IS unit 2 notes

Security in Program (Program Security) –

•Program security refers to the techniques used to protect software or applications from being
hacked, misused, or crashed.

Why is Program Security Important?

•Programs can have bugs or vulnerabilities. Hackers can use these weaknesses to:

1. Steal data
2. Control your system
3. Crash the program
4. Install malware

Common Threats to Program Security:

1. Buffer Overflow: Too much data is written to a memory area, causing the program to crash or
give control to a hacker.

2. Malware Insertion: Malicious code hidden inside the program.

3. Input Validation Issues: Program doesn’t properly check user input (e.g., login forms), allowing
attacks like SQL injection.

4. Trojan Horse Programs: A program that seems safe but does harmful things in the background.

Ways to Improve Program Security:

•Input Validation: Always check user inputs to prevent code injection.

•Use Secure Coding Practices: Follow coding guidelines to reduce bugs.

•Update Software: Patch known security flaws regularly.

•Access Control: Restrict what each user or process can do.

•Code Reviews & Testing: Regularly test programs for vulnerabilities.

Real-Life Example:

•A bank’s login app must be secure. If the program has weak security, a hacker could:

•Steal passwords

•Transfer money

•Delete accounts
Security in Operating System (OS Security) –

•Operating System Security means protecting the computer system and its resources (like files,
memory, CPU, and programs) from unauthorized access, malware, and attacks.

Why is OS Security Important?

The Operating System controls everything in your computer. If it’s not secure:

•Hackers can steal files or data

•Viruses can damage the system

•Unauthorized users can change settings or install harmful software

Main Goals of OS Security:

1. Confidentiality – Only authorized people can access data

2. Integrity – Data must not be changed by unauthorized users

3. Availability – System and data must be available to authorized users when needed

Common Threats to OS Security:

•Malware/Viruses

•Unauthorized access (hacking or password guessing)

•Privilege escalation (a user gaining more access than allowed)

•Data theft or loss

•Denial of Service (DoS) – crashing or slowing down the system

How to Improve OS Security:

1. Use Passwords: Strong passwords to prevent unauthorized access

2. Access Control: Limit who can access what files or settings

3. Antivirus Software: Protect against malware and viruses

4. Firewalls: Block unwanted network access

5. Regular Updates: Keep the OS updated to fix security holes

6. User Permissions: Give only required rights to each user

7. Backup Data: In case of attack or damage

Example:

In a college computer lab:

•Admin users can install software

•Students can only use programs

•If security is weak, students might install harmful apps or delete others’ work

Secure Programs –

•Secure programs are software applications that are designed and written carefully to prevent
hacking, data theft, or misuse.

What Makes a Program Secure?

A secure program:

•Protects user data (like passwords, personal info)

•Blocks unauthorized access

•Does not crash easily

•Cannot be tricked by hackers or viruses

Key Features of Secure Programs:

1. Input Validation:-

•Checks all user input to prevent harmful code (like SQL injection).

2. Authentication:-

•Verifies the identity of the user (e.g., using username & password or OTP).

3. Access Control:-

•Gives users only the permissions they need (not full control).

4. Error Handling:-

•Shows safe error messages without exposing system details.

5. Regular Updates:-

•Fixes bugs and patches new security holes.

6. Encryption:-

•Uses encryption to protect sensitive data like passwords.

Example:

A secure banking app:

•Hides your password

•Logs out automatically after some time

•Sends OTP for confirmation

•Does not crash or allow fake login attempts

Why Are Secure Programs Important?

•To protect user privacy

•To prevent hacking

•To avoid system damage or data loss

non-malicious program error

1. Buffer Overflow:-

When a program tries to store more data in a memory space (buffer) than it can hold.
This can overwrite other data or crash the program.
Example: Entering 100 characters into a field that only supports 50.

2. Memory Leak:-

When a program keeps using memory but doesn’t release it after use.
Over time, the system runs out of memory and slows down or crashes.
Common in poorly written applications.

3. Uninitialized Variable:-

When a variable is used without giving it a value first.

This can cause random errors or wrong results.
Example: int a; print(a); (a has no value)

4. Race Condition

Happens when two parts of a program try to access/change the same data at the same
time.
The result depends on which one runs first – very unpredictable.

5. Null Pointer Dereferencing:-

A pointer is supposed to point to a memory location.

If it's “null” (empty) and you try to use it, the program crashes.

6. Integer Overflow/Underflow:-

Overflow: When a number is too big for the variable type.

Underflow: When it goes below the minimum value.
Causes wrong results or unexpected behavior.

7. Off-by-One Error:-
 A small mistake where loops or array indexes go one step more or less.
Very common in loops.
Example: Looping from 0 to 5 instead of 0 to 4.

8. Input Validation Failure:-

The program does not check if the user’s input is correct or safe.
Hackers can use this to break into systems.
Example: Allowing letters where only numbers should be entered.

9. Improper Error Handling:-

When the program doesn’t handle errors safely or clearly.

It might crash or show sensitive system information to users.

10. Misconfigured Permissions:-

Giving users or programs more rights than they need.

A security risk, as it may let someone delete or change important files.
 IS unit 2 notes

Viruses and Other Malicious Code –

•Malicious code (also called malware) is any software created to harm, damage, steal, or disrupt
computers or data.

1. Computer Virus:-

A virus is a program that attaches itself to other files or programs.

It spreads when the infected file is shared or run.
It can delete files, damage systems, or slow down the computer.

2. Worm:-

A worm spreads on its own through networks (like the internet).

It doesn’t need to attach to a file.
It can quickly infect many computers, using up memory and bandwidth.

3. Trojan Horse (Trojan):-

A trojan looks like a normal or useful program but contains hidden harmful code.
It can steal passwords, open backdoors, or allow hackers to control your computer.

4. Spyware:-

Secretly monitors what you do on your computer.

It may track your keystrokes, websites visited, or steal sensitive data.

5. Adware:-

Shows unwanted ads on your computer or browser.

May slow down the system and is often bundled with free software.

6. Ransomware:-

Locks or encrypts your files and demands payment (ransom) to unlock them.
It’s very dangerous and growing rapidly.

7. Logic Bomb:-

Malicious code that activates when a certain condition is met (like a date or action).
It can delete or corrupt data.
8. Rootkit:-

A tool that hides malware inside the system.

It gives unauthorized users control over your computer.

Protection Against Malicious Code:

Use antivirus and anti-malware software

Keep your system updated
Avoid clicking on unknown links or attachments
Download software only from trusted sources

Targeted Malicious Code –

•Targeted malicious code is harmful software that is specifically designed to attack a particular
person, organization, system, or network.

•It is not random like normal viruses — it is planned and customized to steal data, spy, damage
systems, or take control.

Key Features:

Goal-based: Made for a specific purpose (like stealing bank data or hacking a company).
Stealthy: Often hidden and hard to detect.
Customized: Designed for a specific target like a bank, government, or company.

Examples of Targeted Malicious Code:

1. Advanced Persistent Threats (APT):-

Long-term attack on a specific system or network.

Used by hackers or governments for spying.

2. Stuxnet:-

A famous targeted malware that attacked Iran’s nuclear facilities.

It was highly advanced and spread through USBs.

3. Spear Phishing:-

A fake email or message sent to a specific person to steal their login info or infect their
system.

4. Custom Trojans:-

Malware made for one organization to steal files or control systems.

How to Stay Safe:

 Use strong passwords and two-factor authentication
Be careful with emails and links, especially from unknown sources
Keep your antivirus updated
Do regular system checks and backups

Controls Against Program Threats

•To protect a computer or system from malicious code (malware), we use certain methods and
security practices called controls.

1. Antivirus Software:-

Scans and removes viruses, worms, trojans, and other malware.

Must be kept updated regularly to detect new threats.

2. Firewalls:-

Blocks unauthorized access to or from a network.

Can be hardware or software-based.
Helps stop malware from entering or spreading.

3. Software Updates (Patching):-

Regularly update operating systems and software.

Fixes security holes that malware might use to enter the system.

4. Access Controls:-

Set proper permissions for users and files.

Limit access to sensitive data – only give minimum required access.

5. Intrusion Detection Systems (IDS):-

Monitors systems for suspicious activity or attacks.

Can alert admins when threats are detected.

6. Secure Programming Practices:-

Developers should write clean and secure code to avoid errors like buffer overflows.
Helps reduce non-malicious and malicious errors.

7. Regular Backups:-

Keep copies of important data.

In case of a malware attack (like ransomware), you can recover data easily.

8. User Awareness:-
 Train users to avoid clicking unknown links, attachments, or pop-ups.
Educated users are the first line of defense.

9. Sandboxing:-

Run unknown or untrusted programs in a safe, isolated environment to prevent damage.

General-Purpose Operating System (OS)

•A General-Purpose OS is designed to handle a wide range of tasks and support many

applications.
•It is used in personal computers, laptops, and servers.

Examples:

Windows
Linux
macOS
Ubuntu

Main Features:

User interface (GUI or command line)

Multi-tasking (run many apps at once)
File management
Device management
Networking support

Protection in General-Purpose OS

Protection means safeguarding system resources (like memory, files, and CPU) from unauthorized
access or damage.

Main Protection Mechanisms:

1. User Authentication:-

Only authorized users can log in (passwords, PINs, biometrics).

2. Access Control:-

Limits what users or programs can do (read, write, delete files).

3. File Permissions

Controls who can access, edit, or delete files.

4. Memory Protection

Prevents one program from using another program’s memory (avoids crashes or hacking).
5. Process Isolation

Keeps processes (running programs) separate to prevent interference.

6. Antivirus & Security Updates

OS provides regular updates to patch vulnerabilities and improve security.

7. Firewall

Controls incoming and outgoing network traffic based on security rules.

8. Encryption

Protects data by converting it into unreadable form (only authorized users can decode).

9. Audit Logs

Keeps a record of system activities to track misuse or attacks.

 IS unit 2 notes

Protected Objects in General-Purpose OS

•In an operating system, protected objects are the important system resources that need security
and controlled access to prevent misuse or damage.

•These objects are protected using access control, permissions, and security policies.

Main Protected Objects:

1. Files and Directories:-

Includes documents, images, system files, etc.

Protection: Read, write, execute permissions.

2. Memory:-

RAM space used by processes.

Protection: Prevents one process from accessing another process’s memory.

3. Processes:-

Running programs.
Protection: Process isolation, ensures one process can’t interfere with another.

4. CPU (Processor Time):-

Shared among many processes.

Protection: Scheduler ensures fair and secure access.

5. I/O Devices:-

Includes keyboard, mouse, printers, disk drives.

Protection: Only authorized programs can access them.

6. System Files and OS Code:-

Critical for OS operation.

Protection: Can only be accessed or modified by the OS or admin users

7. Network Resources:-

Internet and local network connections.

Protection: Firewalls and access control to prevent unauthorized communication.
8. User Accounts & Credentials:-

Usernames, passwords, and personal settings.

Protection: Stored securely and encrypted.

9. System Logs and Audit Trails

Records of activities and errors.

Protection: Only admins can view or modify logs.

Why Protection Is Important:

Prevent data theft or corruption

Avoid unauthorized access
Maintain system stability and performance
Ensure privacy and security

Methods of Protecting Memory

•Memory protection ensures that one process (program) cannot access or damage the memory of
another process or the operating system.

•This keeps the system secure, stable, and error-free.

1. Base and Limit Registers:-

Each program is given a starting address (base) and a maximum range (limit).
If the program tries to access memory outside this range, the OS blocks it.

2. Segmentation:-

Memory is divided into logical segments: code, data, stack, etc.

Each segment is isolated, and access is controlled separately.

3. Paging:-

Memory is divided into equal-sized pages.

Processes work in separate page tables to ensure they don’t access others' data.

4. Virtual Memory:-

Each process gets its own virtual address space.

Keeps processes isolated from each other and from the OS.

5. Memory Access Rights:-

OS sets permissions on memory areas:

Read only
Write only
 Execute only
Prevents unwanted access and attacks like buffer overflow.

6.protection keys:-

Memory blocks are tagged with keys.

Only processes with matching keys can access them.

7. Address Binding:-

Binds logical addresses to physical ones at runtime or load time.

Ensures the program runs in safe memory zones.

Administrator Protection (Admin's Protection)

The Administrator (Admin) is a powerful user account that can install software, manage settings,
access all files, and make system-wide changes.

So, protecting the admin account is very important to keep the system safe from misuse,
malware, or hackers.

Why Admin Protection Is Needed:

Prevent unauthorized access to system controls.

Stop malware or users from damaging the system.

Ensure system settings and data are secure.

Methods to Protect the Admin Account:

1. Strong Passwords

Use complex passwords with letters, numbers, and symbols.

Avoid using names, birthdates, or simple words.

2. Two-Factor Authentication (2FA)

Adds an extra layer of security.

Even if the password is stolen, login needs a code from your phone or email.

3. Use Limited Admin Access

Use the admin account only when needed.

For daily tasks, use a standard user account.

4. Disable Default Admin Account

Rename or disable the default admin account to confuse hackers.

5. Access Control

Only trusted users should have admin rights.

Use role-based access control to limit permissions.

6. Security Updates

Keep the system updated with the latest security patches.

7. Log and Monitor Admin Activities

 Maintain logs of who used the admin account and what changes were made.

8. Disable Remote Access (if not needed)

Turn off remote admin access to prevent hacking from outside.

9. Antivirus and Firewall

Protect against malware that might target admin privileges.

File Protection Mechanisms

File protection mechanisms are used to prevent unauthorized access, modification, or deletion of
files.

These mechanisms help keep data secure and private on a computer system.

Main File Protection Mechanisms:

1. Access Control

Controls who can do what with a file.

Common types of access:

Read: View file contents

Write: Modify file

Execute: Run the file (if it's a program)

2. File Permissions

Assigned to users/groups for each file or folder.

 Example in Linux:

r = read, w = write, x = execute

Example: rw-r--r-- (Owner can read/write, others can only read)

3. User Authentication

Only authorized users can log in and access files.

Requires username and password.

4. Encryption

Files are stored in a coded form.

Only those with the decryption key can access the real contents.

5. File Attributes

Set file as:

Read-only: Cannot be changed.

Hidden: Not visible to regular users.

System: Used by the OS and protected.

6. File Locking

Prevents multiple users or programs from changing a file at the same time.

Helps avoid data corruption.

7. Audit Trails (Logs)

Keeps a record of file access and changes.

Helps detect unauthorized actions.

8. Backup and Recovery

 Copies files regularly to a secure location.

Helps restore data in case of loss or corruption.

9. Role-Based Access Control (RBAC)

Users are given access based on their role (e.g., admin, student, guest).

Each role has its own permission set.

 IS unit 2 notes

User Authentication

•User Authentication is the process of verifying the identity of a user before allowing access to a
computer system, website, or application.

•It ensures that only authorized users can access sensitive data or features.

Types of Authentication:

1. Password-Based Authentication:-

Most common method.

User enters a secret password to log in.

2. Two-Factor Authentication (2FA):-

Combines two methods (e.g., password + OTP or fingerprint).

3. Biometric Authentication:-

Uses physical traits like fingerprint, face, or voice.

4. Token-Based Authentication:-

Uses a physical or digital token (like OTP from an app or SMS).

5. Smart Cards:-

User inserts a chip card into a reader for access.

6. Single Sign-On (SSO):-

User logs in once and gains access to multiple systems.

Designing Trusted Authentication Systems

•To design a secure and trusted authentication system, follow these key principles:

1. Strong Password Policy

 Require complex passwords (mix of upper/lowercase, numbers, symbols).
Enforce password expiration and reuse limits.

2. Store Passwords Securely

Never store plain text passwords.

Use hashing algorithms like bcrypt or SHA-256 with salting.

3. Implement Multi-Factor Authentication (MFA)

Add a second layer of security (OTP, email link, fingerprint).

4. Limit Login Attempts

Prevent brute force attacks by locking accounts after multiple failed attempts.

5. Secure Communication

Use HTTPS/SSL encryption to protect login data over networks.

6. Session Management

End sessions after inactivity.

Use secure cookies and session tokens.

7. Audit and Monitoring

Keep logs of all login attempts and alert on suspicious activities.

8. User Feedback

Inform users if login fails or if their account is accessed from a new location.

9. Role-Based Access Control (RBAC)

Give users access only to what they need — no more, no less.

10. Regular Security Updates

Keep authentication systems and libraries patched and updated.

Operating System Security Policies

•Security policies in an operating system are rules and guidelines designed to protect the system
from unauthorized access, misuse, or attacks.

•These policies help maintain confidentiality, integrity, and availability of the system.
Types of Security Policies:

1. Authentication Policy

Verifies user identity before access.

Example: Password rules, login attempts limit, two-factor authentication.

2. Authorization Policy

Decides what resources a user can access and what actions they can perform.
Example: Read-only access to files, admin privileges for specific users.

3. Access Control Policy

•Controls who can access what in the system.

Types:

DAC (Discretionary Access Control): Owner decides access.

MAC (Mandatory Access Control): System-enforced strict rules.
RBAC (Role-Based Access Control): Access based on user roles.

4. Audit Policy

Keeps logs of user activities, like file access or login attempts.

Helps detect security breaches or suspicious behavior.

5. Data Protection Policy

Protects data from unauthorized access or loss.

Uses encryption, backups, and permissions.

6. Patch Management Policy

Ensures regular updates to the OS and software to fix security bugs.

7. User Account Management Policy

Defines rules for creating, managing, and deleting user accounts.

Example: Disable inactive accounts, limit admin access.

8. Network Security Policy

Protects OS from network-based attacks.

Includes use of firewalls, antivirus, VPNs, etc.

9. Physical Security Policy

Ensures physical protection of computers and servers.

Example: Locking systems, secure server rooms.
10. Incident Response Policy

Defines steps to take if a security issue or breach happens.

Security Models (with Definitions, Rules & Examples)

1. Bell-LaPadula Model (BLP):-

•Definition:
The Bell-LaPadula Model is a confidentiality-focused security model that prevents unauthorized
reading or writing of sensitive data.

Goal: Protect secret/confidential data from being leaked.

Main Rules:

•Simple Security Property (No Read Down):

A user cannot read data from a lower security level.

•*-Property (No Write Up):

A user cannot write data to a higher security level.

Example:
A "Secret"-level user can't read a "Confidential" file (No Read Down) or write to a "Top Secret" file
(No Write Up).

2. Biba Model:-

•Definition:
The Biba Model is an integrity-focused security model that ensures data is not modified by
unauthorized or lower-integrity users.

•Goal: Protect data from corruption.

•Main Rules:

•Simple Integrity Property (No Read Up):

A user can't read data from a higher integrity level.

•*-Integrity Property (No Write Down):

A user can't write data to a lower integrity level.

Example:
A "Manager" can't write to an "Intern's" report (No Write Down) and an "Intern" can't read the
Manager’s report (No Read Up).

3. Clark-Wilson Model:-
•Definition:
A model that ensures data integrity through well-formed transactions and separation of duties.

•Goal: Maintain accurate and consistent data in business systems.

•Key Rules:

Only trusted programs can modify data.

Users can’t directly access data.
Every transaction is logged for auditing.

Example:
A bank employee can update customer accounts only through authorized software, not directly.

4. Brewer-Nash Model (Coca-Cola Model):-

•Definition:
A privacy-based security model that prevents conflict of interest in environments like consulting or
auditing.

•Goal: Prevent users from accessing competing companies’ data.

Rule:
•Access is dynamic — changes based on what the user accessed before.

Example:
If a consultant views Coca-Cola files, they cannot access Pepsi files afterward.

5. Access Control Matrix Model:-

•Definition:
A general model that uses a matrix format to define who (subject) can access what (object) and in
what way (permissions).

•Goal: Simple and visual way to manage access rights.

•Structure:

Rows: Users or subjects

Columns: Files or objects
Cells: Permissions (Read, Write, Execute)

Example:

User/File File1 File2. File3

User A. Read Write -

User B - Read Execute

6. Mandatory Access Control (MAC):-

•Definition:
A model where the operating system enforces strict access rules using security labels like “Top
Secret,” “Confidential,” etc.

•Goal: High-level data protection.

•Rules:

Users cannot change access rights.

Access based on classification levels.

Example:
Only a “Top Secret” user can access “Top Secret” data.

7. Discretionary Access Control (DAC):-

Definition:
A model where file owners have control over who can access their files.

Goal: Flexibility in managing permissions.

Rules:
•Users can grant or deny access to others.

Example:
You can give your friend read-only access to your folder in Windows.

8. Role-Based Access Control (RBAC):-

Definition:
Access rights are assigned based on a user’s role in the organization, not the individual user.

Goal: Simplify access management in large organizations.

Rules:

Permissions are assigned to roles (e.g., Admin, Staff).

Users inherit access by role membership.

Example:

Admin: Full access

Teacher: View & edit grades

Student: View only

 IS unit 2 notes

Trusted Operating System (Trusted OS) – Definition

•A Trusted Operating System is one that provides secure and reliable protection for data and
processes.
•It is designed to enforce strict security policies, ensuring that only authorized users and programs
can access system resources.

Goals of a Trusted OS

1. Confidentiality – Protect data from unauthorized access.

2. Integrity – Prevent unauthorized modification of data.

3. Availability – Ensure access to data and resources when needed.

4. Authentication & Authorization – Confirm user identity and control access.

5. Accountability – Keep logs of who accessed what and when.

Key Features of Trusted OS Design

1. Security Policy Enforcement

Enforces rules about who can access what resources.

Uses models like Bell-LaPadula (confidentiality) or Biba (integrity).

2. Mandatory Access Control (MAC)

Access is based on system-defined security labels, not user choice.

Example: Only "Top Secret" users can access "Top Secret" files.

3. User Authentication

Verifies user identity before granting access.

Example: Passwords, biometrics, smart cards.

4. Audit Trails (Logging)

Records every access or change to important data.

Helps in tracking attacks or suspicious behavior.

5. Object Reuse Protection

 Prevents data leakage from reused memory or storage (e.g., deleting sensitive data before
reusing RAM or disk space).

6. Trusted Path

Provides a secure method for users to communicate with the OS (e.g., login screens).

7. Security Kernel

A small part of the OS that handles all security functions.

It's isolated and verifiable for correctness.

8. Reference Monitor Concept

•Always checks every access request.

It must be:

Tamper-proof
Always invoked
Small enough to be verified

Examples of Trusted OS

SELinux (Security-Enhanced Linux)

Windows with Trusted Platform Module (TPM)
Trusted Solaris
IBM AIX with RBAC features

What is "Assurance" in Trusted Operating System?

•Assurance means how sure or confident we are that the security of the operating system is
working properly and that it cannot be easily broken or misused.

•When we say a system has high assurance, we mean:

It is well-designed
Securely implemented
Properly tested
Reliable for protecting data and users

Why is Assurance Important?

•Even if an operating system has good security features, we need to make sure:
 These features are working correctly
They are protecting us from real threats
Hackers cannot bypass them

So, assurance checks whether the system is truly trustworthy.

Three Types of Assurance

1. Design Assurance

The OS is designed using secure principles (like Bell-LaPadula for confidentiality).

The design is reviewed by experts.
Example:Using security models that prevent data leakage.

2. Implementation Assurance

The OS code is written carefully without bugs.

It is tested, and tools are used to find and fix mistakes.
Example:If the OS controls file permissions, the code is tested to make sure no one can read
files without permission.

3. Operational Assurance

Security features work correctly during use.

The system keeps logs (audit trails), applies access controls, and updates itself.
Example:In SELinux, even if a user becomes a hacker, they still cannot access restricted files
because rules are enforced every time.

Real-World Example: SELinux

•SELinux is a Trusted OS used in Linux systems.

It provides high assurance through:

•Strong access control (MAC)

•Code review and patching

•Logging user actions (audit)

•Constant checking of permissions