Chapter: Protection and Security

Objectives

 Discuss the goals and principles of protection in a modern

computer system
 Explain how protection domains combined with an access matrix
are used to specify the resources a process may access
 Examine capability and language-based protection systems
 Goals of Protection

 Process in OS must be protected from the one another.

 Protection refers to a mechanism for controlling the access of the
programs, processes or users to the resources defined by the computer
system. Each object has a unique name and can be accessed through a
well defined set of operations
 Ensure each object is accessed correctly and only by those processes that
are allowed to do so
 Protection Mechanism determine: how some thing will be done
 Policy determine: what is to be done.
 Protection refers to a mechanism for controlling the access of
programs, processes, or users to the resources defined by a computer
system.
 This mechanism must provide a means for specifying the controls to be
imposed, together with a means of enforcement.
 Protection in Computer System

 System with Contiguous memory allocation:

 Protection is achieved by Use of Limit Registers
 In Paging System:
 Protection is achieved by use of Page Table. Each
process has its own page table.
 In System with Segmentation:
 Protection is achieved by Use of Segment Table –
Each table is protected by base address and limit
register
 In System with files stored on Secondary Storage:
 Protection is achieved by Access Rights
 Access Control

Method that determines:

 What types of access are permitted on different resources
 Under what circumstances
 By Whom
 Access Control

Access Control Model has 3 basic components:

 Subjects (S) or Domain: Represents a finite set of entities that
have access to current object.
 Subject may be: User , Process or Procedure
 Objects (O): Represents a finite set of resources that need
access.
 Object may be: H/w device ( processor, memory) Or S/W
resources ( page table, files etc)
 Rights ( R): Represents a finite set of Operations that a Subject
can perform on Object.
 Access Control Policies

Protection Domain: is a collection of objects and access rights

(Permissions –rwx-)

1. Discretionary Access Control

 In this model, Each object is owned by some
subject/domain and Owner of the object decides
which what kind of access rights are there.
2. Mandatory Access Control
 System Administrator enforce a policy for all users.
3. Role-Based Access Control
 Access control is based on roles that users have within
the system
Discretionary Access Control/ Access Matrix

 Discretionary Access Control Model is represented by Access

Matrix.
 It is used to describe which users have access to what
objects or resources.
 Access Matrix consists of Rows and Columns
 Rows represent : Current Subject / Domain
 Column represent: Current Object
Discretionary Access Control/ Access Matrix

 View protection as a matrix (access matrix)

 Rows represent domains

 Columns represent objects

 Access(i, j) is the set of operations that a process

executing in Domaini can invoke on Objectj
Access Matrix
 Use of Access Matrix

 If a process in Domain Di tries to do “op” on object Oj, then

“op” must be in the access matrix

 Can be expanded to dynamic protection

 Operations to add, delete access rights
 Special access rights:
 owner of Oi
 copy op from Oi to Oj
 control – Di can modify Dj access rights
 transfer – switch from domain Di to Dj
 Use of Access Matrix (Cont)

 Access matrix design separates mechanism from policy

 Mechanism (Method)
 Operating system provides access-matrix + rules
 Ifensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced

 Policy (Rules)
 User dictates policy
 Who can access what object and in what mode
 Implementation of Access Matrix
 There are 2 methods:
 1. Access Control Lists
 ACL can be created by dividing Access Matrix Column
Wise.
 Separate list is maintained for each domain and each object.
 It skips blank row entries in each domain.

 2. Capability List
 Can be created by dividing Access Matrix Row Wise.
 It is list of access rights that a user / domain or a process has
for a object.
 It is divided into 2 fields:
 Object Descriptor
 Access Rights
 Implementation of Access Matrix
 Each column = Access-control list for one object
Defines who can perform what operation.

Domain 1 = Read, Write

Domain 2 = Read
Domain 3 = Read


 Each Row = Capability List (like a key)
For each domain, what operations allowed on what objects.
Object 1 – Read
Object 4 – Read, Write, Execute
Object 5 – Read, Write, Delete, Copy
Access Matrix With Domains as Objects

Figure B
 Operation on Access Matrix Entries
 1. Copy
 It allows the access right to be copied only within the column
(for an object)
 Ability to copy an access right from one domain (row) to another is
denoted by asterisk ( * )
 A process executing in domain D2 can copy read operation into
any entry associated with file F2
 The ability to copy rights is denoted by an asterisk, indicating
that processes in that domain have the right to copy that
access within the same column
Access Matrix with Copy Rights
For example, in Figure
(a), a process executing in
domain D2 can copy the
read operation into any
entry associated with file
F2.

Hence, the access matrix

of Figure (a) can be
modified to the access
matrix shown in Figure(b).
 Operation on Access Matrix Entries
 2. Owner
 It allows addition or removal of access rights.
 If any access includes owner right then a process executing in domain Di
can add or remove any access right in entry of that column.

 Copy and Owner allow a process to change the entry

in column.
Access Matrix With Owner Rights
If access(i, j) includes
the owner right, then a process
executing in domain Di can add and
remove any right in any entry in column
j.

For example, in Figure (a), domain D1

is the owner of F1 and thus can add and
delete any valid right in column F1.

Similarly, domain D2 is the owner of F2

and F3 and thus can add and remove
any valid right within these two columns.
Thus, the access matrix of Figure
(a) can be modified to the access matrix
shown in Figure (b).
 Operation on Access Matrix Entries
 3. Control Right
 Control right mechanism used to change entries in a row.
 Control right is applicable only to domain objects.
 If access( i , j ) includes control right, then a process executing in domain
Di can remove any access right from row j.
 Switch operation works for column only
 For example, suppose that, we include the control right in access(D2, D4).
Then, a process executing in domain D2 could modify domain D4, as shown.
 Security

 Method of protecting information stored in the system from

un-authorized access.
 Security must consider external environment of the system, and
protect it from:
 unauthorized access.
 malicious modification or destruction
 accidental introduction of inconsistency.

 Security violation can be categorized as intentional or accidental.

 Security is a measure of confidence that the integrity of a
system and its data will be preserved.
 Some Security Violations

 Breach of Confidentiality: Unauthorized reading of data. Theft of

information
 Breach of integrity: Unauthorized modification of data.
 Breach of availability: Unauthorized destruction of data/ website
defacement:
A website defacement is an attack on a website that changes the
visual appearance of the site or a webpage.
 Theft of service: Unauthorized use of resources.
 Denial of service: Send invalid data to applications or network
services, which cause abnormal termination.
 Session hijacking :intercept an already established session to
bypass authentication
 Security Measure Levels

To protect our system, we must take security measures at 4

levels:

 Physical - Secure Hardware Components

 Human – Use Passwords for protection.Spam mails has

virus to take your passwords or by clicking on links

 Operating system – Use Valid Login and Password

 Network – Use authentication and anti-virus to protect data/

resources over the network.
 Program Threats

1. Trojan horse
 A Trojan horse, or Trojan, is software that
appears to perform a desirable function for the
user, but steals information or harms the
system.it looks like a genuine application

 Trojans are also known to create a backdoor entry

on your computer that gives unauthorized users
access to your system, possibly allowing
confidential or personal information to be
compromised.
 1. Trojan horse

 Many systems have mechanisms for allowing programs written

by some users to be executed by other users.
 If these programs are executed in a domain that provides
the access rights of the executing user, the other users
may misuse these rights.

 Unlike virus and worms ,trojans do not reproduce by infecting

other files nor do they self-replicate.means trojan horse viruses
differ from other computer viruses .Most popular trojan Horses
are:Netbus,Subseven,Back office
 A code segment that misuses its environment is called a Trojan
horse.
 1. Trojan horse

 A variation of the Trojan horse is a program that emulates

(copy) a login program.
 An unsuspecting user starts to log in at a terminal and notices
that he has apparently mistyped his password. He tries again
and is successful.
 What has happened is that his authentication key and password
have been stolen by the login emulator, which was left running
on the terminal by the thief.
 The emulator stored away the password, printed out a login
error message, and exited; the user was then provided with a
genuine login prompt.
 2. Trap Door

 The designer of a program or system might leave a

hole in the software that only designer is capable of
using. This type of security breach is called trap
door.It is a secret entry point into a program that
allows someone that is aware of the trap door to
gain access without going through the usual
security access procedures
 It is a method of bypassing normal authentication
methods.It is also known as back door.Trap door
has been used legally for many years by
programmers to debug and test programs.
 2. Trap Door

 Trap doors pose a difficult problem because, to detect

them we have to analyze all the source code for all
components of a system.
 3. VIRUS
 VIRUS: Vital Information Resource Under Seize or Very
Important Resource Under Seize.Virus can increase their
chances of spreading to other computers by infecting files on
a network file system that is accessed by other computers
 Fragment of malicious code embedded in a genuine
program.
 designed to “infect” other programs.
 Specific to architecture, operating systems and applications.
 Needs human intervention to move from host to host.
 Needs some one to actually take that program from one
device and run it onto other device
 Can replicate themselves
 4. Worms
 Self propagating.
 A worm is a process that uses the spawn mechanism to duplicate
itself. The worm spawns copies of itself, using up system resources
and perhaps locking out all other processes.A worm is similar to a
virus by its design, and is considered to be a sub class of a virus.
Worms spread from computer to computer but like a virus ,it has the
capability to travel without any help from a person.A worm takes
advantage of file or information transport features on your system .

 The biggest danger with a worm ,it could send out hundreds or
thousands of copies of itself,creating a huge devastating effect.

 Sometimes more disturbing, it might go into your email, find your

contacts, sends copies of itself to all the contacts.
 5. Denial of Service
 denial-of-service attacks are aimed not at gaining information or
stealing resources but rather at disrupting genuine use of a system
or facility.
 Denial-of-service attacks are generally network based.

Attacks in the first category: overload the targeted computer

preventing it from doing any useful work
 Authentication

 Process of verifying the identity of user or information

 1. User Authentication
 Process of verifying the identity of user when user logs
into a computer system.

Main Objective: Allow authorized users to access the

computer.

Authentication Process consists of 2 steps:

1. Identification Step
2. Verification Step
 Measures of Authentication

 False Acceptance Ratio: % of unauthorized users

incorrectly entered the system

 False Rejection Ratio: % of authorized users that fails to

access the system due to failure of authentication.
 General Methods of Authentication

 Include a Password

 Include electronic key or smart cards

 Static Biometric – Recognition by finger print, retina or face.

 Dynamic Biometric – Recognition by Voice, Handwriting or

Typing Pattern.
 Password Verification

 Password Verification – Authentication Mechanism

 Password- a secret text that is supposed to be known only to

users.

 System allows authorized users who have valid user name and
password to access the system.
 FireWall

 A firewall is a device or set of devices designed to allow or deny

network transmissions based upon a set of rules.

 Firewall is frequently used to protect networks from unauthorized

access.it limits network access between these two security
domains

 A firewall is placed between trusted and untrusted hosts.

 Encryption

Encryption is the process of encoding messages or information in such a

way that only authorized parties can read it

 Plaintext: The original intelligible message

 Cipher text: The transformed message

 Encryption

 Key: Information used by the cipher, known only to the

sender& receiver

 Encipher (encode) The process of converting plaintext to

cipher text using a cipher and a key

 Decipher (decode) the process of converting cipher text

back into plaintext using a cipher and a key
 Encryption/ Decryption Method
Encryption/Decryption methods fall into two categories:
 Symmetric key
 Public key
1. Symmetric key algorithms: the encryption and decryption keys are known
both to sender and receiver.
2. Public key algorithms: Encryption key is made public
 Encryption

 Properties of good encryption technique:

 Should be simple for authorized users to encrypt and decrypt data.
 Encryption technique should be able to encrypt the data by generating a
the encryption key.
 Should be extremely difficult for an intruder to determine the
encryption key.

 Data Encryption:
 Convert the data into a secret message on the basis of an encryption key
provided to authorized users.
 Public-key Technique

 Invented in 1976 by Whitfield Diffie and Martin Hellman. So also

called Diffie-Hellman encryption.

 Also called asymmetric encryption because it uses two keys

instead of one key

 Require two separate keys:

 One to encrypt the plaintext
 Other to decrypt the cipher text.
 Neither key will do both functions.
 One of these keys is published or public and the other is kept
private.
 Private key encryption

 Symmetric encryption (also called private-key

encryption or secret-key encryption) involves using the
same key for encryption and decryption.

 Encryption involves applying an operation (an algorithm) to

the data to be encrypted using the private key to make them
unintelligible.
Communication
Encryption and Decryption using Keys