OS Protection and Security

Questions and Answers

Which of the following is NOT a primary requirement of protection and security in an operating system?

• Ensuring confidentiality of data
• Maximizing CPU utilization (correct)
• Guaranteeing the availability of resources
• Maintaining the integrity of the system

What is the main purpose of the 'principle of least privilege'?

• To make it simpler for administrators to manage system policies.
• To allow users full control over system resources.
• To prevent unauthorized access and limit potential damage. (correct)
• To ensure programs have more than enough privileges to perform their tasks.

Why is it generally better to use a SGID program with group ownership instead of a SUID program with root ownership when special privileges are required?

• SUID programs are deprecated and no longer supported.
• SGID programs are always faster than SUID programs.
• SGID programs automatically have fewer privileges than SUID programs.
• SGID programs limit the potential damage compared to SUID programs. (correct)

What does the 'need to know' principle primarily aim to achieve?

To limit a process's access to only the objects required for its task. (C)

In the context of operating system protection, what does a 'protection domain' define?

The resources that a process is allowed to access. (B)

What is the purpose of an 'access right'?

To grant the ability to execute an operation on an object. (C)

In an access matrix, what do columns typically represent?

Different system resources (C)

What does the ability to 'copy rights' within an access matrix indicate?

The right for processes to duplicate access rights to the same object. (B)

If an asterisk is removed from an original access right, what does this signify?

The right is transferred instead of copied. (B)

What does the 'owner right' in access control provide?

The ability to add new rights or remove existing ones. (A)

What is the purpose of 'control rights' in the context of domain objects?

To allow a process in one domain to affect the rights available in other domains. (A)

Why is a global table implementation of an access matrix often impractical?

It is very large and cannot be kept in memory. (B)

What is the primary advantage of using access lists for objects?

They reduce memory usage by discarding blank entries. (A)

How are capability lists for domains typically protected?

By using a tag or splitting the address space. (A)

In a lock-key mechanism, when is access to a resource granted?

When the domain's keys fit one of the resource's locks. (D)

What does operating system security primarily ensure?

Availability, confidentiality, and integrity. (A)

What is the difference between a 'threat' and an 'attack' in system security?

A threat is the potential for harm, while an attack is an actual security breach. (B)

Which of the following is an example of a 'breach of confidentiality'?

Unauthorized reading of data (B)

What is the primary goal of ensuring 'availability' in system security?

To ensure all system resources are accessible to all authorized users. (D)

Which of the following is an example of a program threat that replicates itself?

Virus (C)

What is the main characteristic of a 'logic bomb'?

It misbehaves only when specific criteria are met. (A)

What is the purpose of port scanning?

To determine a system's vulnerabilities for an attack. (A)

How does a worm typically cause harm to a system?

By exhausting system resources. (D)

What is the primary goal of authentication in operating system security?

To identify every system user and ensure the authenticity of program execution. (A)

What is a key characteristic of one-time passwords?

They are unique and cannot be reused. (D)

Flashcards

OS Protection and Security

Ensuring computer resources like CPU, software and memory are protected, including integrity, confidentiality and availability.

Goals of Protection

Prevent malicious use, ensure shared resource use follows system policies, and minimize damage from errant programs.

Principle of Least Privilege

Programs, users and systems are given only the privileges needed to perform their tasks.

Protection Domain

Specifies resources a process may access, defining objects and operations.

Access Right

The ability to execute an operation on an object within a protection domain.

Access Matrix

A matrix where columns are system resources and rows are protection domains, indicating access rights.

Operating System Security

The process of ensuring OS availability, confidentiality, and integrity against threats.

Threat

A security violation; a program that can potentially harm the system.

Attack

A security violation; unauthorized access to a system resource.

Breach of Integrity

Unauthorized data modification.

Theft of Service

Unauthorized use of resources.

Breach of Confidentiality

Unauthorized reading of data.

Breach of Availability

Unauthorized destruction of data.

Denial of Service

Preventing legitimate use of the system, sometimes accidentally.

Integrity (Security Goal)

Ensuring only authorized users access objects of the system.

Secrecy (Security Goal)

Ensuring system objects are available to authorized users only.

Availability (Security Goal)

Ensuring system resources are accessible to all authorized users.

Virus

Malicious code that replicates, modifies, or deletes user files.

Trojan Horse

Application capturing user credentials to give malicious users access.

Logic Bomb

Software that misbehaves when specific criteria are met.

Trap Door

A security weakness in code allowing illegal actions without user knowledge.

System Threats

Misuse of system services and network connections that causes user problems.

Port Scanning

Automated process to determine system vulnerabilities via TCP/IP connections.

Worm

Process that exhausts system resources, choking performance. It makes self-clones.

Denial of Service

Preventing legitimate users from accessing the system.

Study Notes

• OS protection and security involve safeguarding computer resources, extending to the operating system and data through ensuring integrity, confidentiality, and availability.
• The goals of protection are to prevent malicious misuse and ensure resources are used according to system policies set by designers/administrators, and to minimize damage from errant programs.
• Protection systems provide mechanisms for enforcing policies, with administrators and users responsible for effective implementation.

Principles of Protection

• The principle of least privilege states programs, users, and systems should be given just enough privileges to perform tasks, minimizing potential harm.
• Using SGID programs with group ownership instead of SUID with root ownership can limit damage if something goes wrong.
• The root account should be reserved for tasks needing root privileges, with system administrators using an ordinary account for daily activities.

Domain of Protection

• A computer can be viewed as a collection of processes and objects (hardware & software).
• The need to know principle dictates processes should only access objects required for their task, in necessary modes, and during the required timeframe.
• A protection domain specifies the resources a process can access.
• An access right is the ability to execute an operation on an object.
• A domain is a set of < object, { access right set } > pairs.
• The association between a process and a domain may be static or dynamic, necessitating ways to change domain contents or switch domains.
• Domains can be realized as users, processes, or procedures.

Access Matrix

• A the model of protection can be viewed as an access matrix, wherein columns represent system resources, and rows represent protection domains.
• Entries in the matrix indicate the type of access a domain has to a resource.
• Domain switching can be supported by providing "switch" access to other domains.

Copy rights

• The ability to copy rights is an asterisk (*) indicating that processes in a domain can copy access within the same column for the same object.
• Removing the asterisk means the right is transferred, rather than copied, and is called a transfer right.
• Copying the right but not the asterisk adds the access right to a new domain without propagating further, termed a limited copy right.
• The owner right allows adding or removing of existing rights.
• Control rights allow processes in one domain to affect rights in others.

Implementation of Access Matrix

• The global table approach involves a large table with < domain, object, rights > entries.
• The global table approach is difficult to implement due to its size and lack of grouping abilities.
• Access lists for objects can be implemented by keeping a list of access rights for each object and a default access rights list.
• Capability lists for domains involve keeping each row of the table as a capability list for that domain, protected via tags or segmented memory.
• A lock-key mechanism uses locks and keys (unique bit patterns) for resources and domains, respectively, granting access if a domain's key matches a resource's lock.
• Each method has pros and cons; many systems use a combination of these.

Operating System Security

• OS security ensures the integrity, confidentiality, and availability of the system.
• OS security involves protecting systems from viruses, worms, malware, and hacker intrusions, using preventive controls to safeguard system assets from theft, modification, or deletion.
• Security provides safety for computer resources by assuring the OS's integrity, confidentiality, and availability.

Threats and Attacks

• Security threats can be malicious or accidental.
• A threat is a program that has the potential to harm a system.
• An attack is a security breach that provides unauthorized access to resources.
• Malicious threats involve destructive code leading to vulnerabilities while accidental threats are typically easier to defend against.
• Violations to security can include breach of integrity (unauthorized data modification), theft of service (unauthorized resource use), breach of confidentiality (unauthorized data reading), breach of availability (unauthorized data destruction), and denial of service (preventing legitimate system use).
• System security aims to ensure integrity (preventing unauthorized access and modification), secrecy (limiting access to authorized users), and availability (ensuring all authorized users can access system resources).

Types of Security Threats

• Program threats occur when a user program leads to malicious actions, examples include viruses, Trojan Horses, Logic Bombs, and Trap Doors
• Viruses replicate, modify/delete files, and can crash systems.
• Trojan Horses steal user credentials.
• Logic Bombs cause software to misbehave when specific criteria are met.
• Trap Doors are security weaknesses allowing illegal actions without user knowledge.
• System threats misuse system services and network connections, which can trigger program threats, some examples are Port Scanning, Worms, and Denial of Service.
• Port Scanning identifies system vulnerabilities.
• Worms exhaust system resources to choke performance.
• Denial of Service prevents legitimate system use.
• Threats to operating systems include malware (viruses, worms, Trojan Horses) that corrupt files, replicate, and can crash a system, and network intrusion (masqueraders, misfeasors, unauthorized users).
• Buffer overflow is a common issue where more input than allotted overwrites a buffer, which can crash a system or allow inserted malware to take control.

OS Security Measures

• Authentication verifies users and authenticates programs they execute, generally through username/password, biometric user attribution, or user card/key.
• One-time passwords add further security and can be implemented through secret keys, random numbers, or network passwords.
• Firewalls monitor all network traffic for local security.
• Firewalls is an efficient way of protecting network systems or local systems from any network-based security threat.
• Physical security is vital because physical access can allow attackers to edit, remove, or steal important files.