Chapter: Protection and Security

Objectives

 Discuss the goals and principles of protection in a modern

computer system
 Explain how protection domains combined with an access matrix
are used to specify the resources a process may access
 Examine capability and language-based protection systems
 Goals of Protection

 Process in OS must be protected from the one another.

 Protection refers to a mechanism for controlling the access of the
programs, processes or users to the resources defined by the computer
system.
 Protection improves reliability.
 Protection Mechanism determine: how some thing will be done
 Policy determine: what is to be done.
 Protection refers to a mechanism for controlling the access of
programs, processes, or users to the resources defined by a computer
system.
 This mechanism must provide a means for specifying the controls to be
imposed, together with a means of enforcement.
 Access Control

Method that determines:

 What types of access are permitted on different resources
 Under what circumstances
 By Whom
 Access Control

Access Control Model has 3 basic components:

 Subjects (S) or Domain: Represents a finite set of entities that
have access to current object.
 Subject may be: User , Process or Procedure
 Objects (O): Represents a finite set of resources that need
access.
 Object may be: H/w device ( processor, memory) Or S/W
resources ( page table, files etc)
 Rights ( R): Represents a finite set of Operations that a Subject
can perform on Object.
 Access Matrix

 Discretionary Access Control Model is represented by Access

Matrix.
 It is used to describe which users have access to what
objects or resources.
 Access Matrix consists of Rows and Columns
 Rows represent : Current Subject / Domain
 Column represent: Current Object
Discretionary Access Control/ Access Matrix

 View protection as a matrix (access matrix)

 Rows represent domains

 Columns represent objects

 Access(i, j) is the set of operations that a process

executing in Domaini can invoke on Objectj
Access Matrix
 Use of Access Matrix

 If a process in Domain Di tries to do “op” on object Oj, then

“op” must be written in the access matrix

 Can be expanded to dynamic protection

 Operations to add, delete access rights
 Special access rights:
 owner of Oi
 copy op from Oi to Oj
 control – Di can modify Dj access rights
 transfer – switch from domain Di to Dj
 Use of Access Matrix (Cont)

 Access matrix design separates mechanism from policy

 Mechanism (Method)
 Operating system provides access-matrix + rules
 Ifensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced

 Policy (Rules)
 User dictates policy
 Who can access what object and in what mode
 Implementation of Access Matrix
 There are 2 methods:
 1. Access Control Lists
 ACL can be created by dividing Access Matrix Column
Wise.
 Separate list is maintained for each domain and each object.
 It skips blank row entries in each domain.

 2. Capability List
 Can be created by dividing Access Matrix Row Wise.
 It is list of access rights that a user / domain or a process has
for a object.
 It is divided into 2 fields:
 Object Descriptor
 Access Rights
Access Matrix With Domains as Objects

Figure B
 Operation on Access Matrix Entries
 1. Copy
 It allows the access right to
be copied only within the
column (for an object)
 Ability to copy an access
right from one domain (row)
to another is denoted by
asterisk ( * )
 A process executing in
domain D2 can copy read
operation into any entry
associated with file F2
 The ability to copy rights is
denoted by an asterisk,
indicating that processes
in that domain have the
right to copy that access
within the same column
Access Matrix with Copy Rights
For example, in Figure
(a), a process executing in
domain D2 can copy the
read operation into any
entry associated with file
F2.

Hence, the access matrix

of Figure (a) can be
modified to the access
matrix shown in Figure(b).
 Operation on Access Matrix Entries
 2. Owner
 It allows addition or removal of access rights.
 If any access includes owner right then a process executing
in domain Di can add or remove any access right in entry
of that column.

 Copy and Owner allow a process to change the entry in

column.
 If access(i, j) includes the owner’s right, then a process
executing in domain Di can add and remove any right in
any entry in column j.
Access Matrix With Owner Rights
For example, in Figure (a),
domain D1 is the owner of F1
and thus can add and delete
any valid right in column F1.

Similarly, domain D2 owns F2

and F3 and thus can add and
remove
any valid right within these two
columns. Thus, the access
matrix of Figure
(a) can be modified to the
access matrix shown in Figure
(b).
 Operation on Access Matrix Entries
 3. Control Right
 Control right mechanism used to change entries in a row.
 Control right is applicable only to domain objects.
 If access( i , j ) includes control right, then a process executing in domain
Di can remove any access right from row j.
 Switch operation works for column only
 For example, suppose that, we include the control right in access(D2, D4).
Then, a process executing in domain D2 could modify domain D4, as shown.
 Operation on Access Matrix Entries
 3. Control Right

For example, suppose we include the control right in access(D2, D4). Then, a
process executing in domain D2 could modify domain D4, as shown.
 Implementation of Access Matrix
1. GLOBAL TABLE:
 Global Table consisting of a ordered set of triples <domain,
object, right set>
 Before every operation on any object in any domain, the global table is
searched for triple.
 If a triple is found, the operation is allowed to continue, otherwise,
an exception or error condition is raised.
 Drawbacks:
 Table is large. Can not be kept in the main memory. So additional I/O
is needed.

2. ACCESS LISTS FOR OBJECTS:

Each column can be implemented as an access list.
Resultant list consists of: <domain, right sets>an
 Security

 Method of protecting information stored in the system from

un-authorized access.
 Security must consider external environment of the system, and
protect it from:
 unauthorized access.
 malicious modification or destruction
 accidental introduction of inconsistency.

 Security violation can be categorized as intentional or accidental.

 Security is a measure of confidence that the integrity of a
system and its data will be preserved.
 Some Security Violations

 Breach of Confidentiality: Unauthorized reading of data. Theft of

information
 Breach of integrity: Unauthorized modification of data.
 Breach of availability: Unauthorized destruction of data/ website
defacement:
A website defacement is an attack on a website that changes the
visual appearance of the site or a webpage.
 Theft of service: Unauthorized use of resources.
 Denial of service: Send invalid data to applications or network
services, which cause abnormal termination.

Flood a computer or the entire network with traffic until a shutdown

occurs because of the overload.
 Security Measure Levels

To protect our system, we must take security measures at 4

levels:

 Physical - Secure Hardware Components

 Human – Use Passwords for protection

 Operating system – Use Valid Login and Password

 Network – Use authentication and anti-virus to protect data/

resources over the network.
 Program Threats

 Writing a program that creates a breach of security or causing a

normal process to change its behavior and create a breach is the
common goal of crackers

 Malware: A destructive program that pretend to be a gentle

application.

 A back door is a means of access to a computer program that

bypasses security mechanisms.
 Program Threats

1. Trojan horse
 A Trojan horse, or Trojan, is software that
appears to perform a desirable function for the
user, but steals information or harms the
system.

 Trojan horse is a program in which harmful code is

contained in such a way that it can get control and
do its chosen form of damage
 2. Spyware

 A software that secretly monitors the user's computing.

 Spyware is a type of malware that can be installed on computers,

and which collects small pieces of information about users without
their knowledge.

 The presence of spyware is typically hidden from the user, and

can be difficult to detect.

 Sometimes, Spywares are installed by the owner of a shared,

corporate, or public computer in order to secretly monitor other
users.
 2. Spyware

 Spyware sometimes accompanies a program that the

user has chosen to install.

 The goal of spyware is to download ads to display on

the user’s system, create pop-up browser windows
when certain sites are visited, or capture information
from the user’s system and return it to a central site.
 3. Trap Door

 The designer of a program or system might leave a

hole in the software that only designer is capable of
using. This type of security breach is called trap
door.
 For instance, the code might check for a specific user
ID or password, and it might circumvent normal
security procedures
 A clever trap door could be included in a compiler.
The compiler could generate standard object code as
well as a trap door, regardless of the source code
being compiled.
 4. VIRUS
 VIRUS: Vital Information Resource Under Seize or Very
Important Resource Under Seize

 Fragment of malicious code embedded in a genuine

program.
 designed to “infect” other programs.
 Specific to architecture, operating systems and applications.
 Needs human intervention to move from host to host.
 Needs some one to actually take that program from one
device and run it onto other device
 Does not self replicate itself
 System and Network Threats

 Program threats typically use a breakdown in the protection

mechanisms of a system to attack programs.

 System and network threats involve the abuse of services

and network connections.
 System and network threats create a situation in which
operating-system resources and user files are misused.
 1. Worms
 Self propagating.
 A worm is a process that uses the spawn mechanism to duplicate
itself. The worm spawns copies of itself, using up system resources
and perhaps locking out all other processes.

 If a device gets infected, it sends the copies of itself onto the network
to other devices.

 Sometimes more disturbing, it might go into your email, find your

contacts, sends copies of itself to all the contacts.
 2. Port Scanning
 Port scanning is not an attack but rather a means for a cracker to
detect a system’s vulnerabilities (bug) to attack.
 3. Denial of Service
 denial-of-service attacks are aimed not at gaining information or
stealing resources but rather at disrupting genuine use of a system
or facility.
 Denial-of-service attacks are generally network based.
 They fall into two categories:

1. Attacks in the first category use so many facility resources that, in

essence no useful work can be done.
2. The second category involves disrupting the network of the facility.
 Authentication

 Process of verifying the identity of user or information

 1. User Authentication
 Process of verifying the identity of user when user logs
into a computer system.

Main Objective: Allow authorized users to access the

computer.

Authentication Process consists of 2 steps:

1. Identification Step
2. Verification Step
 Measures of Authentication

 False Acceptance Ratio: % of unauthorized users

incorrectly entered the system

 False Rejection Ratio: % of authorized users that fails to

access the system due to failure of authentication.
 General Methods of Authentication

 Include a Password

 Include electronic key or smart cards

 Static Biometric – Recognition by finger print, retina or face.

 Dynamic Biometric – Recognition by Voice, Handwriting or

Typing Pattern.
 Password Verification

 Password Verification – Authentication Mechanism

 Password- a secret text that is supposed to be known only to

users.

 System allows authorized users who have valid user name and
password to access the system.