A system having basic kernel functions of process
and memory management ,file, i/o device and
network management functions and many other
Protection of memory and resources from any
unauthorized into the PCB or resource ,or mix up of
access of one by another becomes imperative.
Introduction to OS security
The OS security issue is a critical issue.
Each process determines whether it has a control
of a system resoure exclusively or whether it is
isolated from the other processes or whether it
shares a resource common to a set of processes.
The OS then configures when a resource is
isolated from from one process and a resource is
shared with a defined with a define set of
The OS should also have the flexibility to change
this configuration when needed, to full fill the
requirements all the process.
For example, a process has 32 memory blocks at
an instance and the OS configures the system
The OS should provide protection mechanism
and implement a system administration(s) –
defined security policy.
An application software programmer can find a
hole in the protection mechanism and an
Important security issues
Flexibility to of change.
Control resource sharing
Security policy (strategy).
OS should provide protection mechanisms
and implement a system administrator (s)
Flexibility to of change
when needed to fulfill the need
requirements of all the processes.
For example, a process has control of 32
memory blocks at an instance and the OS
configured the system accordingly. t
Later when more processes are created, this
can be reconfigured.
Controlled resource sharing
Controlling read and write of the resources
and parameters by user processes.
For example, some resources write only for
a process and some read only for a set of
Another example, memory buffer to which
one process writes at an instant till that
buffer is emptied by other process
Mechanism that restricts sharing of
parameters to a set of processes only .
Security Policy (Strategy)
Rules for authorizing access to the OS,
system and information.
A policy example is that a communication
system may having a policy of peer-to-peer
communication (connection establishment
preceding the data packets flow).
External authentication mechanism for the user
and a mechanism meant to prevent an
application run unless the user registers and the
system administrator (software) authorizes
Internal authentication for the process, and the
process should not appear (impersonate) as some
like other processes.
User authentication can become difficult if the
user disseminates password passwords or other
User or process (s) allowed to use the
system resources as per the security policy
A tool to change information to make it
unusable by any other user or process unless
without the appropriate key is used for
OS security issues are important
Protection of memory and resources from
any unauthorized and without explicit
authorization write into the PCB or
Mix up of accesses of one by
another, becomes imperative from an OS
security and protection mechanism