Protection in OS: Domain of Protection, Association, Authentication

The Operating System manages various application programs loaded into memory after system boot. The OS provides security methods to protect processes from unauthorized access and manages resources across both logical and physical address spaces, including CPU, internal memory, and disk storage. Protection mechanisms ensure confidentiality and integrity of these critical resources.

Protection in OS

In multi-user environments, securing data from unauthorized processes and external access is essential. The OS implements access control mechanisms that define which users or processes can perform read, write, or execute operations on specific resources. Protection addresses common threats including viruses, worms, Trojan horses, and other malware.

Key Benefits of OS Protection

• Prevents unauthorized access to data, resources, processes, and program files

• Enforces file permissions to restrict read, write, and execute operations

• Enables safe sharing of memory spaces among multiple processes and users

• Implements security policies defined by system administrators

Domain of Protection

A protection domain defines the access rights that a process has to system resources. Each domain specifies a set of objects (files, memory segments, devices) and the operations (read, write, execute) that can be performed on them.

Each domain contains a list of <object, rights-set> pairs. For example, Domain A might have access to File1 with read/write permissions, while Domain B can only execute File1. This granular control ensures processes can only access resources they are authorized to use.

Association Between Process and Domain

The relationship between processes and domains can be implemented in two ways:

In Unix systems, each process has a User ID (UID) and Group ID (GID) that determine its protection domain. Processes with the same UID/GID share access rights to the same set of objects and operations.

Authentication Methods

Authentication verifies user identity before granting access to system resources. Modern systems employ multiple authentication techniques:

Password-Based Authentication

• Static passwords Traditional username/password combinations

• One-time passwords (OTP) Dynamic passwords generated for each login session

• Password encryption Cryptographic hashing protects stored passwords

Cryptographic Authentication

• Public key cryptography Uses key pairs for secure authentication

• Digital certificates Verify identity through trusted authorities

• Challenge-response protocols Prevent replay attacks

Biometric Authentication

• Fingerprint scanning Unique physical characteristics

• Retina/iris scanning Eye pattern recognition

• Multi-factor authentication (MFA) Combines multiple verification methods

Conclusion

OS protection relies on well-defined protection domains that control process access to system resources. The combination of domain-based access control and robust authentication methods ensures that only authorized users and processes can access sensitive data and system resources, maintaining system security and integrity.