Protection

and Security
-
Anuja Kulkarni
The role of an operating system (OS) extends beyond providing an
interface between the user and the hardware of the computer. It
lies at the heart of managing hardware resources and ensuring the
system is protected and secure. This article explores the critical
aspects of protection and security in operating systems,
demystifying these key areas that remain paramount in the
effective functioning of any computing system.
What is Protection?
Protection in the context of an OS refers to a mechanism that controls
the accessibility and usability of system resources, such as the CPU,
memory, disk drives, printers, and files. It involves ensuring that
resources are used according to predefined policies and are only
accessed by authorized entities – the processes or programs that have
been granted appropriate permissions. This mechanism is pivotal in the
prevention of interference and errors that can occur when multiple
processes access shared resources.

What is Security?
Security in an operating system (OS) refers to the measures and
mechanisms implemented to protect the system, its resources, and the
data it processes from unauthorized access, misuse, modification, or
destruction. It encompasses various aspects such as authentication,
authorization, encryption, access control, auditing, and intrusion
detection/prevention.
OS security aims to safeguard the confidentiality, integrity, and
availability of system resources and data, ensuring that only authorized
users can access and manipulate them while preventing unauthorized
users or malicious software from causing harm or exploiting
vulnerabilities. Security features in an OS may include user
authentication mechanisms (like passwords or biometrics), file and
directory permissions, firewall configurations, encryption algorithms,
secure boot processes, antivirus software, and security patches to
address vulnerabilities discovered over time. Robust OS security is
essential for protecting sensitive information, maintaining system
stability, and preserving user trust in computing environments.
Difference between Security and Protection

Security Protection
Ensures system safety from Controls system access to
various threats. prevent misuse.
Safeguard system resources Restrict unauthorized access
and data. to system resources.
Utilizes technical and Enforces access control
procedural measures. mechanisms.
Prevents security risks and
Limits unauthorized actions.
vulnerabilities.
Enhances system resilience Affects system performance
and trustworthiness. and usability.
The goals of operating system protection are to ensure confidentiality (restricting access
to sensitive data), integrity (preventing unauthorized modification),
and availability (ensuring authorized users can access resources when needed). The
guiding principle is the principle of least privilege, which dictates that users and
programs should only have the minimum permissions necessary to perform their tasks.
This minimizes potential damage from errors or malicious actions.

Goals of Protection

Confidentiality: Restricting access to sensitive information and files to only authorized

users and processes.
Integrity: Protecting data and system resources from unauthorized modification or
deletion.
Availability: Ensuring that authorized users and processes can access resources and
services when they are needed.
Isolation: Preventing processes and users from interfering with each other and
protecting them from unintentional or malicious misuse.
Reliability: Preventing bugs or malicious code in one program from crashing the entire
system.
Auditability: Providing a way to track and monitor system activities to detect security
incidents or violations.
1. Prevent Accidental Errors
Protection ensures that a user or a process cannot accidentally
damage the system.
Example: A faulty program should not be able to modify OS memory or
another user’s files.
2. Prevent Intentional Misuse
Protection stops malicious users or programs from accessing resources
they are not authorized for.
Example: Prevent hacking, unauthorized modification of confidential
files, or misuse of CPU time.
3. Ensure Controlled Access to Resources
Only authorized users/processes should access specific files, memory,
I/O devices, or CPU time.
Example: A user with read-only privilege must not be able to modify or
delete a file.
4. Ensure Data Integrity
Protection mechanisms ensure data remains accurate and unaltered
unless permitted.
Example: Banking records must not be modified by unauthorized
processes.
Principles of protection

1. Principle of Least Privilege

Each user or process should have only the minimum privileges
required to perform its tasks.
Reduces damage from accidents or attacks.
Example: A text editor needs access only to the file being edited,
not the entire file system.
2. Principle of Fail-Safe Defaults
Default access to any resource should be denied unless explicitly
granted.
Also called default-deny policy.
Example: A new file should not automatically be accessible to all
users.
3. Principle of Complete Mediation
Every access to a resource must be checked for permission every
time.
No shortcuts or cached permissions should be assumed.
Prevents using outdated or revoked permissions.
4. Principle of Economy of Mechanism
Protection mechanisms should be simple, small, and easy to verify.
Complexity increases chances of errors and vulnerabilities.
Example: A simple permission model (like Unix rwx bits) is easy to
understand and enforce.
5. Principle of Open Design
The design of protection mechanisms should not depend on secrecy.
Security should rely on keys/credentials—not on hiding how the system
works.
Example: Encryption algorithms are public, but the key is secret.
6. Principle of Separation of Privilege
Access to critical resources should require more than one condition to
be satisfied.
Example: Two-factor authentication (password + OTP).
7. Principle of Least Common Mechanism
Shared resources or mechanisms should be minimized to reduce
interference.
Fewer shared mechanisms = fewer chances for misuse.
Example: Avoid sharing sensitive files across multiple users.
8. Principle of Psychological Acceptability
Protection mechanisms must be easy for users to understand and use.
If too complex, users may bypass or misuse them.
Example: Simple permission settings encourage correct usage.
9. Principle of Layered Design (Defense in Depth)
Multiple levels of protection should be used.
Even if one layer fails, others will still provide security.
Example: File permissions + encryption + user authentication.
10. Principle of Revocation of Access Rights
System should allow easy revocation of permissions.
Necessary when users change roles or leave the organization.
Example: Removing access to company files after an employee
resigns.
How Goals and Principles Together Maintain System Stability and Security.
Protection goals define the destination, while protection principles define the path to
achieve that destination. Together, they create a robust security architecture:
1 Contribution to System Stability
Restricting processes ensures no program overrides OS memory or other critical structures.
Controlled sharing avoids resource conflicts and deadlocks.
Simple, well-designed protection components reduce failures.
Constant access checking ensures consistently correct system behavior.
Result:
The system remains stable even under heavy load, multi-user scenarios, or when bugs
occur.
2 Prevention of Unauthorized Access
Access rights ensure only legitimate users can view or modify sensitive data.
Default-deny and complete mediation principles ensure strict enforcement of permissions.
Least privilege and separation of privilege minimize risks from compromised accounts.
Result:
The system is resistant to malicious attacks, unauthorized data access, and privilege
escalation.
3 Enhanced Security Posture
Protection mechanisms act as the foundation for:
• authentication
• encryption
• auditing
• intrusion detection
• role-based access control
These combine to form a layered security model (defense-in-depth), which significantly
strengthens the operating system’s resilience.
Security Problem:
Security refers to providing a protection system to computer system resources such as CPU,
memory, disk, software programs and most importantly data/information stored in the
computer system. If a computer program is run by an unauthorized user, then he/she may
cause severe damage to computer or data stored in it. So a computer system must be
protected against unauthorized access, malicious access to system memory, viruses, worms
etc. We're going to discuss following topics in this chapter.
• Authentication
• One Time passwords
• Program Threats
• System Threats
• Computer Security Classifications
[Link]
Authentication refers to identifying each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to create a
protection system which ensures that a user who is running a particular program is
authentic. Operating Systems generally identifies/authenticates users using following three
ways −
Username / Password − User need to enter a registered username and password with
Operating system to login into the system.
User card/key − User need to punch card in card slot, or enter key generated by key
generator in option provided by operating system to login into the system.
User attribute - fingerprint/ eye retina pattern/ signature − User need to pass his/her
attribute via designated input device used by operating system to login into the system.
[Link] Time passwords
One-time passwords provide additional security along with normal authentication. In One-
Time Password system, a unique password is required every time user tries to login into the
system. Once a one-time password is used, then it cannot be used again. One-time
password are implemented in various ways.
Random numbers − Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.
Secret key − User are provided a hardware device which can create a secret id mapped
with user id. System asks for such secret id which is to be generated every time prior to login.
Network password − Some commercial applications send one-time passwords to user on
registered mobile/ email which is required to be entered prior to login.

[Link] Threats
Operating system's processes and kernel do the designated task as instructed. If a user
program made these process do malicious tasks, then it is known as Program Threats. One
of the common example of program threat is a program installed in a computer which can
store and send user credentials via network to some hacker. Following is the list of some
well-known program threats.
Trojan Horse − Such program traps user login credentials and stores them to send to
malicious user who can later on login to computer and can access system resources.
Trap Door − If a program which is designed to work as required, have a security hole in its
code and perform illegal action without knowledge of user then it is called to have a trap
door.
Logic Bomb − Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect.
Virus − Virus as name suggest can replicate themselves on computer system. They are
highly dangerous and can modify/delete user files, crash systems. A virus is generally a small
code embedded in a program. As user accesses the program, the virus starts getting
embedded in other files/ programs and can make system unusable for user.
Role of firewalls and security classifications in safeguarding systems and
networks.
A firewall is a security device or software that monitors and controls
incoming and outgoing network traffic based on predefined security
rules. It acts as a barrier between trusted internal networks and
untrusted external networks.
Key Roles of Firewalls
1.1 Controlling Traffic Based on Policies
Firewalls enforce access control rules.
They allow only legitimate traffic and block unauthorized or malicious
traffic.
Example: Allowing HTTP/HTTPS but blocking suspicious ports.
1.2 Preventing Unauthorized Access
Firewalls block external attackers from accessing internal systems.
They prevent attacks like port scanning, intrusion attempts, and
unauthorized data access.
1.3 Monitoring and Logging Traffic
Firewalls keep logs of all activities.
Security administrators can analyze logs to detect suspicious behavior
or policy violations.
1.4 Protecting Against Malware and Attacks
Modern firewalls (Next-Generation Firewalls) can:
Detect and block malware
Prevent SQL injections, DoS/DDoS attacks
Perform deep packet inspection
1.5 Segmentation of Networks
Firewalls divide networks into security zones (e.g., DMZ, internal,
restricted).
Each zone has different levels of trust.
This prevents lateral movement of attackers.
1.6 Enforcing Organization’s Security Policies
Implements rules such as:
Users cannot access restricted websites.
Only authorized employees can access internal servers.
2. Security Classifications and Their Role in Safeguarding Systems
Security classifications define how information and systems should be
handled, stored, accessed, and protected based on sensitivity.
These classifications are typically used in:
Government organizations
Defense and military
Corporations with confidential data
Data governance and compliance frameworks
2.1 Common Security Classification Levels
(Example—may vary by organization)
Public – accessible to everyone
Internal – for employees only
Confidential – sensitive information
Secret – critical information requiring strong controls
Top Secret – highly sensitive, maximum protection required
2.2 Role in Security
2.2.1 Ensures Appropriate Access Control
Only authorized users with proper clearance can access certain data.
Prevents insider threats and unauthorized disclosure.
2.2.2 Defines Handling Procedures
Each classification level has rules—for example:
Encryption required for confidential data
Storage only on secure servers
Limited copying or printing of documents
2.2.3 Helps in Risk Management
Information with higher sensitivity gets stronger protection.
Resources are allocated based on data value.
2.2.4 Supports Compliance and Legal Requirements
Classification helps organizations follow standards like:
ISO 27001
GDPR (for personal data)
Government security policies
2.2.5 Facilitates Secure Communication
Ensures that individuals exchange data securely based on clearance
levels.
Prevents accidental data leakage.
3. How Firewalls and Security Classifications Work Together

Although different in nature, both mechanisms complement each other:

3.1 Multi-Layered Defense
Firewalls protect at the network level.
Classifications protect at the data and user-access level.
Together, they form defense-in-depth.
3.2 Prevention of Unauthorized Access
Firewall controls "who can connect".
Classification controls "what they can access".
3.3 Limiting Data Exposure
Firewalls restrict external access.
Classifications ensure only cleared personnel can view sensitive files. 3.4
Protecting Critical Systems
High-level classified systems (top secret) are:
Placed in isolated network zones
Protected by strict firewall rules
3.5 Audit and Accountability
Firewalls log network activity.
Classifications require logging of file access.
Both help track misuse or suspicious behavior.
Computer-Security Classifications

Computer security deals with the protection of computer systems and

information from harm, theft, and unauthorized use. The main reason
users get attacked frequently is that they lack adequate defenses to
keep out intruders, and cybercriminals are quick to exploit such
weaknesses. Computer security ensures the confidentiality, integrity,
and availability of your computers and their stored data.

Types of Attacks
There are many kinds of attacks available to the dedicated hacker.
These are among the most famous and frequent types of attacks.

1. Denial of service (DDoS):

This is an attack used to restrict the user’s access to the system
resources by flooding the server with useless traffic. The botmaster
commands all the bots to access a resource at the same time so that
the resource gets hopelessly jammed up. Then, if a legitimate user
wants to access that same resource, they will not be able to do so.
This is illustrated below:
2. Malware attack:

This is a malicious program that disrupts or damages the computer.

There are four main types of malware:
Keylogger: Keylogger records all the hits on the targeted keyboard.
Most hackers use it to get passwords and account details.
Virus: A computer virus is a malicious code that replicates by copying
itself to another program or document and changes how a
computer works. The virus, such as the Melissa virus, requires someone
to knowingly or unknowingly spread the infection without the
knowledge or permission of a user or system administrator.
Worms: This is a standalone program that runs independently and
infects the system. One of the more popular examples is [Link].F.
The worm propagates itself through network share devices.
Trojan horse: This is a malicious code that takes over your computer.
This code can damage or steal information from your computer.
3. Man in the middle:
Say, for example, you want to do an online transaction. You connect
to your bank and conduct the payment. Simple, right? This is
illustrated in the below image:

Fig: Man in the middle attack (1)

Now, while you are doing a transaction, you have to enter the
details of your card and the PIN. The cyber attacker spoofs you and
monitors your transaction. As soon as you enter your details, he will
have access to all of that information, as shown in the below image
 Fig: Man in the middle attack (2)

[Link] injection:
As the name suggests, an SQL injection vulnerability allows an
attacker to inject malicious input into a SQL statement. This type of
attack happens only on websites. The best example would be
[Link]. There is a database stored on the Facebook
website. The hackers get into that database and sign in using
someone else's username and password.