Protection and Security

Goals of Protection
Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so. to users. the operating system can operate on memory segments, the CPU, and other resources.


 The operating system consists of a collection of objects, hardware or software. Each object has a unique name and can be accessed through a well-defined set of operations. Protection problem - 
ensure that each object is accessed correctly and only by those processes that are allowed to do so.

  • Obviously to prevent malicious misuse of the system by users or programs.
  • To ensure that each shared resource is used only in accordance with system policies, which may be set either by system designers or by system administrators.
  • To ensure that errant programs cause the minimal amount of damage possible.
  • Note that protection systems only provide the mechanisms for enforcing policies and ensuring reliable systems. It is up to administrators and users to implement those mechanisms effectively.


Principles of Protection 

Programs, users, and systems should be given just enough privileges to perform their tasks

 · The principle of least privilege dictates that programs, users, and systems be given just enough privileges to perform their tasks.
 · This ensures that failures do the least amount of harm and allow the least of harm to be done.
 · For example, if a program needs special privileges to perform a task, it is better to make it a SGID(SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. ... ) program with group ownership of "network" or "backup", This limits the amount of damage that can occur if something goes wrong.
· Typically each user is given their own account, and has only enough privilege to modify their own files. · The root account should not be used for normal day to day activities - The System Administrator should also have an ordinary account, and reserve use of the root account for only those tasks which need the root privileges




Protection and security requires that computer resources such as CPU, softwares, memory etc. are protected. This extends to the operating system as well as the data in the system. This can be done by ensuring integrity, confidentiality and availability in the operating system. The system must be protect against unauthorized access, viruses, worms etc.

Threats to Protection and Security

A threat is a program that is malicious in nature and leads to harmful effects for the system. Some of the common threats that occur in a system are −

Virus

Viruses are generally small snippets of code embedded in a system. They are very dangerous and can corrupt files, destroy data, crash systems etc. They can also spread further by replicating themselves as required.

Trojan Horse

A trojan horse can secretly access the login details of a system. Then a malicious user can use these to enter the system as a harmless being and wreak havoc.

Trap Door

A trap door is a security breach that may be present in a system without the knowledge of the users. It can be exploited to harm the data or files in a system by malicious people.

Worm

A worm can destroy a system by using its resources to extreme levels. It can generate multiple copies which claim all the resources and don't allow any other processes to access them. A worm can shut down a whole network in this way.

Denial of Service

These type of attacks do not allow the legitimate users to access a system. It overwhelms the system with requests so it is overwhelmed and cannot work properly for other user.

Protection and Security Methods

The different methods that may provide protect and security for different computer systems are −

Authentication

This deals with identifying each user in the system and making sure they are who they claim to be. The operating system makes sure that all the users are authenticated before they access the system. The different ways to make sure that the users are authentic are:
  • Username/ Password
    Each user has a distinct username and password combination and they need to enter it correctly before they can access the system.
  • User Key/ User Card
    The users need to punch a card into the card slot or use they individual key on a keypad to access the system.
  • User Attribute Identification
    Different user attribute identifications that can be used are fingerprint, eye retina etc. These are unique for each user and are compared with the existing samples in the database. The user can only access the system if there is a match.

One Time Password

These passwords provide a lot of security for authentication purposes. A one time password can be generated exclusively for a login every time a user wants to enter the system. It cannot be used more than once. The various ways a one time password can be implemented are −
  • Random Numbers
    The system can ask for numbers that correspond to alphabets that are pre arranged. This combination can be changed each time a login is required.
  • Secret Key
    A hardware device can create a secret key related to the user id for login. This key can change each time.

Comments

Post a Comment

Popular posts from this blog

Revocation of Access Rights

Revocation of Access Rights In a dynamic protection system, we may sometimes need to revoke access rights to objects shared by different users. Various questions about revocation may arise: • Immediate versus delayed . Does revocation occur immediately, or is it delayed? If revocation is delayed, can we find out when it will take place? • Selective versus general . When an access right to an object is revoked, does it affect all the users who have an access right to that object, or can we specify a select group of users whose access rights should be revoked? • Partial versus total . Can a subset of the rights associated with an object be revoked, or must we revoke all access rights for this object? • Temporary versus permanent . Can access be revoked permanently (that is, the revoked access right will never again be available), or can access be revoked and later be obtained again? With an access-list scheme, revocation is easy. The access list is searched for any access ri...
Read more

Stable-Storage

Image
Stable-Storage Implementation in Operating system By definition, information residing in the  Stable-Storage  is never lost. Even, if the disk and CPU have some errors, it will never lose any data. Stable-Storage Implementation : To achieve such storage, we need to replicate the required information on multiple storage devices with independent failure modes. The writing of an update should be coordinate in such a way that it would not delete all the copies of the state and that, when we are recovering from a failure, we can force all the copies to a consistent and correct value, even if another failure occurs during the recovery. In these, we discuss how to meet these needs. The disk write operation results to one of the following outcome: Successful completion – The data will written correctly on disk. Partial Failure – In this case, failure is occurred in the middle of the data transfer, so that only some sectors were written with the new data, and the s...
Read more

concurrency control

It’s the ability to run multiple processes or threads at the same time. This requires careful memory management, that is, any application running on it’s own should not interfere with other applications. It’s easy when it’s all yours but it becomes a lot harder to share with others. Then you need to be able to run 2 pieces of code together and schedule these. So that they all get their fair share of time on the CPU. There are other factors that come into play here, for example, when you receive input through something like a network device or a peripheral device like a mouse or keyboard. You have to stop what you were doing and deal with that input. All modern operating systems allow multiple programs to run at the same time. This is called concurrency. A running program is known as a process. In fact modern operating systems even allow a single program to execute different routines at the same time or to put it another way, they allow a process to execute several threads of ...
Read more