Operating System Chapter 6 - MA
Operating System Chapter 6 - MA
A COLLEGE
ASSOSA CAMPUS
2
Chapter Contents
• Overview of system security
• Policy/mechanism separation
• Models of protection
• Memory protection
• Encryption
3
• Recovery management
Overview of system security
• Security refers to providing a protection system to computer system
resources such as CPU, memory, disk, software programs and most
importantly data/information stored in the computer system.
10
o Worm:- it is a process which can choked down a system
performance by using system resources to extreme levels. A Worm
process generates its multiple copies where each copy uses system
resources, prevents all other processes to get required resources.
Worms processes can even shut down an entire network.
o Port Scanning:- it is a mechanism or means by which a hacker can
detects system vulnerabilities to make an attack on the system.
o Denial of Service:- it attacks normally prevent user to make
legitimate use of the system. For example, a user may not be able to
use internet if denial of service attacks browser’s content settings.11
Policy/mechanism separation
12
Security methods and devices
What is OS Security?
The term operating system security refers to practices and measures that can
ensure the confidentiality, integrity, and availability (CIA) of operating systems.
The most common techniques used to protect operating systems include the use
of antivirus software and other endpoint protection measures, regular OS patch
updates, a firewall for monitoring network traffic, and enforcement of secure
access through least privileges and user controls. 13
What are Common OS Security Threats?
1.Malware is short for malicious software, which encompasses a range
of attack vectors such as viruses, worms, trojans, and rootkits.
o It is injected into a system without the owner’s consent, or by
masquerading as legitimate software, with the objective of stealing,
destroying or corrupting data, or compromising the device.
o It can also replicate, allowing it to spread further in a corporate
network and beyond.
o It attacks often go undetected by the target user, allowing for the
quiet extraction of sensitive data. 14
2.Denial of Service Attacks
• When the buffer overflows, the program attempting to write the data
may overwrite other memory locations containing important
information.
• Threat actors look for buffer overflow vulnerabilities, which they can
exploit to inject scripts that help them hijack the system or crash it.
17
How Can You Ensure Operating System Security?
Authentication Measures
• All operating systems have controls that can be used to verify that users who
run a particular program are authorized to do so.
Vulnerability Assessment
• Patch testing
• Port scanning
25
Penetration Testing
• Access matrix provides an mechanism for defining the control for this
association between domain and processes. 34
Memory protection
• Memory protection is a way to manage access rights to the specific memory
regions. It is used by the majority of multi-tasking operating systems.
35
Encryption
• Encryption is a method of securing data by scrambling the bits of a
computer’s files so that they become illegible. The only method of
reading the encrypted files is by decrypting them with a key; the key is
unlocked with a password.
Recovery Management