Chapter: Protection and Security

Goals of Protection

 Process in OS must be protected from the one another.

 Protection refers to a mechanism for controlling the access of the
programs, processes or users to the resources defined by the computer
system.
 Protection improves reliability.
 Protection Mechanism determine: how some thing will be done
 Policy determine: what is to be done.
 Protection refers to a mechanism for controlling the access of
programs, processes, or users to the resources defined by a computer
system.
 This mechanism must provide a means for specifying the controls to be
imposed, together with a means of enforcement.
 Access Control

Method that determines:

 What types of access are permitted on different resources
 Under what circumstances
 By Whom
 Access Control

Access Control Model has 3 basic components:

 Subjects (S) or Domain: Represents a finite set of entities that
have access to current object.
 Subject may be: User , Process or Procedure
 Objects (O): Represents a finite set of resources that need
access.
 Object may be: H/w device ( processor, memory) Or S/W
resources ( page table, files etc)
 Rights ( R): Represents a finite set of Operations that a Subject
can perform on Object.
 Access Control Policies

Protection Domain: is a collection of objects and access rights

(Permissions –rwx-)

1. Discretionary Access Control

 In this model, Each object is owned by some
subject/domain and Owner of the object decides
which what kind of access rights are there.
2. Mandatory Access Control
 System Administrator enforce a policy for all users.
3. Role-Based Access Control
 Access control is based on roles that users have within
the system
Discretionary Access Control/ Access Matrix

 Discretionary Access Control Model is represented by Access

Matrix.
 It is used to describe which users have access to what
objects or resources.
 Access Matrix consists of Rows and Columns
 Rows represent : Current Subject / Domain
 Column represent: Current Object
Access Matrix
 Use of Access Matrix

 If a process in Domain Di tries to do “op” on object Oj, then

“op” must be in the access matrix

 Can be expanded to dynamic protection

 Operations to add, delete access rights
 Special access rights:
owner of Oi
copy op from Oi to Oj
control – Di can modify Dj access rights
transfer – switch from domain Di to Dj
 Use of Access Matrix (Cont)

 Access matrix design separates mechanism from policy

 Mechanism (Method)
Operating system provides access-matrix + rules
If ensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced

 Policy (Rules)
User dictates policy
Who can access what object and in what mode
 Implementation of Access Matrix
 There are 2 methods:
 1. Access Control Lists
 ACL can be created by dividing Access Matrix Column
Wise.
 Separate list is maintained for each domain and each object.
 It skips blank row entries in each domain.

 2. Capability List
 Can be created by dividing Access Matrix Row Wise.
 It is list of access rights that a user / domain or a process has
for a object.
 It is divided into 2 fields:
 Object Descriptor
 Access Rights
Access Matrix With Domains as Objects

Figure B
 Operation on Access Matrix Entries
 1. Copy
 It allows the access right to be copied only within the column
(for an object)
 Ability to copy an access right from one domain (row) to another is
denoted by asterisk ( * )
 A process executing in domain D2 can copy read operation into
any entry associated with file F2
 The ability to copy rights is denoted by an asterisk, indicating
that processes in that domain have the right to copy that
access within the same column
Access Matrix with Copy Rights
For example, in Figure
(a), a process executing in
domain D2 can copy the
read operation into any
entry associated with file
F2.

Hence, the access matrix

of Figure (a) can be
modified to the access
matrix shown in Figure(b).
 Operation on Access Matrix Entries
 2. Owner
 It allows addition or removal of access rights.
 If any access includes owner right then a process executing in domain Di
can add or remove any access right in entry of that column.

 Copy and Owner allow a process to change the entry

in column.
 Operation on Access Matrix Entries
 3. Control Right
 Control right mechanism used to change entries in a row.
 Control right is applicable only to domain objects.
 If access( i , j ) includes control right, then a process executing in domain
Di can remove any access right from row j.
 Switch operation works for column only
 Implementation of Access Matrix

1. GLOBAL TABLE:
 Global Table consisting of a ordered set of triples<domain, object,
right set>
 Before every operation on any object in any domain, global table is
searched for triple.
 If triple is found, operation is allowed to continue, otherwise an
exception or error condition is raised.
 Drawbacks:
 Table is large. Cant be kept in main memory. So additional I/O is
needed.

2. ACCESS LISTS FOR OBJECTS:

Each column can be implemented as access list.
Resultant list consists of: <domain, right sets>
 Security

 Method of protecting information stored in the system from

un-authorized access.
 Security must consider external environment of the system, and
protect it from:
 unauthorized access.
 malicious modification or destruction
 accidental introduction of inconsistency.

 Security violation can be categorized as intentional or accidental.

 Security is a measure of confidence that the integrity of a
system and its data will be preserved.
 Some Security Violations

 Breach of Confidentiality: Unauthorized reading of data. Theft of

information
 Breach of integrity: Unauthorized modification of data.
 Breach of availability: Unauthorized destruction of data/ website
defacement:
A website defacement is an attack on a website that changes the
visual appearance of the site or a webpage.
 Theft of service: Unauthorized use of resources.
 Denial of service: Send invalid data to applications or network
services, which cause abnormal termination.

Flood a computer or the entire network with traffic until a shutdown

occurs because of the overload.
 Security Measure Levels

To protect our system, we must take security measures at 4

levels:

 Physical - Secure Hardware Components

 Human – Use Passwords for protection

 Operating system – Use Valid Login and Password

 Network – Use authentication and anti-virus to protect data/

resources over the network.
 Program Threats

 Writing a program that creates a breach of security or causing a

normal process to change its behavior and create a breach is the
common goal of crackers

 Malware: A destructive program that pretend to be a gentle

application.

 A back door is a means of access to a computer program that

bypasses security mechanisms.
 Program Threats

1. Trojan horse
 A Trojan horse, or Trojan, is software that
appears to perform a desirable function for the
user, but steals information or harms the
system.

 Trojan horse is a program in which harmful code is

contained in such a way that it can get control and
do its chosen form of damage
 2. Spyware

 A software that secretly monitors the user's computing.

 Spyware is a type of malware that can be installed on computers,

and which collects small pieces of information about users without
their knowledge.

 The presence of spyware is typically hidden from the user, and

can be difficult to detect.

 Sometimes, Spywares are installed by the owner of a shared,

corporate, or public computer in order to secretly monitor other
users.
 3. Trap Door

 The designer of a program or system might leave a

hole in the software that only designer is capable of
using. This type of security breach is called trap
door.
 4. Logic Bomb

 Under normal operations, there would be no security hole.

However, when a predefined set of parameters was met,
the security hole would be created. This scenario is known
as a logic bomb.
 5. Stack and Buffer Overflow

 The stack- or buffer-overflow attack is the most common

way for an attacker outside the system, on a network or
dial-up connection, to gain unauthorized access to the
target system.
 6. VIRUS
 VIRUS: Vital Information Resource Under Seize or Very
Important Resource Under Seize

 Fragment of malicious code embedded in a genuine

program.
 designed to “infect” other programs.
 Specific to architecture, operating systems and applications.
 Needs human intervention to move from host to host.
 Needs some one to actually take that program from one
device and run it onto other device
 Does not self replicate itself
 System and Network Threats

 Program threats typically use a breakdown in the protection

mechanisms of a system to attack programs.

 System and network threats involve the abuse of services

and network connections.
 System and network threats create a situation in which
operating-system resources and user files are misused.
 Authentication

 Process of verifying the identity of user or information

 1. User Authentication
 Process of verifying the identity of user when user logs
into a computer system.

Main Objective: Allow authorized users to access the

computer.

Authentication Process consists of 2 steps:

1. Identification Step
2. Verification Step
 Measures of Authentication

 False Acceptance Ratio: % of unauthorized users

incorrectly entered the system

 False Rejection Ratio: % of authorized users that fails to

access the system due to failure of authentication.
 General Methods of Authentication

 Include a Password

 Include electronic key or smart cards

 Static Biometric – Recognition by finger print, retina or face.

 Dynamic Biometric – Recognition by Voice, Handwriting or

Typing Pattern.