Logo

dev-resources.site

for different kinds of informations.

Protection and Security: Operating System

Published at
1/3/2025
Categories
os
linux
ubuntu
beginners
Author
harshm03
Categories
4 categories in total
os
open
linux
open
ubuntu
open
beginners
open
Author
8 person written this
harshm03
open
Protection and Security: Operating System

Guide to Protection and Security in Operating Systems


Protection and security are fundamental components of an operating system (OS), ensuring system stability, user privacy, and safe execution of processes. Below is a detailed explanation of the key concepts, terminologies, mechanisms, and strategies used in operating systems for protection and security.


1. Protection in Operating Systems

Definition:
Protection refers to mechanisms that control access to system resources, ensuring that programs, processes, and users only perform authorized operations.

Goals of Protection:

  1. Prevent Accidental or Malicious Misuse: Safeguard the system from incorrect use.
  2. Ensure Data Integrity: Protect files and data from unauthorized modification.
  3. Ensure Confidentiality: Restrict access to sensitive information.
  4. Enable Controlled Sharing: Allow legitimate resource sharing between processes/users.

Key Terminologies in Protection:

  1. Domain:

    • A set of access rights defining the resources a process or user can access.
    • Examples: User domain, kernel domain.
  2. Access Matrix:

    • A table that specifies the access rights of each domain to various system objects (files, devices, etc.).
    • Rows: Domains.
    • Columns: Objects.
    • Entries: Access rights (e.g., read, write, execute).
  3. Access Control List (ACL):

    • A list associated with each object specifying which users or domains have what access.
    • Example: File F might have an ACL:
      • User A: Read, Write
      • User B: Read Only
  4. Capabilities:

    • Tokens or keys associated with users/processes that grant access to objects.
    • Example: A process might hold a capability allowing it to read a specific file.
  5. Principle of Least Privilege:

    • Each process/user is granted the minimum privileges required to complete its task.

Protection Mechanisms:

  1. Hardware-Based Mechanisms:

    • Memory Protection: Restricts processes from accessing unauthorized memory regions using base and limit registers.
    • Modes of Operation: User mode and kernel mode to separate application-level and system-level operations.
  2. Software-Based Mechanisms:

    • Protection Rings: A hierarchy of privilege levels (Ring 0 for kernel, Ring 3 for user processes).
    • Sandboxing: Running applications in isolated environments to restrict their access to resources.

2. Security in Operating Systems

Definition:
Security focuses on defending the system from external and internal threats, such as unauthorized access, data breaches, and malicious software.

Goals of Security:

  1. Confidentiality: Protecting data from unauthorized access.
  2. Integrity: Ensuring data remains accurate and unaltered.
  3. Availability: Guaranteeing that resources are accessible to authorized users when needed.
  4. Accountability: Tracking user activities to ensure responsibility.

Key Terminologies in Security:

  1. Authentication:

    • Verifying the identity of a user or process.
    • Methods:
      • Something You Know: Passwords, PINs.
      • Something You Have: Smart cards, tokens.
      • Something You Are: Biometrics (fingerprints, facial recognition).
  2. Authorization:

    • Determining whether an authenticated user has permission to access a resource.
  3. Auditing:

    • Recording user activities and system events for accountability and forensic analysis.
  4. Threats and Vulnerabilities:

    • Threat: A potential danger to a system (e.g., malware, hacking attempts).
    • Vulnerability: A weakness that can be exploited by threats (e.g., unpatched software).

Security Violations

Security violations can be intentional (malicious) or accidental. It is easier to protect against accidental misuse than malicious threats. Common violations include:

  1. Breach of Confidentiality:

    • Unauthorized reading or theft of data.
    • Examples: Identity theft, stealing credit card details.
  2. Breach of Integrity:

    • Unauthorized modification of data.
    • Examples: Altering source code, modifying financial records.
  3. Breach of Availability:

    • Destruction or denial of access to resources.
    • Examples: Website defacement, data deletion.
  4. Theft of Service:

    • Unauthorized use of system resources.
    • Example: Running unauthorized services or processes.
  5. Denial of Service (DoS):

    • Preventing legitimate users from accessing services.
    • Example: Flooding servers with excessive traffic.

Types of Security Threats

Security threats in operating systems can originate from various sources and can be classified into the following categories:

1. External Threats

These originate from outside the organization or system and include:

  • Malware: Software designed to disrupt, damage, or gain unauthorized access, such as viruses, worms, and Trojan horses.
  • Phishing: Fraudulent attempts to steal sensitive information by mimicking legitimate entities.
  • Denial of Service (DoS) Attacks: Overloading a system with excessive requests to render it unavailable.

2. Internal Threats

Threats that arise from within the organization or system, often involving trusted users or processes:

  • Privilege Escalation: Exploiting vulnerabilities to gain unauthorized higher-level access.
  • Insider Threats: Malicious or negligent actions by authorized personnel leading to security breaches.

3. Passive Threats

These involve unauthorized monitoring or interception of data without altering the system:

  • Eavesdropping: Listening to private communications without permission.
  • Snooping: Unauthorized access to files or data.
  • Data Interception: Capturing data during transmission.

4. Active Threats

Active threats involve intentional actions to alter, disrupt, or damage system operations:

  • Tampering: Modifying data or system configurations maliciously.
  • Denial of Service (DoS): Preventing legitimate use of resources.
  • Unauthorized Changes: Gaining access to alter critical system settings or files.

Common Attack Techniques

  1. Masquerading

    • Pretending to be someone else, such as another user or host, to gain unauthorized access.
    • Example: Spoofing IP addresses or email identities.
  2. Replay Attacks

    • Capturing and repeating valid data transmissions to exploit the system.
    • Example: Replaying a financial transaction to steal money.
  3. Man-in-the-Middle Attacks

    • Intercepting communication between two parties and potentially modifying the data being exchanged.
    • Often paired with session hijacking for greater impact.
  4. Social Engineering

    • Manipulating individuals into divulging confidential information or performing specific actions.
    • Techniques:
      • Phishing: Creating fake emails or websites to trick users into providing sensitive data.
      • Dumpster Diving: Searching discarded materials for sensitive information, such as passwords or personal data.
  5. Backdoor

    • A hidden entry point into a system, often inserted during software development or installed by malware.
    • Used for unauthorized access or control.
  6. Trojan Horse

    • A seemingly legitimate program that performs malicious actions once executed.
  7. Trap Door

    • Deliberately embedded vulnerabilities in software, allowing exploitation by attackers.

4. Security Mechanisms

  1. Encryption:

    • Converts data into a secure format to prevent unauthorized access.
    • Types:
      • Symmetric Encryption: Same key for encryption and decryption.
      • Asymmetric Encryption: Public and private key pair.
  2. Firewalls:

    • Filters incoming and outgoing traffic to prevent unauthorized access.
  3. Intrusion Detection Systems (IDS):

    • Monitors network/system activities to detect malicious behavior.
  4. Access Controls:

    • Discretionary Access Control (DAC): Owners define access permissions.
    • Mandatory Access Control (MAC): Centralized policies determine access.
  5. Antivirus and Anti-Malware:

    • Scans and removes malicious software from the system.

5. Deadlock and Security

Deadlocks can pose security risks if attackers deliberately hold resources to disrupt system operations. Proper handling includes:

  • Deadlock Prevention: Ensures system allocation policies prevent circular wait conditions.
  • Deadlock Detection: Periodically checks for resource allocation cycles.

6. Summary Table of Protection vs. Security

Aspect Protection Security
Definition Controls access to system resources. Defends the system against internal/external threats.
Focus Misuse prevention and access control. Threat defense, data confidentiality, and integrity.
Mechanisms Access matrices, ACLs, capabilities. Authentication, encryption, firewalls.
Scope Internal processes and resource management. External attacks and system vulnerabilities.

7. Conclusion

Protection and security are essential to ensuring the stability, integrity, and reliability of operating systems. While protection focuses on managing internal access to system resources, security is broader and aims to shield the system from external threats. A robust OS integrates both aspects to maintain user trust, system performance, and data safety.

ubuntu Article's
30 articles in total
Favicon
Configurar servidor de archivos local con Ubuntu y Samba
Favicon
How to install Jenkins in ubuntu
Favicon
Update WSL Ubuntu password
Favicon
Change keyboard to Spanish distribution on Ubuntu Server
Favicon
How to Automate CI/CD Pipelines with GitHub Actions
Favicon
Critical Section Problem: Process Synchronization
Favicon
Reader Writer Problem: Process Synchronization
Favicon
Protection and Security: Operating System
Favicon
Storage Management: Operating System
Favicon
Getting Cilium to work on Ubuntu Cloud Image
Favicon
Process Management: Operating System
Favicon
KillPy: The Tool to Clean Up Your Python Virtual Environments 🧹🐍
Favicon
Introduction to Operating System
Favicon
Comprehensive Guide: Setting Up Gestures on Linux (Debian-Based Distributions)
Favicon
Ubuntu Linux Commands Categorized
Favicon
How to Set Up OpenShift Local (CRC) on Ubuntu: A Developer's Guide
Favicon
Fixing OpenVPN Connection Issues in Ubuntu 24.04
Favicon
How to Install MySQL on Ubuntu
Favicon
How to read ip addr output on Linux
Favicon
Enhancing Outdoor Adventures: How Technology Brings You Closer to Nature
Favicon
Memory Management: Operating System
Favicon
How to Change the Background in Ubuntu Terminal
Favicon
How to Install Wireshark on Ubuntu
Favicon
Process Synchronization and Deadlock: Operating System
Favicon
Implementasi Infrastruktur Jaringan Virtual dengan Protokol OSPF
Favicon
วิธีติดตั้งและกำหนดค่าเบื้องต้นสำหรับเซิร์ฟเวอร์ DNS บน Ubuntu 22.04 LTS แบบง่าย ๆ
Favicon
How to Fix No Internet Connection in Digital Ocean's Droplet
Favicon
การทำ HTTPS ด้วย Certbot และ Nginx บน Ubuntu Server
Favicon
Short: User Data file for Ubuntu based AWS ec2 instance with docker and docker compose.
Favicon
How to Change Your Password Securely

Featured ones: