SlideShare a Scribd company logo

Protection and security

Download as PPTX, PDF
M
mbadhi

1. Protection and security are mechanisms used in operating systems to control access to resources and safeguard them from threats. Protection focuses on internal threats while security addresses external threats. 2. Protection involves setting and changing access permissions for resources and checking access for users. Security involves authenticating users, adding/removing them, and using anti-malware software to protect from external threats. 3. A security model like the access matrix model defines the set of subjects, objects, and access rules to represent an organization's security policy for controlling access between users and resources.

Technology
1 of 29
Protection and Security GROUP 7
members OPULOT PHILIP.A NANTEGE BRIDGET NJAWEZI EZEKIEL NYUMBI SHARRIFU MBADHI BARNABAS OMOIT ANDREW
Protection Definitions • Protection: It refers to a mechanisim for controling the access of programs, processes, or users to the resouces defined by an Operating system. it involves guarding a user's data and programs against interference by other authorized users of the system.
Why we need protection -to prevent mischievous -to prevent intential violation of an access restriction by a user -to ensure that each program component active in a system uses system resources only in ways consistent with stated polices
Advantages of protection. - It allows safe sharing of a common logical address space or common physical address space. Considering the logical address space, if there is a directory of files that has to be shared among multiple users, the protection techniques help to accomplish safe sharing. Considering the physical address space, multiple users can have access to the memory. - it also provides fair and reliable resource usage.
Goals of Protection Operating system consists of a collection of objects (hardware or software). Each object has a unique name and can be accessed through a well-defined set of operations. Protection problem – to ensure that each object is accessed correctly and only by those processes that are allowed to do so.
FACETS TO PROTECTION OF INFORMATION There are two facets to protection of information: - SECRECY; it implise that only authorised users should be able to access information - PRIVACY; implises that informtion should be used only for the purpose(s) for which it is intended and shared :- Operating sytems focus on guaranteeing secrecy of information and leaves the issuse of privacy to the users and their processes.
Security Definitions Security: It refers to providing protection to computer system resouces such as CPU(Central Processing Unit), memory, Disk, software programs it involves guarding a user's data and programs against interference by external entities. eg unauthorized persons.
Security Attributes Security is defined by three attributes: confidentiality, integrity, and availability. Confidentiality is the prevention of unauthorized modification of information and resources. Integrity is the prevention of unauthorized users. Availability is the prevention of unauthorized withholding of information or resources.
Reasons for taking security measures - To prevent loss of data - To prevent corruption of data - To prevent compromise of data - To prevent theft of data - To prevent sabotage
Security Threats The external threats can be of two types as direct threats and indirect threats. A direct threat is an attack on the system from a hacker or a disgruntled insider. An indirect threat is a random attack such as a computer virus, worm, Trojan horse, etc.
Intruders Intruders and viruses are the two most publicized security threats. We identify three classes of intruders: A masquerador is an unauthorized individual (an outsider) who penetrates a system to exploit legitimate users’ accounts. A misfeasor is a legitimate user (an insider) who accesses resources to which they are not privileged, or who abuses such privilege. A clandestine user is an individual (an insider or an outsider) who seizes control of a system to evade auditing controls, or to suppress audit collection.
Malicious Software(program threats) The most sophisticated threats to computer systems are through malicious software, sometimes called malware. Malware attempts to cause damage to, or consume the resources of, a target system. Malware can be divided into programs that can operate independently, and those that need a host program; and also into programs that can replicate themselves, and those that cannot. A trap door is a secret entry point into a program, often left by the program’s developers, or sometimes delivered via a software update. A logic bomb is code embedded in a program that ”explodes” when certain conditions are met, e.g. a certain date or the presence of certain files or users. Logic bombs also often originate with the developers of the software. A Trojan horse is a useful (or apparently useful) program that contains hidden code to perform some unwanted or harmful function.
A virus is a program that can ”infect” other programs by modification, as well as causing local damage. Such modification includes a copy of the virus, which can then spread further to other programs. A worm is an independent program that spreads via network connections, typically using either email, remote execution, or remote login to deliver or execute a copy of itself to or on another system, as well as causing local damage. A zombie is an independent program that secretly takes over a system and uses that system to launch attacks on other systems, thus concealing the original instigator. Such attacks often involve further replication of the zombie itself. Zombies are often used in denial-of-service attacks.
Authenitcation Goal of authentication: Reasonable assurance that anyone who attempts to access a system or a network is a legitmate user Three mechanisms include;- -Password(patterns or pin) - Physical token or an artifact eg. Swipe cards -Biometric measures eg.finger prints,facerecogintion etc
Assets and their Vulnerabilities I.Hardware is mainly vulnerable to interruption, either by theft or by vandalism. Physical security measures are used to prevent these attacks. II.Software is also vulnerable to interruption, as it is very easy to delete. Backups are used to limit the damage caused by deletion. Modification or fabrication through alteration (e.g. by viruses) is a major problem, as it can be hard to spot quickly. Software is also vulnerable to interception through unauthorized copying: this problem is still largely unsolved.
III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences.
III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences. IV.Communications are vulnerable to all types of threats. Passive attacks take the form of eaves dropping, and fall into two categories: reading the contents of a message, or more subtly, analyzing patterns of traffic to infer the nature of even secure messages. Passive attacks are hard to detect, so the emphasis is usually on prevention. Active attacks involve modification of a data stream, or creation of a false data stream. One entity may masquerade as another (presumably one with more or different privileges), maybe by capturing and replaying an authentication sequence. Replay is a similar attack, usually on data. Message contents may also be modified, often to induce incorrect behaviour in other users. Denial of service attacks aim to inhibit the normal use of communication facilities. Active attacks are hard to prevent (entirely), so the emphasis is usually on detection and damage control.
V.Protection Muti-programming involves the sharing of many resources, including processor, memory, I/O devices, programs, and data. Protection of such resources runs along the following spectrum: - No protection may be adequate e.g. if sensitive procedures are run at separate times. - Isolation implies that entities operate separately from each other in the physical sense. - Share all or nothing implies that an object is either totally private or totally public. - Share via access limitation implies that different entities enjoy different levels of access to an object, at the gift of the owner. The Operating System acts as a guard between entities and objects to enforce correct access. - Share via dynamic capabilities extends the former to allow rights to be varied dynamically. - Limit use of an object implies that not only is access to the object controlled, the use to which it may be put also varies across entities. The above spectrum is listed roughly in order of increasing fineness of control for owners, and also increasing difficulty of implementation.
Computer protection and security mechanisms provided by an operating system must address the following requirements: 1.Confidentiality : (or privacy) the requirement that information maintained by a computer system be accessible only by authorized parties (users and the processes that run as/represent those users). Interception occurs when an unauthorized party gains access to a resource; examples include illicit file copying and the invocation of programs. 2.Integrity: the requirement that a computer system’s resources can be modified only by authorized parties. Modification occurs when an unauthorized party not only gains access to but changes a resource such as data or the execution of a running process. 3.Availability: the requirement that a computer system be accessible at required times by authorized parties. Interruption occurs when an unauthorized party reduces the availability of or to a resource. 4.Authenticity: the requirement that a computer system can verify the identity of a user. Fabrication occurs when an unauthorized party inserts counterfeit data amongst valid data.
Protection and Security Design Principles Least privilege: Every object (users and their processes) should work within a minimal set of privileges; access rights should be obtained by explicit request, and the default level of access should be “none”. Economy of mechanisms: security mechanisms should be as small and simple as possible, aiding in their verification. This implies that they should be integral to an operating system’s design, and not an afterthought. Acceptability: security mechanisms must at the same time be robust yet non-intrusive. An intrusive mechanism is likely to be counter-productive and avoided by users, if possible. Complete: Mechanisms must be pervasive and access control checked during all operations — including the tasks of backup and maintenance. Open design: An operating system’s security should not remain secret, nor be provided by stealth. Open mechanisms are subject to scrutiny, review, and continued refinement.
Security and protection: Policies and Mechanisms Security policy -Specify whether a person can become a user of the system. This funtion is performed by the system adimistrator mechanisms Add or delete usersVerify whether a person is an autherised user Protection policy -Specify whether a user can access a specific file. The owner of a file performs this function while creating it mechanisms Set or change protection of informantion for a fileChecks whether a file can be accessed by a user
Security models. Security models can be discretionary or mandatory - Discretionary Holders of right can be allowed to transfer them at their discretion - Mandatory Only designated roles are allowed to grant right and user connot transfer them
Consists of three principal componets -A set of passive object,(files, terminals,devices and other entities) -A set of active subjects, which may manipulate the object. -A set of rules governing the manipulation of objects by subjects -Access matrix Model Objects Subjects File 1 File 2 File 3 User 1 r,w r r,w,x User 2 r r r,w,x User 3 r,w,x r,w r,w,x
- Role Based Acces control - Enforces access controls depending upon a user role(s) -Roles represent specific Organistion duties and are commonly mapped to job titles, for example.Adimistrator, Developer etc
- Take Grant Model - This model use graphs to model access control - The graph structure can be represented as an adjancency matrix and labels on the arcs can be coded as different values in the matrix., Nodes in the graph are of two types, one crosseponding to subject and other to object. The possible access rights are read(r), write(w), take(t) and grant(g)
Security policy verses security model - Security policy Outlines several high level points, how the data is accessed, the amount of security requried and what are the steps when these requirement are not met - Security model The mechanism to support the security policy, these involves in the design of the security system
PROTECTION VERSES SECURITY Protection Security By difintion - a method used in operating systems that manages threats with the system to maintain the proper functioning of the system - a method used in operating systems that handles the threats from outside of the system Main focus - focuses on internal threats of the systems - focuses on external threats to the systems By functionality - provides a mechanism for controlling the access to programs, processes and user resources - provides a mechanism to safe guard the system resources and user resources from external users By mechanism - involves mechanism such as setting or changing protection information of a resource and checking whether that resource is accessible by a user - involves mechanisms such as adding, deleting users, verifying whether a specific user is authorised, using anti-malware software.etc
END THANK YOU

Recommended

Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Os security issues
Os security issuesOs security issues
Os security issues
JOLLUSUDARSHANREDDY
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
Abdullah Khosa
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systems
vampugani
 
Program security
Program securityProgram security
Program security
G Prachi
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
 

Recommended

Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Os security issues
Os security issuesOs security issues
Os security issues
JOLLUSUDARSHANREDDY
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
Abdullah Khosa
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systems
vampugani
 
Program security
Program securityProgram security
Program security
G Prachi
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating System
Meghaj Mallick
 
Operating System Process Synchronization
Operating System Process SynchronizationOperating System Process Synchronization
Operating System Process Synchronization
Haziq Naeem
 
system Security
system Security system Security
system Security
Gaurav Mishra
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
RohitK71
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
What is malware
What is malwareWhat is malware
What is malware
Malcolm York
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Concurrency Control in Distributed Database.
Concurrency Control in Distributed Database.Concurrency Control in Distributed Database.
Concurrency Control in Distributed Database.
Meghaj Mallick
 
System calls
System callsSystem calls
System calls
Bernard Senam
 
Paging and segmentation
Paging and segmentationPaging and segmentation
Paging and segmentation
Piyush Rochwani
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Program Threats
Program ThreatsProgram Threats
Program Threats
guestab0ee0
 
Goals of protection
Goals of protectionGoals of protection
Goals of protection
veena ali
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 

More Related Content

What's hot

Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating System
Meghaj Mallick
 
Operating System Process Synchronization
Operating System Process SynchronizationOperating System Process Synchronization
Operating System Process Synchronization
Haziq Naeem
 
system Security
system Security system Security
system Security
Gaurav Mishra
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
RohitK71
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
What is malware
What is malwareWhat is malware
What is malware
Malcolm York
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Concurrency Control in Distributed Database.
Concurrency Control in Distributed Database.Concurrency Control in Distributed Database.
Concurrency Control in Distributed Database.
Meghaj Mallick
 
System calls
System callsSystem calls
System calls
Bernard Senam
 
Paging and segmentation
Paging and segmentationPaging and segmentation
Paging and segmentation
Piyush Rochwani
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Program Threats
Program ThreatsProgram Threats
Program Threats
guestab0ee0
 
Goals of protection
Goals of protectionGoals of protection
Goals of protection
veena ali
 

What's hot (20)

Network attacks
Network attacksNetwork attacks
Network attacks
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating System
 
Operating System Process Synchronization
Operating System Process SynchronizationOperating System Process Synchronization
Operating System Process Synchronization
 
system Security
system Security system Security
system Security
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
Cia security model
Cia security modelCia security model
Cia security model
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
What is malware
What is malwareWhat is malware
What is malware
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Concurrency Control in Distributed Database.
Concurrency Control in Distributed Database.Concurrency Control in Distributed Database.
Concurrency Control in Distributed Database.
 
System calls
System callsSystem calls
System calls
 
Paging and segmentation
Paging and segmentationPaging and segmentation
Paging and segmentation
 
Firewalls
FirewallsFirewalls
Firewalls
 
Malware and security
Malware and securityMalware and security
Malware and security
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
Goals of protection
Goals of protectionGoals of protection
Goals of protection
 

Similar to Protection and security

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
 
System Security
System SecuritySystem Security
System Security
Reddhi Basu
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
Manoj VNV
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
Argie242424
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
Is4560
Is4560Is4560
Is4560
Tara Hardin
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
ManassahIjudigal
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system
Kushagr sharma
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 

Similar to Protection and security (20)

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
Computer security
Computer securityComputer security
Computer security
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 
System Security
System SecuritySystem Security
System Security
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
I0516064
I0516064I0516064
I0516064
 
Is4560
Is4560Is4560
Is4560
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 

Protection and security

  • 2. members OPULOT PHILIP.A NANTEGE BRIDGET NJAWEZI EZEKIEL NYUMBI SHARRIFU MBADHI BARNABAS OMOIT ANDREW
  • 3. Protection Definitions • Protection: It refers to a mechanisim for controling the access of programs, processes, or users to the resouces defined by an Operating system. it involves guarding a user's data and programs against interference by other authorized users of the system.
  • 4. Why we need protection -to prevent mischievous -to prevent intential violation of an access restriction by a user -to ensure that each program component active in a system uses system resources only in ways consistent with stated polices
  • 5. Advantages of protection. - It allows safe sharing of a common logical address space or common physical address space. Considering the logical address space, if there is a directory of files that has to be shared among multiple users, the protection techniques help to accomplish safe sharing. Considering the physical address space, multiple users can have access to the memory. - it also provides fair and reliable resource usage.
  • 6. Goals of Protection Operating system consists of a collection of objects (hardware or software). Each object has a unique name and can be accessed through a well-defined set of operations. Protection problem – to ensure that each object is accessed correctly and only by those processes that are allowed to do so.
  • 7. FACETS TO PROTECTION OF INFORMATION There are two facets to protection of information: - SECRECY; it implise that only authorised users should be able to access information - PRIVACY; implises that informtion should be used only for the purpose(s) for which it is intended and shared :- Operating sytems focus on guaranteeing secrecy of information and leaves the issuse of privacy to the users and their processes.
  • 8. Security Definitions Security: It refers to providing protection to computer system resouces such as CPU(Central Processing Unit), memory, Disk, software programs it involves guarding a user's data and programs against interference by external entities. eg unauthorized persons.
  • 9. Security Attributes Security is defined by three attributes: confidentiality, integrity, and availability. Confidentiality is the prevention of unauthorized modification of information and resources. Integrity is the prevention of unauthorized users. Availability is the prevention of unauthorized withholding of information or resources.
  • 10. Reasons for taking security measures - To prevent loss of data - To prevent corruption of data - To prevent compromise of data - To prevent theft of data - To prevent sabotage
  • 11. Security Threats The external threats can be of two types as direct threats and indirect threats. A direct threat is an attack on the system from a hacker or a disgruntled insider. An indirect threat is a random attack such as a computer virus, worm, Trojan horse, etc.
  • 12. Intruders Intruders and viruses are the two most publicized security threats. We identify three classes of intruders: A masquerador is an unauthorized individual (an outsider) who penetrates a system to exploit legitimate users’ accounts. A misfeasor is a legitimate user (an insider) who accesses resources to which they are not privileged, or who abuses such privilege. A clandestine user is an individual (an insider or an outsider) who seizes control of a system to evade auditing controls, or to suppress audit collection.
  • 13. Malicious Software(program threats) The most sophisticated threats to computer systems are through malicious software, sometimes called malware. Malware attempts to cause damage to, or consume the resources of, a target system. Malware can be divided into programs that can operate independently, and those that need a host program; and also into programs that can replicate themselves, and those that cannot. A trap door is a secret entry point into a program, often left by the program’s developers, or sometimes delivered via a software update. A logic bomb is code embedded in a program that ”explodes” when certain conditions are met, e.g. a certain date or the presence of certain files or users. Logic bombs also often originate with the developers of the software. A Trojan horse is a useful (or apparently useful) program that contains hidden code to perform some unwanted or harmful function.
  • 14. A virus is a program that can ”infect” other programs by modification, as well as causing local damage. Such modification includes a copy of the virus, which can then spread further to other programs. A worm is an independent program that spreads via network connections, typically using either email, remote execution, or remote login to deliver or execute a copy of itself to or on another system, as well as causing local damage. A zombie is an independent program that secretly takes over a system and uses that system to launch attacks on other systems, thus concealing the original instigator. Such attacks often involve further replication of the zombie itself. Zombies are often used in denial-of-service attacks.
  • 15. Authenitcation Goal of authentication: Reasonable assurance that anyone who attempts to access a system or a network is a legitmate user Three mechanisms include;- -Password(patterns or pin) - Physical token or an artifact eg. Swipe cards -Biometric measures eg.finger prints,facerecogintion etc
  • 16. Assets and their Vulnerabilities I.Hardware is mainly vulnerable to interruption, either by theft or by vandalism. Physical security measures are used to prevent these attacks. II.Software is also vulnerable to interruption, as it is very easy to delete. Backups are used to limit the damage caused by deletion. Modification or fabrication through alteration (e.g. by viruses) is a major problem, as it can be hard to spot quickly. Software is also vulnerable to interception through unauthorized copying: this problem is still largely unsolved.
  • 17. III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences.
  • 18. III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences. IV.Communications are vulnerable to all types of threats. Passive attacks take the form of eaves dropping, and fall into two categories: reading the contents of a message, or more subtly, analyzing patterns of traffic to infer the nature of even secure messages. Passive attacks are hard to detect, so the emphasis is usually on prevention. Active attacks involve modification of a data stream, or creation of a false data stream. One entity may masquerade as another (presumably one with more or different privileges), maybe by capturing and replaying an authentication sequence. Replay is a similar attack, usually on data. Message contents may also be modified, often to induce incorrect behaviour in other users. Denial of service attacks aim to inhibit the normal use of communication facilities. Active attacks are hard to prevent (entirely), so the emphasis is usually on detection and damage control.
  • 19. V.Protection Muti-programming involves the sharing of many resources, including processor, memory, I/O devices, programs, and data. Protection of such resources runs along the following spectrum: - No protection may be adequate e.g. if sensitive procedures are run at separate times. - Isolation implies that entities operate separately from each other in the physical sense. - Share all or nothing implies that an object is either totally private or totally public. - Share via access limitation implies that different entities enjoy different levels of access to an object, at the gift of the owner. The Operating System acts as a guard between entities and objects to enforce correct access. - Share via dynamic capabilities extends the former to allow rights to be varied dynamically. - Limit use of an object implies that not only is access to the object controlled, the use to which it may be put also varies across entities. The above spectrum is listed roughly in order of increasing fineness of control for owners, and also increasing difficulty of implementation.
  • 20. Computer protection and security mechanisms provided by an operating system must address the following requirements: 1.Confidentiality : (or privacy) the requirement that information maintained by a computer system be accessible only by authorized parties (users and the processes that run as/represent those users). Interception occurs when an unauthorized party gains access to a resource; examples include illicit file copying and the invocation of programs. 2.Integrity: the requirement that a computer system’s resources can be modified only by authorized parties. Modification occurs when an unauthorized party not only gains access to but changes a resource such as data or the execution of a running process. 3.Availability: the requirement that a computer system be accessible at required times by authorized parties. Interruption occurs when an unauthorized party reduces the availability of or to a resource. 4.Authenticity: the requirement that a computer system can verify the identity of a user. Fabrication occurs when an unauthorized party inserts counterfeit data amongst valid data.
  • 21. Protection and Security Design Principles Least privilege: Every object (users and their processes) should work within a minimal set of privileges; access rights should be obtained by explicit request, and the default level of access should be “none”. Economy of mechanisms: security mechanisms should be as small and simple as possible, aiding in their verification. This implies that they should be integral to an operating system’s design, and not an afterthought. Acceptability: security mechanisms must at the same time be robust yet non-intrusive. An intrusive mechanism is likely to be counter-productive and avoided by users, if possible. Complete: Mechanisms must be pervasive and access control checked during all operations — including the tasks of backup and maintenance. Open design: An operating system’s security should not remain secret, nor be provided by stealth. Open mechanisms are subject to scrutiny, review, and continued refinement.
  • 22. Security and protection: Policies and Mechanisms Security policy -Specify whether a person can become a user of the system. This funtion is performed by the system adimistrator mechanisms Add or delete usersVerify whether a person is an autherised user Protection policy -Specify whether a user can access a specific file. The owner of a file performs this function while creating it mechanisms Set or change protection of informantion for a fileChecks whether a file can be accessed by a user
  • 23. Security models. Security models can be discretionary or mandatory - Discretionary Holders of right can be allowed to transfer them at their discretion - Mandatory Only designated roles are allowed to grant right and user connot transfer them
  • 24. Consists of three principal componets -A set of passive object,(files, terminals,devices and other entities) -A set of active subjects, which may manipulate the object. -A set of rules governing the manipulation of objects by subjects -Access matrix Model Objects Subjects File 1 File 2 File 3 User 1 r,w r r,w,x User 2 r r r,w,x User 3 r,w,x r,w r,w,x
  • 25. - Role Based Acces control - Enforces access controls depending upon a user role(s) -Roles represent specific Organistion duties and are commonly mapped to job titles, for example.Adimistrator, Developer etc
  • 26. - Take Grant Model - This model use graphs to model access control - The graph structure can be represented as an adjancency matrix and labels on the arcs can be coded as different values in the matrix., Nodes in the graph are of two types, one crosseponding to subject and other to object. The possible access rights are read(r), write(w), take(t) and grant(g)
  • 27. Security policy verses security model - Security policy Outlines several high level points, how the data is accessed, the amount of security requried and what are the steps when these requirement are not met - Security model The mechanism to support the security policy, these involves in the design of the security system
  • 28. PROTECTION VERSES SECURITY Protection Security By difintion - a method used in operating systems that manages threats with the system to maintain the proper functioning of the system - a method used in operating systems that handles the threats from outside of the system Main focus - focuses on internal threats of the systems - focuses on external threats to the systems By functionality - provides a mechanism for controlling the access to programs, processes and user resources - provides a mechanism to safe guard the system resources and user resources from external users By mechanism - involves mechanism such as setting or changing protection information of a resource and checking whether that resource is accessible by a user - involves mechanisms such as adding, deleting users, verifying whether a specific user is authorised, using anti-malware software.etc