Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Protection in OS: Domain of Protection, Association, Authentication
The Operating system manages various application programs that are loaded into the memory after booting the system. The operating system offers security methods to protect the process from other processes and unauthorized access from outside resources manages the resources from both logical and physical address spaces which include CPU, internal memory, or disk area. Protection mechanisms should be provided for these resources to assure confidentiality and integrity factors. Users can directly access the applications in the operating system with the help of a Graphical user Interface or a Command Line Interface.
Protection in OS
When multiple users access resources of the operating system like CPU, memory, and disk data then securing or protecting data from other processes or external unauthorized access is a critical task. Security mechanisms are to be used to provide better protection for the data. Access to the file system containing user information can be given to a single or group of users. Based on the access privileges given to the user, he/she can use the resources to perform read, write, or execute operations.
In terms of multi-user environments, user groups should predefine the protective measures so that multiple users can access a logical space that shares some files or directories. Protection should be given for common threats that occur in the operating system like viruses, worms, Trojan horses, or any malware activities.
Below are the points listed on the importance of adding protection to the operating system −
Applying security factors could protect the data, resources, process, or program files from illegal access.
Access permissions configured to each of the files in the memory of the OS could restrict read, write, and execute access to unauthorized users.
Allows safe sharing of logical and physical address spaces to access multiple processes of the shared memory by several users.
Security policies defined by the owner of the system or administrator of the organization provide measures to protect data from harmful attacks.
Domain of Protection in OS
The computer system can be viewed as a collection of objects and processes in terms of hardware (printers, disk drives, CPU, memory space) or Software (files, semaphores, etc.) used by OS. These objects and processes are to be protected from illegal access. Access rights are defined as the domain present in each computer system that has two default parameters such as subject or object (whom to grant access) and operation (what operations are allowed) for users.
Consider an example of two domains which has two objects to a file (John: read; Bob: write, execute) this implies John can only read the file whereas Bob can perform write and execute operations. These operations of read, write, and execute can also be shared by the object in different domains and these permissions can be given by the owner of the file. Other file operations include open, close, and delete which are defined during the access permission process.
Association
Each process switches from one domain to another based on the permission or access rights specified to it. The association between process and domain can be either in static or dynamic type.
In the static approach, the domain has a fixed set of resources for its lifetime and it cannot be changed instantly when needed whereas in dynamic, processes can switch dynamically from one domain to another or create a new domain ID.
Consider an example of a domain in the Unix Operating system that has a User Id and Group Id which has access rights to perform read, write, and execute operations. So, when processes have the same Uid and Gid will have the same group of objects and permissions. Other scenarios would be switching from the user part to kernel space during a system call.
Authentication methods
Authentication is the technique of verifying the user identity compared with the authorized list of users and providing access to the resources of the system. These verification process can be possible in the following ways −
Providing strong passwords to confidential data or matching with correct username and password combination. One time password option can be configured that sends a random password each time when the user request for accessing the resources.
These passwords created for authentication purposes can be protected from hackers using an encryption algorithm to encrypt the password that is sent through the network.
Applying encryption and decryption methods using cryptographic functions where keys are used at the sender side for encryption and the same keys are to be decoded at the other end to gain access to the data, here high-end encryption algorithm has to be used with a maximum number of keys to provide an extra layer of authentication to prevent man in the middle attack.
Fingerprints, retina scans, multi-factor authentication, using cards, etc. are practical approaches to protect data against illegal access.
Conclusion
Protection of the operating system with its local or shared resources is possible by providing domain protection rights between the objects and the process associated with each other. A few methods of authentication are listed above which provide access only to authorized users.
148 Views
