Wednesday, 9 January 2019

Security Environment and Program Threats in OS Security

Security Environment


Security Problem
  • Security must consider external environment of the system, and protect the system resources.
  • Intruders (crackers) attempt to breach security.
  • Threat is potential security violation.
  • Attack is attempt to breach security.
  • Attack can be accidental or malicious.
  • Easier to protect against accidental than malicious misuse.
Intruders
  • Snooping by insiders
  • Determined attempt to make money
  • Casual prying by nontechnical users
  • Commercial or military espionage

Accidental Data Loss
  • Hardware or Software error
            - CPU malfunction
            - Disk crash
            - Program bugs
  • Human errors
           - Data entry
           - Wrong tape mounted
  • Acts of God
           - Fires
           - Earthquakes
           - Wars


Program Threats
  • Trojan Horse
         - Code segment that misuses its environment
         - Exploits mechanisms for allowing programs written by users to be executed by other users.
         - Spyware, pop-up browser windows, convert channels
  • Trap Door
         - Specific user identifier or password that circumvents normal security procedures.
         - Could be included in a compiler.
  • Logic Bomp
          - Program that initiates a security incident under certain circumstances
  • Stack and Buffer Overflow
          - Exploits a bug in a program (overflow either the stack or memory buffers)
  • Viruses
         - Code fragment embedded in legitimate program
         - Very specific to CPU architecture, operating system, applications
         - Usually borne via email or as a macro
              * Visual Basic Macro to reformat hard drive
                     Sub AutoOpen( )
                      Dim oFS
                         set oFS = CreateObject("Scripting.FileSystemObject")
                           vs = Shell("c:command.com/kformat  c:" ,vbHide)
                                End Sub


0 Comments:

Post a comment

Popular Posts

Categories

Android (21) AngularJS (1) Assembly Language (2) Books (10) C (75) C# (4) C++ (81) Course (1) Data Strucures (4) Downloads (1) Engineering (13) flutter (1) FPL (17) Hadoop (1) HTML&CSS (38) IS (25) Java (87) Leet Code (4) PHP (20) Projects (1) Python (218) R (69) Selenium Webdriver (2) Software (14) SQL (27)