UNIT V

System Protection: Goals of protection, Principles and domain of protection, Access matrix,
Access control, Revocation of access rights.
System Security: Introduction, Program threats, System and network threats, Cryptography
for security, User authentication, Implementing security defenses, Firewalling to protect
systems and networks, Computer security classification.

Case Studies: Linux, Microsoft Windows.

Protection refers to a mechanism which controls the access of programs, processes, or

users to the resources defined by a computer system. We can take protection as a helper to multi
programming operating system, so that many users might safely share a common logical name
space such as directory or files.

Need of Protection:
 To prevent the access of unauthorized users and
 To ensure that each active programs or processes in the system uses resources only as the stated
policy,
 To improve reliability by detecting latent errors.

Role of Protection:
The role of protection is to provide a mechanism that implement policies which defines the
uses of resources in the computer system. Some policies are defined at the time of design of the
system, some are designed by management of the system and some are defined by the users of the
system to protect their own files and programs.
Every application has different policies for use of the resources and they may change over
time so protection of the system is not only concern of the designer of the operating system.
Application programmer should also design the protection mechanism to protect their system
against misuse.
Policy is different from mechanism. Mechanisms determine how something will be done
and policies determine what will be done.Policies are changed over time and place to place.
Separation of mechanism and policy is important for the flexibility of the system.
Protection is especially important in a multiuser environment when multiple users use
computer resources such as CPU, memory, etc. It is the operating system's responsibility to offer a
mechanism that protects each process from other processes. In a multiuser environment, all assets that
require protection are classified as objects, and those that wish to access these objects are referred to
as subjects. The operating system grants different 'access rights' to different subjects.

What is Protection in Operating System?

A mechanism that controls the access of programs, processes, or users to the resources
defined by a computer system is referred to as protection. You may utilize protection as a tool for
multi-programming operating systems, allowing multiple users to safely share a common logical
namespace, including a directory or files.
It needs the protection of computer resources like the software, memory, processor, etc. Users
should take protective measures as a helper to multiprogramming OS so that multiple users may
safely use a common logical namespace like a directory or data. Protection may be achieved by
maintaining confidentiality, honesty and availability in the OS. It is critical to secure the device from
unauthorized access, viruses, worms, and other malware.

Need of Protection in Operating System

Various needs of protection in the operating system are as follows:
1. There may be security risks like unauthorized reading, writing, modification, or preventing
the system from working effectively for authorized users.
2. It helps to ensure data security, process security, and program security against unauthorized
user access or program access.
3. It is important to ensure no access rights' breaches, no viruses, no unauthorized access to the
existing data.
 4. Its purpose is to ensure that only the systems' policies access programs, resources, and data.

Goals of Protection in Operating System

Various goals of protection in the operating system are as follows:
1. The policies define how processes access the computer system's resources, such as the CPU,
memory, software, and even the operating system. It is the responsibility of both the operating
system designer and the app programmer. Although, these policies are modified at any time.
2. Protection is a technique for protecting data and processes from harmful or intentional
infiltration. It contains protection policies either established by itself, set by management or
imposed individually by programmers to ensure that their programs are protected to the
greatest extent possible.
3. It also provides a multiprogramming OS with the security that its users expect when sharing
common space such as files or directories.

Role of Protection in Operating System

Its main role is to provide a mechanism for implementing policies that define the use of
resources in a computer system. Some rules are set during the system's design, while others are
defined by system administrators to secure their files and programs.
Every program has distinct policies for using resources, and these policies may change over
time. Therefore, system security is not the responsibility of the system's designer, and the programmer
must also design the protection technique to protect their system against infiltration.

Domain of Protection
Various domains of protection in operating system are as follows:
1. The protection policies restrict each process's access to its resource handling. A process is
obligated to use only the resources necessary to fulfil its task within the time constraints and
in the mode in which it is required. It is a process's protected domain.
2. Processes and objects are abstract data types in a computer system, and these objects have
operations that are unique to them.
3. Each domain comprises a collection of objects and the operations that may be implemented
on them. A domain could be made up of only one process, procedure, or user. If a domain is
linked with a procedure, changing the domain would mean changing the procedure ID.
Objects may share one or more common operations.

Association between Process and Domain

When processes have the necessary access rights, they can switch from one domain to
another. It could be of two types, as shown below.
1. Fixed or Static
In a fixed association, all access rights could be given to processes at the start. However, the
results in a large number of access rights for domain switching. As a result, a technique of changing
the domain's contents is found dynamically.
2. Changing or dynamic
A process may switch dynamically and creating a new domain in the process.

Security measures of Operating System

There are various security measures of the operating system that the users may take. Some of
them are as follows:
1. The network used for file transfers must be secure at all times. During the transfer, no alien
software should be able to harvest information from the network. It is referred to as network
sniffing, and it could be avoided by implementing encrypted data transfer routes. Moreover,
the OS should be capable of resisting forceful or even accidental violations.
2. Passwords are a good authentication method, but they are the most common and vulnerable. It
is very easy to crack passwords.
3. Security measures at various levels are put in place to prevent malpractices, like no one being
allowed on the premises or access to the systems.
4. The best authentication techniques include a username-password combination, eye retina
scan, fingerprint, or even user cards to access the system.
System Authentication
One-time passwords, encrypted passwords, and cryptography are used to create a strong
password and a formidable authentication source.
1. One-time Password
It is a way that is unique at every login by the user. It is a combination of two passwords that
allow the user access. The system creates a random number, and the user supplies a matching one. An
algorithm generates a random number for the system and the user, and the output is matched using a
common function.
2. Encrypted Passwords
It is also a very effective technique of authenticating access. Encrypted data is passed via the
network, which transfers and checks passwords, allowing data to pass without interruption or
interception.
3. Cryptography
It's another way to ensure that unauthorized users can't access data transferred over a network.
It aids in the data secure transmission. It introduces the concept of a key to protecting the data. The
key is crucial in this situation. When a user sends data, he encodes it using a computer that has the
key, and the receiver must decode the data with the same key. As a result, even if the data is stolen in
the middle of the process, there's a good possibility the unauthorized user won't be able to access it.