Operating System -

Security
 Security is the overall state or condition in which a system, network, or data is
safeguarded against unauthorized access, use, disclosure, disruption, modification,
or destruction. It encompasses the policies, procedures, and technologies designed
to protect assets and ensure the integrity, confidentiality, and availability of
information. Security is an overarching objective that aims to create a trusted
environment by mitigating risks and preventing harm.
 Protection refers to the specific mechanisms, controls, and practices implemented
to achieve security. It involves putting in place technical measures (like encryption,
firewalls, and access control systems), administrative policies (such as security
guidelines and training), and physical safeguards (including locks, surveillance, and
secure facilities) to defend systems and data from potential threats.
 So a computer system must be protected against unauthorized access,
malicious access to system memory, viruses, worms etc.
 We're going to discuss following topics in this chapter.
 Goals and domain of Protection
 Authentication
 One Time passwords
 Program Threats
 System Threats
 Computer Security Classifications
Goals of Protection

1. Confidentiality
• Objective: Protect sensitive information from unauthorized access.
• Focus: Encryption, access controls, and policies that limit who can see data.
2. Integrity
• Objective: Ensure that data remains accurate and unaltered unless modified by authorized
actions.
• Focus: Mechanisms like checksums, hash functions, and digital signatures that help detect
tampering.
3. Availability
• Objective: Guarantee that information and services are accessible to authorized users when
needed.
• Focus: Redundancy, robust infrastructure, and effective disaster recovery strategies to combat
outages and attacks like Denial-of-Service (DoS).
4. Authenticity
• Objective: Verify that users, systems, and data are genuine.
• Focus: Authentication processes such as multi-factor authentication
(MFA) and digital certificates to ensure the legitimacy of identities.
5. Non-Repudiation
• Objective: Ensure that actions or transactions cannot later be denied
by the parties involved.
• Focus: Techniques like digital signatures and secure logging that
provide proof of origin and execution.
6. Accountability
• Objective: Maintain detailed logs and audit trails to hold users and
systems accountable for their actions.
• Focus: Implementing monitoring, auditing, and reporting systems to
trace activities and support forensic analysis.
7. Resilience
• Objective: Build systems that can withstand and quickly recover from
adverse conditions or attacks.
• Focus: Incorporating redundancy, regular backups, and comprehensive
incident response plans.
Principles of Protection

1. Confidentiality, Integrity, and Availability (CIA Triad)

• Confidentiality: Ensuring that sensitive data is accessible only to those
authorized to view it.
• Integrity: Maintaining the accuracy and consistency of data, ensuring it is not
altered or tampered with.
• Availability: Ensuring that data and systems are accessible to authorized
users when needed.
2. Least Privilege
• Concept: Users and systems should have only the minimum level of access
necessary to perform their functions.
• Benefit: Reduces the risk of accidental or malicious misuse of privileges.
3. Defense in Depth
• Concept: Employing multiple layers of security controls (technical, physical, and administrative)
to protect information.
• Benefit: Provides redundancy; if one layer is breached, others still provide protection.
4. Accountability
• Concept: Implementing mechanisms such as logging, auditing, and monitoring so that actions
can be traced to responsible parties.
• Benefit: Helps in identifying and responding to security incidents, and supports compliance
requirements.
5. Non-Repudiation
• Concept: Ensuring that a party in a transaction cannot deny having performed an action.
• Benefit: Strengthens trust by providing proof of actions, often achieved through digital
signatures and secure logging.
6. Risk Management
• Concept: Continuously identifying, evaluating, and mitigating risks to
protect assets.
• Benefit: Ensures that security measures are prioritized based on the
level of risk and potential impact.
7. Secure by Design
• Concept: Building security into the system from the ground up, rather
than adding it on as an afterthought.
• Benefit: Leads to more robust systems that are better able to
withstand attacks.
8. Separation of Duties
• Concept: Dividing responsibilities and tasks among multiple people or
systems to reduce the chance of fraud or error.
• Benefit: Mitigates the risk of collusion and abuse of power.
9. Continuous Improvement
• Concept: Security is not a one-time effort; systems must be
continuously assessed and updated to counter new threats.
• Benefit: Helps adapt to evolving risks and vulnerabilities.
Domain of Protection

 Domains of protection are boundaries that can be used to separate different

parts of an operating system or user process. Since it allows each domain to
operate independently without affecting others, it provides isolation and
protection.
 Various domains of protection in operating system are as follows:
 The protection policies restrict each process's access to its resource handling.
 A process is obligated to use only the resources necessary to fulfil its task
within the time constraints and in the mode in which it is required.
 It is a process's protected domain.
 Processes and objects are abstract data types in a computer system, and these objects
have operations that are unique to them.
 A domain component is defined as <object, {set of operations on object}>.
 Each domain comprises a collection of objects and the
operations that may be implemented on them.
 A domain could be made up of only one process, procedure, or
user.
 If a domain is linked with a procedure, changing the domain would
mean changing the procedure ID.
 Objects may share one or more common operations.
Association between Process and
Domain

 When processes have the necessary access rights, they can switch from
one domain to another. It could be of two types, as shown below.
 1. Fixed or Static
 In a fixed association, all access rights could be given to processes at
the start.
 However, this results in a large number of access rights for domain
switching.
 As a result, a technique of changing the domain's contents is found
dynamically.
 2. Changing or dynamic
 A process may switch dynamically and creating a new domain in the
process.
Security measures of Operating
System

 There are various security measures of the operating system that the users may take.
Some of them are as follows:
 The network used for file transfers must be secure at all times. During the transfer, no
alien software should be able to harvest information from the network. It is referred to
as network sniffing, and it could be avoided by implementing encrypted data transfer
routes. Moreover, the OS should be capable of resisting forceful or even accidental
violations.
 Passwords are a good authentication method, but they are the most common and
vulnerable. It is very easy to crack passwords.
 Security measures at various levels are put in place to prevent malpractices, like no
one being allowed on the premises or access to the systems.
 The best authentication techniques include a username-password combination, eye
retina scan, fingerprint, or even user cards to access the system.
[Link]

 Authentication refers to identifying each user of the system and

associating the executing programs with those users.
 It is the responsibility of the Operating System to create a protection system which
ensures that a user who is running a particular program is authentic. Operating
Systems generally identifies/authenticates users using following three ways −
 Username / Password − User need to enter a registered username and
password with Operating system to login into the system.
 User card/key − User need to punch card in card slot, or enter key generated by
key generator in option provided by operating system to login into the system.
 User attribute - fingerprint/ eye retina pattern/ signature − User need to
pass his/her attribute via designated input device used by operating system to
login into the system.
[Link] Time passwords

 One-time passwords provide additional security along with normal authentication.

In One-Time Password system, a unique password is required every time user tries
to login into the system. Once a one-time password is used, then it cannot be used
again. One-time password are implemented in various ways.
 Random numbers − Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.
 Secret key − User are provided a hardware device which can create a secret id
mapped with user id. System asks for such secret id which is to be generated
every time prior to login.
 Network password − Some commercial applications send one-time passwords to
user on registered mobile/ email which is required to be entered prior to login.
[Link]

 Firewalls are essential for monitoring all incoming and outgoing traffic.
It imposes local security, defining the traffic that may travel through it.
 Firewalls are an efficient way of protecting network systems or local
systems from any network-based security threat.
4. Physical Security

 The most important method of maintaining operating system security is

physical security.
 An attacker with physical access to a system may edit, remove, or steal
important files since operating system code and configuration files are
stored on the hard drive.
Program Threats

 Operating system's processes and kernel do the designated task as

instructed.
 If a user program made these process do malicious tasks, then it is known
as Program Threats.
 This is any circumstance or event that can harm a computer
program. It might exploit vulnerabilities in the code, lead to data
breaches, or cause the program to behave unexpectedly.
 One of the common example of program threat is a program installed in a
computer which can store and send user credentials via network to some
hacker.
 Following is the list of some well-known program threats.
 Trojan Horse − Such program traps user login credentials and stores them to send to
malicious user who can later on login to computer and can access system resources.
 Trap Door − If a program which is designed to work as required, have a security hole
in its code and perform illegal action without knowledge of user then it is called to have
a trap door.
 Logic Bomb − Logic bomb is a situation when a program misbehaves only when
certain conditions met otherwise it works as a genuine program. It is harder to detect.
 Virus − Virus as name suggest can replicate themselves on computer system. They
are highly dangerous and can modify/delete user files, crash systems. A virus is
generally a small code embedded in a program. As user accesses the program, the
virus starts getting embedded in other files/ programs and can make system unusable
for user
System Threats

 System threats refers to misuse of system services and

network connections to put user in trouble.
 System threats can be used to launch program threats on a complete
network called as program attack.
 System threats creates such an environment that operating system
resources/ user files are misused.
 Following is the list of some well-known system threats.
 Worm − Worm is a process which can choke down a system performance by
using system resources to extreme levels.
 A Worm process generates its multiple copies where each copy uses system
resources, prevents all other processes to get required resources.
 Worms processes can even shut down an entire network.
 Port Scanning − Port scanning is a mechanism or means by which a hacker
can detect system vulnerabilities to make an attack on the system.
 Denial of Service − Denial of service attacks normally prevents user from
making legitimate use of the system.
 For example, a user may not be able to use internet if denial of service attacks
browser's content settings.
Computer Security Classifications

 As per the U.S. Department of Defense Trusted Computer System's

Evaluation Criteria there are four security classifications in computer
systems: A, B, C, and D.
 This is widely used specifications to determine and model the security
of systems and of security solutions.
 Following is the brief description of each classification.
S.N Classification Type & Description
O
1. Type A
Highest Level. Uses formal design specifications and verification
techniques. Grants a high degree of assurance of process security.
2. Type B
Provides mandatory protection system. Have all the properties of
a class C2 system. Attaches a sensitivity label to each object. It is
of three types.
B1 − Maintains the security label of each object in the system.
Label is used for making decisions to access control.
B2 − Extends the sensitivity labels to each system resource, such
as storage objects, supports covert channels and auditing of
events.
B3 − Allows creating lists or user groups for access-control to
grant access or revoke access to a given named object.
S.N Classification Type & Description
O
3. Type C
Provides protection and user accountability using audit capabilities.
It is of two types.
C1 − Incorporates controls so that users can protect their private
information and keep other users from accidentally reading /
deleting their data. UNIX versions are mostly Cl class.
C2 − Adds an individual-level access control to the capabilities of a
Cl level system.
4. Type D
Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this
category.
What is Access Matrix in Operating System?

 The Access Matrix is a security model for a computer system's

protection state.
 It is described as a matrix.
 An access matrix is used to specify the permissions of each process
running in the domain for each object.
 The rows of the matrix represent domains, whereas the columns
represent objects.
 Every matrix cell reflects a set of access rights granted to domain
processes, i.e., each entry (i, j) describes the set of operations that a
domain Di process may invoke on object Oj.
Methods of Implementing Access
Matrix

 Global Table
 Access Lists for Objects
 Capability Lists for Domains
 Lock-Key Mechanism
1. Global Table

 It is the most basic access matrix implementation. A set of ordered

triples <domain, object, rights-set> is maintained in a file.
 When an operation M has been performed on an object Oj within
domain Di, the table is searched for a triple <Di, Oj, Rk>.
 The operation can proceed if this triple is located; otherwise, an
exception (or error) condition has arrived.
 This implementation has various drawbacks.
 The table is generally large and cannot be stored in the main memory,
so additional input and output are required.
2. Access Lists for Objects

 Every access matrix column may be used as a single object's access list. It is
possible to delete the blank entries.
 For each object, the resulting list contains ordered pairs <domain, rights-
set> that define all domains for that object and a nonempty set of access
rights.
 We may start by checking the default set and then find the access list.
 If the item is found, we enable the action; if it isn't, we verify the default set.
 If M is in the default set, we grant access.
 Access is denied if this is not the case, and an extraordinary scenario arises.
[Link] Lists for Domains

 A domain's capability list is a collection of objects and the actions that can be
done on them.
 A capability is a name or address that is used to define an object.
 If you want to perform operation M on object Oj, the process runs operation M,
specifying the capability for object Oj.
 The simple possession of the capability implies that access is allowed.
 In most cases, capabilities are separated from other data in one of two ways.
 Every object has a tag to indicate its type as capability data. Alternatively, a program's
address space can be divided into two portions.
 The programs may access one portion, including the program's normal instructions and
data.
 The other portion is a capability list that is only accessed by the operating system.
4. Lock-Key Mechanism

 It is a compromise between the access lists and the capability lists.

 Each object has a list of locks, which are special bit patterns.
 On the other hand, each domain has a set of keys that are special bit
patterns.
 A domain-based process could only access an object if a domain has a
key that satisfies one of the locks on the object.
 The process is not allowed to modify its keys.
 Now, let's take an example to understand the implementation of an
access matrix in the operating system.
Example:
 In this example, there are 4 domains and objects in the above matrix,
and also consider 3 files (including F1, F2, and F3) and one printer.
 Files F1 and F3 can be read by a process running in D1.
 A process running in domain D4 has the same rights as D1, but it may
also write on files.
 Only one process running in domain D2 has access to the printer.
 The access matrix mechanism is made up of various policies and
semantic features.
 Specifically, we should ensure that a process running in domain Di may
only access the objects listed in row i.
 The protection policies in the access matrix determine which rights must be included in the (i
j)th entry. We should also choose the domain in which each process runs.
 The OS usually decides this policy.
 The Users determine the data of the access-matrix entries.
 The relationship between the domain and the processes might be static or dynamic.
 The access matrix provides a way for defining the control for this domain-process
association.
 We perform a switch action on an object when we switch a process from one domain to
another.
 We may regulate domain switching by containing domains between the access matrix
objects.
 If they have access to switch rights, processes must be enabled to switch from one
domain (Di) to another domain (Dj).
 According to the matrix, a process running in domain D2 can transition
to domains D3 and D4.
 A process in domain D4 may change to domain D1, and a process in
domain D1 may change to domain D2.
 Comparison between Security and
Protection
Feature Security Protection
s
Definitio It is a technique used in operating systems to It is a technique used in
n address threats from outside the system to maintain operating systems to control
its proper functioning. hazards and maintain the
system's proper functioning.

Focus It mainly focuses on external threats to the system. It mainly focuses on the
internal threats of the system.
Policy It specifies whether or not a specific user is allowed It outlines which users are
to access the system. permitted to access a certain
resource.
Functio It offers a technique for protecting system and user It offers a technique for
nality resources from unauthorized access. controlling access to processes,
programs, and user resources.
Mechanism Security techniques include adding, deleting It includes techniques like
users, determining whether or not a certain modifying a resource's
user is authorized, employing anti-malware protection information and
software, etc. determining whether a user
may access it.

Queries It is a wide phrase that handles more It comes with security and
complicated queries. covers less complex queries.