Operating System Security
Operating System Security – Security refers to delivering a protection system to computer system resources such as CPU, disk, memory, software programs and most prominently data and information stored in the computer system. If a computer program is run by un-authorized user, then he or she can cause severe damage to computer or data stored in it. Thus a computer system must be protected against un-authorized access, malicious access to system memory worms, viruses etc.
- One Time passwords
- Program Threats
- System Threats
- Computer Security Classifications
It refers to finding the apiece user of the system and associating the executing programs with those users. It is the accountability of the OS to create a protection system which ensures that a user who is running a specific program is authentic. OS usually authenticates/ identifies users using following ways:
- Username / Password: The user required to enter a registered user-name and password with OS to login into the system.
- User card/key: User requisite to punch a card in card slot, or to enter key generated by key generator in option provided by OS to login into the system.
- User attribute – fingerprint/ eye retina pattern/ signature: User required to pass his or her attribute via elected input device used by operating system to login into the system.
One Time passwords
It delivers additional security along with typical authentication. In this system, a unique password is mandatory every time when user tries to login into the system. When a one-time password is used then it cannot be reused. One-time passwords are implemented in several ways.
- Random numbers: Users are providing cards having numbers printed along with consistent alphabets. System asks for numbers corresponding to few alphabets arbitrarily chosen.
- Secret key: User are providing a hardware device that can create a secret id mapped with user id. System asks for such secret-id that is to be generated every time earlier to login.
- Network password: Some viable applications send one-time password to user on registered email or mobile that is essential to be entered prior to login.
The processes of operating system and kernel do the elected task as instructed. Uncertainty a user program made these process do malicious tasks, then it is known as program threats. One of the most common examples of program threat is a program installed in a computer that can send and store user credentials via network to some hacker. There is the list of some famous program threats.
- Trojan horse: A program that traps user login credentials and stores them to send to malicious users who could later on log-in to computer and can access system resources
- Trap Door: Incase if a program that is designed to work as requisite, have a security hole in its code and perform illegitimate action without familiarity of user then it is called to have a trap door.
- Logic Bomb: The logic bomb is a condition when a program behave badly only when certain conditions encountered else it works as a genuine program. It is harder to detect.
- Virus: Virus as name advocates can duplicate them on computer system .They are
highly hazardous and can modify or delete user files, crash systems. A virus is normally a
small code embedded in a program. When user accesses the program, the virus starts
getting embedded in other files or programs and can make system un-usable for user.
these are referred to wastage of system services and network-connections to put user in trouble. System threats might be used to takeoff program threats on a complete network which is called as program attack. System threats produce such an environment that operating system resources or user files are miss-used. Here is the list of some recognized system threats.
- Worm: It is basically a process that can block down a system performance by using system resources to their extreme levels. A Worm process produces its several copies where every copy uses system resources, avoids all other processes to get required Worm processes may even shut-down a complete network.
- Port Scanning: It is a mechanism by which a hacker can detects system weaknesses to make an attack on the system.
- Denial of Service: It is service attack that normally prevents user to make valid use of the system, for example user might not be able to use internet if denial of service attacks browser’s content settings.
Computer Security Classifications
There are four security classifications in computer systems according to the U.S. Department of Defense Trusted Computer System’s Evaluation Criteria: A, B, C, and D. This is generally used
specifications to determine and model the security of systems and of security solutions.
Type A: Highest Level type according to the classification. Uses official design specifications and verification procedures. It grants a high-degree of assurance of process security.
Type B: Offers required protection system. Have all the properties of a class-C2 system. Assigns a sensitivity label to every object. It has three sub types:
- B1: Preserves the security label of every object in the system. The label is used for making decisions to access control.
- B2: Extends the sensitivity labels to respectively system resource, such as supports covert channels, storage objects and auditing of events.
- B3: Permits creating lists or user groups for access control to grant access or cancel access to a given named object.
Type C: Offers protection and user responsibility using audit capabilities. It has two types.
- C1: Integrates controls so that users can protect their secretive information and keep other users from accidentally reading or deleting their data. UNIX-versions are mostly C1 class.
- C2: Enhances an individual-level access control to the abilities of a C1 level system.
Type D: This is the lowest level and have Minimum protection. MS-DOS, Window 3.1 drop in this category.