DEV Community

Harsh Mishra
Harsh Mishra

Posted on

Protection and Security: Operating System

#os #linux #ubuntu #beginners

Guide to Protection and Security in Operating Systems

Protection and security are fundamental components of an operating system (OS), ensuring system stability, user privacy, and safe execution of processes. Below is a detailed explanation of the key concepts, terminologies, mechanisms, and strategies used in operating systems for protection and security.

1. Protection in Operating Systems

Definition:
Protection refers to mechanisms that control access to system resources, ensuring that programs, processes, and users only perform authorized operations.

Goals of Protection:

  1. Prevent Accidental or Malicious Misuse: Safeguard the system from incorrect use.
  2. Ensure Data Integrity: Protect files and data from unauthorized modification.
  3. Ensure Confidentiality: Restrict access to sensitive information.
  4. Enable Controlled Sharing: Allow legitimate resource sharing between processes/users.

Key Terminologies in Protection:

  1. Domain:

    • A set of access rights defining the resources a process or user can access.
    • Examples: User domain, kernel domain.

  2. Access Matrix:

    • A table that specifies the access rights of each domain to various system objects (files, devices, etc.).
    • Rows: Domains.
    • Columns: Objects.
    • Entries: Access rights (e.g., read, write, execute).

  3. Access Control List (ACL):

    • A list associated with each object specifying which users or domains have what access.
    • Example: File F might have an ACL:
      • User A: Read, Write
      • User B: Read Only

  4. Capabilities:

    • Tokens or keys associated with users/processes that grant access to objects.
    • Example: A process might hold a capability allowing it to read a specific file.

  5. Principle of Least Privilege:

    • Each process/user is granted the minimum privileges required to complete its task.

Protection Mechanisms:

  1. Hardware-Based Mechanisms:

    • Memory Protection: Restricts processes from accessing unauthorized memory regions using base and limit registers.
    • Modes of Operation: User mode and kernel mode to separate application-level and system-level operations.

  2. Software-Based Mechanisms:

    • Protection Rings: A hierarchy of privilege levels (Ring 0 for kernel, Ring 3 for user processes).
    • Sandboxing: Running applications in isolated environments to restrict their access to resources.

2. Security in Operating Systems

Definition:
Security focuses on defending the system from external and internal threats, such as unauthorized access, data breaches, and malicious software.

Goals of Security:

  1. Confidentiality: Protecting data from unauthorized access.
  2. Integrity: Ensuring data remains accurate and unaltered.
  3. Availability: Guaranteeing that resources are accessible to authorized users when needed.
  4. Accountability: Tracking user activities to ensure responsibility.

Key Terminologies in Security:

  1. Authentication:

    • Verifying the identity of a user or process.
    • Methods:
      • Something You Know: Passwords, PINs.
      • Something You Have: Smart cards, tokens.
      • Something You Are: Biometrics (fingerprints, facial recognition).

  2. Authorization:

    • Determining whether an authenticated user has permission to access a resource.

  3. Auditing:

    • Recording user activities and system events for accountability and forensic analysis.

  4. Threats and Vulnerabilities:

    • Threat: A potential danger to a system (e.g., malware, hacking attempts).
    • Vulnerability: A weakness that can be exploited by threats (e.g., unpatched software).

Security Violations

Security violations can be intentional (malicious) or accidental. It is easier to protect against accidental misuse than malicious threats. Common violations include:

  1. Breach of Confidentiality:

    • Unauthorized reading or theft of data.
    • Examples: Identity theft, stealing credit card details.

  2. Breach of Integrity:

    • Unauthorized modification of data.
    • Examples: Altering source code, modifying financial records.

  3. Breach of Availability:

    • Destruction or denial of access to resources.
    • Examples: Website defacement, data deletion.

  4. Theft of Service:

    • Unauthorized use of system resources.
    • Example: Running unauthorized services or processes.

  5. Denial of Service (DoS):

    • Preventing legitimate users from accessing services.
    • Example: Flooding servers with excessive traffic.

Types of Security Threats

Security threats in operating systems can originate from various sources and can be classified into the following categories:

1. External Threats

These originate from outside the organization or system and include:

  • Malware: Software designed to disrupt, damage, or gain unauthorized access, such as viruses, worms, and Trojan horses.
  • Phishing: Fraudulent attempts to steal sensitive information by mimicking legitimate entities.
  • Denial of Service (DoS) Attacks: Overloading a system with excessive requests to render it unavailable.

2. Internal Threats

Threats that arise from within the organization or system, often involving trusted users or processes:

  • Privilege Escalation: Exploiting vulnerabilities to gain unauthorized higher-level access.
  • Insider Threats: Malicious or negligent actions by authorized personnel leading to security breaches.

3. Passive Threats

These involve unauthorized monitoring or interception of data without altering the system:

  • Eavesdropping: Listening to private communications without permission.
  • Snooping: Unauthorized access to files or data.
  • Data Interception: Capturing data during transmission.

4. Active Threats

Active threats involve intentional actions to alter, disrupt, or damage system operations:

  • Tampering: Modifying data or system configurations maliciously.
  • Denial of Service (DoS): Preventing legitimate use of resources.
  • Unauthorized Changes: Gaining access to alter critical system settings or files.

Common Attack Techniques

  1. Masquerading

    • Pretending to be someone else, such as another user or host, to gain unauthorized access.
    • Example: Spoofing IP addresses or email identities.

  2. Replay Attacks

    • Capturing and repeating valid data transmissions to exploit the system.
    • Example: Replaying a financial transaction to steal money.

  3. Man-in-the-Middle Attacks

    • Intercepting communication between two parties and potentially modifying the data being exchanged.
    • Often paired with session hijacking for greater impact.

  4. Social Engineering

    • Manipulating individuals into divulging confidential information or performing specific actions.
    • Techniques:
      • Phishing: Creating fake emails or websites to trick users into providing sensitive data.
      • Dumpster Diving: Searching discarded materials for sensitive information, such as passwords or personal data.

  5. Backdoor

    • A hidden entry point into a system, often inserted during software development or installed by malware.
    • Used for unauthorized access or control.

  6. Trojan Horse

    • A seemingly legitimate program that performs malicious actions once executed.

  7. Trap Door

    • Deliberately embedded vulnerabilities in software, allowing exploitation by attackers.

4. Security Mechanisms

  1. Encryption:

    • Converts data into a secure format to prevent unauthorized access.
    • Types:
      • Symmetric Encryption: Same key for encryption and decryption.
      • Asymmetric Encryption: Public and private key pair.

  2. Firewalls:

    • Filters incoming and outgoing traffic to prevent unauthorized access.

  3. Intrusion Detection Systems (IDS):

    • Monitors network/system activities to detect malicious behavior.

  4. Access Controls:

    • Discretionary Access Control (DAC): Owners define access permissions.
    • Mandatory Access Control (MAC): Centralized policies determine access.

  5. Antivirus and Anti-Malware:

    • Scans and removes malicious software from the system.

5. Deadlock and Security

Deadlocks can pose security risks if attackers deliberately hold resources to disrupt system operations. Proper handling includes:

  • Deadlock Prevention: Ensures system allocation policies prevent circular wait conditions.
  • Deadlock Detection: Periodically checks for resource allocation cycles.

6. Summary Table of Protection vs. Security

Aspect Protection Security
Definition Controls access to system resources. Defends the system against internal/external threats.
Focus Misuse prevention and access control. Threat defense, data confidentiality, and integrity.
Mechanisms Access matrices, ACLs, capabilities. Authentication, encryption, firewalls.
Scope Internal processes and resource management. External attacks and system vulnerabilities.

7. Conclusion

Protection and security are essential to ensuring the stability, integrity, and reliability of operating systems. While protection focuses on managing internal access to system resources, security is broader and aims to shield the system from external threats. A robust OS integrates both aspects to maintain user trust, system performance, and data safety.

Top comments (0)

Read next

sathyaanand profile image

10 ChatGPT Prompts Secure Dream Job

Sathya Anand -

jaysaadana profile image

Journey from 0 to DevRel

Jay Saadana -

sathish_balaji_2003 profile image

Day - 1 of Java

SATHISH BALAJI -

codewithshahan profile image

10 Bulletproof Rules for Writing Clean Code 🔥

Programming with Shahan -