SECURITY & I/O Systems

Lecture Series By : Er. Kanwalvir Singh Dhindsa

Website :: www.dhindsa.info

http://groups.google.com/group/os-2007

O.S. by Er. K.S.Dhindsa © 2007

 The Security Problem

 Security must consider external environment of

the system, and protect it from:
unauthorized access
malicious modification or destruction
accidental introduction of inconsistency

 Easier to protect against accidental than

malicious misuse
 Authentication

User identity most often established through

passwords, can be considered a special case of
either keys or capabilities

Passwords must be kept secret.

Frequent change of passwords.
Use of “non-guessable” passwords.
Log all invalid access attempts.

Passwords may also either be encrypted or allowed

to be used only once
O.S. by Er. K.S.Dhindsa © 2007
 TROJAN HORSE

 If programs are executed in a domain that provides

the access rights of the executing user, they may
misuse these rights
 Code segment that misuses its environment
 Exploits mechanisms for allowing programs written
by users to be executed by other users

 Use of current directory in the search path

 Program that emulates a login program

O.S. by Er. K.S.Dhindsa © 2007
 TRAP DOOR

 Designer of program or system leaving a hole in

the software that only he is capable of using
( specific user identifier or password that circumvents normal
security procedures)
 Bank Embezzlement cases
 A clever Trap door could be included in the compiler
 Only source code of compiler contains information
(not the Program)
 Difficult to analyze them

O.S. by Er. K.S.Dhindsa © 2007

 System Threats -- WORMS
 Process that uses the spawn mechanism to clobber
system performance

 Spawns copies of itself, Using up system resources

and Locking out system use by all other processes

 Dangerous on Networks (1988 on Unix Systems)

 Morris Internet Worm

O.S. by Er. K.S.Dhindsa © 2007

 VIRUSES
 Designed to spread into other programs

 Wreck havoc (modifying or destroying files, causing

system crashes & program malfunctions)

 Worm (A complete standalone program)

Virus ( Fragment of code embedded in a legitimate

program)

 Mostly spread by downloadable programs or

through transferring of data( using floppies, etc.)
O.S. by Er. K.S.Dhindsa © 2007
 THREAT MONITORING

 System can check for suspicious patterns of

activity {Tripwire (UNIX software that checks if certain files
and directories have been altered – I.e. password files) }

 Time-Sharing system that counts the no. of incorrect

passwords given when a user is trying to log in

 Audit Log – Records the time, user, and type of all accesses
to an object (Afterwards, Detection can be done)

 Security holes can be checked for various things :

6. Short passwords

7. Unauthorized programs in system directories

O.S. by Er. K.S.Dhindsa © 2007
 THREAT MONITORING

3. Unexpected Long-running Processes

4. Improper Directory Protections (Both user & System Directories)

5. Improper Protection on password files ,device drivers

O.S. by Er. K.S.Dhindsa © 2007

 ENCRYPTION

 Protecting information transferred over

unreliable links
 Encrypt clear text into cipher text
• Properties of good encryption technique:
– Relatively simple for authorized users to encrypt and
decrypt data.
– Encryption scheme depends not on the secrecy of
the algorithm but on a parameter of the algorithm
called the encryption key.
– Extremely difficult for an intruder to determine the
encryption key.
O.S. by Er. K.S.Dhindsa © 2007
 ENCRYPTION

 Information(text) is encrypted(encoded) from its

initial readable form (clear text) to an internal
form(cipher text)
 Cipher text can be stored in a readable file or
transmitted over unprotected channels
 The reciever must decrypt(decode) it back into
clear text

 Need to develop Encryption schemes that are

impossible to break

O.S. by Er. K.S.Dhindsa ©2007

 ENCRYPTION

Data Encryption Standard substitutes characters

and rearranges their order on the basis of an
encryption key provided to authorized users via
a secure mechanism

Public-key encryption based on each user having

two keys:
public key – published key used to encrypt data.
private key – Key known only to individual user used
to decrypt data.

O.S. by Er. K.S.Dhindsa ©2007

 BUFFERING
 Buffer is a memory area that stores data while
they are transferred between two devices or
between a device and an application

Need of Buffering
 Need to cope speed mismatch between the
producer and consumer of data stream

 Adapt between devices that have different data-

transfer sizes

O.S. by Er. K.S.Dhindsa ©2007

 CACHING

 Region of fast memory that holds copies of data

 Access to cached copy is more faster to the
original one

 Difference between buffering and caching ?

O.S. by Er. K.S.Dhindsa ©2007

 SPOOLING

 A BUFFER that holds output for a device

such as printer
 Application output is spooled to different
disk file {with the help of OS}
 Spooling system copies the queued spool
files to the printer one at a time for printing

O.S. by Er. K.S.Dhindsa ©2007

 POLLING

• Determines state of device {Controllers }

– command-ready
– busy
– Error
• Busy-wait cycle to wait for I/O from device
O.S. by Er. K.S.Dhindsa ©2007
 NETWORK & DISTRIBUTED O.S.

 Advantages & Disadvantages of Both OS

 Topologies in NOS {Fully connected,partially
connected,star,heirarchical,ring,multiaccess and
Hybrid networks}
 Network Types {LAN,WAN,MAN}
 Design Strategies :
I> ISO network model
2> TCP/IP model

O.S. by Er. K.S.Dhindsa ©2007

 SECURITY & I/O Systems

Lecture Series By : Er. Kanwalvir Singh Dhindsa

Website :: www.dhindsa.info

http://groups.google.com/group/os-2007

O.S. by Er. K.S.Dhindsa © 2007