Operating System - Security
Security
refers to providing a protection system to computer system resources such as
CPU, memory, disk, software programs and most importantly data/information
stored in the computer system. If a computer program is run by an unauthorized
user, then he/she may cause severe damage to computer or data stored in it. So
a computer system must be protected against unauthorized access, malicious
access to system memory, viruses, worms etc. We're going to discuss following
topics in this chapter.
- Authentication
- One Time
passwords
- Program Threats
- System Threats
- Computer
Security Classifications
Authentication
Authentication
refers to identifying each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to
create a protection system which ensures that a user who is running a
particular program is authentic. Operating Systems generally
identifies/authenticates users using following three ways −
· Username / Password − User need to enter a registered username and
password with Operating system to login into the system.
· User card/key − User need to punch card in card slot, or
enter key generated by key generator in option provided by operating system to
login into the system.
· User attribute -
fingerprint/ eye retina pattern/ signature −
User need to pass his/her attribute via designated input device used by
operating system to login into the system.
One Time passwords
One-time
passwords provide additional security along with normal authentication. In
One-Time Password system, a unique password is required every time user tries
to login into the system. Once a one-time password is used, then it cannot be
used again. One-time password are implemented in various ways.
· Random numbers − Users are provided cards having numbers
printed along with corresponding alphabets. System asks for numbers
corresponding to few alphabets randomly chosen.
· Secret key − User are provided a hardware device which
can create a secret id mapped with user id. System asks for such secret id
which is to be generated every time prior to login.
· Network password − Some commercial applications send one-time
passwords to user on registered mobile/ email which is required to be entered
prior to login.
Program Threats
Operating
system's processes and kernel do the designated task as instructed. If a user
program made these process do malicious tasks, then it is known as Program
Threats. One of the common example of program threat is a program installed in
a computer which can store and send user credentials via network to some
hacker. Following is the list of some well-known program threats.
· Trojan Horse − Such program traps user login credentials
and stores them to send to malicious user who can later on login to computer
and can access system resources.
· Trap Door − If a program which is designed to work as
required, have a security hole in its code and perform illegal action without
knowledge of user then it is called to have a trap door.
· Logic Bomb − Logic bomb is a situation when a program
misbehaves only when certain conditions met otherwise it works as a genuine
program. It is harder to detect.
· Virus − Virus as name suggest can replicate
themselves on computer system. They are highly dangerous and can modify/delete
user files, crash systems. A virus is generatlly a small code embedded in a
program. As user accesses the program, the virus starts getting embedded in
other files/ programs and can make system unusable for user
System Threats
System
threats refers to misuse of system services and network connections to put user
in trouble. System threats can be used to launch program threats on a complete
network called as program attack. System threats creates such an environment
that operating system resources/ user files are misused. Following is the list
of some well-known system threats.
· Worm − Worm is a process which can choked down a
system performance by using system resources to extreme levels. A Worm process
generates its multiple copies where each copy uses system resources, prevents
all other processes to get required resources. Worms processes can even shut
down an entire network.
· Port Scanning − Port scanning is a mechanism or means by
which a hacker can detects system vulnerabilities to make an attack on the
system.
· Denial of Service − Denial of service attacks normally prevents
user to make legitimate use of the system. For example, a user may not be able
to use internet if denial of service attacks browser's content settings.
Computer Security Classifications
As per
the U.S. Department of Defense Trusted Computer System's Evaluation Criteria
there are four security classifications in computer systems: A, B, C, and D.
This is widely used specifications to determine and model the security of
systems and of security solutions. Following is the brief description of each
classification.
|
S.N.
|
Classification Type & Description
|
|
1
|
Type A
Highest
Level. Uses formal design specifications and verification techniques. Grants
a high degree of assurance of process security.
|
|
2
|
Type B
Provides
mandatory protection system. Have all the properties of a class C2 system.
Attaches a sensitivity label to each object. It is of three types.
· B1 − Maintains the security label of each
object in the system. Label is used for making decisions to access control.
· B2 − Extends the sensitivity labels to each
system resource, such as storage objects, supports covert channels and
auditing of events.
· B3 − Allows creating lists or user groups for
access-control to grant access or revoke access to a given named object.
|
|
3
|
Type C
Provides
protection and user accountability using audit capabilities. It is of two
types.
· C1 − Incorporates controls so that users can
protect their private information and keep other users from accidentally
reading / deleting their data. UNIX versions are mostly Cl class.
· C2 − Adds an individual-level access control to
the capabilities of a Cl level system.
|
|
4
|
Type D
Lowest
level. Minimum protection. MS-DOS, Window 3.1 fall in this category.
|
