Operating System – Security ”; Previous Next Security refers to providing a protection system to computer system resources such as CPU, memory, disk, software programs and most importantly data/information stored in the computer system. If a computer program is run by an unauthorized user, then he/she may cause severe damage to computer or data stored in it. So a computer system must be protected against unauthorized access, malicious access to system memory, viruses, worms etc. We”re going to discuss following topics in this chapter. Authentication One Time passwords Program Threats System Threats Computer Security Classifications Authentication Authentication refers to identifying each user of the system and associating the executing programs with those users. It is the responsibility of the Operating System to create a protection system which ensures that a user who is running a particular program is authentic. Operating Systems generally identifies/authenticates users using following three ways − Username / Password − User need to enter a registered username and password with Operating system to login into the system. User card/key − User need to punch card in card slot, or enter key generated by key generator in option provided by operating system to login into the system. User attribute – fingerprint/ eye retina pattern/ signature − User need to pass his/her attribute via designated input device used by operating system to login into the system. One Time passwords One-time passwords provide additional security along with normal authentication. In One-Time Password system, a unique password is required every time user tries to login into the system. Once a one-time password is used, then it cannot be used again. One-time password are implemented in various ways. Random numbers − Users are provided cards having numbers printed along with corresponding alphabets. System asks for numbers corresponding to few alphabets randomly chosen. Secret key − User are provided a hardware device which can create a secret id mapped with user id. System asks for such secret id which is to be generated every time prior to login. Network password − Some commercial applications send one-time passwords to user on registered mobile/ email which is required to be entered prior to login. Program Threats Operating system”s processes and kernel do the designated task as instructed. If a user program made these process do malicious tasks, then it is known as Program Threats. One of the common example of program threat is a program installed in a computer which can store and send user credentials via network to some hacker. Following is the list of some well-known program threats. Trojan Horse − Such program traps user login credentials and stores them to send to malicious user who can later on login to computer and can access system resources. Trap Door − If a program which is designed to work as required, have a security hole in its code and perform illegal action without knowledge of user then it is called to have a trap door. Logic Bomb − Logic bomb is a situation when a program misbehaves only when certain conditions met otherwise it works as a genuine program. It is harder to detect. Virus − Virus as name suggest can replicate themselves on computer system. They are highly dangerous and can modify/delete user files, crash systems. A virus is generatlly a small code embedded in a program. As user accesses the program, the virus starts getting embedded in other files/ programs and can make system unusable for user System Threats System threats refers to misuse of system services and network connections to put user in trouble. System threats can be used to launch program threats on a complete network called as program attack. System threats creates such an environment that operating system resources/ user files are misused. Following is the list of some well-known system threats. Worm − Worm is a process which can choked down a system performance by using system resources to extreme levels. A Worm process generates its multiple copies where each copy uses system resources, prevents all other processes to get required resources. Worms processes can even shut down an entire network. Port Scanning − Port scanning is a mechanism or means by which a hacker can detects system vulnerabilities to make an attack on the system. Denial of Service − Denial of service attacks normally prevents user to make legitimate use of the system. For example, a user may not be able to use internet if denial of service attacks browser”s content settings. Computer Security Classifications As per the U.S. Department of Defense Trusted Computer System”s Evaluation Criteria there are four security classifications in computer systems: A, B, C, and D. This is widely used specifications to determine and model the security of systems and of security solutions. Following is the brief description of each classification. S.N. Classification Type & Description 1 Type A Highest Level. Uses formal design specifications and verification techniques. Grants a high degree of assurance of process security. 2 Type B Provides mandatory protection system. Have all the properties of a class C2 system. Attaches a sensitivity label to each object. It is of three types. B1 − Maintains the security label of each object in the system. Label is used for making decisions to access control. B2 − Extends the sensitivity labels to each system resource, such as storage objects, supports covert channels and auditing of events. B3 − Allows creating lists or user groups for access-control to grant access or revoke access to a given named object. 3 Type C Provides protection and user accountability using audit capabilities. It is of two types. C1 − Incorporates controls so that users can protect their private information and keep other users from accidentally reading / deleting their data. UNIX versions are mostly Cl class. C2 − Adds an individual-level access control to the capabilities of a Cl level system. 4 Type D Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this category. Print Page
Category: operating System
OS – Components
Components of Operating System ”; Previous Next There are various components of an Operating System to perform well defined tasks. Though most of the Operating Systems differ in structure but logically they have similar components. Each component must be a well-defined portion of a system that appropriately describes the functions, inputs, and outputs. There are following 8-components of an Operating System: Process Management I/O Device Management File Management Network Management Main Memory Management Secondary Storage Management Security Management Command Interpreter System Following section explains all the above components in more detail: Process Management A process is program or a fraction of a program that is loaded in main memory. A process needs certain resources including CPU time, Memory, Files, and I/O devices to accomplish its task. The process management component manages the multiple processes running simultaneously on the Operating System. A program in running state is called a process. The operating system is responsible for the following activities in connection with process management: Create, load, execute, suspend, resume, and terminate processes. Switch system among multiple processes in main memory. Provides communication mechanisms so that processes can communicate with each others Provides synchronization mechanisms to control concurrent access to shared data to keep shared data consistent. Allocate/de-allocate resources properly to prevent or avoid deadlock situation. I/O Device Management One of the purposes of an operating system is to hide the peculiarities of specific hardware devices from the user. I/O Device Management provides an abstract level of H/W devices and keep the details from applications to ensure proper use of devices, to prevent errors, and to provide users with convenient and efficient programming environment. Following are the tasks of I/O Device Management component: Hide the details of H/W devices Manage main memory for the devices using cache, buffer, and spooling Maintain and provide custom drivers for each device. File Management File management is one of the most visible services of an operating system. Computers can store information in several different physical forms; magnetic tape, disk, and drum are the most common forms. A file is defined as a set of correlated information and it is defined by the creator of the file. Mostly files represent data, source and object forms, and programs. Data files can be of any type like alphabetic, numeric, and alphanumeric. A files is a sequence of bits, bytes, lines or records whose meaning is defined by its creator and user. The operating system implements the abstract concept of the file by managing mass storage device, such as types and disks. Also files are normally organized into directories to ease their use. These directories may contain files and other directories and so on. The operating system is responsible for the following activities in connection with file management: File creation and deletion Directory creation and deletion The support of primitives for manipulating files and directories Mapping files onto secondary storage File backup on stable (nonvolatile) storage media Network Management The definition of network management is often broad, as network management involves several different components. Network management is the process of managing and administering a computer network. A computer network is a collection of various types of computers connected with each other. Network management comprises fault analysis, maintaining the quality of service, provisioning of networks, and performance management. Network management is the process of keeping your network healthy for an efficient communication between different computers. Following are the features of network management: Network administration Network maintenance Network operation Network provisioning Network security Main Memory Management Memory is a large array of words or bytes, each with its own address. It is a repository of quickly accessible data shared by the CPU and I/O devices. Main memory is a volatile storage device which means it loses its contents in the case of system failure or as soon as system power goes down. The main motivation behind Memory Management is to maximize memory utilization on the computer system. The operating system is responsible for the following activities in connections with memory management: Keep track of which parts of memory are currently being used and by whom. Decide which processes to load when memory space becomes available. Allocate and deallocate memory space as needed. Secondary Storage Management The main purpose of a computer system is to execute programs. These programs, together with the data they access, must be in main memory during execution. Since the main memory is too small to permanently accommodate all data and program, the computer system must provide secondary storage to backup main memory. Most modern computer systems use disks as the principle on-line storage medium, for both programs and data. Most programs, like compilers, assemblers, sort routines, editors, formatters, and so on, are stored on the disk until loaded into memory, and then use the disk as both the source and destination of their processing. The operating system is responsible for the following activities in connection with disk management: Free space management Storage allocation Disk scheduling Security Management The operating system is primarily responsible for all task and activities happen in the computer system. The various processes in an operating system must be protected from each other’s activities. For that purpose, various mechanisms which can be used to ensure that the files, memory segment, cpu and other resources can be operated on only by those processes that have gained proper authorization from the operating system. Security Management refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer controls to be imposed, together with some means of enforcement. For example, memory addressing hardware ensure that a process can only execute within its own address space. The timer ensure that no process can gain control of the CPU without relinquishing it. Finally, no process is allowed to do it’s own I/O, to protect the integrity of the various peripheral devices. Command Interpreter System One of the most important component of an operating system is its command interpreter.