5/23/2016

OperatingSystemSecurity

OPERATINGSYSTEMSECURITY
http://www.tutorialspoint.com/operating_system/os_security.htm

Copyrighttutorialspoint.com

SecurityreferstoprovidingaprotectionsystemtocomputersystemresourcessuchasCPU,memory,
disk,softwareprogramsandmostimportantlydata/informationstoredinthecomputersystem.Ifa
computerprogramisrunbyunauthorizeduserthenhe/shemaycauseseveredamagetocomputeror
datastoredinit.Soacomputersystemmustbeprotectedagainstunauthorizedaccess,maliciousaccess
tosystemmemory,viruses,wormsetc.We'regoingtodiscussfollowingtopicsinthisarticle.
Authentication
OneTimepasswords
ProgramThreats
SystemThreats
ComputerSecurityClassifications

Authentication
Authenticationreferstoidentifyingtheeachuserofthesystemandassociatingtheexecutingprograms
withthoseusers.ItistheresponsibilityoftheOperatingSystemtocreateaprotectionsystemwhich
ensuresthatauserwhoisrunningaparticularprogramisauthentic.OperatingSystemsgenerally
identifies/authenticatesusersusingfollowingthreeways:
Username/PasswordUserneedtoenteraregisteredusernameandpasswordwith
Operatingsystemtologinintothesystem.
Usercard/keyUserneedtopunchcardincardslot,orenterkeygeneratedbykeygenerator
inoptionprovidedbyoperatingsystemtologinintothesystem.
Userattributefingerprint/eyeretinapattern/signatureUserneedtopasshis/her
attributeviadesignatedinputdeviceusedbyoperatingsystemtologinintothesystem.

OneTimepasswords
Onetimepasswordsprovidesadditionalsecurityalongwithnormalauthentication.InOneTime
Passwordsystem,auniquepasswordisrequiredeverytimeusertriestologinintothesystem.Oncea
onetimepasswordisusedthenitcannotbeusedagain.Onetimepasswordareimplementedinvarious
ways.
RandomnumbersUsersareprovidedcardshavingnumbersprintedalongwith
correspondingalphabets.Systemasksfornumberscorrespondingtofewalphabetsrandomly
chosen.
SecretkeyUserareprovidedahardwaredevicewhichcancreateasecretidmappedwithuser
id.Systemasksforsuchsecretidwhichistobegeneratedeverytimepriortologin.
NetworkpasswordSomecommercialapplicationssendonetimepasswordtouseron
registeredmobile/emailwhichisrequiredtobeenteredpriortologin.

ProgramThreats

http://www.tutorialspoint.com/cgibin/printpage.cgi

1/3

5/23/2016

OperatingSystemSecurity

Operatingsystem'sprocessesandkerneldothedesignatedtaskasinstructed.Ifauserprogrammade
theseprocessdomalicioustasksthenitisknownasProgramThreats.Oneofthecommonexampleof
programthreatisaprograminstalledinacomputerwhichcanstoreandsendusercredentialsvia
networktosomehacker.Followingisthelistofsomewellknownprogramthreats.
TrojanHorseSuchprogramtrapsuserlogincredentialsandstoresthemtosendtomalicious
userwhocanlateronlogintocomputerandcanaccesssystemresources.
TrapDoorIfaprogramwhichisdesignedtoworkasrequired,haveasecurityholeinitscode
andperformillegalactionwithoutknowledgeofuserthenitiscalledtohaveatrapdoor.
LogicBombLogicbombisasituationwhenaprogrammisbehavesonlywhencertain
conditionsmetotherwiseitworksasagenuineprogram.Itishardertodetect.
VirusVirusasnamesuggestcanreplicatethemselvesoncomputersystem.Theyarehighly
dangerousandcanmodify/deleteuserfiles,crashsystems.Avirusisgeneratllyasmallcode
embeddedinaprogram.Asuseraccessestheprogram,thevirusstartsgettingembeddedin
otherfiles/programsandcanmakesystemunusableforuser.

SystemThreats
Systemthreatsreferstomisuseofsystemservicesandnetworkconnectionstoputuserintrouble.
Systemthreatscanbeusedtolaunchprogramthreatsonacompletenetworkcalledasprogramattack.
Systemthreatscreatessuchanenvironmentthatoperatingsystemresources/userfilesaremisused.
Followingisthelistofsomewellknownsystemthreats.
WormWormisaprocesswhichcanchokeddownasystemperformancebyusingsystem
resourcestoextremelevels.AWormprocessgeneratesitsmultiplecopieswhereeachcopyuses
systemresources,preventsallotherprocessestogetrequiredresources.Wormsprocessescan
evenshutdownanentirenetwork.
PortScanningPortscanningisamechanismormeansbywhichahackercandetectssystem
vulnerabilitiestomakeanattackonthesystem.
DenialofServiceDenialofserviceattacksnormallypreventsusertomakelegitimateuseof
thesystem.Forexampleusermaynotbeabletouseinternetifdenialofserviceattacksbrowser's
contentsettings.

ComputerSecurityClassifications
AspertheU.S.DepartmentofDefenseTrustedComputerSystem'sEvaluationCriteriatherearefour
securityclassificationsincomputersystems:A,B,C,andD.Thisiswidelyusedspecificationsto
determineandmodelthesecurityofsystemsandofsecuritysolutions.Followingisthebrief
descriptionofeachclassfication.

S.N.

Classification
Type

Description

TypeA

HighestLevel.Usesformaldesignspecificationsandverification
techniques.Grantsahighdegreeofassuranceofprocesssecurity.

TypeB

Providesmandatoryprotectionsystem.Haveallthepropertiesofaclass

http://www.tutorialspoint.com/cgibin/printpage.cgi

2/3

5/23/2016

OperatingSystemSecurity

C2system.Attachesasensitivitylabeltoeachobject.Itisofthreetypes.
B1Maintainsthesecuritylabelofeachobjectinthesystem.Label
isusedformakingdecisionstoaccesscontrol.
B2Extendsthesensitivitylabelstoeachsystemresource,suchas
storageobjects,supportscovertchannelsandauditingofevents.
B3Allowscreatinglistsorusergroupsforaccesscontroltogrant
accessorrevokeaccesstoagivennamedobject.
3

TypeC

Providesprotectionanduseraccountabilityusingauditcapabilities.Itis
oftwotypes.
C1Incorporatescontrolssothatuserscanprotecttheirprivate
informationandkeepotherusersfromaccidentallyreading/
deletingtheirdata.UNIXversionsaremostlyClclass.
C2Addsanindividuallevelaccesscontroltothecapabilitiesofa
Cllevelsystem

TypeD

Lowestlevel.Minimumprotection.MSDOS,Window3.1fallinthis
category.

http://www.tutorialspoint.com/cgibin/printpage.cgi

3/3