DEBRE MARKOS UNIVERSITY

BURIE CAMPUS
DEPARTMENT OF COMPUTER SCIENCE
Operating System
By:
Amare W.

1
 2

Chapter Six: Security and protection

6.1 Overview of system security

♥ Computer security is about provisions and policies adopted to
protect information and property from theft, corruption, or natural
disaster.

– while allowing the information and property to remain accessible

and productive to its intended users.
♥ Computer security protection of computer system and information
from harm, theft and unauthorized use.
♥ Security of computers against intruders (e.g.,hackers) and malicious
software (e.g., viruses).
 3

…. Cont’d
 Network security on the other hand deals with provisions and

policies adopted to prevent and monitor unauthorized access,

misuse, modification, or denial of the computer network and

network-accessible resources.
 4

…. Cont’d
 Security refers to providing a protection system to computer
system resources such as:
– CPU, memory, disk
– software programs and
– most importantly data/information stored in the computer
system.
♥ So a computer system must be protected against
– unauthorized access by users and
– malicious access to system including viruses, worms etc…
 5

Security features in Operating System

 An operating system manages and controls access to hardware components

 Older operating systems focused on ensuring data confidentiality

 Modern operating systems support four basic functions

– Positively identify a user

– Restrict access to authorized resources

– Record user activity

– Ensure proper communications with other computers and devices

(sending and receiving data)

 Authentication of users
 6

cont’d…

• Protection of memory • Enforcement of sharing resources

– To preserve integrity, consistency
–user space, paging,
(critical section)
segmentations
• Fair service
• File and I/O device access
– no starvation and deadlock
control
• Inter-process communication &
– access control matrix synchronization
• Allocation & access control –Shared variable (e.g, using
to general objects semaphores)
– table lookup • Protection of data 3/2/2018

– encryption, isolation
 7

Operating system Security attack types

♥ Malware Attack:- A generic term for software that has malicious purpose.
- is software that is intentionally included or inserted in a system for a
harmful purpose.
♥ Different forms of malicious software (malware)
♥ Intended to
– Cause distress to a user
– Damage files or systems
– Disrupt normal computer and network functions
• Examples
• Viruses, worms, Logic bomb, Trojan horses, Spy-wares
3/2/2018
• New ones: Spam/scam, Slammer, Nimda, e-payment frauds, etc.
 8 01/27/2025

Cont’d…

3/2/2018
 9

Malware Attack…
♥ Malicious software can be divided into two categories:
♥ those that need a host program
– fragments of programs that cannot exist independently of some
actual application program, utility, or system program.
– Viruses and logic bombs are examples.
♥ those that are independent
♥ are self-contained programs that can be scheduled and run by
the operating system.
3/2/2018
Worms and zombie programs are examples.
 10 01/27/2025

Malware Attack…
• Malicious software can also be divided into two categories:

 software threats that do not replicate

• are programs or fragments of programs that are activated by a

trigger.

• Examples are logic bombs and zombie programs.

 those that replicate

• consist of either a program fragment or an independent program

that, when executed, may produce one or more copies of itself to be

activated later on the same system or some other system.
3/2/2018

• Viruses and worms are examples.

 11 01/27/2025

Malware Attack…
♥ Viruses:- A malicious code that replicates and hides itself
inside other programs usually without your knowledge.
♥ A virus is a piece of software that can "infect" other programs
by modifying them.
♥ Similar to biological virus: Replicates and Spreads
♥ Can do serious damage such as erasing file…
♥ Worms: A worm is a program that can replicate itself and send
copies from computer to computer across network connections.
3/2/2018
 12 01/27/2025

Suggestions to secure your computer/OS

♥ Use anti-virus software.
♥ Depending on the vendor, the antivirus software may also contain
anti-spyware tools, anti-spam filtering, a personal firewall, and more.
♥ Update your computer regularly.
♥ Be careful with the email attachments
– Safe: .jpg .bmp .pdf .txt ….
– Unsafe: .exe .doc .xls .ppt …
♥ Use firewall to protect you from malware attack.
3/2/2018
♥ Use IDS…
 13 01/27/2025

Protecting an OS from Malicious Software

1. Install updates
♥ Windows Update– Provides access to patches that are regularly
issued/released
♥ Service packs– Address security issues and problems affecting stability,
performance, or operation of features included with the OS
♥ Patch- This fixes something small and is usually quick to download and
install.
♥ Rollup- This might include a group of patches for a program.
♥ Update- Updates might add or fix features in your program or fix an earlier
patch. 3/2/2018

♥ Service Pack- This is the biggie; the one you read about in the news when
 14 01/27/2025

2. Using malicious software scanners

♥ Effective way to protect operating system
♥ Scan systems for virus, worms, and Trojan horses
♥ Often Called Virus Scanners
♥ Functions of anti-viruses
- Identification of known viruses
- Detection of suspected viruses
- Blocking of possible viruses
- Disinfection of infected objects
- Deletion and overwriting of infected objects
3/2/2018

3. Back up systems and create repair disks

 15 01/27/2025

Cryptography

♥ It is the study of Cryptosystems.

 Cryptosystems are the techniques for ensuring the secrecy
and/or authenticity of information.

♥ It has two main branches: cryptography and cryptanalysis.

 Cryptography is the study of designing the techniques of
cryptosystem. It designs the secret codes and ciphers.
 Cryptanalysis deals with defeating such techniques, to
recover information.
 It deals with “breaking” and reading secret codes and
ciphers.
3/2/2018
 16 01/27/2025

….cont’d
♥ Cryptography has five components:
- Plaintext: This is what you want to encrypt.
- Ciphertext: The encrypted output.
- Enciphering or encryption: The process by which plaintext is
converted into ciphertext.
- Encryption algorithm: The sequence of data processing steps
that go into transforming plaintext into ciphertext.
- Secret Key: is used to set some or all of the various parameters
used by the encryption algorithm.
- Deciphering or decryption: Recovering plaintext from
ciphertext.
- Decryption algorithm: The sequence of data processing steps
that go into transforming ciphertext back into plaintext.3/2/2018
 17 01/27/2025

Keys
♥ A key can be thought of as simply a collection of bits
♥ The more bits, the stronger the key
♥ Keys are tied to specific encryption algorithms
♥ Lengths vary depending on the encryption algorithm
– e.g. 128 bits is long for some algorithms, but short for
others

3/2/2018
 18 01/27/2025

Encryption Overview
♥ Plain text is converted to cipher text by use of an algorithm and key.
• Algorithm is publicly known
• Key is held private
♥ Three Main Categories
• Secret Key: single key is used to encrypt and decrypt information
• Public/Private Key
–two keys are used: one for encryption (public key) and one for
decryption (private key)
• One-way Function
– information is encrypted to produce a “digest” of the original 3/2/2018
information
that can be used later to prove its authenticity
 19 01/27/2025

….cont’d
♥ Encryption is the process of taking some data and a key and
feeding it into a function and getting encrypted data out
♥ Encrypted data is, in principle, unreadable unless decrypted
♥ Decryption is the process of taking encrypted data and a key
and feeding it into a function and getting out the original data
– Encryption and decryption functions are linked

3/2/2018
 20 01/27/2025

Encryption Techniques

♥ Symmetric Encryption: Encryption and decryption algorithms

that use the same key are called symmetric
– In this case everyone wanting to read encrypted data must
share the same key
♥ Sender and receiver have the same
secret key that will encrypt and
decrypt plain text.
♥ Strength of encryption technique
3/2/2018

depends on key length

 21 01/27/2025

♥ Secret Key (Symmetric): Known symmetrical algorithms

• Data Encryption Standard (DES)– 56 bit key
• Triple DES, Double DES– 168 bit key
• Advanced Encryption Standard (AES)- 128, 192,256
• RC2, RC4, RC5
– variable length up to 2048 bits
• IDEA - basis of PGP
– 128 bit key
3/2/2018
• Blowfish
 22 01/27/2025

Asymmetric Encryption

♥ Encryption and decryption algorithms that use a key pair are

called asymmetric
– Keys are mathematically linked
♥ Most common algorithm is the
RSA (Rivest Shamir Adelman) algorithm
with key lengths from 512 to 1024 bits.
Diffie-Hellman (DH)

3/2/2018
 23

….cont’d

3/2/2018
 24 01/27/2025

Classical Encryption Techniques: They are traditional symmetric

cryptosystems.
♥ A substitution cipher is one in which the letters of plaintext are replaced by
other letters or by numbers or symbols.
♥ Substitution ciphers can be categorized as either
a. Monoalphabetic ciphers
b. Polyalphabetic ciphers
I. Monoalphabetic ciphers
♥ In this case, a character ( or symbol) in the plaintext is always changed to the
same character (or symbol) in the ciphertext regardless of its position or text.
• For example, if the algorithm says that letter A in the plaintext is
changed to letter D, every letter A is changed to letter D. 3/2/2018
• The relationship in between plaintext and ciphertext is one-to-one.
 25 01/27/2025

♥ The group of monoalphabetic ciphers includes:

i. Additive ciphers or Caesar ciphers, Multiplicative ciphers and
Affine ciphers
Additive ciphers or Caesar ciphers
♥ The encryption algorithm is
C = E(k, P) = (P + k) mod 26 ; where k takes a value in the range 1 to 25.
 The decryption algorithm is simply
P = D(k, C) = (C - k) mod 26 ; where k takes a value in the range 1 to 25.

Example: Use the additive cipher with key =15 to encrypt the message “hello”.
Soln. : We apply the encryption algorithm to the plaintext character by character
Plaintext : h  07 Encryption: (07+15)mod 26 Ciphertext: 22 W
Plaintext : e  04 Encryption: (04+15)mod 26 Ciphertext: 19  T
Plaintext : l  11 Encryption: (11+15)mod 26 Ciphertext: 00  A
Plaintext : l  11 Encryption: (11+15)mod 26 Ciphertext: 00  A
Plaintext : o  14 Encryption: (14+15)mod 26 Ciphertext: 03  D3/2/2018
So, the result is “WTAAD”
Note: By using the reverse decrypt algorithm, we can now decrypt the ciphertext
 26 01/27/2025

II Polyalphabetic cipher
Autokey cipher, Playfair cipher and Vegenere cipher
♥ In the Autokey cipher, the key is a stream of sub keys, in which each sub key
is used to encrypt the corresponding character in the plaintext. The first sub
key is a predetermined value agreed upon by the sender and the receiver.
♥ The second sub key is the value of first plaintext character (between 0 and
25). The third subkey is the value of second plaintext character and so on.
♥ The name of the cipher autokey implies that the sub keys are automatically
generated from the plaintext cipher characters during the encryption process.
Encryption: Ci= (Pi+ki) mod 26
Decryption: Pi = (Ci – ki) mod 26

3/2/2018
 27 01/27/2025

Example: Encrypt the plaintext “attack is today” using

the initial key value k1 = 12.
Sol.: Here enciphering is done character by character.
Each character in the plaintext is first replaced by its
integer value as shown in the figure. The first sub-key is
added to create the first ciphertext character.
The rest of the key is created as the plaintext characters
are read.

We note that the cipher is polyalphabetic because the

three occurrences of “a” in the plaintext are encrypted
3/2/2018
differently. The three occurrences of the “t” are
enciphered differently.
 28 01/27/2025

Transposition Techniques
♥ Systematically transpose the positions of plaintext elements (rearrange their
orders).
 1. Keyless Transposition ciphers
♥ The simple transposition ciphers are keyless. There are two methods for
permutation of characters .
♥ In the first method, the text is written into a table column by column and then
transmitted row by row.
♥ In the second method, the text is written into the table row by row and then
transmitted column by column. Example: Rail fence cipher
♥ In this cipher the plaintext is arranged in two lines as a zigzag pattern ( which
means column by column); the ciphertext is created by reading3/2/2018
the pattern
row by row.
 29 01/27/2025

♥ For example, to send the message “ meet me at the park” to the

receiver, the sender writes

♥ He then creates the ciphertext “ MEMATEAKETETHPR” by

sending the first row followed by the second row
♥ The receiver receives the ciphertext and divides it in half ( in
this case the second half has one less character)
♥ The first half forms the first row; the second half the second
3/2/2018
row. The receiver reads the result in zigzag.
 30 01/27/2025

2. Keyed Transposition cipher:

♥ The keyless ciphers permutes the characters by using writing
plaintext in one way (row by row , for example) and reading it
in another way (column by column , for example).
♥ The permutation is done on the whole plaintext to create the
whole ciphertext.
♥ Another method is to divide the plain text into groups of
predetermined size, called blocks, and then use a key to
3/2/2018
permute the characters in each block separately.
 31 01/27/2025

OS Authentication Methods
♥ Authentication:-Verifies user identity; something a person is, has,
or does.
♥ Permits access to the operating system
♥ Use of biometrics, passwords, passphrase, token, or other private
information.
♥ Strong Authentication is important
♥ Physical authentication:- Allows physical entrance to company
property
♥ Magnetic cards and biometric measures 3/2/2018

♥ Digital authentication:– verifies user identity by digital means

 32 01/27/2025

OS Authentication Methods
♥ Biometrics:-Verifies an identity by analyzing a unique person
attribute or behaviour (e.g., what a person “is”).
♥ Most expensive way to prove identity, also has difficulties with
user acceptance. Most common biometric systems:
– Fingerprint
– Palm Scan
– Hand Geometry
– Iris Scan
– Voice Print
– Facial Scan
3/2/2018
 33 01/27/2025

OS Authentication Methods
• Passwords: User name + password most
common identification, authentication
scheme.
– Weak security mechanism, must
implement strong password protections
• Passphrase: Is a sequence of characters
that is longer than a password.
– Takes the place of a password.
– Can be more secure than a password 3/2/2018

because it is more complex.

 34

Recovery management

♥ Data Backup: it is the act of creating copies of information such that it

may be recovered. Archive is to keep these backups for a long period of
time
♥ Data may be lost accidentally (hardware failures, human mistake) or
intentionally.
♥ Restore: Restoring the computer system to an earlier point in time
♥ System restore can resolve many system problems. It is the best
recovery methods to try first.
♥ It undo recent system changes, but leave files such as documents,
3/2/2018
pictures… unchanged
♥ System restore remove recently installed programs and drives
 35

Thank you