Importance of Operating System Security

-

Importance of Operating System Security

 Introduction of Security:

security

In the modern age of computer networking, security has become a very important issue. The operating system must have well-designed mechanisms for protecting computer resources against potential threats like data theft, virus programs, accidental or intentional data loss, and unauthorized access. The computing resources include information stored in the system as well as memory, CPU, disks, devices, etc. Most of the information stored inside the computer system is highly valuable. Similarly, a process must be protected from improper interference by other processes.

The protection mechanisms are implemented through protection policies. The protection policies may be built into the operating system or determined by the system administrator. 

For example:

a protection policy may determine which processes are authorized to abort another process. The protection policy may determine which processes are authorized to abort another process. This mechanism is used for the safeguard of the information in the system. Authorized users are those whose unauthorized users are those who are not permitted to use the system resources.

Security Problem:

The security of a system refers to the overall problem of the system being protected. This mechanism deals with protecting policies. The difference between protection and security is;

Protecting the user's information against other authorized/unauthorized users within the system is known as protection.

Definition:

Guarding the user's information against unauthorized users outside the system is known as security.

The security of a system is violated or broken either by accidental or malicious attacks. Accidental attacks occur due to power failure, Fire, Mishandling the computer, Software errors, etc. Malicious attacks occur due to unauthorized accessing, modifying, and destructing valuable information.

Various security policies are adopted for the safeguard of the computer resources. The main objectives of the security policy are to achieve.

Secrecy: It is the act of hiding confidential information from unauthorized users.

Privacy: It is the act of limiting access to information (or computer technology) from unauthorized users.

Levels of Security:

Various levels of security are as follows;

  • Physical Security Level
  • Human Security Level
  • Network Security level

Physical Security Level:

This security level is achieved by securing the physical components of the computer system. The computers or devices that hold important information of any type or software are protected from unauthorized physical access or accidental physical loss. 

For example:

This security level may be achieved by locking the room where computers or devices are placed. Similarly, it can also be achieved by restricting the entry of only authorized users within the information system or organization. Further, different types of only authorized users within the information system or organization. Further, Different types of security devices like fire alarm systems, smoke detection systems, Fire extinguishers, access control doors, walkthrough gates, etc. are also used to implement physical security of the computer system.

Human security level:

This security level is achieved by using passwords to gain access to computer resources. This security level is violated when an intruder gets the password or security code of an authorized user. the intruder can be an unauthorized or authorized end user who can access the resources of other authorized users without receiving permission from the actual owner of the information.

Network Security Level:

This security level is achieved by protecting information to be transmitted over the network against intruders. In a network, such as the Internet, data is communicated through leased private lines and dialup lines, etc. Intruders can easily attack the data while it provides dial-up and login gates for maintaining data security over the network. Gates are verifying passwords. Similarly, the dialup gate provides the dialup login and password for gaining entry into the network using a phone line and modem.

Components of Security:

All of these latest operating systems have to provide security mechanisms to protect the resources against potential security threats. The major components of security are as follows:
  • User Aurthenticaial
  • Prevention 
  • Detection
  • Identification
  • Correction 

USER AUTHENTICATION:

A major security problem for the operating system is user authentication. Many protection schemes are based on the identity of the user associated with a process. Operating systems need some mechanisms for authenticating a user interesting in the computer system. The process of verification of the identity of a user when he/she logs in to the system is called user authentication.
Authentication allows only authorized users to access computer resources. The authentication can be achieved by using various mechanisms such as:
Using identify and password verification.
Using smart cards. 
Biometrics or Physical authentication.

Identifier and Password Verification:

The most commonly used form of authentication is to require a user to type a username and password that is assigned to him/her by the system administrator. A password is a secret word (s), which is a combination of different symbols (character, digits, or combination). Password protection is very easy to maintain and easy to understand and easy to implement. In most systems, when a user identifies himself/herself by user name (User ID), then he/she is asked for the related password. If the user name and password are entered by the user, the operating system matches this information stored in the system. When the user name and password are correct, the operating system allows the user to access the system.
Password is often used to protect the information/data stored in the system from unauthorized users. The password may be applied at:

Hardware Level:

Mostly the password is applied to the whole system, which is set to the system configuration and is stored in the CMOS.

Operating system Level:

The password is applied through the operating system. In a multiprogramming system, each user has its own identify name and password.

Application Level:

A password can be applied to the application program so that only authorized users can access a specific application. The password can also be applied to individual files or documents through the application program so that only authorized persons can read or modify the document in that application. For example, in MS-Word, we can apply a password to a document. Different passwords on a single document may be associated with different access right such as for reading and modifying documents etc.

Comments

Post a Comment

Popular posts from this blog

Modern scenario of information technology:

-
Image
The modern scenario of information technology: Introduction: Information technology (IT) is the technology that merges the computing network system with high-speed communication links carrying any kind of data in the form of text, sound, images. and videos etc. Information can be defined as the facts and figures about anything that can transfer data of any kind. i.e. The know-how about any object of the universe that exists and plays its role in any network computer system. The system is any identified and known work that accepts data/information into itself, manipulates in the shape of certain output(s), and delivery so that it becomes useful and meaningful. Modern Scenario The modern impact of computer system Information Technology has broadened the base of comput ing and communication through satellite, fiber-optic, mobile phones. Thus enhancing the implications of this shift from single isolated technologies to a unified digital convergence and enabling the computer users to experi
Read more

Deadlock Questions and Answers pdf

-
Image
Deadlock Questions and Answers pdf Define a deadlock? A process is said to be in a state of deadlock if it is waiting for a particular event (e.g. allocation of resources) that will never occur. Name four necessary conditions for Deadlock? Mutual Exclusion  Hold-and-Wait No Preempting  Circular Wait Describe the Mutual Exclusion condition for deadlock? Mutual exclusion condition indicates the locking of resources in exclusive mode, also known as a non-shareable mode. Each resource may be allocated to only one process at a time. If another process needs to use that resources, then the requesting process must wait until the resources have been released. What is the Hold-and Wait condition for deadlock? In a deadlock, each involved process holds one or more resources and waits for additional resources, which are currently being held by other processes in the system. It means that a deadlock may occur only if every involved process holds one or more resources and further needs additional r
Read more

What is the bus interconnection?

-
Image
 What is the bus interconnection? Introduction: We know that a computer consists of a CPU, Main Memory MM, and I/O unit. For data to flow between these components we need some kind of interconnections, which is another very important component of the overall computer architecture. These components are interconnected by using a set of parallel lines to transmit the data from one location to another. Each of these lines can be used to transfer a sequence of bits from one component to the other component for data transfer. Definition: Each of these lines can be used to transfer a sequence of bits for communication from one component of the computer to the other component. This set of parallel lines is called a BUS. The system interconnection is used to communicate channel. System Bus: The bus used to connect the main components of a computer to the other component is called the system bus. Generally, the purpose of computers has a 70-100 line system bus.  The system bus is divided into th
Read more