Wednesday, 9 January 2019

Protection & Security in OS

Introduction
  • Interference in resource utilization is a very serious threat in an OS.
  • The nature of the threat depends on the nature of a resource and the manner in which it is used.
  • In this session, we will discuss the issues involved in protection and security.
  • It involves guarding a user's data and programs against interference by other authorized users of the system.

Facets to Protection of Information

There are two facets to protection of information
  • Secrecy : Implies that only authorized users should be able to access information.
  • Privacy : Implies that information should be used only for the purposes(s) for which it is intended and shared.
OS focuses on guaranteeing secrecy of information, and leaves the issue of privacy to the users and their processes.

Security and Protection : Policies and Mechanisms



Security Attributes

Security is traditionally defined by the three attributes namely:
  • Confidentiality : It is the prevention of unauthorized modification of information or resources.
  • Integrity : It is the prevention of unauthorized
  • Availability : It is the prevention of unauthorized withholding of information or resources.
Security Threats
  • Direct : This is any direct attack on your specific systems, whether from outside hackers or from disgruntled insiders.
  • Indirect : This is general random attack, most commonly computer worms or Trojan horses.
Reasons for taking Security measures
  • To prevent loss of data
  • To prevent corruption of data
  • To prevent compromise of data
  • To prevent theft of data
  • To prevent sabotage
Authentication
  • Goal of Authentication : Reasonable assurance that anyone who attempts to access a system or a network is a legitimate user.
  • 3 mechanisms
             - Password
             - Physical token or an artifact
             - Biometric measure


Security models

Security models can be discretionary or mandatory.
  • Discretionary : Holders of right can be allowed to transfer them at their discretion.
  • Mandatory : Only designated roles are allowed to grand rights and users cannot transfer them.
 Security policy Vs. Security Model
  • Security Policy : Outlines several high level points; how the data is accessed, the amount of security required and what are the steps when these requirements are not met.
  • Security Model : The mechanism to support security policy. This involves in the design of the security system.
Access Matrix Model

Consists three principal components:
  • A set of passive objects (files, terminals, devices and other entities)
  • A set of active subjects, which may be manipulate the objects
  • A set of rules governing the manipulation of objects by subjects.
  • The access matrix is a rectangular array with one row per subject and one column per object.

Role Based Access Control
  • Enforces access controls depending upon a user role(s).
  • Roles represent specific organization duties and are commonly mapped to job title. Ex: Administrator, Developer etc.
  • Role definitions and associated access rights must be based upon a thorough understanding of an organization's security policy.
Take-Grant Model
  • This model use graphs to model access control.
  • The graph structure can be represented as an adjacency matrix and labels on the arcs can be coded as different values in the matrix.
  • Nodes in the graph are of two types, one corresponding to subjects and the other to objects.
  • The possible access rights are read(r), write(w), take(t) and grant(g).
Example of Take

0 Comments:

Post a Comment

Popular Posts

Categories

Android (21) AngularJS (1) Books (3) C (75) C++ (81) Data Strucures (4) Engineering (13) FPL (17) HTML&CSS (38) IS (25) Java (85) PHP (20) Python (83) R (68) Selenium Webdriver (2) Software (13) SQL (27)