SlideShare a Scribd company logo

OPERATING SYSTEM SECURITY

R
RohitK71

OPERATING SYSTEM SECURITY

Engineering
1 of 14
Download to read offline
Operating System SECURITY
INTRODUCTION Security of a computer system is a crucial task. It is a process of ensuring confidentiality and integrity of the OS. On the other hand, this requires only adequate protection system but also consideration of external environment within which the system operates. A system is said to be secure if its resources are used and accessed as intended under all the circumstances.
SECURITY PROBLEM So, How exactly this security problem occurs ? ● In large commercial systems containing payroll or other financial data are inviting targets to thieves ● We say that a system is secure if its resources are used and accessed as intended under all circumstances. ● So, for this we must have mechanisms to make security breaches a rare occurrence rather than normal conditions.
SECURITY VIOLATIONS A security violation or infraction is any breach of security regulations, requirements, procedures or guidelines, whether or not a compromise results. Security of a system can be threatened via two violations: ● Threat: A program which has the potential to cause serious damage to the system. ● Attack: An attempt to break security and make unauthorized use of an asset. This System violations can be categorized into intentional and accidental. ● Intentional, A kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. Also known as MALICIOUS ● Accidental, on the other hand, are comparatively easier to be protected against. ○ Example: Denial of service DDoS Attack
BREACHES Security can be compromised via any of the breaches mentioned: ● Breach of confidentiality: This type of violation involves the unauthorized reading of data. ● Breach of integrity: This violation involves unauthorized modification of data. ● Breach of availability: It involves an unauthorized destruction of data. ● Theft of service: It involves an unauthorized use of resources. ● Denial of service: It involves preventing legitimate use of the system. As mentioned before, such attacks can be accidental in nature.
SECURITY SYSTEM GOALS 1. Integrity: The objects in the system mustn’t be accessed by any unauthorized user & any user not having sufficient rights should not be allowed to modify the important system files and resources. 2. Secrecy: The objects of the system must be accessible only to a limited number of authorized users. Not everyone should be able to view the system files. 3. Availability: In this kind of situation, a malware might hog the resources for itself & thus preventing the legitimate processes from accessing the system resources.
METHODS Attackers use several standard methods in their attempts to breach the security. ● One common attack is masquerading, in which the attacker pretends to be a trusted third party. A variation of this is the man-in-the-middle, in which the attacker masquerades as both ends of the conversation to two targets. ● A replay attack involves repeating a valid transmission. Sometimes this can be the entire attack, ( such as repeating a request for a money transfer ), or other times the content of the original message is replaced with malicious content.
SECURITY ATTACK ● Consider the damage that could be done if a request for authentication had a legitimate users information replaced with an unauthorized users. yet another kind of attack is the man-in-the-middle attack, in which an attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice-versa. ● In a network communication, a man-in-the-middle attack may be preceded by a session hijacking, in which an active communication session is intercepted. ● In some cases, such as a denial-of-service attack, it is preferable to prevent the attack but sufficient to detect the attack so that the counter measures can be taken. several attacks are depicted in the following diagram
SECURITY MEASURES ● There are four levels at which a system must be protected: 1. Physical - The easiest way to steal data is to pocket the backup tapes. Also, access to the root console will often give the user special privileges, such as rebooting the system as root from removable media. Even general access to terminals in a computer room offers some opportunities for an attacker. 2. Human - There is some concern that the humans who are allowed access to a system be trustworthy, and that they cannot be coerced into breaching security. ■ Phishing involves sending an innocent-looking e-mail or web site designed to fool people into revealing confidential information.. ■ Dumpster Diving involves searching the trash or other locations for passwords that are written down. ■ Password Cracking involves divining users passwords, either by watching them type in their passwords, knowing something about them like their pet's names, or simply trying all words in common dictionaries.
SECURITY MEASURES 3. Operating System - The OS must protect itself from security breaches, such as runaway processes, memory-access violations, stack overflow violations, the launching of programs with excessive privileges, and many others. 4. Network - As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system. This is a growing area of concern as wireless communications and portable devices become more and more prevalent.
DIFFERENCE BETWEEN SECURITY AND PROTECTION SECURITY ► Security grants the system access to the appropriate users only. ► External threats are involved. ► More convoluted queries are handled. ► Security illustrates that which person is granted for using the system. ► Encryption and certification mechanisms are used. PROTECTION ► While protection deals with the access to the system resources. ► Internal threats are involved. ► Simple queries are handled. ► Whereas protection determines that what files can be accessed or permeated by a special user. ► Authorization mechanism is implemented.
CONCLUSION Security at the physical and human levels, although important is for the most part beyond the scope. The security of Operating System depends on us because the more precautions we will take the more secure our Operating System will be. Security within the operating system and also in between the operating system is implemented in several ways ranging from passwords of authentication through guarding against viruses to detecting intrusions.
THANK YOU !

Recommended

Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
System security
System securitySystem security
System securityinvertis university
 

Recommended

Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
System security
System securitySystem security
System securityinvertis university
 
System security
System securitySystem security
System securitysommerville-videos
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Education
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
system Security
system Security system Security
system Security Gaurav Mishra
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009Deborah Obasogie
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system Kushagr sharma
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 

More Related Content

What's hot

Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 

What's hot (20)

System security
System securitySystem security
System security
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Application Security
Application SecurityApplication Security
Application Security
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Cia security model
Cia security modelCia security model
Cia security model
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Email security
Email securityEmail security
Email security
 
Security threats
Security threatsSecurity threats
Security threats
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
The need for security
The need for securityThe need for security
The need for security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
system Security
system Security system Security
system Security
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Protection and security
Protection and securityProtection and security
Protection and security
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
 

Similar to OPERATING SYSTEM SECURITY

System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system Kushagr sharma
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurvkarthi314
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 
Information security
Information securityInformation security
Information securityRohit Gir
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 

Similar to OPERATING SYSTEM SECURITY (20)

System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system
 
System Security
System SecuritySystem Security
System Security
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introduction
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Module 1.pptx
Module 1.pptxModule 1.pptx
Module 1.pptx
 
Information security
Information securityInformation security
Information security
 
1.pptx
1.pptx1.pptx
1.pptx
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 

More from RohitK71

VIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYVIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYRohitK71
 
Gram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellationsGram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellationsRohitK71
 
Negotiation
Negotiation Negotiation
Negotiation RohitK71
 
QUEUEING NETWORKS
QUEUEING NETWORKSQUEUEING NETWORKS
QUEUEING NETWORKSRohitK71
 
INTEGRATION TESTING
INTEGRATION TESTINGINTEGRATION TESTING
INTEGRATION TESTINGRohitK71
 
INHERITANCE
INHERITANCEINHERITANCE
INHERITANCERohitK71
 
Dbms seminar
Dbms seminarDbms seminar
Dbms seminarRohitK71
 
Cn application layer_paradigms
Cn application layer_paradigmsCn application layer_paradigms
Cn application layer_paradigmsRohitK71
 
Compiler design error handling
Compiler design error handlingCompiler design error handling
Compiler design error handlingRohitK71
 
Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)RohitK71
 
Usp message queues
Usp message queuesUsp message queues
Usp message queuesRohitK71
 

More from RohitK71 (11)

VIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYVIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGY
 
Gram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellationsGram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellations
 
Negotiation
Negotiation Negotiation
Negotiation
 
QUEUEING NETWORKS
QUEUEING NETWORKSQUEUEING NETWORKS
QUEUEING NETWORKS
 
INTEGRATION TESTING
INTEGRATION TESTINGINTEGRATION TESTING
INTEGRATION TESTING
 
INHERITANCE
INHERITANCEINHERITANCE
INHERITANCE
 
Dbms seminar
Dbms seminarDbms seminar
Dbms seminar
 
Cn application layer_paradigms
Cn application layer_paradigmsCn application layer_paradigms
Cn application layer_paradigms
 
Compiler design error handling
Compiler design error handlingCompiler design error handling
Compiler design error handling
 
Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)
 
Usp message queues
Usp message queuesUsp message queues
Usp message queues
 

Recently uploaded

Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 

Recently uploaded (20)

Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 

OPERATING SYSTEM SECURITY

  • 2. INTRODUCTION Security of a computer system is a crucial task. It is a process of ensuring confidentiality and integrity of the OS. On the other hand, this requires only adequate protection system but also consideration of external environment within which the system operates. A system is said to be secure if its resources are used and accessed as intended under all the circumstances.
  • 3. SECURITY PROBLEM So, How exactly this security problem occurs ? ● In large commercial systems containing payroll or other financial data are inviting targets to thieves ● We say that a system is secure if its resources are used and accessed as intended under all circumstances. ● So, for this we must have mechanisms to make security breaches a rare occurrence rather than normal conditions.
  • 4. SECURITY VIOLATIONS A security violation or infraction is any breach of security regulations, requirements, procedures or guidelines, whether or not a compromise results. Security of a system can be threatened via two violations: ● Threat: A program which has the potential to cause serious damage to the system. ● Attack: An attempt to break security and make unauthorized use of an asset. This System violations can be categorized into intentional and accidental. ● Intentional, A kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. Also known as MALICIOUS ● Accidental, on the other hand, are comparatively easier to be protected against. ○ Example: Denial of service DDoS Attack
  • 5. BREACHES Security can be compromised via any of the breaches mentioned: ● Breach of confidentiality: This type of violation involves the unauthorized reading of data. ● Breach of integrity: This violation involves unauthorized modification of data. ● Breach of availability: It involves an unauthorized destruction of data. ● Theft of service: It involves an unauthorized use of resources. ● Denial of service: It involves preventing legitimate use of the system. As mentioned before, such attacks can be accidental in nature.
  • 6. SECURITY SYSTEM GOALS 1. Integrity: The objects in the system mustn’t be accessed by any unauthorized user & any user not having sufficient rights should not be allowed to modify the important system files and resources. 2. Secrecy: The objects of the system must be accessible only to a limited number of authorized users. Not everyone should be able to view the system files. 3. Availability: In this kind of situation, a malware might hog the resources for itself & thus preventing the legitimate processes from accessing the system resources.
  • 7. METHODS Attackers use several standard methods in their attempts to breach the security. ● One common attack is masquerading, in which the attacker pretends to be a trusted third party. A variation of this is the man-in-the-middle, in which the attacker masquerades as both ends of the conversation to two targets. ● A replay attack involves repeating a valid transmission. Sometimes this can be the entire attack, ( such as repeating a request for a money transfer ), or other times the content of the original message is replaced with malicious content.
  • 8. SECURITY ATTACK ● Consider the damage that could be done if a request for authentication had a legitimate users information replaced with an unauthorized users. yet another kind of attack is the man-in-the-middle attack, in which an attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice-versa. ● In a network communication, a man-in-the-middle attack may be preceded by a session hijacking, in which an active communication session is intercepted. ● In some cases, such as a denial-of-service attack, it is preferable to prevent the attack but sufficient to detect the attack so that the counter measures can be taken. several attacks are depicted in the following diagram
  • 9.
  • 10. SECURITY MEASURES ● There are four levels at which a system must be protected: 1. Physical - The easiest way to steal data is to pocket the backup tapes. Also, access to the root console will often give the user special privileges, such as rebooting the system as root from removable media. Even general access to terminals in a computer room offers some opportunities for an attacker. 2. Human - There is some concern that the humans who are allowed access to a system be trustworthy, and that they cannot be coerced into breaching security. ■ Phishing involves sending an innocent-looking e-mail or web site designed to fool people into revealing confidential information.. ■ Dumpster Diving involves searching the trash or other locations for passwords that are written down. ■ Password Cracking involves divining users passwords, either by watching them type in their passwords, knowing something about them like their pet's names, or simply trying all words in common dictionaries.
  • 11. SECURITY MEASURES 3. Operating System - The OS must protect itself from security breaches, such as runaway processes, memory-access violations, stack overflow violations, the launching of programs with excessive privileges, and many others. 4. Network - As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system. This is a growing area of concern as wireless communications and portable devices become more and more prevalent.
  • 12. DIFFERENCE BETWEEN SECURITY AND PROTECTION SECURITY ► Security grants the system access to the appropriate users only. ► External threats are involved. ► More convoluted queries are handled. ► Security illustrates that which person is granted for using the system. ► Encryption and certification mechanisms are used. PROTECTION ► While protection deals with the access to the system resources. ► Internal threats are involved. ► Simple queries are handled. ► Whereas protection determines that what files can be accessed or permeated by a special user. ► Authorization mechanism is implemented.
  • 13. CONCLUSION Security at the physical and human levels, although important is for the most part beyond the scope. The security of Operating System depends on us because the more precautions we will take the more secure our Operating System will be. Security within the operating system and also in between the operating system is implemented in several ways ranging from passwords of authentication through guarding against viruses to detecting intrusions.