Unit 7 Protection and Security
Unit 7 Protection and Security
Unit 7 Protection and Security
By - Waleed
Sumuk
Anusha
Snehal
Protection
• protection mechanisms control access to a system by limiting the types
• of file access permitted to users. We can use various mechanisms to ensure
• that only processes that have gained proper authorization from the operating
• system can operate on the files, memory segments, CPU, and other resources
• of a system.
Security
• Security ensures the authentication of system users to protect the
• integrity of the information stored in the system (both data and code),
• and the physical resources of the computer system. It prevents unauthorized
access, malicious
• destruction, alteration of data, and accidental introduction of inconsistency.
GOALS OF PROTECTION
• The need to prevent the mischievous, intentional violation of an access restriction by any user.
• Protection can improve reliability by detecting latent errors at the interfaces between component
subsystems and also Early detection of interface errors can often prevent contamination of a
healthy subsystem by a malfunctioning subsystem.
• The unprotected resource cannot defend against use (or misuse) by an unauthorized or
incompetent user so A protection-oriented system provides means to distinguish between
authorized and unauthorized usage .
• The role of protection in a computer system is to provide a mechanism for the enforcement of the
policies governing resource use. A protection system must have the flexibility to enforce variety of
policies to a system.
• The application programmer needs to use protection mechanisms as well, to guard resources
created and supported by an application subsystem against being misused. Application designers
can also use them as well in designing their own protection software.
• The separation of policy and mechanism is important for flexibility. Policies are likely to change
from place to place or time to time. In the worst case, every change in policy would require a
change in the underlying mechanism. Using general mechanisms enables us to avoid such a
situation
Principles of Protection
• The principle of least privilege dictates that programs, users, and systems be given just
enough privileges to perform their tasks.
• This ensures that failures do the least amount of harm and allow the least of harm to be done.
• The passkey allows access to all areas, then damage from its being lost, stolen, misused,
copied, or otherwise compromised will be much greater.
• Typically each user is given their own account, and has only enough privilege to modify their
own files.
• The root account should not be used for normal day to day activities - The System
Administrator should also have an ordinary account, and reserve use of the root account for
only those tasks which need the root privileges.
• An operating system following the principle of least privilege implements its features,
programs, system calls, and data structures so that failure or compromise of a component does
the minimum damage and allows the minimum damage to be done.
• Computers implemented in a computing facility under the principle of least privilege can be
limited to running specific services, accessing specific remote hosts via specific services, and
doing so during specific times.
Domain of Protection
that a process executing in either of these two domains can print object 04. Note that a process must be
executing in domain
D1 to read and write object 01, while only processes in domain D3 may execute object we have three
domains: D1, D2, and D3 .
The access right < O4, {print}> is shared by D2 and D3, implying 01.
Advantage of OTP :
The most important advantage that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks.
This means that a potential intruder who manages to record an OTP that
was already used to log into a service or to conduct a transaction will not
be able to abuse it, since it will no longer be valid.
A second major advantage is that a user who uses the same (or similar)
password for multiple systems, is not made vulnerable on all of them, if
the password for one of these is gained by an attacker
One time password are implemented in various
ways
• Random numbers - Users are provided cards having numbers printed along
with corresponding alphabets. System asks for numbers corresponding to
few alphabets randomly chosen.
• Secret key - User are provided a hardware device which can create a secret
id mapped with user id. System asks for such secret id which is to be
generated every time prior to login.
• Network password - Some commercial applications send one time password
to user on registered mobile/ email which is required to be entered prior to
login.
Program Threats
• “In the underworld, reality itself has elastic properties and is capable
of being stretched into different definitions
of the truth.”
― Roderick Vincent