OS-Chapter 6 - Security and Protection
OS-Chapter 6 - Security and Protection
OS-Chapter 6 - Security and Protection
CHAPTER 6
SECURITY & PROTECTION
Overview of System Security:
Many companies possess valuable information they want to guard closely. This
information can be technical (e.g., a new chip design or software), commercial (e.g., studies of
the competition or marketing plans), financial (e.g., plans for a stock offering) legal (e.g.,
documents about a potential merger or takeover), among many other possibilities. Frequently this
information is protected by having a uniformed guard at the building entrance who checks to see
that everyone entering the building is wearing a proper badge. In addition, many offices may be
locked and some file cabinets may be locked as well to ensure that only authorized people have
access to the information.
Home computers increasingly have valuable data on them, too. Many people keep their
financial information, including tax returns and credit card numbers, on their computer. Love
letters have gone digital. And hard disks these days are full of important photos, videos, and
movies. As more and more of this information is stored in computer systems, the need to protect
it is becoming increasingly important. Guarding this information against unauthorized usage is
therefore a major concern of all operating systems.
Unfortunately, it is also becoming increasingly difficult due to the widespread acceptance
of system bloat (and the accompanying bugs) as a normal phenomenon. In the following sections
we will look at a variety of issues concerned with security and protection, some of which have
analogies to real-world protection of information on paper, but some of which are unique to
computer systems. In this chapter we will examine computer security as it applies to operating
systems.
Security refers to providing a protection system to computer system resources such as
CPU, memory, disk, software programs and most importantly data/information stored in the
computer system. If a computer program is run by unauthorized user then he/she may cause
severe damage to computer or data stored in it. So a computer system must be protected against
unauthorized access, malicious access to system memory, viruses, worms etc.
Impossible to have absolute security, but make cost to perpetrator sufficiently high to
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 1
Operating System
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 2
Operating System
Finally, a new threat has arisen in recent years. Outsiders can sometimes take command
of people's home computers (using viruses and other means) and turn them into zombies, willing
to do the outsider's bidding at a moment's notice. Often zombies are used to send spam so that
the mastermind behind the spam attack cannot be traced. In a certain sense, another threat also
exists, but it is more of a threat to society than to an individual users. There are folks out there
who bear a grudge against some particular country or (ethnic) group or who are just angry at the
world in general and want to destroy as much infrastructure as they can without too much regard
to the nature of the damage or who the specific victims are. Usually such people feel that
attacking their enemies' computers is a good thing, but the attacks themselves may not be well
focused.
Policy/Mechanism Separation:
As per the U.S. Department of Defense Trusted Computer System's Evaluation Criteria
there are four security classifications in computer systems: A, B, C, and D. This is widely used
specifications to determine and model the security of systems and of security solutions.
Following is the brief description of each classification.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 3
Operating System
1. Firewall
2. Data Encryption
3. Password
4. Biometrics
5. One time passwords
1. Firewall: a firewall consists of software and hardware setup between an internal
computer network and the internet. A computer network manager setup the rule for the
firewall to filter out unwanted instructions.
2. Data Encryption: is a process of encoding message so that it can only be viewed by
authorized individual. An encryption key is used to make message unreadable and secret
decryption key is used to decipher the message.
3. Passwords: It is a string of characters used to authenticate a user to access a system. The
password need to be kept secret and is only intended for the specific user.
4. Biometric: This method is an automated method recognizing of a person based on his
behavioral of physical character, finger print, palm scan etc. This is used as a special
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 4
Operating System
Random numbers - Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.
Secret key - User are provided a hardware device which can create a secret id
mapped with user id. System asks for such secret id which is to be generated every
time prior to login.
Network password - Some commercial applications send one time password to user
on registered mobile/ email which is required to be entered prior to login.
Protection:
Protection refers to a mechanism for controlling the access of programs, processes, or
users to the resources defined by a computer system.
Protection ensures that the resources of the computer are used in a consistent way.
It ensures that each object accessed correctly and only by those processes that are
allowed to do so.
Goals of Protection:
As computer systems have become more sophisticated and pervasive in their
applications, the need to protect their integrity has also grown.
We need to provide protection for several reasons. The most obvious is the need to
prevent the mischievous, intentional violation of an access restriction by user.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 5
Operating System
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 6
Operating System
Access:
An access method is a function of a mainframe operating system that enables access to
data on disk, tape or other external devices. They were introduced in 1963 in
IBM OS/360operating system.[1] Access methods provide an application programming interface
(API) for programmers to transfer data to or from device, and could be compared to device
driversin non-mainframe operating systems, but typically provide a greater level of functionality.
Access Control:
The basic problem of computer protection is to control which objects a given program
can access, and in what ways. Objects are things like files, sound cards, other programs, the
network, your modem etc. Access means what kind of operations can be done on these objects.
Examples include reading a file, writing to a file and creating or deleting objects.
When we talk about ``controlling access,'' we are really talking about four kinds of
things:
Preventing access.
Limiting access.
Granting access.
Revoking access.
A good example of this is found in Solaris 10.
Solaris uses Role-based access control(RBAC) to adding the principle.
Ease of programming - programmer would no longer deal with a specific device procedures,
including error detection and recovery tactics in each and every program. A program
designed to process a sequence of 80-character records would work no matter where the data
are stored.
Ease of hardware replacement - programmer would no longer alter a program when data
should be migrated to newer model of storage device, provided it supports the same access
methods.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 7
Operating System
Ease shared data set access - an access method is a trusted program, that allows multiple
programs to access the same file, while ensuring the basic data integrity and system security.
Read-ahead - Queued access methods may start as many I/O operations as there
are buffers available, anticipating application program requirements.
Unlike systems derived from Unix, where all files and devices are considered to be an
unformatted stream of bytes, mainframes offer a variety of data options and formats, such as
varying types and sizes of records, and different ways of accessing data, such as via record keys.
Access methods provide programs a way of dealing with this complexity.
Programs can read or write a record or block of data and wait until the input/output operation
is complete (queued access methods) or allow the operation to be started and the program to
continue to run, waiting for the completion at a later time (basic access methods).
Programs can specify the size and number of buffers for a file. The same buffer or pool can
be used for multiple files, allowing blocks of data to be read from one file and written to
another without requiring data movement in memory.
Programs can specify the type of error recovery to be used in case of input/output errors.
Authentication:
Authentication refers to identifying the each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to create a protection
system which ensures that a user who is running a particular program is authentic. Operating
Systems generally identifies/authenticates users using following three ways:
Username / Password - User need to enter a registered username and password with
Operating system to login into the system.
User card/key - User need to punch card in card slot, or enter key generated by key
generator in option provided by operating system to login into the system.
User attribute - fingerprint/ eye retina pattern/ signature - User need to pass his/her
attribute via designated input device used by operating system to login into the system.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 8
Operating System
Memory Protection:
Memory protection is a way to control memory access rights on a computer, and is a part
of most modern instruction set architectures and operating systems. The main purpose of
memory protection is to prevent a process from accessing memory that has not been allocated to
it. This prevents a bug or malware within a process from affecting other processes, or the
operating system itself. An attempt to access unowned memory results in a hardware fault, called
a segmentation fault or storage violation exception, generally causing abnormal termination of
the offending process. Memory protection for computer security includes additional techniques
such as address space layout randomization and executable space protection.
Encryption:
The translation of data into a secret code. Encryption is the most effective way to achieve
data security. To read an encrypted file, you must have access to a secret key or password that
enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to
as cipher text.
There are two main types of encryption: asymmetric encryption (also called public-key
encryption) and symmetric encryption.
1. the type of encryption you need (document, file/folder, usb drive, full disk) given the
operating system you use, and
2. the approach you will use for backup of encryption keys and associated passwords.
The rest of this document is intended to help you with these decisions. Consult with your
local technical support staff or feel free to call the DoIT help desk if you'd like to talk to
someone about what options are available.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 9
Operating System
USB encryption is
similar to folder
encryption in that all
files on the USB are
encrypted. All files
Simple to use
dropped into the
particularly if Files are only
container are
you can encrypted while on
encrypted, file dragged
Varies depending on easily the USB
out of the container or
USB encryption system organize drive. Copying,
unencrypted. A wide
used. those moving or
variety of USB
documents transmitting the files
encryption mechanisms
that require will decrypt them.
exist including using
encryption.
modern operating
system features, buying
USB devices that are
encrypted and using
third party tools.
The term full disk
encryption (FDE) or
whole disk encryption is
used to signify that
everything on a disk is
encrypted. With FDE,
System failures
data is encrypted
require
automatically when it's Critical to have a If device lost
understanding FDE
stored on the hard disk password recovery or stolen, no
recovery processes.
and decrypted when it is and key escrow question of
read from the disk. This process in place whether data
Full disk Usually undertaken
includes operating since all data on is encrypted
only with IT
systems files as well as machine is at risk or not since
professional support
user documents. Most should password be everything
since system boot
operating systems do not forgotten encrypted.
mechanism is
have true full disk
modified.
encryption capability with
the exception Windows
7's BitLocker feature,
rather we use third party
products for full disk
encryption.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 11
Operating System
All encrypted data can be permanently lost if you forget the encryption password (or
passphrase).
Backups or copies of passwords or encryption keys should be secured. For example,
paper or written copies or keys should be locked in a secure location. Backups of
passwords can be kept in secure password vaults, such as Password Safe.
If you decide to save them, decryption keys should be locked in a a safe location.
Forgotten passwords cannot be recovered and users should use caution where the
passwords are being kept.
Secure storage of passwords e.g. password safe
Users who need to share encrypted documents with others should use a different
password than the password used for those documents that are only accessed by the user
themselves.
Passwords for shared, encrypted documents will need to be given to recipients via phone
not through insecure method e.g. email
Recovery Management:
Causes of data loss
Most data loss is caused by human error, rather than malicious attacks, according to U.K.
statistics released in 2016. In fact, human error accounted for almost two-thirds of the incidents
reported to the U.K. Information Commissioner's Office. The most common type of breach
occurred when someone sent data to the wrong person.
Other common causes of data loss include power outages, natural disasters, equipment
failures or malfunctions, accidental deletion of data, unintentionally formatting a hard drive,
damaged hard drive read/write heads, software crashes, logical errors, firmware corruption,
continued use of a computer after signs of failure, physical damage to hard drives, laptop theft,
and spilling coffee or water on a computer.
requires IT intervention. Data recovery services can also be used to retrieve files that were not
backed up and accidentally deleted from a computer's file system, but still remain on the hard
disk in fragments.
Data recovery is possible because a file and the information about that file are stored in
different places. For example, the Windows operating system uses a file allocation table to track
which files are on the hard drive and where they are stored. The allocation table is like a book's
table of contents, while the actual files on the hard drive are like the pages in the book.
When data needs to be recovered, it's usually only the file allocation table that's not
working properly. The actual file to be recovered may still be on the hard drive in flawless
condition. If the file still exists -- and it is not damaged or encrypted -- it can be recovered. If the
file is damaged, missing or encrypted, there are other ways of recovering it. If the file is
physically damaged, it can still be reconstructed. Many applications, such as Microsoft Office,
put uniform headers at the beginning of files to designate that they belong to that application.
Some utilities can be used to reconstruct the file headers manually, so at least some of the file
can be recovered.
Most data recovery processes combine technologies, so organizations aren't solely
recovering data by tape. Recovering core applications and data from tape takes time, and you
may need to access your data immediately after a disaster. There are also risks involved with
transporting tapes.
In addition, not all production data at a remote location may be needed to resume
operations. Therefore, it's wise to identify what can be left behind and what data must be
recovered.
identify and stop data leaks, and come in two versions: stand-alone and integrated.
Stand-alone DLP products can reside on specialized appliances or be sold as
software.
Integrated DLP products are usually found on perimeter security gateways and are
useful for detecting sensitive data at rest and in motion.
Unlike stand-alone data loss prevention products, integrated DLP products usually do not
share the same management consoles, policy management engines and data storage.
Integrating data recovery into a DR plan
An organization's disaster recovery plan should identify the people in the organization
responsible for recovering data, provide a strategy for how data will be recovered, and document
acceptable recovery point and recovery time objectives. It should also include the steps to take in
recovering data.
For example, if a building is inoperable, affected business units must be advised to
prepare to relocate to an alternate location. If hardware systems have been damaged or destroyed,
processes must be activated to recover damaged hardware. Processes to recover
damaged software should also be part of the DR plan.
Some resources worth reviewing are the National Institute for Standards and
Technology SP 800-34 standard, as well as ISO 24762 and 27031 standards.
A business impact analysis can help an organization understand its data requirements and
identify the minimum amount of time needed to recover data to its previous state. One challenge
to data loss and data recovery is getting a handle on the unstructured data stored on various
devices.
But there are steps that can mitigate the damage. Start by classifying data based on its
sensitivity and determine which classifications must be secured. Then, determine how much data
would have to be compromised to affect the organization. Undertake a risk assessmentto
determine what controls are needed to protect sensitive data. Finally, put systems in place to
store and protect that content.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 14