Operating System

CHAPTER 6
SECURITY & PROTECTION
Overview of System Security:
Many companies possess valuable information they want to guard closely. This
information can be technical (e.g., a new chip design or software), commercial (e.g., studies of
the competition or marketing plans), financial (e.g., plans for a stock offering) legal (e.g.,
documents about a potential merger or takeover), among many other possibilities. Frequently this
information is protected by having a uniformed guard at the building entrance who checks to see
that everyone entering the building is wearing a proper badge. In addition, many offices may be
locked and some file cabinets may be locked as well to ensure that only authorized people have
access to the information.
Home computers increasingly have valuable data on them, too. Many people keep their
financial information, including tax returns and credit card numbers, on their computer. Love
letters have gone digital. And hard disks these days are full of important photos, videos, and
movies. As more and more of this information is stored in computer systems, the need to protect
it is becoming increasingly important. Guarding this information against unauthorized usage is
therefore a major concern of all operating systems.
Unfortunately, it is also becoming increasingly difficult due to the widespread acceptance
of system bloat (and the accompanying bugs) as a normal phenomenon. In the following sections
we will look at a variety of issues concerned with security and protection, some of which have
analogies to real-world protection of information on paper, but some of which are unique to
computer systems. In this chapter we will examine computer security as it applies to operating
systems.
Security refers to providing a protection system to computer system resources such as
CPU, memory, disk, software programs and most importantly data/information stored in the
computer system. If a computer program is run by unauthorized user then he/she may cause
severe damage to computer or data stored in it. So a computer system must be protected against
unauthorized access, malicious access to system memory, viruses, worms etc.
 Impossible to have absolute security, but make cost to perpetrator sufficiently high to

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 1
 Operating System

deter most intruders.

 Security must occur at four levels to be effective:

 Physical
 Data centers, servers, connected terminals
 Human
 Avoid social engineering, phishing, dumpster diving
 Operating System
 Protection mechanisms, debugging
 Network
 Intercepted communications, interruption, DOS
 Security is as weak as the weakest link in the chain But can too much security be a
problem?
From a security perspective, computer systems have four general goals, with
corresponding threats to them, as listed. The first, data confidentiality, is concerned with having
secret data remain secret. More specifically, if the owner of some data has decided that these data
are only to be made available to certain people and no others, the system should guarantee that
release of the data to unauthorized people never occurs. As an absolute minimum, the owner
should be able to specify who can see what, and the system should enforce these specifications,
which ideally should be per file.
The second goal, data integrity, means that unauthorized users should not be able to
modify any data without the owner's permission. Data modification in this context includes not
only changing the data, but also removing data and adding false data. If a system cannot
guarantee that data deposited in it remain unchanged until the owner decides to change them, it is
not worth much as an information system.
The third goal, system availability, means that nobody can disturb the system to make it
unusable. Such denials of service attacks are increasingly common. For example, if a computer
is an Internet server, sending a flood of requests to it may cripple it by eating up all of its CPU
time just examining and discarding incoming requests. If it takes, say, 100 uses to process an
incoming request to read a Web page, then anyone who manages to send 10,000 requests/sec can
wipe it out. Reasonable models and technology for dealing with attacks on confidentiality and
integrity are available; foiling these denial-of-services attacks is much harder.

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 2
 Operating System

Finally, a new threat has arisen in recent years. Outsiders can sometimes take command
of people's home computers (using viruses and other means) and turn them into zombies, willing
to do the outsider's bidding at a moment's notice. Often zombies are used to send spam so that
the mastermind behind the spam attack cannot be traced. In a certain sense, another threat also
exists, but it is more of a threat to society than to an individual users. There are folks out there
who bear a grudge against some particular country or (ethnic) group or who are just angry at the
world in general and want to destroy as much infrastructure as they can without too much regard
to the nature of the damage or who the specific victims are. Usually such people feel that
attacking their enemies' computers is a good thing, but the attacks themselves may not be well
focused.

Policy/Mechanism Separation:
As per the U.S. Department of Defense Trusted Computer System's Evaluation Criteria
there are four security classifications in computer systems: A, B, C, and D. This is widely used
specifications to determine and model the security of systems and of security solutions.
Following is the brief description of each classification.

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 3
 Operating System

Security Methods and Devices:

It provides a system approach and techniques for protecting a computer from being used
by authorized users guard. Against worms and virus as well as an other incidents/event/process
that can provide the system security.

The most common system security methods are:

1. Firewall
2. Data Encryption
3. Password
4. Biometrics
5. One time passwords
1. Firewall: a firewall consists of software and hardware setup between an internal
computer network and the internet. A computer network manager setup the rule for the
firewall to filter out unwanted instructions.
2. Data Encryption: is a process of encoding message so that it can only be viewed by
authorized individual. An encryption key is used to make message unreadable and secret
decryption key is used to decipher the message.
3. Passwords: It is a string of characters used to authenticate a user to access a system. The
password need to be kept secret and is only intended for the specific user.
4. Biometric: This method is an automated method recognizing of a person based on his
behavioral of physical character, finger print, palm scan etc. This is used as a special

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 4
 Operating System

input method to analyze some physical parameters assumed to be unique to an individual

in order to conform their identity as a part of an authentication procedure. Example, iris
recognition, voice recognition.
5. One Time passwords: One time passwords provides additional security along with
normal authentication. In One-Time Password system, a unique password is required
every time user tries to login into the system. Once a one-time password is used then it
cannot be used again. One time password are implemented in various ways.

 Random numbers - Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.
 Secret key - User are provided a hardware device which can create a secret id
mapped with user id. System asks for such secret id which is to be generated every
time prior to login.
 Network password - Some commercial applications send one time password to user
on registered mobile/ email which is required to be entered prior to login.

Protection:
Protection refers to a mechanism for controlling the access of programs, processes, or
users to the resources defined by a computer system.

Protection ensures that the resources of the computer are used in a consistent way.
It ensures that each object accessed correctly and only by those processes that are
allowed to do so.
Goals of Protection:
As computer systems have become more sophisticated and pervasive in their
applications, the need to protect their integrity has also grown.
We need to provide protection for several reasons. The most obvious is the need to
prevent the mischievous, intentional violation of an access restriction by user.

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 5
 Operating System

 An unprotected resource cannot defend against use (or misuse) by an unauthorized or

incompetent user. A protection-oriented system provides means to distinguish between
authorized and unauthorized usage.
The role of protection in a computer system is to provide a mechanism for the
enforcement of the policies governing resource use. These policies can be established in a variety
of ways. Some are fixed in the design of the system, while others are formulated by the
management of a system. Still others are defined by the individual users to protect their own files
and programs. A protection system must have the flexibility to enforce a variety of policies.
Principles of Protection:
The time-tested guiding principle for protection is the Principle of least privilege.It
dictates that programs, users, and even systems be given just enough privileges to perform their
tasks.
Consider the analogy of a security guard with a passkey. If this key allows the guard
into just the public areas that she guards, then misuse of the key will result in minimal damage.
If, however, the passkey allows access to all areas, then damage from its being lost, stolen,
misused, copied, or otherwise compromised will be much greater.
An operating system following the principle of least privilege implements its features,
programs, system calls, and data structures so that failure or compromise of a component does
the minimum damage and allows the minimum damage to be done.
The principle of least privilege can help produce a more secure computing
environment.
Domain of Protection:
A computer system is a collection of processes and objects. By objects, we mean both
hardware objects (such as the CPU, printer) and software objects (such as files, programs).
Each object has a unique name that differentiates it from all other objects in the system,
and each can be accessed only through well-defined and meaningful operations.
A process should be allowed to access only those resources for which it has
authorization Furthermore, at any time, a process should be able to access only those resources
that it currently requires to complete its task.

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 6
 Operating System

Access:
An access method is a function of a mainframe operating system that enables access to
data on disk, tape or other external devices. They were introduced in 1963 in
IBM OS/360operating system.[1] Access methods provide an application programming interface
(API) for programmers to transfer data to or from device, and could be compared to device
driversin non-mainframe operating systems, but typically provide a greater level of functionality.

Access Control:
The basic problem of computer protection is to control which objects a given program
can access, and in what ways. Objects are things like files, sound cards, other programs, the
network, your modem etc. Access means what kind of operations can be done on these objects.
Examples include reading a file, writing to a file and creating or deleting objects.
When we talk about ``controlling access,'' we are really talking about four kinds of
things:
Preventing access.
Limiting access.
Granting access.
Revoking access.
A good example of this is found in Solaris 10.
Solaris uses Role-based access control(RBAC) to adding the principle.

Access methods provide:

 Ease of programming - programmer would no longer deal with a specific device procedures,
including error detection and recovery tactics in each and every program. A program
designed to process a sequence of 80-character records would work no matter where the data
are stored.
 Ease of hardware replacement - programmer would no longer alter a program when data
should be migrated to newer model of storage device, provided it supports the same access
methods.

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 7
 Operating System

 Ease shared data set access - an access method is a trusted program, that allows multiple
programs to access the same file, while ensuring the basic data integrity and system security.
 Read-ahead - Queued access methods may start as many I/O operations as there
are buffers available, anticipating application program requirements.

Unlike systems derived from Unix, where all files and devices are considered to be an
unformatted stream of bytes, mainframes offer a variety of data options and formats, such as
varying types and sizes of records, and different ways of accessing data, such as via record keys.
Access methods provide programs a way of dealing with this complexity.

 Programs can read or write a record or block of data and wait until the input/output operation
is complete (queued access methods) or allow the operation to be started and the program to
continue to run, waiting for the completion at a later time (basic access methods).
 Programs can specify the size and number of buffers for a file. The same buffer or pool can
be used for multiple files, allowing blocks of data to be read from one file and written to
another without requiring data movement in memory.
 Programs can specify the type of error recovery to be used in case of input/output errors.

Authentication:
Authentication refers to identifying the each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to create a protection
system which ensures that a user who is running a particular program is authentic. Operating
Systems generally identifies/authenticates users using following three ways:

 Username / Password - User need to enter a registered username and password with
Operating system to login into the system. 
 User card/key - User need to punch card in card slot, or enter key generated by key
generator in option provided by operating system to login into the system. 
 User attribute - fingerprint/ eye retina pattern/ signature - User need to pass his/her
attribute via designated input device used by operating system to login into the system. 

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 8
 Operating System

Memory Protection:
Memory protection is a way to control memory access rights on a computer, and is a part
of most modern instruction set architectures and operating systems. The main purpose of
memory protection is to prevent a process from accessing memory that has not been allocated to
it. This prevents a bug or malware within a process from affecting other processes, or the
operating system itself. An attempt to access unowned memory results in a hardware fault, called
a segmentation fault or storage violation exception, generally causing abnormal termination of
the offending process. Memory protection for computer security includes additional techniques
such as address space layout randomization and executable space protection.

Encryption:
The translation of data into a secret code. Encryption is the most effective way to achieve
data security. To read an encrypted file, you must have access to a secret key or password that
enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to
as cipher text.
There are two main types of encryption: asymmetric encryption (also called public-key
encryption) and symmetric encryption.

Encryption - Types of encryption and key concepts

This document discusses encryption concepts end users should understand if it is

determined that there is a business need for storing restricted or sensitive information on their
computer or other portable device or media.

Before you encrypt, decide on the following:

1. the type of encryption you need (document, file/folder, usb drive, full disk) given the
operating system you use, and
2. the approach you will use for backup of encryption keys and associated passwords.

The rest of this document is intended to help you with these decisions. Consult with your
local technical support staff or feel free to call the DoIT help desk if you'd like to talk to
someone about what options are available.

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 9
 Operating System

Encryption Key Backup and

Description Advantages Disadvantages
Types Recovery
Document encryption
encrypts a single
file. Generally, when
using document
encryption you are using
the features of the Simple to
application (e.g Microsoft use, if you
Word). Typically this don't have
requires you to set and many
remember a documents Application must
password. Current User must setup and requiring support encryption.
versions of Microsoft remember a encryption.
Office and Adobe offer password. Loss of User must remember
Document
encryption features to help the password equates Documents to password protect
restrict access to files with loss of will remain every file with
through the use of document. encrypted sensitive
passwords and encryption. even if they information.
Text based documents are emailed
could use WinZip or or moved to
something similar. This is a different
a type of file-level location.
encryption provided by a
particular application and
is separate from any
operating system--level
encryption options.
Folder encryption allows Since OS shields
you to encrypt all files in user from the
the folder. All files complexity of
dropped into this folder encryption,
are then encrypted, files sometimes user acts
Simple to use
dragged out of the (e.g. changing
particularly if
container are passwords, getting
you can
unencrypted. Generally, new machine) can
File, Varies depending on easily
when using file and folder result in loss of
Folder or encryption system organize
encryption, you are using access to data.
Container used. those
the features of the
documents
operating Files are only
that require
system. Typically, the encrypted while in
encryption.
operating system shields the folder or
you from the management container. Copying,
of the password by using moving or
the password you use to transmitting the files
login to your computer. will decrypt them.
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 10
 Operating System

USB encryption is
similar to folder
encryption in that all
files on the USB are
encrypted. All files
Simple to use
dropped into the
particularly if Files are only
container are
you can encrypted while on
encrypted, file dragged
Varies depending on easily the USB
out of the container or
USB encryption system organize drive. Copying,
unencrypted. A wide
used. those moving or
variety of USB
documents transmitting the files
encryption mechanisms
that require will decrypt them.
exist including using
encryption.
modern operating
system features, buying
USB devices that are
encrypted and using
third party tools.
The term full disk
encryption (FDE) or
whole disk encryption is
used to signify that
everything on a disk is
encrypted. With FDE,
System failures
data is encrypted
require
automatically when it's Critical to have a If device lost
understanding FDE
stored on the hard disk password recovery or stolen, no
recovery processes.
and decrypted when it is and key escrow question of
read from the disk. This process in place whether data
Full disk Usually undertaken
includes operating since all data on is encrypted
only with IT
systems files as well as machine is at risk or not since
professional support
user documents. Most should password be everything
since system boot
operating systems do not forgotten encrypted.
mechanism is
have true full disk
modified.
encryption capability with
the exception Windows
7's BitLocker feature,
rather we use third party
products for full disk
encryption.

Backup of encryption keys and associated passwords

 Encryption is dependent on using strong passwords or passphrases.

 Passwords or passphrases used must follow password policy

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 11
 Operating System

 All encrypted data can be permanently lost if you forget the encryption password (or
passphrase).
 Backups or copies of passwords or encryption keys should be secured. For example,
paper or written copies or keys should be locked in a secure location. Backups of
passwords can be kept in secure password vaults, such as Password Safe.
 If you decide to save them, decryption keys should be locked in a a safe location. 
 Forgotten passwords cannot be recovered and users should use caution where the
passwords are being kept.
 Secure storage of passwords e.g. password safe
 Users who need to share encrypted documents with others should use a different
password than the password used for those documents that are only accessed by the user
themselves. 
 Passwords for shared, encrypted documents will need to be given to recipients via phone
not through insecure method e.g. email

Recovery Management:
Causes of data loss
Most data loss is caused by human error, rather than malicious attacks, according to U.K.
statistics released in 2016. In fact, human error accounted for almost two-thirds of the incidents
reported to the U.K. Information Commissioner's Office. The most common type of breach
occurred when someone sent data to the wrong person.
Other common causes of data loss include power outages, natural disasters, equipment
failures or malfunctions, accidental deletion of data, unintentionally formatting a hard drive,
damaged hard drive read/write heads, software crashes, logical errors, firmware corruption,
continued use of a computer after signs of failure, physical damage to hard drives, laptop theft,
and spilling coffee or water on a computer.

How data recovery works

The data recovery process varies, depending on the circumstances of the data loss, the
data recovery software used to create the backup and the backup target media. For example,
many desktop and laptop backup softwareplatforms allow users to restore lost files themselves,
while restoration of a corrupted database from a tape backup is a more complicated process that
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 12
 Operating System

requires IT intervention. Data recovery services can also be used to retrieve files that were not
backed up and accidentally deleted from a computer's file system, but still remain on the hard
disk in fragments.
Data recovery is possible because a file and the information about that file are stored in
different places. For example, the Windows operating system uses a file allocation table to track
which files are on the hard drive and where they are stored. The allocation table is like a book's
table of contents, while the actual files on the hard drive are like the pages in the book.
When data needs to be recovered, it's usually only the file allocation table that's not
working properly. The actual file to be recovered may still be on the hard drive in flawless
condition. If the file still exists -- and it is not damaged or encrypted -- it can be recovered. If the
file is damaged, missing or encrypted, there are other ways of recovering it. If the file is
physically damaged, it can still be reconstructed. Many applications, such as Microsoft Office,
put uniform headers at the beginning of files to designate that they belong to that application.
Some utilities can be used to reconstruct the file headers manually, so at least some of the file
can be recovered.
Most data recovery processes combine technologies, so organizations aren't solely
recovering data by tape. Recovering core applications and data from tape takes time, and you
may need to access your data immediately after a disaster. There are also risks involved with
transporting tapes.
In addition, not all production data at a remote location may be needed to resume
operations. Therefore, it's wise to identify what can be left behind and what data must be
recovered.

Data recovery techniques

Instant recovery, also known as recovery in place, tries to eliminate the recovery window
by redirecting user workloads to the backup server. A snapshot is created so the backup remains
in a pristine state and all user write operations are redirected to that snapshot; users then work off
the backup virtual machine (VM) and the recovery process begins in the background. Users have
no idea the recovery is taking place, and once the recovery is complete, the user workload is
redirected back to the original VM.
One way to avoid the time-consuming and costly process of data recovery is to prevent
the data loss from ever taking place. Data loss prevention (DLP) products help companies
Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 13
 Operating System

identify and stop data leaks, and come in two versions: stand-alone and integrated.
 Stand-alone DLP products can reside on specialized appliances or be sold as
software.
 Integrated DLP products are usually found on perimeter security gateways and are
useful for detecting sensitive data at rest and in motion.
Unlike stand-alone data loss prevention products, integrated DLP products usually do not
share the same management consoles, policy management engines and data storage.
Integrating data recovery into a DR plan
An organization's disaster recovery plan should identify the people in the organization
responsible for recovering data, provide a strategy for how data will be recovered, and document
acceptable recovery point and recovery time objectives. It should also include the steps to take in
recovering data.
For example, if a building is inoperable, affected business units must be advised to
prepare to relocate to an alternate location. If hardware systems have been damaged or destroyed,
processes must be activated to recover damaged hardware. Processes to recover
damaged software should also be part of the DR plan.

Some resources worth reviewing are the National Institute for Standards and
Technology SP 800-34 standard, as well as ISO 24762 and 27031 standards.
A business impact analysis can help an organization understand its data requirements and
identify the minimum amount of time needed to recover data to its previous state. One challenge
to data loss and data recovery is getting a handle on the unstructured data stored on various
devices.
But there are steps that can mitigate the damage. Start by classifying data based on its
sensitivity and determine which classifications must be secured. Then, determine how much data
would have to be compromised to affect the organization. Undertake a risk assessmentto
determine what controls are needed to protect sensitive data. Finally, put systems in place to
store and protect that content.

Prepared by Ande, Lecturer, Dept of Computer Science, Gambella University, Gambella. Page 14