Unit 7 Protection and Security

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 18

UNIT 7- PROTECTION AND SECURITY

By - Waleed
Sumuk
Anusha
Snehal
Protection
• protection mechanisms control access to a system by limiting the types
• of file access permitted to users. We can use various mechanisms to ensure
• that only processes that have gained proper authorization from the operating
• system can operate on the files, memory segments, CPU, and other resources
• of a system.

Security
• Security ensures the authentication of system users to protect the
• integrity of the information stored in the system (both data and code),
• and the physical resources of the computer system. It prevents unauthorized
access, malicious
• destruction, alteration of data, and accidental introduction of inconsistency.
GOALS OF PROTECTION
• The need to prevent the mischievous, intentional violation of an access restriction by any user.
• Protection can improve reliability by detecting latent errors at the interfaces between component
subsystems and also Early detection of interface errors can often prevent contamination of a
healthy subsystem by a malfunctioning subsystem.
• The unprotected resource cannot defend against use (or misuse) by an unauthorized or
incompetent user so A protection-oriented system provides means to distinguish between
authorized and unauthorized usage .
• The role of protection in a computer system is to provide a mechanism for the enforcement of the
policies governing resource use. A protection system must have the flexibility to enforce variety of
policies to a system.
• The application programmer needs to use protection mechanisms as well, to guard resources
created and supported by an application subsystem against being misused. Application designers
can also use them as well in designing their own protection software.
• The separation of policy and mechanism is important for flexibility. Policies are likely to change
from place to place or time to time. In the worst case, every change in policy would require a
change in the underlying mechanism. Using general mechanisms enables us to avoid such a
situation
Principles of Protection
• The principle of least privilege dictates that programs, users, and systems be given just
enough privileges to perform their tasks.
• This ensures that failures do the least amount of harm and allow the least of harm to be done.
• The passkey allows access to all areas, then damage from its being lost, stolen, misused,
copied, or otherwise compromised will be much greater.
• Typically each user is given their own account, and has only enough privilege to modify their
own files.
• The root account should not be used for normal day to day activities - The System
Administrator should also have an ordinary account, and reserve use of the root account for
only those tasks which need the root privileges.
• An operating system following the principle of least privilege implements its features,
programs, system calls, and data structures so that failure or compromise of a component does
the minimum damage and allows the minimum damage to be done.
• Computers implemented in a computing facility under the principle of least privilege can be
limited to running specific services, accessing specific remote hosts via specific services, and
doing so during specific times.
Domain of Protection

• A computer can be viewed as a collection of processes and objects (


both HW & SW ).
• The need to know principle states that a process should only have
access to those objects it needs to accomplish its task, and furthermore
only in the modes for which it needs access and only during the time
frame when it needs access.
• The modes available for a particular object may depend upon its type.
The need-to-know principle, is useful in limiting the amount of
damage a faulty process can cause in the system.
DOMAIN STRUCTURE

that a process executing in either of these two domains can print object 04. Note that a process must be
executing in domain
D1 to read and write object 01, while only processes in domain D3 may execute object we have three
domains: D1, D2, and D3 .
The access right < O4, {print}> is shared by D2 and D3, implying 01.

If the association is dynamic, a mechanism is available to allow domain switching


enabling the process to switch from one domain to another.
A domain can be realized in a variety of ways:
• Each user may be a domain. In this case, the set of objects that can be accessed depends on the
identity of the user. Domain switching occurs when the user is changed -generally when one user
logs out and another user logs in.
• Each process may be a domain. The set of objects that can be accessed depends on the identity of
the process. Domain switching occurs when one process sends a message to another process and
then waits for a response.
• Each procedure may be a domain. The set of objects that can be accessed corresponds to the local
variables defined within the procedure.
• Domain switching occurs when a procedure call is made.
Security Problem

• Security deals with protecting systems from deliberate attacks, either


internal or external, from individuals intentionally attempting to steal
information, damage information, or otherwise deliberately wreak havoc in
some manner.
• Some of the most common types of violations include:
• Breach of Confidentiality - Theft of private or confidential information, such as
credit-card numbers, trade secrets, patents, secret formulas, manufacturing
procedures, medical information, financial information, etc.
• Breach of Integrity - Unauthorized modification of data, which may have serious
indirect consequences. For example a popular game or other program's source code
could be modified to open up security holes on users systems before being released to
the public.
• Breach of Availability - Unauthorized destruction of data, often just for the "fun" of
causing havoc and for bragging rites. Vandalism of web sites is a common form of
this violation.
• Theft of Service - Unauthorized use of resources, such as theft of CPU cycles,
installation of daemons running an unauthorized file server, or tapping into the
target's telephone or networking services.
• Denial of Service, DOS - Preventing legitimate users from using the system,
often by overloading and overwhelming the system with an excess of requests
for service.

• One common attack is masquerading, in which the attacker pretends to be a


trusted third party. A variation of this is the man-in-the-middle, in which the
attacker masquerades as both ends of the conversation to two targets.
• A replay attack involves repeating a valid transmission. Sometimes this can be the
entire attack, ( such as repeating a request for a money transfer ), or other times
the content of the original message is replaced with malicious content.
Authentication

• Authentication refers to identifying each user of the system and associating


the executing programs with those users. It is the responsibility of the
Operating System to create a protection system which ensures that a user
who is running a particular program is authentic. Operating Systems
generally identifies/authenticates users using following three ways −
• Username / Password − User need to enter a registered username and
password with Operating system to login into the system.
• User card/key − User need to punch card in card slot, or enter key
generated by key generator in option provided by operating system to login
into the system.
• User attribute - fingerprint/ eye retina pattern/ signature − User need to
pass his/her attribute via designated input device used by operating system
to login into the system.
One time password
One time passwords provides additional security along with normal
authentication. In One-Time Password system, a unique password is
required every time user tries to login into the system. Once a one-time
password is used then it can not be used again.

Advantage of OTP :
The most important advantage that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks.
This means that a potential intruder who manages to record an OTP that
was already used to log into a service or to conduct a transaction will not
be able to abuse it, since it will no longer be valid.
A second major advantage is that a user who uses the same (or similar)
password for multiple systems, is not made vulnerable on all of them, if
the password for one of these is gained by an attacker
One time password are implemented in various
ways

• Random numbers - Users are provided cards having numbers printed along
with corresponding alphabets. System asks for numbers corresponding to
few alphabets randomly chosen.
• Secret key - User are provided a hardware device which can create a secret
id mapped with user id. System asks for such secret id which is to be
generated every time prior to login.
• Network password - Some commercial applications send one time password
to user on registered mobile/ email which is required to be entered prior to
login.
Program Threats

Operating system's processes and kernel do the designated task as


instructed. If a user program made these process do malicious tasks,
then it is known as Program Threats. One of the common example of
program threat is a program installed in a computer which can store and
send user credentials via network to some hacker. Following is the list
of some well-known program threats.
• Trojan Horse − Such program traps user login credentials and stores them to send
to malicious user who can later on login to computer and can access system
resources.
• Trap Door − If a program which is designed to work as required, have a security
hole in its code and perform illegal action without knowledge of user then it is
called to have a trap door.
• Logic Bomb − Logic bomb is a situation when a program misbehaves only when
certain conditions met otherwise it works as a genuine program. It is harder to
detect.
• Virus − Virus as name suggest can replicate themselves on computer system.
They are highly dangerous and can modify/delete user files, crash systems. A
virus is generally a small code embedded in a program. As user accesses the
program, the virus starts getting embedded in other files/ programs and can
make system unusable for user
System threats
System threats refers to misuse of system services and network
connections to put user in trouble. System threats can be used to launch
program threats on a complete network called as program attack.
System threats creates such an environment that operating system
resources/ user files are misused.
Following is the list of some well known system threats :
• Worm
• Port Scanning
• Denial of Service
• Worm -Worm is a process which can choked down a system
performance by using system resources to extreme levels.A Worm
process generates its multiple copies where each copy uses system
resources, prevents all other processes to get required resources.
Worms processes can even shut down an entire network.
• Port Scanning - Port scanning is a mechanism or means by which a
hacker can detects system vulnerabilities to make an attack on the
system.
• Denial of Service - Denial of service attacks normally prevents user to
make legitimate use of the system. For example user may not be able
to use internet if denial of service attacks browser's content settings.
Thank you

• “In the underworld, reality itself has elastic properties and is capable
of being stretched into different definitions
of the truth.”
― Roderick Vincent

You might also like