M.

A COLLEGE
ASSOSA CAMPUS

Department of Computer Science

Compiled by: Berhanu A.(MSc.) 1

Chapter Six: Security and protection

2
 Chapter Contents
• Overview of system security

• Policy/mechanism separation

• Security methods and devices

• Protection, access, and authentication

• Models of protection

• Memory protection

• Encryption
3
• Recovery management
 Overview of system security
• Security refers to providing a protection system to computer system
resources such as CPU, memory, disk, software programs and most
importantly data/information stored in the computer system.

• If a computer program is run by an unauthorized user, then he/she may

cause severe damage to computer or data stored in it.

• So, a computer system must be protected against unauthorized access,

malicious access to system memory, viruses, worms etc.

• We’re going to discuss following topics in this chapter.

4
 Continued

1. Authentication :- it refers to identifying each user of the system and

associating the executing programs with those users.

• It is the responsibility of the Operating System to create a protection

system which ensures that a user who is running a particular program
is authentic. Operating Systems generally identifies/authenticates users
using following three ways −
o Username / Password − User need to enter a registered username
and password with Operating system to login into the system.
5
 Continued
o User card/key − User need to punch card in card slot, or enter key
generated by key generator in option provided by operating system to
login into the system.
o User attribute(fingerprint/ eye retina pattern/ signature) − User
need to pass his/her attribute via designated input device used by
operating system to login into the system .

2. One Time passwords:- One-time passwords provide additional security

along with normal authentication. In One-Time Password system, a unique
password is required every time user tries to login into the system. Once a
6
 Continued
• One-time password is implemented in three various ways.
o Random numbers − Users are provided cards having numbers
printed along with corresponding alphabets. System asks for numbers
corresponding to few alphabets randomly chosen.
o Secret key − User are provided a hardware device which can create a
secret id mapped with user id. System asks for such secret id which is
to be generated every time prior to login.
o Network password − Some commercial applications send one-time
passwords to user on registered mobile/ email which is required to be
7
 3. Program Threats
• Operating system’s processes and kernel do the designated task as
instructed.

• If a user program made these process do malicious tasks, then it is

known as Program Threats. One of the common examples of
program threat is a program installed in a computer which can store
and send user credentials via network to some hacker.

• Following is the list of some well-known program threats.

o Trojan Horse − Such program traps user login credentials and
stores them to send to malicious user who can later on login to
computer and can access system resources. 8
 Continued

o Trap Door − If a program which is designed to work as required,

have a security hole in its code and perform illegal action without
knowledge of user then it is called to have a trap door.
o Logic Bomb:- it is a situation when a program misbehaves only
when certain conditions met otherwise it works as a genuine
program. It is harder to detect.
o Virus − Virus as name suggest can replicate themselves on computer
system. They are highly dangerous and can modify/delete user files,
crash systems. A virus is generally a small code embedded in a
9
 System Threats
• System threats refers to misuse of system services and network
connections to put user in trouble.

• System threats can be used to launch program threats on a complete

network called as program attack.

• System threats creates such an environment that operating system

resources/ user files are misused.

• Following is the list of some well-known system threats.

10
o Worm:- it is a process which can choked down a system
performance by using system resources to extreme levels. A Worm
process generates its multiple copies where each copy uses system
resources, prevents all other processes to get required resources.
Worms processes can even shut down an entire network.
o Port Scanning:- it is a mechanism or means by which a hacker can
detects system vulnerabilities to make an attack on the system.
o Denial of Service:- it attacks normally prevent user to make
legitimate use of the system. For example, a user may not be able to
use internet if denial of service attacks browser’s content settings.11
 Policy/mechanism separation

• The separation of mechanism and policy is a design principle in

computer science.

• It states that mechanisms (those parts of a system implementation that

control the authorization of operations and the allocation of resources)
should not dictate (or overly restrict) the policies according to which
decisions are made about which operations to authorize, and which
resources to allocate.

12
 Security methods and devices
What is OS Security?

 The term operating system security refers to practices and measures that can
ensure the confidentiality, integrity, and availability (CIA) of operating systems.

 The goal of OS security is to protect the OS from various threats, including

malicious software such as worms, trojans and other viruses, misconfigurations,
and remote intrusions.

 The most common techniques used to protect operating systems include the use
of antivirus software and other endpoint protection measures, regular OS patch
updates, a firewall for monitoring network traffic, and enforcement of secure
access through least privileges and user controls. 13
 What are Common OS Security Threats?
1.Malware is short for malicious software, which encompasses a range
of attack vectors such as viruses, worms, trojans, and rootkits.
o It is injected into a system without the owner’s consent, or by
masquerading as legitimate software, with the objective of stealing,
destroying or corrupting data, or compromising the device.
o It can also replicate, allowing it to spread further in a corporate
network and beyond.
o It attacks often go undetected by the target user, allowing for the
quiet extraction of sensitive data. 14
 2.Denial of Service Attacks

• A Denial of Service (DoS) attack is intended to clog a system with

fake requests so it becomes overloaded, and eventually stops serving
legitimate requests.

• Some DoS attacks, in addition to overwhelming a system’s resources,

can cause damage to the underlying infrastructure

• An example of a DoS attack is the repeated use of system requests in a

tight loop, or a “syn flood” in which the attacker sends a large number
of network requests, requiring the server to acknowledge each one,
15
 3.Network Intrusion
• Network intrusion occurs when an individual gains access to a system
for improper use. There are several types of network intrusion
depending on the type of intruder:
o Careless insiders—authorized users who neglect to follow security
policies or best practices, causing exposure of sensitive assets.
o Malicious insiders—authorized users who misuse their privileges
for malicious indigence.
o Masqueraders—external individuals who pose as legitimate users,
exploiting the account or credentials of an authorized user to gain
access to the system.
o Clandestine users—attackers who penetrate the system by gaining
supervisory control and going around access controls.
16
 4.Buffer Overflow

• The main function of a buffer is to temporarily store data. Each buffer

has a capacity of data it can hold. During a buffer overflow attack, the
buffer or other temporary data stores are overflowing with data.

• When the buffer overflows, the program attempting to write the data
may overwrite other memory locations containing important
information.

• Threat actors look for buffer overflow vulnerabilities, which they can
exploit to inject scripts that help them hijack the system or crash it.
17
 How Can You Ensure Operating System Security?

Authentication Measures

• Authentication involves matching an identified user with the programs or

data they are allowed to access.

• All operating systems have controls that can be used to verify that users who
run a particular program are authorized to do so.

• We can use the following techniques to authenticate users at the operating

system level:
o Security keys: keys are provided by a key generator, usually in the form of
a physical dongle. The user must insert the key into a slot in the machine to
18
 Authentication Measures continued

o Username-password combinations: The user enters a username

that is registered with the OS, along with a matching password.
o Biometric signatures: The user scans a physical attribute, such as
a fingerprint or retina, to identify themselves.
o Multi-factor authentication: Modern authentication systems use
multiple methods to identify a user, combining something the user
knows (credentials), something they own (such as a mobile device),
and/or a physical characteristic (biometrics).
19
 Using One-Time Passwords
• One-time passwords offer an additional layer of security when
combined with standard authentication measures. Users must enter a
unique password generated each time they log in to the system. A one-
time password cannot be reused.
• Examples of one-time passwords include:
o Network passwords: An application sends a one-time password to the
users via a registered email address or mobile phone number. The user
must enter this password to log in to the computer.
o Random numbers: The user receives a card with listing numbers that
correspond to matching letters. The OS requires the user to enter the
numbers that match a set of randomly generated letters.
o Secret keys: The user receives a device that generates secret keys. The
user then enters the secret key into the OS system, which identifies the
user credentials associated with the key. 20
 Virtualization
• Virtualization enables us to abstract software from hardware,
effectively separating the two. The main advantage of virtualization is
that it introduces a high level of efficiency and flexibility, while
providing greater security coverage. There are many types of
virtualizations, including desktop, application, network, server,
storage, and OS virtualization.
• Operating system virtualization is a form of sandboxing.
• What is OS virtualization? It enables us to multiple isolated user
environments using the same OS kernel. The technology that creates
and enables this type of isolation is called a “hypervisor”, which
serves as a layer located between the device and the virtualized
resources.
21
• The hypervisor manages the virtual machines running on the device
(typically 2-3 Vms). Each VM is used for each user or each security
zone. There are several types of VMs that can run alongside each
other. And three of them are listed below
o Fully locked-down VM:- Should be used to provide access to
sensitive data and corporate systems, such as IT environments,
payment systems, and sensitive customer data.
o Unlocked, open VM:- Should be used to provide unrestricted
access to non-corporate resources. Like, full web browsing
sessions, installation of applications, and use of external devices.
o Semi-locked-down VM:-Should be used to provide access to
standard corporate applications and resources, such as office
documents, company email, and internal services.
22
 Advantages of OS virtualization
• Each type of VM is limited to the actions allowed by design. Any
further action is restricted. This keeps the environment secure. The
hypervisor runs below the OS of the device and splits the device into
multiple VMs running locally with their own OS—effectively
isolating users.
• Because the users are isolated, the devices remain secure. This ensures
that employees and third parties can gain access to company resources
without endangering company resources.
• Another major advantage of OS virtualization is that none of the
virtualized environments can directly access the network. Instead,
connectivity is enabled via an invisible, virtualized network layer that
implements network segmentation directly on the endpoint device.
23
 Testing and Validating Operating System Security

• Securing an operating system or any software is an ongoing process

that requires constant testing. Depending on the risk and priority of a
system, security posture tests may take place on a monthly, weekly or
daily basis.

Vulnerability Assessment

• Vulnerability assessment involves testing for weaknesses that may be

lying undetected in an operating system.

• Identifying vulnerabilities allows us to identify possible vectors for an

24
 Methods used for OS vulnerability assessment:

• Scanning for known vulnerabilities

• Scanning the software and applications on an operating system

• Scanning for malware

• Scanning for missing patches and updates

• Patch testing

• Port scanning

25
 Penetration Testing

• Penetration testing, or pentesting, is a security assessment strategy that

uses vulnerability assessment to identify how an attacker may
successfully exploit vulnerabilities in the system.
• Penetration testing helps discover vulnerabilities beyond the obvious,
and seeks to identify the methods an attacker may use to exploit them
• There are three types of penetration testing, each of which provides
different types of insights into operating system security
o White Box: The penetration tester has full technical knowledge of
the system being tested.
o Grey Box: The pentester has limited technical knowledge of the
system being tested.
o Black Box: The pentester doesn’t have any prior technical
knowledge of the system being tested.
26
 Improving Operating System Security with Hysolate
• Hysolate is a full OS isolation solution for Windows10, splitting our
endpoint into a more secure corporate zone and a less secure zone for
daily tasks. This means that one OS can be reserved for corporate
access, with strict networking and security policies, and the other can
be a more open zone for accessing untrusted websites and
applications.
• Hysolate sits on the user endpoint so provides a good UX, but is
managed by a granular management console via the cloud.
• Hysolate is easy to deploy, and can be scaled to our entire team, not
just the technical members.
• Hysolate isolates applications, websites, documents and peripherals,
giving us improved security and manageability
27
 Protection, access, and authentication
• Authentication mechanism determines the user’s identity before
revealing the sensitive information.
• It is very crucial for the system or interfaces where the user priority is
to protect the confidential information.
• In the process, the user makes a provable claim about individual
identity (his or her) or an entity identity.
• The credentials or claim could be a username, password, fingerprint
etc.
• The authentication and non-repudiation, kind of issues are handled in
the application layer.
• The inefficient authentication mechanism could significantly affect the
availability of the service. 28
 Use of Authentication in OS
• Authentication is used by a server when the server needs to know exactly who is
accessing their information or site.
• Authentication is used by a client when the client needs to know that the server is
system it claims to be.
• In authentication, the user or computer has to prove its identity to the server or
client.
• Usually, authentication by a server entails the use of a user name and password.
Other ways to authenticate can be through cards, retina scans, voice recognition,
and fingerprints.
• Authentication by a client usually involves the server giving a certificate to the
client in which a trusted third party such as Thawte states that the server belongs
to the entity that the client expects it to.
• Authentication does not determine what tasks the individual can do or what files
29
 Example of Authentication

• For example, there is a sender A sending an electronic document to the

receiver B over the internet. How does the system will identify that the
sender A has sent a message dedicated to the receiver B. An intruder
C may intercept, modify and replay the document in order trick or
steal the information this type of attack is called fabrication.
• In the given situation authentication mechanism ensures two things;
first, it ensures that the sender and receiver are righteous people and it
known as data-origin authentication. Secondly, it ensures the security
of the established connection between sender and receiver with the
help of secret session key.
• Authentication refers to identifying each user of the system and
associating the executing programs with those users. It is the
responsibility of the Operating System to create a protection system
which ensures that a user who is running a particular program is
authentic. 30
 Continued
• Operating Systems generally identifies/authenticates users using
following three ways
o Username / Password: User need to enter a registered username and
password with Operating system to login into the system.
o User card/key: User need to punch card in card slot, or enter key
generated by key generator in option provided by operating system to
login into the system.
o User attribute – fingerprint/ eye retina pattern/ signature: User
need to pass his/her attribute via designated input device used by
31
 Continued
• Access control for an operating system determines how the operating
system implements accesses to system resources by satisfying the
security objectives of integrity, availability, and secrecy. Such a
mechanism authorizes subjects (e.g., processes and users) to perform
certain operations (e.g., read, write) on objects and resources of the OS
(e.g., files, sockets).
• Protection refers to a mechanism which controls the access of
programs, processes, or users to the resources defined by a computer
system.
• We can take protection as a helper to multi programming operating
system, so that many users might safely share a common logical name
space such as directory or files.
32
 Models of protection

• Protection models represent the protected objects in a system, how

users or subjects (their proxies in the computer system) may request
access to them, how access decisions are made, and how the rules
governing access decisions may be altered.

• Access Matrix is a security model of protection state in computer

system. It is represented as a matrix. Each cell of matrix represents set
of access rights which are given to the processes of domain means
each entry (i, j) defines the set of operations that a process executing
in domain Di can invoke on object Oj. 33
• Access Matrix is a security model of protection state in computer
system.

• Access matrix is used to define the rights of each process executing in

the domain with respect to each object.

• The rows of matrix represent domains and columns represent objects.

• Association between the domain and processes can be either static or

dynamic.

• Access matrix provides an mechanism for defining the control for this
association between domain and processes. 34
 Memory protection
• Memory protection is a way to manage access rights to the specific memory
regions. It is used by the majority of multi-tasking operating systems.

• The main goal of the memory protection appears to be a banning of a process

to access the part of memory which is not allocated to that process. Such
bans improve reliability of the programs and operating systems as an error in
one program may not directly affect the memory of other applications.

• It is important to distinguish between the general principle of memory

protection and ASLR, and NX-bit.

35
 Encryption
• Encryption is a method of securing data by scrambling the bits of a
computer’s files so that they become illegible. The only method of
reading the encrypted files is by decrypting them with a key; the key is
unlocked with a password.

Recovery Management

• Recovery Management is the process of planning, testing, and

implementing the recovery procedures and standards required to restore
service in the event of a component failure; either by returning the
component to normal operation, or taking alternative actions to restore
36