Operating System Security (OS Security)

In this tutorial, you are going to learn about Operating System Security (OS Security).

“Knowledge is like a sea where and we are not even a drop of it”. To enlighten you beyond operating system and softwares, thecode11 team brings to you some information on Operating System Security.

Operating System Security (OS Security)

Security is mainly based on the three concepts or principles namely Confidentiality, Integrity and Availability.

OS security implies certain steps or procedures taken to provide complete protection to computer system resources such as CPU and memory and data/information stored in the system. It can also imply protection from threats, intruders and malicious softwares.

System Access Threats

• Intruders
• Malicious Softwares

Intruders

• Masquerader: An unauthorized user who penetrates a system’s success to exploit a legitimate user’s account.
• Misfeasor: A legitimate user who access data, programs or resources for which such access is not authorized or who is authorized for such access but misuses his/her privileges.
• Clandestine User: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection.

Malicious Softwares

• Programs that exploit a computer system. Also referred to as a malware.

It is divided into two categories:

• Parasite: Parts of programs that cannot exist independently of some system programs. Examples are - viruses, worms, etc.
• Independent: Self-contained programs that can be run by the operating system. Examples are - worms and hot programs.

Antidotes

• RFC 4949 introduced intrusion detection as a security service that monitors and analyses system events for finding, and providing real-time warning of attempts to access system resources in an unauthorized manner.
• IDS referred to as Intrusion detection systems consists of host-based IDS and network-based IDS.
• The components of IDS include Sensors, Analyzers and User interface.

Authentication

• It is referred to as the fundamental building block or primary line of defense.
• RFC 4949 which introduced intrusion detection defines user authentication as the process of verifying an identity claimed by or for a system entity.
• Authentication consists of two step process i.e. identification step which includes presenting an identifier to the security system. The second one is verification step which includes presenting or generating authentication information that binds the entity and the identifier.

An Operating System authenticates users by the following three ways:

• Username/Password: To login in to a system the user needs to enter a legitimate password.
• User Card/Key: To have access to an operating system the user needs to punch the card in the card slot or enter the valid key generated by the key generator.
• User Attribute: To access an operating system by user’s fingerprint or retina scanner.

---

This post is contributed by Divyanshu Shekhar (BTech CS, Chandigarh Engineering College). If you like TheCode11, then do follow us on Facebook, Twitter and Instagram.