Seminar Report on SECURITY IN OPERATING SYSTEM

Submitted by Anup Kumar Behera Regd. No.: 0801229152 Seminar Report submitted in partial fulfillment of the requirements for the award of the degree of B.Tech. in Computer Science & Engineering under Biju Pattnaik University of Technology (BPUT)

2011
Under the Guidance of

Anil Kumar Agrawalla

Asst. Prof., Dept. of CSE

Department of Computer Science & Engineering Dhaneswar Rath Institute of Engineering and Management Studies
Tangi, Cuttack-754022

CERTIFICATE

This is to certify that the Seminar entitled Security in operating system presented by Anup Kumar Behera bearing Registration No. 0801229152 of Department of Computer Science and Engineering in Dhaneswar Rath Institute of Engineering and Management Studies, Cuttack has been completed successfully. This is in partial fulfillment of the requirements of Bachelor Degree in Computer Science and Engineering under Biju Pattnaik University of Technology, Rourkela, Orissa. I wish him success in all future endeavors.

Prof. S N Patro Head of the Department

Computer Science & Engineering

Asst. Prof. Anil Agrawalla Guide

Computer Science & Engineering

Date:

Date:

ACKNOWLEDGEMENT

I express my sincere gratitude to Asst. Prof. Anil Agrawalla of Computer Science and Engineering for giving me an opportunity to accomplish seminar on Security in Operating System. Without his active support and guidance, this seminar would not have been successfully completed. I also thank Prof. S N Patro,Head of the Department of Computer Science and Engineering for consistent support, guidance and help in this seminar. I am highly indebted for his help.

Anup Kumar Behera

Department of Computer Science & Engineering Dhaneswar Rath Institute Of Engg. & Management Studies Regd.No.-0801229152

CONTENTS
Page No. 1. Introduction 2. System Threats 3. Program Threats 4.Security 5.Security Problem 6.Protection Mechanism 7.Protection Of Memory 8.Operating System Vulnerabilities 9.Conclusion 10.Bibilography 6 8 9 9 10 11 12 15 16 17

ABSTRACT SECURITY IN OPERATING SYSTEM

Protection is an internal problem. Security must consider both the computer system and the environment (people,buildings,valuable objects and threats) within which the system is used. The data stored in the system must be protected from unauthorized access, It is easier to protect against accidental loss of data consistency than to protect against malicious access to the data.Absolute protection of the information stored in the computer system from malicious abuse is not possible. The various authorization provisions in a computer system may not confer sufficient protection for highly sensitive data.In such cases,data may be encrypted. It is not possible for encrypted data to be read unless the reader knows how to decrypt the encrypted data

Signature of the Guide Name:Anil Kumar Agrawalla Date:

Signature of the Student Name:Anup Kumar Behera Regd. No:0801229152 Semester:6th Branch: Comp. Sc.& Engg. Section: A Date:

1. INTRODUCTION
OS Security revolves around the appropriate protection of four elements: (a)Confidentiality information. prevents or minimizes unauthorized access and disclosure of data and

(b)Integrity makes sure that the data being worked with is actually the correct data.
(c)Availability

is the property of system or the system resource being accessible and usable

upon demand by an authorized system entity, according to performance specification for the system. (d)Authenticity makes possible that a computer system be able to verify the identity of a user. Availability deals with the computer system assets (Hardware Software, and Data). Hardware is the most vulnerable to attack (Accidental and deliberate damage to equipment as well as theft.) A key threat to software is an attack on availability (Configuration management, Software modification , and so on). However the discussion about availability is beyond the scope of this paper. Confidentiality and Integrity deal with the three important roles Protection Models, Capability and Assurance. One of the important factors of Confidentiality and integrity is Protection models. The model is the most important aspect of security, even if everything else in the system is perfect, it will still be exploitable if a weak model is used. Each of the protection models should be proven to ensure that they are as close as possible. Well known protection models include the Bell-LaPadula hierarchical mandatory access confidentiality model and the Biba hierarchical integrity mode l. Systems may tend to use several protection models rather than a single comprehensive one. The next part is Capability. Cap abilities are the tools and functionality that the operating system uses to implement a given model and may include things like the specific access controls o r what privileges are available and how they are defined Examples include groups, how setting the system time is controlled, or having the system crash when it is unable to audit particular events. The last

part of Confidentiality and integrity is Assurance. Assurances are a way of determining that the models are implemented correctly and cannot be bypassed, additionally assurances can cover nearly all aspects of the operating system, from the maturity level of the development team to the quality and comprehensiveness of the documentation the architecture of the operating system itself. For example, using microkernel architecture allows for much higher assurances as all aspects o f the protection models may be implemented at a single point known as a reference monitor.

2. SYSTEM THREATS
Most operating systems provide a means for processes to spawn other processes.The two most common methods for achieving the misuse are worms and viruses. A.VIRUS: A self-replicating program. Some definitions also add the constraint saying that it has to attach itself to a host program to be able to replicate. Often Viruses require a host, and their goal is to infect other files so that the virus can live longer. Some viruses perform destructive actions although this is not necessarily the case.Many viruses attempt to hide from being discovered. A virus might rapidly infect every file on individual computer or slowly infect the documents on the computer, but it does not intentionally try to spread itself from that computer to other.In most cases thats where humans come in. We send e-mail document attachments, trade programs on diskettes, or copy files to file servers. When the next unsuspecting user receives the infected file or disc , they spread the virus to their computers, and so on.
B.WORMS:

Worms are insiduos because they rely less (or not at all) upon human behaviour in order to spread themselves from designed to copy itself from one computer to another,leveraging some network medium: e-mail, TCP/IP, etc.The worm is more interested in infecting as many machines as possible on the network, and less interested in spreading many copies of itself on a single computer (like a computer virus). The prototypical worm infects (or causes its code to run on) target system only once; after the initial infection, the worm attempts to spread to other machines on the network Some researchers define worms as a sub-type of Viruses. In early years the worms are considered as the problem of Mainframes only. But this has changed after the Internet become wide spread; worms quickly accustomed to windows and started to send themselves through network functions. Some categories that come under worms are-Mailers and Mass mailer worms -Octopus -Rabbits

3.PROGRAM THREATS:
In an environment where a program written by one user may be used by another user,there is an opportunity for misuse,which may result in unexpected behavior. The two common methods by which such behavior may occur:Trojan horses and Trap doors. A code segment that misuses its environment is called a Trojan Horse.It is exacerbated by long search paths. (common on UNIX systems)

4.SECURITY:
Protection is an internal problem.Security must consider both the computer system and the enviroment(people,buildings,valuable objects and threats) within which the system is used.The data stored in the system must be protected from unauthorized access, Malicious destruction or alteration, and accidental introduction of inconsistency. It is easier to protect against accidental loss of data consistency than to protect against malicious access to the data.Absolute protection of the information stored in the computer system from malicious abuse is not possible.The various authorization provisions in a computer system may not confer sufficient protection for highly sensitive data.In such cases,data may be encrypted. It is not possible for encrypted data to be read unless the reader knows how to decrypt the encrypted data

5.SECURITY PROBLEM:
The system is called to be secure if its resources are used and accessed as intended under all circumstances.Security violations(misuse)of the system can be categorized as being malicious or accidental.To protect the system security measures at two levels: Physical level:The sites or sites containing the computer systems must be physically secured Human level:Users must be screened carefully

6.PROTECTION MECHANISM:
The concept of multiprogramming introduce s the sharing resources among users. This sharing involves Memory, I/O devices, Programs and Data. The ability to share these resources introduces the need for protection. An OS may offer protection along the following spectrum:

No Protection- This is appropriate when sensitive procedures are being run at separate times. Isolation- This approach implies that each process operate s separately from other processes,
with no sharing. Each process has its own address space, file s, and other objects

Share all or Share nothing- In this method, the owner of an object declare s it to be public
or private, in the other words, only the owners processes ma y access the object

Share via access limitation- The O S checks the permissibility of each access by a specific
user to specific object; the OS therefore acts a s a guard between users an d objects, ensuring that only authorized accesses occur.

Share via dynamic capabilities- This extends the concept of access control to allow
dynamic creation of sharing rights for objects.

Limit use of an object- This form of protection limits not just access to an object but the use
to which that object may be. A given OS may pro vide different degree of protection for different objects, users and applications The OS needs to balance the need to allow sharing, with the need to protect the resources of individual users.

7.PROTECTION OF MEMORY:
In a multiprogramming environment, protection of main memory is essential. The concern here is not just security but the correct functioning of the various processes that are active. The separation of the memory space of various processes is easily accomplished with a virtualmemory scheme. Segmentation or Paging, or two in combination, provides an effective tools of managing main memory. If complete isolation is sought, then the OS must simply ensure that each segment or page accessible only b y the process to which it is assigned. This is accomplished by requiring that there be no duplicate entries in the page and/or segment tables. If sharing is to be allowed then the same segment or page may appear in more than one table. Segmentation specially lends itself to the implementation of protection and sharing policies.

10

Because each segment table entry includes a length as well as a base address. A program can not access a main memory location beyond the limit of a segment .To achieve sharing, it is possible for a segment to be referenced in the segment tables of more than on process. In the paging system, the page structure o f the pro grams and data is no t visible to the programmer. The measures taken to control access in a data processing systems fall into two categories: *User Oriented *Data Oriented

User Oriented Access Control:

User control of access is some times referred to as Authentication. the most common technique for user access control on e shared system or server is the use r log, which requires ID and Password. User access control in distributed environment can be either centralized or decentralized In a centralized approach network provides a log on service, determining who is allowed to use the network and to whom the user is allowed to connect. Decentralized user access control treats the network as a transport communication link, and the destination host carries out the usual log on procedure. In many networks, two levels of access control may be used.

Data Oriented Access Control:

Following successful log on , the user has been granted access to one or set of hosts and applications. At this time we need Data access control. In this regard real world operating system protection models fall basically into one of two types: 1.Mandatory Access Control(MAC) 2.Discretionary Access Control(DAC)

Mandatory Access Control:

In Mandatory access controls, also called multilevel access control, Objects (information) are classified on hierarchical levels of security sensitivity (typically, top secrets, secret, confidential) Subjects (Users) are assigned their security clearance Access of a subject to an object is granted or denied depending on the relation between the clearance of the subject and

11

the security classification of the object. Lattice model and Bell-LaPadu la mod el are based on MAC.

Discretionary Access Control:

Each object ha s its unique owner. The owner exercises its discretion over the assignment of access permissions. Lampsor introduced the access matrix mod el for DAC. The core of this model is a matrix who se rows are indexed by subjects and columns by object.

In real systems, however, access control matrices are not very practical, because the matrix is usually sparse and there is a lot of redundancy and new subjects and objects can be added or removed easily, but the centralized matrix could become a bottleneck The matrix may be decomposed by columns, yielding Access Control List (ACL).Thus for each object an ACL details users an d their permitted access rights. ACL may contain a default or public entry. Decomposition by rows yields capability tickets (Figure 3). A capability ticket specifies authorized objects and operations for a user. Each user has a number of tickets and may be authorized to lend or give them to others. Because tickets may be dispersed around the system they present a greater security problem than ACL. To accomplish this problem, OS hold all tickets on behalf of the users. These tickets would have to be held in a region of memory inaccessible to users.

12

ACL

13

CAPABILITY LIST

14

8.OPERATING SYSTEM VULNERABILITIES

Vulnerabilities will probably always exist in large an d complex software systems. At least with today's software methods Operating systems are techniques, and tool s, it seems to be impossible to completely eliminate all flaws examples of software components that that are large, very complex, and vulnerable At the same time, these components play an important role in the achievement of overall system security, since man y protection mechanisms and facilities, such as authentication and access control are provided by the opera ting system. Vulnerability is defined as a place at which the probability of a breach exceeds predefined threshold. You can see on e of the taxonomy that was presented in Categorization of Security vulnerabilities. Although there are problems associated with their use, passwords are nevertheless extremely common, because they are easy to understand and use. The problems with passwords are related to the difficulty of keeping password secret Passwords can be comprised by being guessed, transferred from an authorized one. There are two common ways to guess a password: One is for the intruder(either human or program) to know the user or to have information about the user. All too frequently people use obvious information as their passwords. The other way is to use brute force; we can try all possible combinations of letters ,numbers punctuations until we find the password .

15

9.CONCLUSION
Protection is an internal problem. Security must consider both the computer system and the environment(people,buildings and threats) within which the system is used. The various authorization provisions in a computer system may not confer sufficient protection for highly sensitive data. In such cases ,data may be encrypted .It is not possible for encrypted data to be read unless the reader knows how to decrypt the encrypted data This paper explai ns main a spects in OS security. Much of the work in security and protection as it relates to OSs can be grouped into three elements access control,information flow control and certification.

16

10.BIBLIOGRAPHY
1.C.R. Attanasio, P.Markstein and R.J Philips, Penetra ting on OS, IBM system Journal 2.http://engineeringseminarpapers.blogspot.com/2010/10/securityinoperating system.html 3.www.seminarprojects.com/operating system-report.html 4.www.securitydocs.com/pdf/3465.PDF 5.www.infosec.gov.hk/English/technical/files/security.pdf

17