SlideShare a Scribd company logo

Protection and security of operating system

Download as PPTX, PDF
Abdullah Khosa
Abdullah Khosa

Ways to protect and secure your operating system manually. different ways to protect software and hardware in operating system.

Education
1 of 28
Group No.5 Name • Muhammad Abdullah • Sarmad Ali • Hashaam Altaf • Hanif Shah • Noman Rasool • Imran Ahmed Roll No. • 02 • 01 • 38 • 45 • 25 • 46
Topic: Protection and Security of Operating System
Muhammad Abdullah
Protection: •Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system.
Goals of Protection: •As computer systems have become more sophisticated and pervasive in their applications, the need to protect their integrity has also grown. •We need to provide protection for several reasons. The most obvious is the need to prevent the mischievous, intentional violation of an access restriction by user. • An unprotected resource cannot defend against use (or misuse) by an unauthorized or incompetent user. •The role of protection in a computer system is to provide a mechanism for the enforcement of the policies governing resource use.
Principles of Protection: •The time-tested guiding principle for protection is the Principle of least privilege. It dictates that programs, users, and even systems be given just enough privileges to perform their tasks. •An operating system following the principle of least privilege implements its features, programs, system calls, and data structures so that failure or compromise of a component does the minimum damage and allows the minimum damage to be done.
Domain of Protection: •A computer system is a collection of processes and objects. By objects, we mean both hardware objects (such as the CPU, printer) and software objects(such as files, programs). •Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations.
Domain Structures. •Each domain defines a set of objects and the types of operations that may be invoked on each object. • The ability to execute an operation on an object is an access right. •A domain can be realized in a variety of ways: •Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. •Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process.
Cont… •For example, if domain D has the access right <file F, {read, write}>, then a process executing in domain D can both read and write file F; it cannot, however, perform any other operation on that object.
Example: UNIX System: •In the UNIX operating system, a domain is associated with the user •In Unix operating system user ID’s use for identify the domain.
Hashaam Altaf
Access Matrix: •Our model of protection can be viewed abstractly as a matrix, called an Access Matrix. The column of the access matrix represent domains, and the rows represent objects. Each entry in the matrix consists of a set of access rights.
Access Control: •Access Control is to control which objects a given program can access, and in what ways. Objects are things like files, sound cards, other programs, the network, your modem etc. •When we talk about ``controlling access,'' we are really talking about four kinds of things: i) Preventing access. ii) Limiting access. iii) Granting access . iv) Revoking access.
Cont... •A good example of this is found in Solaris 10. •Solaris uses Role-based access control(RBAC) to adding the principle. •Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root user. • In conventional UNIX systems, the root user, also referred to as superuser. The root user has the ability to read and write to any file, run all programs, and send kill signals to any process.
Syed Muhammad Hanif Shah
Capability-based Systems: •In a capability-based computer system, all access to objects is done through capabilities, and capabilities provide the only means of accessing objects. In such a system, every program holds a set of capabilities. •If program A holds a capability to talk to program B, then the two programs can grant capabilities to each other. •In most capability-based systems, a program can hold an infinite number of capabilities. Such systems have tended to be slow.
Cont... •A better design allows each program to hold a fixed (and small -- like 16 or 32) number of capabilities, and provides a means for storing additional capabilities if they are needed. •Here two example are discuss •Cambridge CAP System. •Hydra
Cambridge CAP System: •The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software . •The CAP system was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities. •CAP has two kinds of capabilities. •Data Capability. •Software Capability.
Cont… •Data Capability: It can be used to provide access to objects, but the only rights provided are the standard read, write, and execute of the individual storage segments associated with the object. •Software Capability: It is a protected procedure, which may be written by an application programmer as part of a subsystem. A particular kind of rights amplification is associated with a protected procedure. When executing the code, a process temporarily acquires the right to read or write the contents of a software capability itself.
Noman Rasool
Hydra: •Hydra is a capability-based protection system that provides considerable flexibility. The system implements a fixed set of possible access rights. • In addition, a user can declare other rights. The interpretation of user-defined rights is performed by the user's program, but the system provides access protection for the use of these rights.
Language Based Protection: •As operating systems have become more complex, and particularly as they have attempted to provide higher-level user interfaces, the goals of protection have become much more refined. The designers of protection systems have drawn heavily on ideas that originated in programming languages and especially on the concepts of abstract data types and objects. •There must be a protection policy to control the access of user defined programs.
Cont… • Protection systems are now concerned not only with the identity of a resource to which access is attempted but also with the functional nature of that access. •It is usually achieved through an operating-system kernel, which acts as a security agent to inspect and validate each attempt to access a protected resource.
SECURITY • ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so. Security violation of the System can be categorized as: • Breach of Confidentiality: Unauthorized reading of data. • Breach of Integrity: Unauthorized modification of data. • Breach of Availability: Unauthorized destruction of data. • Theft of Service: Unauthorized use of resources. • Denial of service: Preventing legitimate use of the system.
Imran Ahmed
Security Measures • Physical: Both the machine rooms and the terminals or workstations that have access to the machines must be secures from physical entry. • Human: Authorization must be done carefully to ensure that only appropriate users have access to the system. • Operating System: The system must protect itself from accidental or purposeful security breaches. • Network: protection from the travel of data to private leased lines like Internet. • User Authentication: User should use some password or biometric authentications to protect the System.
Security Kernal • Responsible for implementing the security mechanisms of the entire operating system. • Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system. Program Threats: • Virus dropper inserts virus onto the system. Use backdoor to access data. • Trojan Horse: A code segment that misuses its environment is called a Trojan horse. Trap Doors: user’s access privileges code into program. • Virus: A virus is a fragment of code embedded in a legitimate programs. They can wreck havoc in a system by modifying or destroying files and causing system crashes program malfunctions.
System and Network Threats • System and network threats create situation in which operating system resources and user files are misused. • Worms: A worm is a process that uses the spawn mechanism to duplicate itself. The worm spawns copies of itself using up system resources and perhaps locking out all other processes.

Recommended

Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating SystemMeghaj Mallick
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process ConceptsMukesh Chinta
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - ProtectionWayne Jones Jnr
 

Recommended

Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating SystemMeghaj Mallick
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
OS - Process Concepts
OS - Process ConceptsOS - Process Concepts
OS - Process ConceptsMukesh Chinta
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - ProtectionWayne Jones Jnr
 
operating system lecture notes
operating system lecture notesoperating system lecture notes
operating system lecture notesAVC College of Engineering
 
Windows Security in Operating System
Windows Security in Operating SystemWindows Security in Operating System
Windows Security in Operating SystemMeghaj Mallick
 
CLIENT SERVER IN OS.ppt
CLIENT SERVER IN OS.pptCLIENT SERVER IN OS.ppt
CLIENT SERVER IN OS.pptsuman yadav
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
data replication
data replicationdata replication
data replicationHassanein Alwan
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed SystemSunita Sahu
 
System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network servicesUc Man
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer SecurityNurkholish Halim
 
Communication in Distributed Systems
Communication in Distributed SystemsCommunication in Distributed Systems
Communication in Distributed SystemsDilum Bandara
 
CPU Scheduling Algorithms
CPU Scheduling AlgorithmsCPU Scheduling Algorithms
CPU Scheduling AlgorithmsShubhashish Punj
 
System calls
System callsSystem calls
System callsBernard Senam
 
Linux file system
Linux file systemLinux file system
Linux file systemMd. Tanvir Hossain
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Inter Process Communication
Inter Process CommunicationInter Process Communication
Inter Process CommunicationAnil Kumar Pugalia
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)Open Analytics
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Ravindra Raju Kolahalam
 
Ch1 language design issue
Ch1 language design issueCh1 language design issue
Ch1 language design issueJigisha Pandya
 
11. dfs
11. dfs11. dfs
11. dfsDr Sandeep Kumar Poonia
 
Protection
ProtectionProtection
ProtectionMohanlal Sukhadia University (MLSU)
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 

More Related Content

What's hot

Windows Security in Operating System
Windows Security in Operating SystemWindows Security in Operating System
Windows Security in Operating SystemMeghaj Mallick
 
CLIENT SERVER IN OS.ppt
CLIENT SERVER IN OS.pptCLIENT SERVER IN OS.ppt
CLIENT SERVER IN OS.pptsuman yadav
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed SystemSunita Sahu
 
System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network servicesUc Man
 
Communication in Distributed Systems
Communication in Distributed SystemsCommunication in Distributed Systems
Communication in Distributed SystemsDilum Bandara
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)Open Analytics
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Ravindra Raju Kolahalam
 
Ch1 language design issue
Ch1 language design issueCh1 language design issue
Ch1 language design issueJigisha Pandya
 

What's hot (20)

operating system lecture notes
operating system lecture notesoperating system lecture notes
operating system lecture notes
 
Windows Security in Operating System
Windows Security in Operating SystemWindows Security in Operating System
Windows Security in Operating System
 
CLIENT SERVER IN OS.ppt
CLIENT SERVER IN OS.pptCLIENT SERVER IN OS.ppt
CLIENT SERVER IN OS.ppt
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
 
data replication
data replicationdata replication
data replication
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
 
System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network services
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
 
Communication in Distributed Systems
Communication in Distributed SystemsCommunication in Distributed Systems
Communication in Distributed Systems
 
CPU Scheduling Algorithms
CPU Scheduling AlgorithmsCPU Scheduling Algorithms
CPU Scheduling Algorithms
 
System calls
System callsSystem calls
System calls
 
Linux file system
Linux file systemLinux file system
Linux file system
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
Inter Process Communication
Inter Process CommunicationInter Process Communication
Inter Process Communication
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]
 
Ch1 language design issue
Ch1 language design issueCh1 language design issue
Ch1 language design issue
 
11. dfs
11. dfs11. dfs
11. dfs
 

Similar to Protection and security of operating system

Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxrahulkumarcscsf21
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hackingbegmohsin
 
Introduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratIntroduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratMary Margarat
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating SystemMeghaj Mallick
 
Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7Don Kim
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Similar to Protection and security of operating system (20)

Protection
ProtectionProtection
Protection
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating System
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Os8
Os8Os8
Os8
 
Os8
Os8Os8
Os8
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
 
Introduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratIntroduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary Margarat
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating System
 
Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Thur Venture
Thur VentureThur Venture
Thur Venture
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Regression
RegressionRegression
Regression
 

More from Abdullah Khosa

Chanel and H&M Brand Comparison.pdf
Chanel and H&M Brand Comparison.pdfChanel and H&M Brand Comparison.pdf
Chanel and H&M Brand Comparison.pdfAbdullah Khosa
 
Policy directives of federal government of pakistan for Enterprise Architecture
Policy directives of federal government of pakistan for Enterprise ArchitecturePolicy directives of federal government of pakistan for Enterprise Architecture
Policy directives of federal government of pakistan for Enterprise ArchitectureAbdullah Khosa
 
Face to Face Communication and Text Based Communication in HCI
Face to Face Communication and Text Based Communication in HCIFace to Face Communication and Text Based Communication in HCI
Face to Face Communication and Text Based Communication in HCIAbdullah Khosa
 
Cloud Artificial Intelligence services
Cloud Artificial Intelligence servicesCloud Artificial Intelligence services
Cloud Artificial Intelligence servicesAbdullah Khosa
 
Digital centralization
Digital centralizationDigital centralization
Digital centralizationAbdullah Khosa
 
Diamond water-paradox (A Theory)
Diamond water-paradox (A Theory)Diamond water-paradox (A Theory)
Diamond water-paradox (A Theory)Abdullah Khosa
 
The 5th generation (5G)
The 5th generation (5G)The 5th generation (5G)
The 5th generation (5G)Abdullah Khosa
 
Report of database of list of Pakistan international cricket stadiums
Report of database of list of Pakistan international cricket stadiumsReport of database of list of Pakistan international cricket stadiums
Report of database of list of Pakistan international cricket stadiumsAbdullah Khosa
 
Database of list of Pakistan international cricket stadiums
Database of list of Pakistan international cricket stadiumsDatabase of list of Pakistan international cricket stadiums
Database of list of Pakistan international cricket stadiumsAbdullah Khosa
 
Benefits of Search engine optimization
Benefits of Search engine optimizationBenefits of Search engine optimization
Benefits of Search engine optimizationAbdullah Khosa
 
Physical Database Design & Performance
Physical Database Design & PerformancePhysical Database Design & Performance
Physical Database Design & PerformanceAbdullah Khosa
 
Advanced Normalization
Advanced NormalizationAdvanced Normalization
Advanced NormalizationAbdullah Khosa
 
Relational Algebra & Calculus
Relational Algebra & CalculusRelational Algebra & Calculus
Relational Algebra & CalculusAbdullah Khosa
 
Advance database system(part 8)
Advance database system(part 8)Advance database system(part 8)
Advance database system(part 8)Abdullah Khosa
 
Advance database system(part 7)
Advance database system(part 7)Advance database system(part 7)
Advance database system(part 7)Abdullah Khosa
 

More from Abdullah Khosa (20)

Chanel and H&M Brand Comparison.pdf
Chanel and H&M Brand Comparison.pdfChanel and H&M Brand Comparison.pdf
Chanel and H&M Brand Comparison.pdf
 
Mycin presentation
Mycin presentationMycin presentation
Mycin presentation
 
Policy directives of federal government of pakistan for Enterprise Architecture
Policy directives of federal government of pakistan for Enterprise ArchitecturePolicy directives of federal government of pakistan for Enterprise Architecture
Policy directives of federal government of pakistan for Enterprise Architecture
 
Face to Face Communication and Text Based Communication in HCI
Face to Face Communication and Text Based Communication in HCIFace to Face Communication and Text Based Communication in HCI
Face to Face Communication and Text Based Communication in HCI
 
STRATEGIC PAY PLANS
STRATEGIC PAY PLANSSTRATEGIC PAY PLANS
STRATEGIC PAY PLANS
 
AI services in google
AI services in googleAI services in google
AI services in google
 
Cloud Artificial Intelligence services
Cloud Artificial Intelligence servicesCloud Artificial Intelligence services
Cloud Artificial Intelligence services
 
Digital centralization
Digital centralizationDigital centralization
Digital centralization
 
Diamond water-paradox (A Theory)
Diamond water-paradox (A Theory)Diamond water-paradox (A Theory)
Diamond water-paradox (A Theory)
 
The 5th generation (5G)
The 5th generation (5G)The 5th generation (5G)
The 5th generation (5G)
 
Report of database of list of Pakistan international cricket stadiums
Report of database of list of Pakistan international cricket stadiumsReport of database of list of Pakistan international cricket stadiums
Report of database of list of Pakistan international cricket stadiums
 
Database of list of Pakistan international cricket stadiums
Database of list of Pakistan international cricket stadiumsDatabase of list of Pakistan international cricket stadiums
Database of list of Pakistan international cricket stadiums
 
Attitude and behavior
Attitude and behaviorAttitude and behavior
Attitude and behavior
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Benefits of Search engine optimization
Benefits of Search engine optimizationBenefits of Search engine optimization
Benefits of Search engine optimization
 
Physical Database Design & Performance
Physical Database Design & PerformancePhysical Database Design & Performance
Physical Database Design & Performance
 
Advanced Normalization
Advanced NormalizationAdvanced Normalization
Advanced Normalization
 
Relational Algebra & Calculus
Relational Algebra & CalculusRelational Algebra & Calculus
Relational Algebra & Calculus
 
Advance database system(part 8)
Advance database system(part 8)Advance database system(part 8)
Advance database system(part 8)
 
Advance database system(part 7)
Advance database system(part 7)Advance database system(part 7)
Advance database system(part 7)
 

Recently uploaded

Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 

Recently uploaded (20)

Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 

Protection and security of operating system

  • 1. Group No.5 Name • Muhammad Abdullah • Sarmad Ali • Hashaam Altaf • Hanif Shah • Noman Rasool • Imran Ahmed Roll No. • 02 • 01 • 38 • 45 • 25 • 46
  • 2. Topic: Protection and Security of Operating System
  • 4. Protection: •Protection refers to a mechanism for controlling the access of programs, processes, or users to the resources defined by a computer system.
  • 5. Goals of Protection: •As computer systems have become more sophisticated and pervasive in their applications, the need to protect their integrity has also grown. •We need to provide protection for several reasons. The most obvious is the need to prevent the mischievous, intentional violation of an access restriction by user. • An unprotected resource cannot defend against use (or misuse) by an unauthorized or incompetent user. •The role of protection in a computer system is to provide a mechanism for the enforcement of the policies governing resource use.
  • 6. Principles of Protection: •The time-tested guiding principle for protection is the Principle of least privilege. It dictates that programs, users, and even systems be given just enough privileges to perform their tasks. •An operating system following the principle of least privilege implements its features, programs, system calls, and data structures so that failure or compromise of a component does the minimum damage and allows the minimum damage to be done.
  • 7. Domain of Protection: •A computer system is a collection of processes and objects. By objects, we mean both hardware objects (such as the CPU, printer) and software objects(such as files, programs). •Each object has a unique name that differentiates it from all other objects in the system, and each can be accessed only through well-defined and meaningful operations.
  • 8. Domain Structures. •Each domain defines a set of objects and the types of operations that may be invoked on each object. • The ability to execute an operation on an object is an access right. •A domain can be realized in a variety of ways: •Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. •Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process.
  • 9. Cont… •For example, if domain D has the access right <file F, {read, write}>, then a process executing in domain D can both read and write file F; it cannot, however, perform any other operation on that object.
  • 10. Example: UNIX System: •In the UNIX operating system, a domain is associated with the user •In Unix operating system user ID’s use for identify the domain.
  • 12. Access Matrix: •Our model of protection can be viewed abstractly as a matrix, called an Access Matrix. The column of the access matrix represent domains, and the rows represent objects. Each entry in the matrix consists of a set of access rights.
  • 13. Access Control: •Access Control is to control which objects a given program can access, and in what ways. Objects are things like files, sound cards, other programs, the network, your modem etc. •When we talk about ``controlling access,'' we are really talking about four kinds of things: i) Preventing access. ii) Limiting access. iii) Granting access . iv) Revoking access.
  • 14. Cont... •A good example of this is found in Solaris 10. •Solaris uses Role-based access control(RBAC) to adding the principle. •Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root user. • In conventional UNIX systems, the root user, also referred to as superuser. The root user has the ability to read and write to any file, run all programs, and send kill signals to any process.
  • 16. Capability-based Systems: •In a capability-based computer system, all access to objects is done through capabilities, and capabilities provide the only means of accessing objects. In such a system, every program holds a set of capabilities. •If program A holds a capability to talk to program B, then the two programs can grant capabilities to each other. •In most capability-based systems, a program can hold an infinite number of capabilities. Such systems have tended to be slow.
  • 17. Cont... •A better design allows each program to hold a fixed (and small -- like 16 or 32) number of capabilities, and provides a means for storing additional capabilities if they are needed. •Here two example are discuss •Cambridge CAP System. •Hydra
  • 18. Cambridge CAP System: •The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software . •The CAP system was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities. •CAP has two kinds of capabilities. •Data Capability. •Software Capability.
  • 19. Cont… •Data Capability: It can be used to provide access to objects, but the only rights provided are the standard read, write, and execute of the individual storage segments associated with the object. •Software Capability: It is a protected procedure, which may be written by an application programmer as part of a subsystem. A particular kind of rights amplification is associated with a protected procedure. When executing the code, a process temporarily acquires the right to read or write the contents of a software capability itself.
  • 21. Hydra: •Hydra is a capability-based protection system that provides considerable flexibility. The system implements a fixed set of possible access rights. • In addition, a user can declare other rights. The interpretation of user-defined rights is performed by the user's program, but the system provides access protection for the use of these rights.
  • 22. Language Based Protection: •As operating systems have become more complex, and particularly as they have attempted to provide higher-level user interfaces, the goals of protection have become much more refined. The designers of protection systems have drawn heavily on ideas that originated in programming languages and especially on the concepts of abstract data types and objects. •There must be a protection policy to control the access of user defined programs.
  • 23. Cont… • Protection systems are now concerned not only with the identity of a resource to which access is attempted but also with the functional nature of that access. •It is usually achieved through an operating-system kernel, which acts as a security agent to inspect and validate each attempt to access a protected resource.
  • 24. SECURITY • ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so. Security violation of the System can be categorized as: • Breach of Confidentiality: Unauthorized reading of data. • Breach of Integrity: Unauthorized modification of data. • Breach of Availability: Unauthorized destruction of data. • Theft of Service: Unauthorized use of resources. • Denial of service: Preventing legitimate use of the system.
  • 26. Security Measures • Physical: Both the machine rooms and the terminals or workstations that have access to the machines must be secures from physical entry. • Human: Authorization must be done carefully to ensure that only appropriate users have access to the system. • Operating System: The system must protect itself from accidental or purposeful security breaches. • Network: protection from the travel of data to private leased lines like Internet. • User Authentication: User should use some password or biometric authentications to protect the System.
  • 27. Security Kernal • Responsible for implementing the security mechanisms of the entire operating system. • Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system. Program Threats: • Virus dropper inserts virus onto the system. Use backdoor to access data. • Trojan Horse: A code segment that misuses its environment is called a Trojan horse. Trap Doors: user’s access privileges code into program. • Virus: A virus is a fragment of code embedded in a legitimate programs. They can wreck havoc in a system by modifying or destroying files and causing system crashes program malfunctions.
  • 28. System and Network Threats • System and network threats create situation in which operating system resources and user files are misused. • Worms: A worm is a process that uses the spawn mechanism to duplicate itself. The worm spawns copies of itself using up system resources and perhaps locking out all other processes.