SECURITY AND PROTECTION

Rutherford, Andrew (Mr) (Summerstrand Campus North)

NELSON MANDELA UNIVERSITY
TABLE OF CONTENTS
TABLE OF CONTENTS ........................................................................................................ 1
Introduction ........................................................................................................................... 2
Protection.............................................................................................................................. 2
The What and Why of Protection ....................................................................................... 2
Principle of least privilege .............................................................................................. 2
Domain of Protection ......................................................................................................... 3
Domain Structure ........................................................................................................... 3
Access Control .................................................................................................................. 4
Protection Summary .......................................................................................................... 4
Security ................................................................................................................................. 5
Authentication.................................................................................................................... 5
Categories of Violations ..................................................................................................... 5
Four levels of System Protection ....................................................................................... 6
Program Threats ............................................................................................................... 7
System and Network Threats ............................................................................................ 7
Computer-Security Classifications ..................................................................................... 8
Bibliography .......................................................................................................................... 9

Page 1 of 9
Introduction
Every computing system has two conflicting needs:

• Sharing of resources and

• Protection of resources
The evolution of computing from standalone systems, to a few interconnected computer
systems to the world-wide interconnected networks of systems has had a huge impact on
security and protection mechanisms. Protection mechanisms control access to a system by
limiting the types of file access permitted to users as well as ensuring that only processes that
have gained proper authorization from the operating system can operate in/on memory, the
CPU, and other resources. Security mechanisms ensures the authentication of system users
to protect the integrity of the information stored in the system and control access to the physical
resources of the computer system.

Protection
Protection mechanisms control access to a system by limiting the types of file access
permitted to users as well as ensuring that only processes that have gained proper
authorization from the operating system can operate in/on memory, the CPU, and other
resources. Protection thus concerns itself primarily with protecting files and other resources
from accidental misuse by cooperating users sharing a system, generally using the computer
for normal purposes.

The What and Why of Protection

The need to protect the integrity computer systems has grown and developed parallel to the
complexity and widespread adoption of these systems. Protection is required for a host of
reasons some of which include preventing the mischievous, intentional violation of an access
restriction by a user and more generally that all active processes use system resources
according to stated policies – this is critical for reliable system.
Policies governing resource usage can be established in a number of ways

• Fixed in the design of a system

• Formulated by the management of a system
• Defined by individual users for protection of personal files and programs
As an aside, mechanisms determine how something will be done; whereas policies dictate
what should be done.

Principle of least privilege

A guiding principle of protection in the design of operating systems is that of the principle of
least privilege. This specifies that programs, users or systems should be given just enough
privileges to perform their tasks. No more. No Less An operating system implementing the
principle of least privilege implements all components (features, programs, system calls, and
data structures) such that failure or compromise of any component does minimum damage.
For example, the overflow of a buffer in an operating system background process might cause
the process to fail, for example, but should not allow the execution of code from the process’s
stack that would enable a remote user to gain maximum privileges and access to the entire
system.

Page 2 of 9
Users can be managed adhering to the same principle of least privilege. Thus, a user should
only have the minimum privileges required to perform their job. Role-based access control
(RBAC) can provide this functionality. Privileges can be allocated to clearly defined roles.
Users can then be assigned to a specific role/s based on what their job requires.

Domain of Protection
A computer can be viewed as a collection of processes and objects, both hardware (CPU,
printer, disks etc.) and software (files, programs etc.). The need-to-know principle states
that a process should only be allowed to access those resources it requires to complete its
task and only in the modes required to complete its task. Once again this can limit the
damage a faulty process can cause to a system. Consider Process A is running. It calls a
procedure P with the call P(x, y). While P is running it should only have access to its own
internal variables and the parameters it received i.e. x and y.

Domain Structure
• A protection domain specifies the resources that a process may access.
• Each domain defines a set of objects and the types of operations that may be
invoked on each object.
• An access right is the ability to execute an operation on an object.
• A domain is defined as a set of < object, {access right set} > pairs, as shown below.
Note that some domains may be disjoint while others overlap.

Figure 1. System with three protection domains

If a process were executing in Domain D1 it could read and write O3 and O1 and execute O2
but perform no other actions with them. Domains may also share access rights. For
example, observe that D2 and D3 share print right to O4.
A domain may be

• User – the set of objects that can be accessed depends on identity of user
• Process – the set of objects that can be accessed depends on identity of process
• Procedure – the set of objects that can be accessed are the local variables declared
within the procedure

Page 3 of 9
Access Control
Role-based access control (RBAC) centres on privileges e.g. reading or writing to a file.
Privileges can be assigned to processes, limiting them to exactly the access they need to
perform their work. Privileges and programs can also be assigned to roles. Users are assigned
roles or can take roles based on passwords to the roles. In this way, a user can take a role
that enables a privilege, allowing the user to run a program to accomplish a specific task, as
depicted in figure 2 below. This implementation of RBAC decreases user security risk as each
user is assigned access according to their role.

Figure 2. Role-based access control

Protection Summary
Computer systems contain many objects which need protection from misuse. Objects may
be hardware or software. Access rights are permissions to perform an operation on an object
and a domain is a set of access rights. Processes execute in domains and may use any of
the access rights in the domain to access and manipulate objects.

Page 4 of 9
Security
Security mechanisms ensures the authentication of system users to protect the integrity of the
information stored in the system and control access to the physical resources of the computer
system. Security deals with protecting systems from deliberate attacks, either internal or
external, from individuals intentionally attempting to steal information, damage information, or
otherwise deliberately wreak havoc in some manner.

Authentication
Authentication refers to identifying each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to create a
protection system which ensures that a user who is running a program is authentic.
Operating Systems generally authenticate users using the following methods
• Username / Password − User need to enter a registered username and password
with Operating system to login into the system.
• User card/key − User need to punch card in card slot, or enter key generated by key
generator in option provided by operating system to login into the system.
• User attribute - fingerprint/ eye retina pattern/ signature − User need to pass
his/her attribute via designated input device used by operating system to login into
the system.

Categories of Violations
Security violations can either be intentional and thus malicious or accidental. Protection
mechanisms discussed earlier typically deal with protection from accidents.

• Breach of Confidentiality - Theft of private or confidential information, such as

credit-card numbers, trade secrets, patents, secret formulas, manufacturing
procedures, medical information, financial information, etc.

• Breach of Integrity - Unauthorized modification of data, which may have serious

indirect consequences. For example, a popular game or other program's source code
could be modified to open up security holes on users’ systems before being released
to the public, or increasing the balance of an account by modifying stored database

• Breach of Availability - Unauthorized destruction of data, often just for the "fun" of
causing havoc and for bragging rights. Vandalism of web sites is a common form of
this violation.

• Theft of Service - Unauthorized use of resources, such as theft of CPU cycles, or

tapping into the target's telephone or networking services.

• Denial of Service (DOS) - Preventing legitimate users from using the system, often
by overloading and overwhelming the system with an excess of requests for service.

• Masquerading - in which the attacker pretends to be a trusted third party. A variation

of this is the man-in-the-middle, in which the attacker masquerades as both ends of
the conversation to two targets.

Page 5 of 9
 • Replay attack - involves repeating a valid transmission. Sometimes this can be the
entire attack, (such as repeating a request for a money transfer), or other times the
content of the original message is replaced with malicious content.

Four levels of System Protection

1. Physical – Physically secure entry to locations containing computer systems,
servers, workstations etc. Physical protection is made more difficult today by the
possibility of remote access.

2. Human - Humans who are allowed access to a system must be trustworthy, and that
they cannot be coerced or tricked into breaching security. Social engineering attacks
are common today. Social engineering attempts to fool trustworthy people into
accidentally breaching security. Phishing is a popular social engineering attack where
a legitimate looking email can play upon the human nature towards greed or fear.
One should also be careful as to what is thrown away as dumpster diving can also
yield sensitive information. Password cracking is possible when user passwords can
be guessed based on prior knowledge of a user e.g. pet’s name, children mnales,
birthdates etc. A strong password should have at least 8 characters, combine upper
and lowercase letters, numbers and special characters.

3. Operating System - The OS must protect itself from security breaches, such as
runaway processes (denial of service), memory-access violations, stack overflow
violations (https://youtu.be/B4v56Ns3QhQ), the launching of programs with
excessive privileges, and many others.

4. Network - Both protecting the network itself from attack and protecting the local
system from attacks coming in through the network. As wireless communications and
portable devices become more pervasive this will become more of an issue

Unfortunately, no matter how good security levels 3 & 4 are they can be completely
obliterated by human failings.

Page 6 of 9
Program Threats
Operating system's manage running programs (processes). A program can be specifically
written to create a breach of security thus becoming a Program Threat. A common example
of a program threat is a program installed in a computer which can store and send user
credentials via network to some hacker.
• Trojan Horse – May well have a useful purpose but hides its true intent. For example,
a text editor that scans for certain words in a document which if found will result in
entire document being emailed to someone else.
• Trap Door - concealed means of bypassing security to gain access to a restricted part
of a computer system. For example, a programmer may insert a piece of code that
would allow them access to a computer or secure area using a password that only
they know.
• Logic Bomb − Logic bomb is a situation when a program misbehaves only when
certain conditions met otherwise it works as a genuine program. It is harder to detect.
• Virus − is a program which can harm our device and files and infect them for no further
use. When a virus program is executed, it replicates itself by modifying other computer
programs and instead enters its own coding. This code infects a file or program and if it
spreads massively, it may ultimately result in crashing of the device.
• Stack and Buffer Overflow - exploits a bug in a program. The bug can be a simple
case of poor programming, in which the programmer omitted bounds checking an
input field. An attacker can then send more data than the program was expecting.
https://youtu.be/B4v56Ns3QhQ

System and Network Threats

Involves the abuse of services and network connections resulting in operating-system
resources and user files being misused.
• Worm − A worm is a process that uses the spawn mechanism to duplicate itself. The
worm spawns copies of itself, using up system resources and perhaps locking out all
other processes.

Page 7 of 9
 • Port Scanning − A port is a virtual point where network connections start and end.
Ports are software-based and managed by a computer's operating system. Each port
is associated with a specific process or service. Ports allow computers to easily
differentiate between different kinds of traffic: emails go to a different port than
webpages, for instance, even though both reach a computer over the same Internet
connection. Port scanning is a technique hackers use to discover open doors or weak
points in a network. A port scan attack helps cyber criminals find open ports and figure
out whether they are receiving or sending data. It can also reveal whether active
security devices like firewalls are being used by an organization. When hackers send
a message to a port, the response they receive determines whether the port is being
used and if there are any potential weaknesses that could be exploited. Businesses
can also use the port scanning technique to send packets to specific ports and analyse
responses for any potential vulnerability.
• Denial of Service − Denial of service attacks prevent legitimate use of the system.
For example, flooding an email server with spam. A distributed denial-of-service
(DDOS) attack is launched from multiple sites at once, toward a common target

Computer-Security Classifications

No computer system can be 100% secure and attempts to make it so can quickly make it
unusable. A balance must be struck between security and usability i.e. establish a level of
security where one feels "safe" using a given computer system for particular security needs.
The U.S. Department of Défense’s "Trusted Computer System Evaluation Criteria" defines
four broad levels of trust, and sub-levels in some cases:

Level Description
Used used for systems that have failed to meet the requirements of any of the
D
other security classes. E.g. MS-DOS and Windows 3.1 are in division D.
Provides protection and user accountability using audit capabilities. It is of two
types.

Incorporates controls so that users can protect their private information and
C
C1 keep other users from accidentally reading / deleting their data. UNIX
versions are mostly Cl class.
Adds an individual-level access control to the capabilities of a Cl level
C2
system
Provides mandatory protection system. Have all the properties of a class C2
system. Attaches a sensitivity label to each object. It is of three types.

Maintains the security label of each object in the system. Label is used for
B1
making decisions to access control.
B
Extends the sensitivity labels to each system resource, such as storage
B2
objects, supports covert channels and auditing of events.
Allows creating lists or user groups for access-control to grant access or
B3
revoke access to a given named object.
Highest Level. Uses formal design specifications and verification techniques.
A
Grants a high degree of assurance of process security.

Page 8 of 9
Bibliography
Arpaci-Dusseau, R. H., & Arpaci-Dusseau, A. C. (2018). Operating Systems: Three Easy
Pieces. Wisconsin: Arpaci-Dusseau Books. Retrieved from http://www.ostep.org
JavaTpoint. (2011, 01 01). What is a File System? Retrieved February 22, 2022, from
https://www.javatpoint.com/: https://www.javatpoint.com/file-system
Palmer, M., & Walters, M. (2011). Guide to Operating Systems. Boston: Cengage Learning.
Silberschatz, A., Baer Galvin, P., & Gagne, G. (2018). Operating System Concepts.
Hoboken: John Wiley & Sons, Inc.
Tannenbaum, A., & Bos, H. (2015). Modern Operating Systems. New Jersey: Pearson.
Tutorialspoint. (2021, 01 01). Operating System Tutorial. Retrieved from Tutorialspoint.com:
https://www.tutorialspoint.com/operating_system/
W3Schools. (2019, 01 01). Operating System Tutorial Library. Retrieved 2022, from
W3Schools: https://www.w3schools.in/operating-system-tutorial

Page 9 of 9