Chapter 8

Security and Protection

1
 Introduction
• Computers holds valuable and confidential data.
– E.g. tax returns, credit card numbers, business plans, trade
secrets, etc.
• If a computer program is run by an unauthorized user, then
he/she may cause severe damage to computer or data stored in
it.
• Therefore, guarding information against unauthorized usage is a
major concern of all operating systems.

2
 Security Issues
– Confidentiality: secret data remain secret.
– Integrity: unauthorized users should not modify
any data without the owner’s permission.
– Availability: nobody can disturb the system to
make it unusable.
– authenticity, privacy, and others.
• OS ensure these issues.

3
 Operating System Security
• OS security:
– protects the OS from viruses, worms, malware, and remote
hacker intrusions.
– protects against all threats including malware and
unauthorized access.
– protects itself from
• runaway processes ( denial of service )
• memory-access violations
• stack overflow violations
• the launching of programs with excessive privileges.
– protects any system assets that could be stolen, modified, or
deleted if OS security is breached.

4
 Attacker
• attackers have the ability to read, write, erase, steal data, or
encrypt the user’s disk files, email data to far-away countries,
prevent your device from working at all and much more.
• Attackers may launch exploits manually or automatically by
means of a virus or a worm.
• An operating system is either the target of the attack or plays
an important role in enforcing (or more commonly, failing to
enforce) the security policies.

5
 Inside Attacks
• by programmers and other employees of the company.
• 1 Logic Bombs
– It is a piece of code written by one of a company’s
programmers and secretly inserted into the production
system.
• 2 Back Doors
– code inserted into the system by a system programmer to
bypass some normal check.
– A backdoor is also installed on the machine that allows the
criminals who sent out the malware to easily command
the machine to do what it is instructed to do.
• 3 Login Spoofing
– a legitimate user who is attempting to collect other
people’s passwords.
6
 Attack Tools
– Nmap: to know network services offered by a
computer system by means of a portscan.
– Dsniff: to monitor network traffic and redirect
network packets.

7
 Threats to Operating System
• Malware: corrupt files, delete a data, crash a system and replicate to
propagate further.
– Example: viruses, worms, Trojan horses, etc.
• Network Intrusion:
– Masqueraders: unauthorized user who penetrates a
system exploiting a legitimate user’s account.
– misfeasors: legitimate user who makes unauthorized
accesses or misuses his privileges.
• Buffer Overflow
– more input may be placed into a buffer and a data holding
area than the allotted capacity, and it may overwrite other
information.
• Denial of Service Attacks
– Blocking/stopping service providing system

8
 OS Security Techniques
– Controlling access to resources
– Cryptography
– Authentication
– One Time passwords
– Firewalls
– Physical Security

9
Controlling Access to Resources methods by OS

• Protection Domains
• Access Control Lists

10
 Cryptography
• encrypt plaintext into ciphertext
• OS uses cryptography
– to transmit data securely over the network
– to store files securely on disk
– to scramble the passwords in a password file, etc.
• The role of encryption is authentication.

11
 Encryption Methods
– 1 Secret-Key Cryptography
– 2 Public-Key Cryptography
– 3 One-Way Functions
• hash function
– 4 Digital Signatures
– 5 Trusted Platform Modules

12
 Authentication
• OS authenticates users at login time using:
– user name and password
– user attribute: fingerprints, retina scans, signature , etc.
– card, etc.
• Authentication methods:
– Authentication Using a Physical Object
• Plastic card, smart cards
– Authentication Using Biometrics
• fingerprint, voiceprint reader, iris recognition.

13
• OS provides any special privileges the user
has.
– performing backups,
– shutting down the system
– changing the system clock.

14
 Exploiting Software
1. Buffer Overflow Attacks: volume of data exceeds the storage
capacity of the memory buffer.
2. Format String Attacks: exploit the stack values with the help of
format string functions/printf() family functions
3. Dangling Pointers: the pointer is pointing to de-allocated
memory.
4. Null Pointer Dereference Attacks: access an object reference that
has a null value.
5. Integer Overflow Attacks: ignore the overflow and store
unexpected output or error.
6. Command Injection Attacks: execution of arbitrary commands on
the host operating system via a vulnerable application.

15
 Difference between Virus, Worm and Trojan
• Virus: connect itself to another software and file to
harm(e.g. deleting).
– need user interaction to take action such as click on an
attachment, running infected program or clink link
• Worms:
– It replicate itself more and more to cause slow down the
computer system
– They will propagate regardless of what the user does.
– it does not modify the program
• Trojan horse:
– does not replicate itself like virus and worms
– It is a hidden piece of code which steal the important
information of user such as password.
– the attacker may repackage popular but expensive software (like
a game or a word processor) and offer it for free on the
Internet.
• Spyware: run on the background with many characteristics.
16
 Types of Virus
1.Companion Viruses: It does not modify a file
– it creates a copy of the file and places a different extension on it.
2.Executable Program Viruses: infect executable programs
3.Memory-Resident Viruses
– stays in memory all the time and unable the rest of
memory to used by other process.
4.Boot Sector Viruses
– determines which partition is active and reads in the first
sector, the boot sector, from that partition and executes it.
5.Device Driver Viruses: software used to control peripherals such as the
keyboard.
6.Macro Viruses: allow users to write macros to group several
commands that can later be executed with a single keystroke.
7. Source Code Viruses: insert line to activate virus. 17
 Defenses
1. Firewalls
– monitors and filters incoming and outgoing network
traffic
– firewall keeps viruses and other unauthorized
programs from accessing
2. Antivirus
 track down and remove viruses.
3. Code Signing: run only unmodified software
from reliable software vendors
4. Java security
 Java provides cryptography, public key infrastructure,
secure communication, authentication, and access
control.

18
 OS Security policies and procedures
• cover a large area:
– Installing and updating anti-virus software
– Ensure the systems are patched or updated
regularly
– Implementing user management policies to
protect user accounts and privileges.
– Installing a firewall and ensuring that it is properly
set to monitor all incoming and outgoing traffic.

19
 End

Thank you!!!

20