CHAPTER 6

SECURITY AND PROTECTION

 INTRODUCTION
 Operating systems provide the fundamental mechanisms for
securing computer processing.
 Operating systems designers have explored how to build “secure”
operating system—operating systems whose mechanisms protect
the system against a motivated adversary.
 Recently, the importance of ensuring such security has become a
typical issue for all operating systems.

2
 OVERVIEW OF SYSTEM SECURITY
 Security refers to providing a protection system to computer system resources
such as CPU, memory, disk, software programs and most importantly
data/information stored in the computer system.
 If a computer program is run by an unauthorized user, then he/she may cause
severe damage to computer or data stored in it.
 So, a computer system must be protected against unauthorized access, malicious
access to system memory, viruses, worms etc.
 Security is a measure of confidence that the integrity of a system and its data
will be preserved.
 We’re going to discuss the following common threats for a computer system.
 Program Threats
3
 System Threats
 CONT.
 The operating system allows users to protect their resources.
 We say that a system is secure if its resources are used and accessed as
intended under all circumstances.
 Unfortunately, it is not generally possible to achieve total security.
 Security violations of the system can be categorized as being either intentional
(malicious) or accidental(Unintentional).
 Among the forms of malicious access are the following:
 Unauthorized reading of data (theft of information).
 Unauthorized modification of data.
 Unauthorized destruction of data.

Security: Deals with protecting systems from deliberate attacks, either internal or
4
external to the system.
 GOALS OF SYSTEM SECURITY

 The goals of system security is achieving confidentiality, integrity,

availability (CIA).
 Confidentiality : unauthorized reading (or, theft) of data.
 It means that unauthorized users should not be able to see/ access
any data without the owner’s permission.
 Integrity :unauthorized modification of data .
 It means that unauthorized users should not be able to modify any
data without the owner’s permission.

5
 CONT..
 Data modification in this context includes not only changing the
data, but also removing data and adding false data.
 Availability : unauthorized destruction of data.
 It means that nobody can disturb the system to make it unusable.
Such denial-of-service attacks are increasingly common.
 To protect a system, we must take security measures at four levels
such as :-
 Physical

 Human

 Operating system
 Network 6
 CONT.
 Physical : The site containing the computer system must be
physically secured against armed or secret entry by intruders.
 Human :Authorization must be done carefully to assure that only
appropriate users have access to the system.
 Users may also be misled into providing access rights (e.g.
phishing).
 Operating system : System must protect itself from accidental or
purposeful security breaches.
 Runaway process could constitute an accidental denial-of-service
attack.
 Query to a service could expose passwords. 7
 CONT.
 Network : Interception of data on network lines could reveal
private data.
 Interception of data could constitute a remote denial-of-
service attack.
 Therefore, all aspects must be addressed for security to be
maintained.

8
 POLICY AND MECHANISMS FOR SECURITY
 A security policy is a statement of what is, and what is not, allowed.
 A security policy is a document that outlines the rules, laws and
practices for security access.
 A security policy considers all relevant aspects of confidentiality,
integrity, and availability.
 With respect to confidentiality, it identifies those who has access to
information and those not authorized to receive/access it.
 This type of security policy is called A confidentiality policy.

9
 CONT…

 With respect to integrity, a security policy identifies authorized

ways in which information may be altered and entities authorized
to alter it.
 Those parts of the security policy that describe the conditions
and manner in which data can be altered are called the integrity
policy.

10
 CONT…
 A security mechanism is a method, tool, or procedure for
enforcing a security policy.
 Security mechanisms implement functions that help prevent,
detect, and respond to recovery from security attacks.
 A security mechanism is a procedure that enforces some part of
the security policy.
 No single mechanism that will support all services required.
 However one particular element underlies many of the security
mechanisms in use: cryptographic techniques.

11
 SECURITY METHOD AND DEVICE
 The following are some common Security methods.
 Authentication

 One Time passwords

 Firewall

1. Authentication refers to identifying each user of the system and

associating the executing programs with those users.
 It is the responsibility of the Operating System to create a protection
system which ensures that a user who is running a particular
program is authentic.

12
 CONT..
 Operating Systems identifies/authenticates users using the
following three ways:
 Username / Password - User need to enter a registered username
and password with Operating system to login into the system.
 User card/key - User need to punch card in card slot, or enter key
generated by key generator in option provided by operating system
to login into the system.
 User attribute - fingerprint/ eye retina pattern/ signature - User
need to pass his/her attribute via designated input device used by
operating system to login into the system.
13
CONT..
2. One Time passwords provides additional security along with
normal authentication.
In One-Time Password system, a unique password is required
every time user tries to login into the system.
Once a one-time password is used then it cannot be used again.
To avoid the problems of password sniffing, a system could use a
set of paired passwords.
When a session begins, the system randomly selects and presents
one part of a password pair; the user must supply the other part.
14
 A firewall
 A firewall is a network security device, physical or software,
designed to monitor incoming and outgoing traffic from a
network, stop malicious attacks and apply security policies and
rules.
 A firewall is a network security device that monitors incoming
and outgoing network traffic and decides whether to allow or
block specific traffic based on a defined set of security rules.

16
 PROTECTION, ACCESS, AND AUTHENTICATION

 Protection refers to a mechanism which controls the access of

programs, processes, or users to the resources defined by a computer
system.
 Deals with protecting files and other resources from accidental
misuse by cooperating users sharing a system.
 We can take protection as a helper to multi programming operating
system, so that many users might safely share a common logical
name space such as directory or files.

17
 CONT..
 Reasons for protection
 Prevent the roguish, intentional violation of an access restriction
 Ensure that each program component uses system resources only in
ways consistent with system policies .
 Multiprogramming involves the sharing of many resources,
including processor, memory, I/O devices, programs, and data thus
protection is needed.

18
Access control for an operating system determines how the
operating system implements accesses to system resources by
satisfying the security objectives of integrity, availability, and
secrecy.
Such a mechanism authorizes subjects (e.g., processes and
users) to perform certain operations (e.g., read, write) on objects
and resources of the OS (e.g., files).

19
 MEMORY PROTECTION
 Memory protection is a way to manage access rights to the
specific memory regions.
 It is used by the majority of multi-tasking operating systems.
 The main goal of the memory protection appears to be a
banning/exclusion of a process to access the part of memory
which is not allocated to that process.
 Such bans improve reliability of the programs and operating
systems as an error in one program may not directly affect the
memory of other applications.
 Memory protection keeps user programs from crashing one 20

another and the OS .

 ENCRYPTION
 Encryption is a method of securing data by scrambling the bits of a
computer’s files so that they become illegible.
 The only method of reading the encrypted files is by decrypting them
with a key; the key is unlocked with a password.
 Encryption is a security method in which information is encoded in such a
way that only authorized user can read it.
 It uses encryption algorithm to generate ciphertext that can only be read if
decrypted.
 Encryption is used to provide confidentiality, can provide authentication
and integrity protection

21
CONT.
 Basic operations

 Example

22
RECOVERY MANAGEMENT

 Recovery Management is the process of planning, testing,

and implementing the recovery procedures ad standards
required to restore service in the event of a component
failure; either by returning the component to normal
operation, or taking alternative actions to restore service.

23
Thank You!!!

24