Operating Systems-Protection and Security

Operating Systems – Protection and Security
National Institute of Science and Technology
OPERATING SYSTEMS-
PROTECTION AND SECURITY
Technical Seminar
Under Guidance of
Mr. Anisur Rahman
Presented By
Padma Dash Roll # CS200157131
Padma Dash [1]

PROTECTION
• A mechanism to control the access of programs,

processes, or users to the resources defined by
a computer system.
• The protection mechanism ensures the
enforcement of a certain policy.
• Policy is established in several ways:
-System design
-System management
-User defined
Padma Dash [2]

DOMAIN OF PROTECTION
• A computer system is a collection of:

-Processes
-Objects, each of which has a unique name and
can be accessed through well defined operations
• PROTECTION DOMAIN
-An abstract notion.
-A process operates within this.
-The domain specifies the resources that the
process may access.
Padma Dash [3]

DOMAIN STRUCTURE
• ACCESS RIGHT
-The ability to execute an operation on an object.
-Defined as an ordered pair<object name, rights set>.
• Domain is a set of access rights.
• Example
-a process executing in D1 can read and write object O3.
D1 D2 D3
Padma Dash [4]

ACCESS MATRIX
• Representation model of protection domain.

• The users determine the content of the
column for objects they create.
object F1 F2 F3 Printer
domain
D1 read read
D2 Print
D3 read execute
D4 read, write read, write
Padma Dash [5]

• A process may switch over from one domain to another

domain while it executes.
• Domains can be viewed as objects.
object F1 F2 F3 Laser printer D1 D2 D3 D4
domain
D1 read read switch
D2 print switch switch
D3 read execute
D4 read, write read, write switch
• Access matrix is dynamic

• Operations to add, delete rights
• Special rights -Copy: Ability to copy access right from one domain to
another.
Padma Dash [6]

-Owner: A process executing in a domain with owner right

can add or delete rights for the object
-Control: Applicable to domain objects, the ability to modify
the access rights for one domain while executing in
another
Object
Object Domain
F1 F2 F3
domain
F1 F2 F3
D1 Execute Write* D1 Owner write

execute
D2 Execute Read* execute

D2 Read* Read* owner
owner write*
D3 Execute Read
D3 execute
Copy rights Owner rights

Padma Dash [7]
• IMPLEMENTATION OF ACCESS MATRIX

• Global table
-A set of ordered triples <domain, object, right set>
• Access control list
-A list of sets( one per object). Each set has an ordered
pair< domain, right set>
• Capability list
-A list of sets( one per domain). Each set has a
capability list of type< object, right set>.
• A lock-key mechanism
-Each domain has a list of unique locks, each domain
has list keys. A process executing in a domain can
access an object if the domain has a key to one of the
object locks.
Padma Dash [8]

• MEMORY PROTECTION
-Provided by hardware, uses a base and a limit register

-These registers are loaded only in monitor mode and
operating system can execute in this mode only.
base Base+ limit
CPU address yes yes

>= <
no no
Trap to operating system memory

monitor-addressing error
•CPU PROTECTION
-A fixed or variable timer used
Padma Dash [9]
SECURITY IN COMPUTERS
• Security is focused on malicious behavior of

entities external to the system affecting the
assets like data, software and hardware.
• SECURITY THREATS
-INTERCEPTION
An unauthorized party gains access to an asset
of the system.
-INTERRUPTION/DESTRUCTION
An asset of the system is destroyed or becomes
unavailable or unusable.
Padma Dash [10]

-TAMPERING/MODIFICATION/FABRICATION
An unauthorized party gains access and tampers with
an asset of the system.
-RESOURCE STEALING
An unauthorized party uses system resources .
• AUTHENTICATION
• PASSWORDS
- User identity most often established through
passwords, it must be kept secret.
-Can be computer generated ones, one time
passwords
Padma Dash [11]
VIRUSES
• Those that need a host program

-Fragments of program that cannot exist of some application
program, utility or system program
• Infects other programs by modifying them.
• VIRUS STAGES
- DORMANT STAGE-The virus is idle.
- PROPAGATION PHASE-The virus places an identical copy of
itself into other programs or into certain system areas on the
disk.
-TRIGGERING PHASE-The virus is activated to perform the
function for which it was intended, it is caused by a variety of
system events.
-EXECUTION PHASE-The virus function is performed
Padma Dash [12]

• TRAP-DOORS
-Entry point into a program that allows someone who is aware
of the trap door to gain access.
-Used by programmers to debug and test program.
• TROJAN HORSE
-A program that contains hidden code that when invoked
performs some unwanted or harmful functions.
-Can be used to accomplish functions indirectly that an
unauthorized user cannot accomplish directly. The user may
set the file permissions so that everyone can access.
e.g.. fake login screen
Padma Dash [13]

• BACTERIA
-Replicate themselves.
-Reproduce exponentially.
-Take all the processor capacity, memory, disk space and
then deny users to access.
• WORM
- Uses network connection to spread from system to system.
- Electronic mail facility
It mails a copy of itself to other systems.
- Remote execution capability
It executes a copy of itself on other systems.
- Remote log-in capability
It logs-on as a user and then uses commands to copy itself
from one system to another.
Padma Dash [14]

CONCLUSION
• The operating system is the program that is

most intimate with the hardware.
• A system has resources, hardware and
software managed by the operating system.
There may be a fear of misuse of resources
by programs or by unauthorized users.
• Protection ensures that all access to the
system resources is controlled.
• Security of the system from outsiders is also
important. Such security starts with each user
having to authenticate himself to the system.
Padma Dash [15]

Thank You!!!
Padma Dash [16]

Operating Systems-Protection and Security

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Operating Systems-Protection and Security

Загружено:

Авторское право:

Доступные форматы

Operating Systems – Protection and Security

National Institute of Science and Technology

Padma Dash [1]

• A mechanism to control the access of programs,

Padma Dash [2]

• A computer system is a collection of:

Padma Dash [3]

Padma Dash [4]

• Representation model of protection domain.

D4 read, write read, write

Padma Dash [5]

• A process may switch over from one domain to another

D1 read read switch

D2 print switch switch

D4 read, write read, write switch

• Access matrix is dynamic

Padma Dash [6]

-Owner: A process executing in a domain with owner right

D1 Execute Write* D1 Owner write

D2 Execute Read* execute

Copy rights Owner rights

• IMPLEMENTATION OF ACCESS MATRIX

Padma Dash [8]

-Provided by hardware, uses a base and a limit register

CPU address yes yes

Trap to operating system memory

• Security is focused on malicious behavior of

Padma Dash [10]

• Those that need a host program

Padma Dash [12]

Padma Dash [13]

Padma Dash [14]

• The operating system is the program that is

Padma Dash [15]

Padma Dash [16]

Вам также может понравиться