Bhagyashree Barde, profile picture
Uploaded byBhagyashree Barde
PPT, PDF3,708 views

Design for security in operating system

The document discusses security mechanisms in Linux operating systems. It covers access control modules, including audit, access control, and role-based access control modules. It also discusses security models like DAC, MAC, RBAC and how they integrate with the operating system's security tag library and audit log. The principles of least privilege, separation of duties and simplicity are important to the design.

Embed presentation

Downloaded 55 times
 Types of security in system.  Theory of design for security Os.  Security hidden troubles in Linux Os.  Security policy 1.Audit module 2.Access control module 3.Role based access control module.  Architecture
 Least privilege  Efficiency  Open System  Complete coordination  Privilege separation  Simplicity
 Access control mode is simple: Access control lists and mandatory access control lists are not supported.  Security audit mechanism is insecurity Security audit mechanism of the present Linux is insecurity  Super user right is great If the password is purloined, the system will be not safe at all.
 Enforced by organizational polices or security mechanism.  Security mechanism and access control policy for os security design. 1.Audit module 2.Acess control module 3.Role based access control module.
 Invasive technology can attack the Kernel of Linux.  Linux security audit module should be designed and applied independently.  Security audit module for kernel.
Event Collect Parser Alerting Record Audit log library
 Ability to permit or deny the use of particular resource.  It manages physical ,logical or digital resources.  To advance security it adds security access control and Integrated access control sub module.
 Subject: Entity that perform action in system.  Object: Entities representing resources to which access may need to controlled .  Subject access an object must pass through Security, Integrated and Discretionary access control modules.  Subject access corresponding security tag library when it through each access control subsystems.
 It base on Bell-La padula(BLP) model.  It can operate MAC i.e Mandatory access control and DAC i.e Discretionary access control.  MAC : os provide ability to subject to access or perform some operations on subject.  When subject sends a request to an object , extract security tag of subject and object from security tag library.
  Security Labels assigned to all objects,contain two pieces of information - a classification and a category.  When a user access a resource Os checks the user's classification and categories and compares them to the properties of the object's security label. If the user's credentials match the MAC security label properties of the object access is allowed.  Examples: SE Linux, by NSA, trusted Solaris
 The control of access is based on the discretion (wish) of the owner.  Access to system resources is controlled by the operating system.  Each resource object on a DAC based system has an Access Control List (ACL).,contains a list of users and groups to which the user has permitted access.  For example, User A may provide read-only access on one of her files to User B, read and write access on the same file to User C and full control to any user belonging to Group 1.  Examples: Unix, Linux, Windows access control.
 It based on Biba Integrity model, that  describes a set of access control  rules designed to ensure data integrity.  It used to add security tag for subjects and objects.  When subject sends a request to object the Biba integrity model extract integrated attributes of subject and object from security tag library to match.
Model Access Control Owner Security Control Policy DAC Data Owner ACL. MAC Operating System Security Labels. RBAC Administrator Role/Function Positions.
Subject System call Access control model Security tag library Audit model Object Audit log library
 RBAC is access policy determined by system.  Used in applications where multilevel security requirement may exists.  Roles are created for various job function and user are assigned roles based on their qualifications.
 Role assignment : A subject can execute a transaction only if the subject has selected or been assigned a role.  Role authorization : A subject's active role must be authorized for the subject.   Transaction authorization : A subject can execute a transaction only if the transaction is authorized through the subject's role memberships
 It uses the role-based access control mechanism to control unauthorised access to patient medical information in KDIS.  permissions are not assigned to users but to the roles, thus providing great flexibility in administration and cost reduction
 Principle of least privilege  System administrator  Security administrator  Security audit administrator
 Principle of least privilege  System administrator  Security administrator  Security audit administrator
 Hence the access control module, audit module and role based access control module improve the operating system security.  The group of this three module can prevent the lost and misses of data to improve stability, processing speed of Os.
Design for security in operating system
Design for security in operating system

More Related Content

PPT
Network security and protocols
byOnline
 
PPTX
Protection and security of operating system
byAbdullah Khosa
 
PPTX
Operating system security
bySarmad Makhdoom
 
PPTX
Security & protection in operating system
byAbou Bakr Ashraf
 
PPTX
Computer security concepts
byPrachi Gulihar
 
PPT
Information Security Principles - Access Control
byidingolay
 
PPTX
Rootkits
byTharinduUdaraRanasin
 
PPTX
Distributed System - Security
byHarshana Madusanka Jayamaha
 
Network security and protocols
byOnline
 
Protection and security of operating system
byAbdullah Khosa
 
Operating system security
bySarmad Makhdoom
 
Security & protection in operating system
byAbou Bakr Ashraf
 
Computer security concepts
byPrachi Gulihar
 
Information Security Principles - Access Control
byidingolay
 
Rootkits
byTharinduUdaraRanasin
 
Distributed System - Security
byHarshana Madusanka Jayamaha
 

What's hot

PPTX
Key management and distribution
byRiya Choudhary
 
PPTX
CDMA cellular radio network
byMd. Saddam Hossain Noyon
 
PDF
Mobile Network Layer
byRahul Hada
 
PPTX
Introdution and designing a learning system
byswapnac12
 
DOCX
Crucial decisions in designing a data warehouse
byManju Rajput
 
PDF
Mobile computing (Wireless) Medium Access Control (MAC)
byJyothishmathi Institute of Technology and Science Karimnagar
 
PDF
Mobile transportlayer
byRahul Hada
 
PPTX
RPC: Remote procedure call
bySunita Sahu
 
PPT
POST’s CORRESPONDENCE PROBLEM
byRajendran
 
PPTX
Fault tolerance in distributed systems
bysumitjain2013
 
PPTX
Dynamic storage allocation techniques in Compiler design
bykunjan shah
 
PPTX
Osi security architecture in network.pptx
byVinzoCenzo
 
PPT
WAP 2.0
byRamasubbu .P
 
PPTX
Wireless network security
byVishal Agarwal
 
PPSX
Congestion avoidance in TCP
byselvakumar_b1985
 
PPT
Umts system architecture
byMidhun S
 
PPT
Types of Load distributing algorithm in Distributed System
byDHIVYADEVAKI
 
PPTX
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
byRAMESHBABU311293
 
PPTX
Control hijacking
byPrachi Gulihar
 
PPTX
Mobile transport layer - traditional TCP
byVishal Tandel
 
Key management and distribution
byRiya Choudhary
 
CDMA cellular radio network
byMd. Saddam Hossain Noyon
 
Mobile Network Layer
byRahul Hada
 
Introdution and designing a learning system
byswapnac12
 
Crucial decisions in designing a data warehouse
byManju Rajput
 
Mobile computing (Wireless) Medium Access Control (MAC)
byJyothishmathi Institute of Technology and Science Karimnagar
 
Mobile transportlayer
byRahul Hada
 
RPC: Remote procedure call
bySunita Sahu
 
POST’s CORRESPONDENCE PROBLEM
byRajendran
 
Fault tolerance in distributed systems
bysumitjain2013
 
Dynamic storage allocation techniques in Compiler design
bykunjan shah
 
Osi security architecture in network.pptx
byVinzoCenzo
 
WAP 2.0
byRamasubbu .P
 
Wireless network security
byVishal Agarwal
 
Congestion avoidance in TCP
byselvakumar_b1985
 
Umts system architecture
byMidhun S
 
Types of Load distributing algorithm in Distributed System
byDHIVYADEVAKI
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
byRAMESHBABU311293
 
Control hijacking
byPrachi Gulihar
 
Mobile transport layer - traditional TCP
byVishal Tandel
 

Viewers also liked

PDF
Immutable Infrastructure Security
byRicky Sanders
 
PPTX
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
byJack Whitsitt
 
PDF
Aspirin as a Service: Using the Cloud to Cure Security Headaches
byPriyanka Aash
 
PPT
Somerdata AROW Data Diode
bySomerdata
 
PDF
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
byVMware
 
PPT
Multimedia Data Mining using Deep Learning
byBhagyashree Barde
 
PPT
10 Multicore 07
bytimcrack
 
PPTX
Agile Vs Traditional Models
bySabir Ali Khuhro
 
DOC
Agile modeling
byFahmi Hamdani
 
PPTX
Agile Architecture and Modeling - Where are we Today
byGary Pedretti
 
PPTX
CA presentation of multicore processor
byZeeshan Aslam
 
PPSX
78 identify input and output devices
byPaul Gonzales
 
PPT
Netaji Subhashchandra Bose
byBhagyashree Barde
 
PDF
Private sector cyber resilience and the role of data diodes
byOllie Whitehouse
 
PDF
Agile Modeling
byOtavio Ferreira
 
PPT
Dma
byPiyush Rochwani
 
PPTX
Input Output Control System
byTajul Azhar Mohd Tajul Ariffin
 
PDF
Slide Deck CISSP Class Session 4
byFRSecure
 
PPTX
Spiral model
bykhuram22
 
Immutable Infrastructure Security
byRicky Sanders
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
byJack Whitsitt
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
byPriyanka Aash
 
Somerdata AROW Data Diode
bySomerdata
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
byVMware
 
Multimedia Data Mining using Deep Learning
byBhagyashree Barde
 
10 Multicore 07
bytimcrack
 
Agile Vs Traditional Models
bySabir Ali Khuhro
 
Agile modeling
byFahmi Hamdani
 
Agile Architecture and Modeling - Where are we Today
byGary Pedretti
 
CA presentation of multicore processor
byZeeshan Aslam
 
78 identify input and output devices
byPaul Gonzales
 
Netaji Subhashchandra Bose
byBhagyashree Barde
 
Private sector cyber resilience and the role of data diodes
byOllie Whitehouse
 
Agile Modeling
byOtavio Ferreira
 
Dma
byPiyush Rochwani
 
Input Output Control System
byTajul Azhar Mohd Tajul Ariffin
 
Slide Deck CISSP Class Session 4
byFRSecure
 
Spiral model
bykhuram22
 

Similar to Design for security in operating system

PPTX
Week No 13 Access Control Part 1.pptx
byXhamiiiCH
 
PPTX
Lecture-12-ACL_information_Security.pptx
byhomecooking511
 
PPT
Access control3
byAwhydot
 
PPT
Access control3
byAwhydot
 
PPT
2. access control
by7wounders
 
PPT
dos_security_final
byMichele Vincent
 
PPTX
unit 1access models _3.pptxscscsscscscsc
byzmulani8
 
PDF
Role-Based Access Control, Second Edition ( PDFDrive ).pdf
bySusmitaMahato3
 
PPT
access control configurations and principles
byAngieloBecenia1
 
PPT
OperatingSystem.ppt
byKaivanParikh
 
PPT
OperatingSystem.ppt
byRAJESHKUMARMANEPALLI
 
PPT
AccessControl.ppt
byDAKSHATAPANCHAL2
 
PPT
Access control mechanism (DAC, MAC and RBAC).ppt
byDAKSHATAPANCHAL2
 
PPTX
Least privilege, access control, operating system security
byPrachi Gulihar
 
PPTX
Chapter 7
bySeth Nurul
 
PPT
Chapter 5-Security Mechanisms and Techniques.ppt
byLina Shimelis
 
PPT
Intro To Access Controls
byHari Pudipeddi
 
PPTX
Access Control for Database Priciples IS
byerricnocteam
 
PPT
Protection and Security in Operating Systems
byvampugani
 
PPTX
Types_of_Access_Controlsggggggggggggggggg
bySaurabh846965
 
Week No 13 Access Control Part 1.pptx
byXhamiiiCH
 
Lecture-12-ACL_information_Security.pptx
byhomecooking511
 
Access control3
byAwhydot
 
Access control3
byAwhydot
 
2. access control
by7wounders
 
dos_security_final
byMichele Vincent
 
unit 1access models _3.pptxscscsscscscsc
byzmulani8
 
Role-Based Access Control, Second Edition ( PDFDrive ).pdf
bySusmitaMahato3
 
access control configurations and principles
byAngieloBecenia1
 
OperatingSystem.ppt
byKaivanParikh
 
OperatingSystem.ppt
byRAJESHKUMARMANEPALLI
 
AccessControl.ppt
byDAKSHATAPANCHAL2
 
Access control mechanism (DAC, MAC and RBAC).ppt
byDAKSHATAPANCHAL2
 
Least privilege, access control, operating system security
byPrachi Gulihar
 
Chapter 7
bySeth Nurul
 
Chapter 5-Security Mechanisms and Techniques.ppt
byLina Shimelis
 
Intro To Access Controls
byHari Pudipeddi
 
Access Control for Database Priciples IS
byerricnocteam
 
Protection and Security in Operating Systems
byvampugani
 
Types_of_Access_Controlsggggggggggggggggg
bySaurabh846965
 

Recently uploaded

PPTX
Filtration-slow sand filtration and rapid sand filtration.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PDF
Reality Check Deploying Computer Vision and LLMs at the Edge
byICS
 
PPTX
TechSprint WinterHack || After an intense hackathon filled with creativity, ...
bybajpaitusharoffon678
 
PDF
ERTMS-conference-WS8_Presentations_v0.pdf
byEduardo147194
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 2.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
PPTX
Group-3-Ethics - Freedom as foundation for moral acts
byCharlsCasquejo2
 
PDF
JVM in the Age of AI: 2026 Edition - Deep Dive
byArtur Skowroński
 
PDF
Earths-Structure-and-Composition_20260127_110958_0000.pdf
byabdurasabarfaki
 
PDF
10 Tips for Successfully Purchasing Twitter Accounts.pdf
bymarketing
 
PDF
(en/zhTW)All_Roads_Lead_to_IPC_DannyJiang
byDanny Jiang
 
PDF
Process Scheduling Scheduling Queue, Types of Sheduler
bySanjay Gunjal
 
PPTX
M1 - HPE Alletra Storage MP B10000 - presenter.pptx
byThanhBnhNguyn92
 
PPTX
Applications of cloud computing in education
byhatimunwala5
 
PPTX
MicroAccelerometers & microfluidics.pptx
byThamizhvani TR
 
PPTX
Unit-2: Network Models--OSI Reference Model, TCP/IP Reference Model
bySuvarnaSharma5
 
PPTX
CHAPTER 13 - NUCLEI - CLASS XII PHYSICS 2025-26
bybhavaneeth1
 
PDF
Chip Designer's Code - Linux Terminal Part 7.1 - Text Processing
byAmr Adel
 
PPTX
TRICKLING FILTER PROCESS FOR WASTEWATER TREATMENT.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PDF
TRUSTWORTHY AI: BUILDING SAFE AND ETHICAL MACHINE LEARNING SYSTEMS
byAdri Jovin
 
PDF
Steel - - Welded Connections.pdf By ER. Gurmeet Singh GCET JAMMU gurmeet.b.t...
byEr. Gurmeet Singh
 
Filtration-slow sand filtration and rapid sand filtration.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Reality Check Deploying Computer Vision and LLMs at the Edge
byICS
 
TechSprint WinterHack || After an intense hackathon filled with creativity, ...
bybajpaitusharoffon678
 
ERTMS-conference-WS8_Presentations_v0.pdf
byEduardo147194
 
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 2.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
Group-3-Ethics - Freedom as foundation for moral acts
byCharlsCasquejo2
 
JVM in the Age of AI: 2026 Edition - Deep Dive
byArtur Skowroński
 
Earths-Structure-and-Composition_20260127_110958_0000.pdf
byabdurasabarfaki
 
10 Tips for Successfully Purchasing Twitter Accounts.pdf
bymarketing
 
(en/zhTW)All_Roads_Lead_to_IPC_DannyJiang
byDanny Jiang
 
Process Scheduling Scheduling Queue, Types of Sheduler
bySanjay Gunjal
 
M1 - HPE Alletra Storage MP B10000 - presenter.pptx
byThanhBnhNguyn92
 
Applications of cloud computing in education
byhatimunwala5
 
MicroAccelerometers & microfluidics.pptx
byThamizhvani TR
 
Unit-2: Network Models--OSI Reference Model, TCP/IP Reference Model
bySuvarnaSharma5
 
CHAPTER 13 - NUCLEI - CLASS XII PHYSICS 2025-26
bybhavaneeth1
 
Chip Designer's Code - Linux Terminal Part 7.1 - Text Processing
byAmr Adel
 
TRICKLING FILTER PROCESS FOR WASTEWATER TREATMENT.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
TRUSTWORTHY AI: BUILDING SAFE AND ETHICAL MACHINE LEARNING SYSTEMS
byAdri Jovin
 
Steel - - Welded Connections.pdf By ER. Gurmeet Singh GCET JAMMU gurmeet.b.t...
byEr. Gurmeet Singh
 

Design for security in operating system

  • 2.
     Types ofsecurity in system.  Theory of design for security Os.  Security hidden troubles in Linux Os.  Security policy 1.Audit module 2.Access control module 3.Role based access control module.  Architecture
  • 3.
     Least privilege Efficiency  Open System  Complete coordination  Privilege separation  Simplicity
  • 4.
     Access controlmode is simple: Access control lists and mandatory access control lists are not supported.  Security audit mechanism is insecurity Security audit mechanism of the present Linux is insecurity  Super user right is great If the password is purloined, the system will be not safe at all.
  • 5.
     Enforced byorganizational polices or security mechanism.  Security mechanism and access control policy for os security design. 1.Audit module 2.Acess control module 3.Role based access control module.
  • 6.
     Invasive technologycan attack the Kernel of Linux.  Linux security audit module should be designed and applied independently.  Security audit module for kernel.
  • 7.
    Event Collect ParserAlerting Record Audit log library
  • 8.
     Ability topermit or deny the use of particular resource.  It manages physical ,logical or digital resources.  To advance security it adds security access control and Integrated access control sub module.
  • 10.
     Subject: Entitythat perform action in system.  Object: Entities representing resources to which access may need to controlled .  Subject access an object must pass through Security, Integrated and Discretionary access control modules.  Subject access corresponding security tag library when it through each access control subsystems.
  • 11.
     It baseon Bell-La padula(BLP) model.  It can operate MAC i.e Mandatory access control and DAC i.e Discretionary access control.  MAC : os provide ability to subject to access or perform some operations on subject.  When subject sends a request to an object , extract security tag of subject and object from security tag library.
  • 12.
      Security Labelsassigned to all objects,contain two pieces of information - a classification and a category.  When a user access a resource Os checks the user's classification and categories and compares them to the properties of the object's security label. If the user's credentials match the MAC security label properties of the object access is allowed.  Examples: SE Linux, by NSA, trusted Solaris
  • 13.
     The controlof access is based on the discretion (wish) of the owner.  Access to system resources is controlled by the operating system.  Each resource object on a DAC based system has an Access Control List (ACL).,contains a list of users and groups to which the user has permitted access.  For example, User A may provide read-only access on one of her files to User B, read and write access on the same file to User C and full control to any user belonging to Group 1.  Examples: Unix, Linux, Windows access control.
  • 14.
     It basedon Biba Integrity model, that  describes a set of access control  rules designed to ensure data integrity.  It used to add security tag for subjects and objects.  When subject sends a request to object the Biba integrity model extract integrated attributes of subject and object from security tag library to match.
  • 15.
    Model Access ControlOwner Security Control Policy DAC Data Owner ACL. MAC Operating System Security Labels. RBAC Administrator Role/Function Positions.
  • 16.
    Subject System call Access control model Securitytag library Audit model Object Audit log library
  • 17.
     RBAC isaccess policy determined by system.  Used in applications where multilevel security requirement may exists.  Roles are created for various job function and user are assigned roles based on their qualifications.
  • 18.
     Role assignment: A subject can execute a transaction only if the subject has selected or been assigned a role.  Role authorization : A subject's active role must be authorized for the subject.   Transaction authorization : A subject can execute a transaction only if the transaction is authorized through the subject's role memberships
  • 19.
     It usesthe role-based access control mechanism to control unauthorised access to patient medical information in KDIS.  permissions are not assigned to users but to the roles, thus providing great flexibility in administration and cost reduction
  • 22.
     Principle ofleast privilege  System administrator  Security administrator  Security audit administrator
  • 23.
     Principle ofleast privilege  System administrator  Security administrator  Security audit administrator
  • 24.
     Hence theaccess control module, audit module and role based access control module improve the operating system security.  The group of this three module can prevent the lost and misses of data to improve stability, processing speed of Os.