Chapter 6

Security and protection

Outlines:
Overview of system security
• Policies and mechanism of system security
System protection, authentication
• Models of protection
• Memory protection
• Encryption
Recovery management
Overview of system security
• Security refers to providing a protection to computer system resources
such as CPU, memory, disk, software programs and most importantly
data/information stored in the computer system.

• If a computer program is run by an unauthorized user, then he/she may

cause damage to computer or data stored in it.

• So a computer system must be protected against unauthorized access,

malicious access to system memory.
Overview of system security…
• Operating system security (OS security) is the process of ensuring OS
integrity, confidentiality and availability.

• OS security refers to specified steps or measures used to protect OS

from threats, viruses, worms, malware or remote hacker intrusions.

• OS security encompasses all preventive-control techniques, which

safeguard any computer assets capable of being stolen, edited or
deleted if OS security is compromised.
Overview of system security…
The Security Problem

Security must consider external environment of the system, and

protect it from:
Unauthorized access.

Malicious modification or destruction

Accidental introduction of inconsistency.

 We say that the system is secure if its resources are used and accessed
as intended under all circumstances.
The Security Problem…
 Unfortunately total security cannot be achieved.

 It is easier to protect against accidental misuse than malicious misuse.

 Intruder or cracker: attempt to breach the security

 Threat: potential of security violation such as discovery of

vulnerability

• Attack: an attempt to break security

Form of malicious access
Breach of confidentiality: Unauthorized reading of data (theft of
information)

Breach of integrity: Unauthorized modification of data

Breach of availability: Unauthorized destruction of data

Theft of service: Unauthorized use of resources.

Denial of service: Preventing legitimate use of the system (denial of

service)
Policies and mechanism of system security
 A security policy is a statement of what is allowed, and what is not
allowed which reflects an organization‘s strategy to authorize access to
the computer‘s resources
Managers have access to personnel files

OS processes have access to the page table

• A security mechanism is a method, tool, or procedure for enforcing a

security policy.
Policies and mechanism of system security…
• Authentication mechanisms are the basis of most protection mechanisms
which are
1. External Authentication
User/process authentication
Authentication in networks

2. Internal Authentication
Sharing parameters
Confinement
Allocating rights
Trojan horse
System protection, authentication
 System Protection is especially important in a multiuser environment
when multiple users use computer resources such as CPU, memory,
etc.
 It is the operating system's responsibility to offer a mechanism that
protects each process from other processes.
 In a multiuser environment, all assets that require protection are
classified as objects, and those that wish to access these objects are
referred to as subjects.
 The operating system grants different access rights to different
subjects.
System protection, authentication…
 System protection allows multiple users to safely share a common
logical namespace, including a directory or files.
 It needs the protection of computer resources like the software,
memory, processor, etc.
 Users should take protective measures as a helper to
multiprogramming OS so that multiple users may safely use a
common logical namespace like a directory or data.
 Protection may be achieved by maintaining confidentiality, honesty
and availability in the OS.
 It is critical to secure the device from unauthorized access, viruses,
worms, and other malware.
Models of protection
• Active parts (e.g. processes or threads) are called subjects and act on behalf
of users.
• Passive parts (i.e. resources) are called objects.
• The particular set of rights a process has at any given time is referred to as
its protection domain.
• A subject is a process executing in a specific protection domain.
• A protection system is composed of a set of objects, a set of subjects, and a
set of rules specifying the protection policy.
• What mechanism to implement different security policies for subjects to
access objects
Many different policies must be possible
Policy may change over time
Memory protection
 One of the important aspects of Operating system security is Memory
Protection.
 Memory provides powerful indirect way for an attacker to circumvent
security mechanism, since every piece of information accessed by any
program will need to reside in memory at some point in time, and
hence may potentially be accessed in the absence of memory
protection mechanisms.
 Memory protection is a way for controlling memory usage on a
computer, and is core to virtually every operating system.
Memory protection…
• Its main purpose is to prevent a process running on an operating
system from accessing the memory of other processes, or is used by
the OS kernel.

• This prevents a bug within the process from affecting other processes,
and also prevents malicious software from gaining unauthorized
access to the system, e.g., suppose that process A is permitted access to
a file F, while process B is not.
Memory protection…
• Process B can bypass this policy by attempting to read F's content that
will be stored in A's memory immediately after A reads F.

• Alternatively, B may attempt to modify the access control policy that

is stored in the OS memory so that the OS thinks that B is permitted
access to this file.
Encryption
Encryption: Encrypt clear text into cipher text.
Properties of good encryption technique:
Relatively simple for authorized users to encrypt and decrypt data.
Encryption scheme depends not on the secrecy of the algorithm but on
a parameter of the algorithm called the encryption key.
Extremely difficult for an intruder to determine the encryption key.
Data Encryption Standard substitutes characters and rearranges their
order on the basis of an encryption key provided to authorize users via
a secure mechanism. Scheme only as secure as the mechanism.
Encryption…
 RSA: is one of the first practical public-key cryptosystems and is
widely used for secure data transmission.
 In such a cryptosystem, the encryption key is public and differs from
the decryption key which is kept secret.
Four levels of security measures must be taken
1. Physical- Against armed or surreptitious entry by intruders.

2. Human- Careful screening of users to reduce the chance of unauthorized

access.

3. Network- No one should intercept the data on the network.

4. Operating system- The system must protect itself from accidental or

purposeful security beaches.

A weakness at a high level of security allows circumvention of low-level

measures.
Security measures at OS level
 User authentication: Verifying the user‘s authentication

 Program threats: Misuse of programs.

 System threats: Worms and viruses

 Intrusion detection: Detect attempted intrusions or successful

intrusions and initiate appropriate responses to the intrusions.

 Cryptography: Ensuring protection of data over network

Program Threats
1. Trojan horse: Code segment that misuses its environment.
 Exploits mechanisms for allowing programs written by users to be executed
by other users.
2. Trap Door
 The designer of the code might leave a hole in the software that only she is
capable of using.
 Specific user identifier or password that circumvents normal security
procedures.
 Could be included in a compiler.
 Stack and Buffer Overflow
 Exploits a bug in a program (overflow either the stack or memory buffers.)
Program Threats…
3. Stack and Buffer Overflow: This is a classic method of attack,
which exploits bugs in system code that allows buffers to overflow.
The attacker determines the vulnerability and writes a program to do
the following.
 Overflow an input-field, command-line argument, or input buffer until
it writes into the stack.
 Overwrite the current return address on the stack with the address of
the exploit code in the next step.
 Write a simple set of code for the next space in the stack that includes
commands that the attacker wishes to execute, for example, spwan a
shell.
System Threats
1. Worms – use spawn mechanism; standalone program. The worm
spawns copies of itself, using up systems resources and perhaps locking
out system use by all other processes.
2. Viruses – fragment of code embedded in legitimate program.
 Mainly affect microcomputer systems.
 Downloading viral programs from public bulletin boards or
exchanging floppy disks containing an infection.
3. Denial of Service
 Overload the targeted computer preventing it from doing any useful
work.
 Partially started TCP/IP sessions could eat up all resources.
System Threats…
Firewall: is a computer or router that sits between trusted and untrusted
systems.

 It monitors and logs all connections and limits network access between
these two security domains.

Spoofing: An unauthorized host pretends to be an authorized host by

meeting some authorization criterion.

Intrusion Detection: Detect attempts to intrude into computer systems.

• Alerting the administrator, killing the intrusion process, false resource
is exposed to the attacker (but the resource appears to be real to the
attacker) to gain more information about the attacker.

• The solutions are known as intrusion detection systems.

System call monitoring: Detects when a process is deviating from
expected system call behavior.

Cryptography: Eliminate the need to trust the network. Cryptography

enables a recipient of a message to verify that the message was created
by some computer possessing a certain key.

• Keys are designed to be computationally infeasible to derive from the

messages.