Chapter-8

Operating System
Protection and Security
Introduction:
 Protection is a mechanism that controls the access of users to
the resources defined by a computer system.

 Security ensures the authentication of system users to

protect the integrity of the information stored in the system
(both data and code), as well as the physical resources of the
computer system.
Goals of Protection:
 The most obvious goal is the need to prevent the intentional violation
of an access by a user.
 A protection system must have the flexibility to enforce a variety of
policies.

Principles of Protection:
 A key, time-tested guiding principle for protection is the principle of
least privilege. It dictates that programs, users, and even systems
be given just enough privileges to perform their tasks.
For Example: Consider the analogy of a security guard with a
passkey. If this key allows the guard into just the public areas that he
guards, then misuse of the key will result in minimal damage. If,
however, the passkey allows access to all areas, then damage from
its being lost, stolen, misused, copied, or otherwise compromised will
be much greater.
 An operating system following the principle of least privilege
implements its features, programs, system calls, and data structures
so that failure or compromise of a component does the minimum
damage.
Domain of Protection:
 A computer system is a collection of processes and objects.
 By objects, we mean both Hardware Objects (such as the CPU,
memory segments, printers, disks, and tape drives) and Software
Objects (such as files, programs, and semaphores).
 A process operates within a protection domain, which specifies the
resources that the process may access.
 Each domain defines a set of objects and the types of operations that
may be invoked on each object.
 The ability to execute an operation on an object is an access right.
 A domain is a collection of access rights, each of which is an ordered
pair <object-name, rights-set>. For example, if domain D has the
access right <file F, {read, write}>, then a process executing in
domain D can both read and write file F.
Access Matrix:
 The model of protection can be viewed abstractly as access matrix.
 The rows of the access matrix represent domains, and the columns
represent objects. Each entry in the matrix consists of a set of access
rights.
 The entry access(i, j) defines the set of operations that a process
executing in domain Di can invoke on object Oj.

 There are four domains and four objects - three files (F1, F2, F3) and
one laser printer. A process executing in domain D1 can read files F1
and F3 . A process executing in domain D4 has the same privileges as
one executing in domain D1; but in addition, it can also write onto
files F1 and F3 .
 Note that the laser printer can be accessed only by a process
Security Problem:
 In many applications, ensuring the security of the computer system is
worth considerable effort.
 We say that a system is secure if its resources are used and
accessed as intended under all circumstances.
 Security violations (or misuse) of the system can be categorized as
intentional (malicious) or accidental.
 It is easier to protect against accidental misuse than against
malicious misuse.
 The following list includes several forms of accidental and malicious
security violations:
1)Breach of confidentiality: This type of violation involves
unauthorized reading of data (or theft of information). Capturing
secret data from a system or a data stream, such as credit-card
information or identity information for identity theft, can result
directly in money for the intruder.
2)Breach of integrity: This violation involves unauthorized
modification of data. Such attacks can, for example, result in
passing of liability to an innocent party or modification of the
source code of an important commercial application.
Security Problem:
3) Breach of availability: This violation involves unauthorized
destruction of data. Web-site defacement is a common example of
this type of security breach.
4) Theft of service: This violation involves unauthorized use of
resources. For example, an intruder (or intrusion program) may
install a daemon on a system that acts as a file server.
5) Denial of service: This violation involves preventing legitimate
use of the system.

Attackers use several standard methods in their attempts to

breach security:
 Masquerading: One participant in the communication pretends to
be someone else (another host or another person).
 Replay Attack: It consists of the malicious or fraudulent repeat of a
valid data transmission. For example – a repeated request for money
transfer.
 Man-in-the-middle attack: In this type of attack, attacker sits in
the data flow of a communication, pretending as a legitimate user to
both sender and receiver of data.
Security Problem:
To protect a system, we must take security measures at four
levels:
1) Physical: The site or sites containing the computer systems must
be physically secured.
2) Human: Authorization must be done carefully to assure that only
appropriate users have access to the system.
3) Operating System: The system must protect itself from accidental
or purposeful security breaches.
4) Network: Much computer data in modern systems travels over
private leased lines, shared lines like the Internet, wireless
connections, or dial-up lines. Intercepting these data could be just as
harmful as breaking into a computer.
System and Network Threats:
 System and network threats create a situation in which operating-
system resources and user files are misused.
 Following are some examples of system and network threats:
1) Worms:
 A worm is a process that uses the spawn mechanism to degrade
system performance. The worm spawns copies of itself, using up
system resources and perhaps locking out all other processes.
 On computer networks, worms reproduce themselves among
systems and thus shut down an entire network.
2) Port Scanning:
 Port scanning is not an attack but rather a means for a attacker to
detect a system's vulnerabilities to attack.
 Port scanning typically is automated, involving a tool that attempts
to create a TCP/IP connection to a specific port or a range of ports of
the system.
System and Network Threats:
3) Denial of Service:
 Denial-of-service attacks are aimed not at gaining information or
stealing resources but rather at disrupting legitimate use of a
system or facility.
 Denial-of-service attack prevent legitimate users from accessing the
system r esources.
 Denial-of-service attacks are generally network based.
 Denial-of-service attacks are fall into two categories:
i. Attacks in the first category use so many facility resources so that
no useful work can be done. For example, a Web-site click could
download a Java applet that proceeds to use all available CPU time
or to pop up windows infinitely.
ii. The second category involves disrupting the network of the facility.
For example, an attacker can create several fake network
connections with a legitimate user and will consume nearly all
network resources. This will prevent any other legitimate user from
creating a network connection.

 A distributed denial-of-service (DDoS) attack is launched from

multiple sites at once, toward a common target.
Cryptography as a Security Tool:
 Cryptography is used to authenticate the potential senders and/or
receivers of a message.
 Modern cryptography is based on secrets called keys that are
selectively distributed to computers in a network and used to
process messages.
 Cryptography enables a recipient of a message to verify that the
message was created by some computer possessing a certain key –
the key is the source of the message.
 Similarly, a sender can encode its message so that only a computer
with a certain key can decode the message, so that the key
becomes the destination.

Important aspect of the parts of cryptography:

Encryption:
 An encryption algorithm enables the sender of a message to ensure
that only a computer possessing a certain key can read the
message.
 In Encryption, the key exchange can take place directly between the
two parties or via a trusted third party (that is, a certificate
authority).
Cryptography as a Security Tool:
An encryption algorithm consists of the following components:
 A set K of keys.
 A set M of messages.
 A set C of ciphertexts.
A function E : K  ( M  C). That is, for each k € K, E(k) is a function for
generating ciphertexts from messages.
A function D: K  (C  M). That is, for each k € K, D(k) is a function for
generating messages from ciphertexts.
Cryptography as a Security Tool:
Cryptography as a Security Tool:
There are two main types of encryption techniques:
1) Symmetric Encryption
2) Asymmetric Encryption

1) Symmetric Encryption:
In a symmetric encryption technique, the same key is used to encrypt
and to decrypt the message.
2) Asymmetric Encryption:
In an asymmetric encryption technique, there are two different
encryption and decryption keys are used to encrypt and to decrypt the
message.
User Authentication:
 A major security problem for operating systems is user
authentication
 Generally, user authentication is based on one or more of three
things: the user's possession of something (a key or card), the user's
knowledge of something (a user identifier and password), and/or an
attribute of the user (fingerprint, retina pattern or signature).
1) Passwords:
 The most common approach to authenticate a user identity is the use
of passwords.
 If the user-supplied password matches the password stored in the
system, the system assumes that the account is being accessed by
the owner of that account.
2) Password Vulnerabilities:
 Passwords are extremely common because they are easy to
understand and use.
 Unfortunately, passwords can often be guessed, accidentally
exposed, sniffed, or illegally transferred from an authorized user to
an unauthorized user.
User Authentication:
2) Password Vulnerabilities:
There are two common ways to guess a password:
i. One way is for the intruder (either human or program) to know the
user or to have information about the user. All too frequently,
people use obvious information (such as the names of their cats or
spouses) as their passwords.
ii. The other way is to use brute force, trying enumeration or all
possible combinations of valid password characters (letters,
numbers, and punctuation on some systems) until the password is
found.
3) Encrypted Passwords:
 Operating system stores all user passwords in encoded form.
 When a user presents a password, it is encoded and compared
against the stored encoded password.
4) Biometrics:
 Palm-readers or hand-readers are commonly used to secure
physical access - for example, access to a data center.
 These readers match stored parameters against what is being read
from hand-reader pads.
User Authentication:
4) Biometrics:
 Palm-readers or hand-readers are commonly used to secure
physical access - for example, access to a data center.
 These readers match stored parameters against what is being read
from hand-reader pads.
 Fingerprint readers have become accurate and cost-effective and
should become more common in the future.