Wednesday, 9 January 2019

Security Environment and Program Threats in OS Security

Security Environment

Security Problem
  • Security must consider external environment of the system, and protect the system resources.
  • Intruders (crackers) attempt to breach security.
  • Threat is potential security violation.
  • Attack is attempt to breach security.
  • Attack can be accidental or malicious.
  • Easier to protect against accidental than malicious misuse.
  • Snooping by insiders
  • Determined attempt to make money
  • Casual prying by nontechnical users
  • Commercial or military espionage

Accidental Data Loss
  • Hardware or Software error
            - CPU malfunction
            - Disk crash
            - Program bugs
  • Human errors
           - Data entry
           - Wrong tape mounted
  • Acts of God
           - Fires
           - Earthquakes
           - Wars

Program Threats
  • Trojan Horse
         - Code segment that misuses its environment
         - Exploits mechanisms for allowing programs written by users to be executed by other users.
         - Spyware, pop-up browser windows, convert channels
  • Trap Door
         - Specific user identifier or password that circumvents normal security procedures.
         - Could be included in a compiler.
  • Logic Bomp
          - Program that initiates a security incident under certain circumstances
  • Stack and Buffer Overflow
          - Exploits a bug in a program (overflow either the stack or memory buffers)
  • Viruses
         - Code fragment embedded in legitimate program
         - Very specific to CPU architecture, operating system, applications
         - Usually borne via email or as a macro
              * Visual Basic Macro to reformat hard drive
                     Sub AutoOpen( )
                      Dim oFS
                         set oFS = CreateObject("Scripting.FileSystemObject")
                           vs = Shell("  c:" ,vbHide)
                                End Sub


Post a Comment

Popular Posts


Android (21) AngularJS (1) Books (3) C (75) C++ (81) Data Strucures (4) Engineering (13) FPL (17) HTML&CSS (38) IS (25) Java (85) PHP (20) Python (85) R (69) Selenium Webdriver (2) Software (13) SQL (27)