to providing safety for computer system resources like software, CPU,
memory, disks, etc. It can protect against all threats, including viruses and unauthorized
access.

Program Threats
A program threat is a program written to hijack the security or change the behaviour of the
process.

PROF. BHUSHAN L RATHI (SARASWATI COLLEGE, SHEGAON) 3

Types of program threats are as follows:
 Virus
A virus is a self-replicating and malicious thread that attaches itself to the system file and
then rapidly replicates itself changing the essential files leading to a system breakdown.
 Trap door
A trap door is a hole kept open by the designer of a program so that only he can use it. It is
very difficult to detect a trap door, as one will need to go through the entire source code.
 Trojan Horse
A Trojan Horse is a code segment that misuses its environment. It appears as a harmless
cover program but has a harmful hidden program that is used to carry viruses.
Another type of Trojan horse is Spyware. In Spyware, the user downloads a certain program,
it then downloads ads to pop up on the user’s window, certain ads are then visited by the
user, and the information entered there is then sent over to the remote server. These attacks
are also known as Covert Channels.

User Authentication
The user authentication process is used just to identify who the owner is or who the
identified person is. On a personal computer, generally, user authentication can be
performed using a password.
When a computer user wants to log into a computer system, the operating system (OS)
installed on that computer system generally wants to determine or check who the user is.
This process is called "user authentication."
It is sometimes critical to authenticate the user because the computer system may contain
sensitive information about the owner.
The user can be authenticated in one of the following ways:
 User authentication using a password
 User authentication using a physical object
 User authentication using biometrics
 User authentication using countermeasures

PROF. BHUSHAN L RATHI (SARASWATI COLLEGE, SHEGAON) 4

Implementing Security Defences
The security approach in which a series of security mechanism and controls are layered
throughout a computer network to protect availability, confidentiality, integrityof the
system or network.
Implementing Security Defences include major method, tools & technique that can be used
to improve resistance of threat.
 Security Policy
Security policy is a document that specifies the procedures for ensuring that the operating
system maintains a specific level of integrity, confidentiality, and availability.
OS Security protects systems and data from worms, malware, threats, ransomware,
backdoor intrusions, viruses, etc. Security policies handle all preventative activities and
procedures to ensure an operating system's protection, including steal, edited, and deleted
data.
 Vulnerability Assessment
A vulnerability assessment is a systematic review of security weaknesses in an information
system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity
levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever
needed.
Examples of threats that can be prevented by vulnerability assessment include:
1. SQL injection, XSS and other code injection attacks.
2. Escalation of privileges due to faulty authentication mechanisms.
3. Insecure defaults – software that ships with insecure settings, such as some guessable
admin passwords.
 Intrusion Detection
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities
and generates alerts when they are detected. Based upon these alerts, a security operations
centre (SOC) analyst or incident responder can investigate the issue and take the appropriate
actions to remediate the threat.
 Virus Protection
Antivirus is a kind of software used to prevent, scan, detect and delete viruses from a
computer. Once installed, most antivirus software runs automatically in the background to
provide real-time protection against virus attacks. Comprehensive virus protection
programs help protect your files and hardware from malware such as worms, Trojan horses
and spyware, and may also offer additional protection such as customizable firewalls and
website blocking.

PROF. BHUSHAN L RATHI (SARASWATI COLLEGE, SHEGAON) 5

Firewalling to Protect
Firewalls prevent unauthorized access to networks through software or firmware. By
utilizing a set of rules, the firewall examines and blocks incoming and outgoing traffic.
Firewalls are used in enterprise and personal settings. They are a vital component of
network security. Most operating systems have a basic built-in firewall. However, using a
third-party firewall application provides better protection.
Firewalls are designed with modern security techniques that are used in a wide range of
applications. In the early days of the internet, networks needed to be built with new security
techniques, especially in the client-server model, a central architecture of modern
computing. That's where firewalls have started to build the security for networks with
varying complexities. Firewalls are known to inspect traffic and mitigate threats to the
devices.
 Firewalls can be used in corporate as well as consumer settings.
 Firewalls can incorporate a security information and event management strategy
(SIEM) into cybersecurity devices concerning modern organizations and are installed
at the network perimeter of organizations to guard against external threats as well as
insider threats.
 Firewalls can perform logging and audit functions by identifying patterns and
improving rules by updating them to defend the immediate threats.
 Firewalls can be used for a home network, Digital Subscriber Line (DSL), or cable
modem having static IP addresses. Firewalls can easily filter traffic and can signal the
user about intrusions.
 They are also used for antivirus applications.

PROF. BHUSHAN L RATHI (SARASWATI COLLEGE, SHEGAON) 6