Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
55 views4 pages

Security in Operating Systems

The operating system controls system resources and is a primary target for attacks. It uses several security features like user authentication via username/password, memory protection for each user's programs, and enforced sharing of resources appropriately. Some tools operating systems use to implement security functions include audit logs to analyze incidents, virtualization to restrict a user's view of resources, and hardware memory protection techniques like base/bounds registers.

Uploaded by

Ragavan Natarajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
55 views4 pages

Security in Operating Systems

The operating system controls system resources and is a primary target for attacks. It uses several security features like user authentication via username/password, memory protection for each user's programs, and enforced sharing of resources appropriately. Some tools operating systems use to implement security functions include audit logs to analyze incidents, virtualization to restrict a user's view of resources, and hardware memory protection techniques like base/bounds registers.

Uploaded by

Ragavan Natarajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
You are on page 1/ 4

Security in Operating Systems:

The operating system is the fundamental controller of all system resources which makes it a
primary target of attack, as well.
As antivirus applications are add-ons to the operating system, they are usually initiated late.

Security Features of Ordinary Operating Systems:


A multiprogram operating system peforms several functions related to security. They are

a) User authentication
The operating system must identify each user of the system and ensures a users
who is running a particular program is authentic. OS uses the following ways.
(i) Username / Password
User need username/password to login into the OS
(ii) User card/key
User need to punch a card in a card slot (or) enter key generated by a key generator
to login into the system
(iii)User attribute - fingerprint/ eye retina pattern/ signature
User need to pass his/her attribute via designated input device to login

b) Memory protection
Each user’s program must run in a portion of memory
It should be protected against unauthorized access
It is usually performed by hardware mechanisms, such as paging or
segmentation.

c) Enforced sharing
Resources should be made available to users as appropriate.

d) Interprocess communication and synchronization


Executing processes sometimes need to communicate with other processes
which is called nterprocess communication.
Interprocess communication is mediated by access control tables.

e) Protection of Critical System Data


Various techniques including encryption, hardware control, and isolation are
used.

Operating System Tools to Implement Security Functions:


Audit logs
Audit logs show what happened in an incident; analysis of logs can guide prevention of
future successful strikes.
Virtualization
Virtualization presenting a user the appearance of a system with only the resources the user
is entitled to use.
Virtual Machine
It is a software computer like a physical computer.
It runs operating system and applications.
It is an emulation of a computer system.
Hypervisor (Virtual Machine Monitor)
It is the software that implements a virtual machine.
It receives all user access requests, and passes those that apply to real resources, and
redirects other requests to the virtualized resources.
Sandbox
A concept similar to virtualization is called a sandbox.
It is an environment in which a process can have only limited, controlled impact on
outside resources.
Honeypot
A honeypot is a computer security mechanism which is used to detect the counteract
attempts at unauthorized use of information systems.
Thus honeypot is a faux environment intended to lure an attacker.
Separation and Sharing
The basis of protection is separation: keeping one user’s objects separate from other users.
(i) physical separation
(ii) logical separation
(iii) cryptographic separation
(iv) temporal separation
Hardware Protection of Memory
The different methods of memory protection are
(a) Fence
It is the simplest form of memory protection.
It is predefined memory system, in which operating system to reside on one side and
the user to stay on the other
Since predefined amount of space was always reserved for the operating system, this
methos is not adopted because If less than the predefined space was required, the
excess space was wasted and conversely.

(b) Fence Registers


It is a hardware register that contains the address of the end of the operating system.
Each time a user program generated an address for data modification, the address
was automatically compared with the fence address. If the address was greater than
the fence address (that is, in the user area), the instruction was executed; if it was less
than the fence address (that is, in the operating system area), an error condition was
raised.

A fence cannot protect one user from another user.


(c) Base/Bounds Registers
Fence registers designate a lower bound (a starting address) but not an upper one. An
upper bound can be useful in knowing how much space is allotted and in checking
for overflows into “forbidden” areas. To overcome this difficulty, a second register is
often added, as shown in Figure 5-8. The second register, called a bounds register.

This technique protects a program’s addresses from modification by another user.

(c) Tagged Architecture

The base/bounds registers for protection is contiguous in nature.


A compiler or loader can easily rearrange a program.
An alternative is tagged architecture.

Here every word of machine memory has one or more extra bits to identify the
access rights to that word.

These access bits can be set only by privileged (operating system) instructions.
(d) Virtual Memory
Here follwing three approches are used on many machines since then. They are
(i) Segmentation
(ii) Paging
(iii) Combined Paging with Segmentation

You might also like