Scribd
Upload
4 views

Lecture 4-Operating System Security-NPTEL

The document discusses the functions and security concerns of operating systems, including process and file security. It highlights the importance of managing access privileges and permissions in multi-user environments, particularly in Unix systems. Additionally, it covers concepts like inter-process communication, file hierarchies, and the sticky bit as a security measure to prevent unauthorized deletions.

Uploaded by

kalpanasbmjc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Lecture 4-Operating System Security-NPTEL

The document discusses the functions and security concerns of operating systems, including process and file security. It highlights the importance of managing access privileges and permissions in multi-user environments, particularly in Unix systems. Additionally, it covers concepts like inter-process communication, file hierarchies, and the sticky bit as a security measure to prevent unauthorized deletions.

Uploaded by

kalpanasbmjc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Operating System Security

Dr. Neminath Hubballi

Indian Institute of Technology Indore


Outline

qFunctions of Operating System


qSecurity concerns in OS
qProcess security
qFile Security

Indian Institute of Technology Indore


Functions of Operating System
qProvides abstraction from hardware
qHandle many complex tasks
qMemory management
qProcess management
qHandling deadlocks
qFile system support
qMultitasking
qMulti user support

Indian Institute of Technology Indore


What Can Go Wrong ?
qConsider a situation where there is shortage of systems in
school of CSE
qIf you are asked to share same PC with your peers
qWhat do you want to do
qUsers have different level of access
qBased on role
qMultiple users and multi tasking requires a level of
protection
qOne user from interfering other users
qOne program from interfering other users
qSharing of resources
qOptimization

Indian Institute of Technology Indore


Organization of Computer Hardware
and Software
qHardware
qMany devices
qEach device has a driver
User Applications qProvides APIs to access
qKernel
Non Essental OS qHeart of OS
Applications qManages the low level h/w resources
qNon essential component of OS
OS Kernel qPrinting program
qUser application
Hardware qAccess the service provided by OS
qSystem calls

Indian Institute of Technology Indore


Process
qKernel defines the notion of a process
qPrograms are stored in persistent storage
qCan multiple copies of same program run simultaneously ?
qTime slicing
qProcess tree
qFork system call
qParent and child
qPeers
qIn Linux system init is the root of process tree
qMeaning all other processes are created by it
qIts PID is 0

Indian Institute of Technology Indore


Process Privileges

qTo grant appropriate access restrictions on the process


operating system associates privilege information to a
process
qThis privilege is same as privilege of user who is running the
process
qEach process has a user id called uid, group id gid
qThe uid is a number between 0 to 32767 which uniquely
identifies each user
qTypically uid 0 is assigned to the root user
qSimilarly gid is also a number in the same range
qEffective user id eid is the user id whose privileges are used
to access a resource

Indian Institute of Technology Indore


Inter-Process Communication
q File
q Pipes
q Sockets

Indian Institute of Technology Indore


File System
q File System: An abstraction of how the external, nonvolatile
memory of the computer organized.
q File hierarchy
q Folders and directories
q Concerns
q Who should access what ?
q Who should execute what ?
q Prevent one file content going to another

Indian Institute of Technology Indore


File Ownership and Permissions

qPermissions:
qAssigned to each file/directory
qProvides security
qAbility to manage users and their files.
qNeeded to access file/directory
qUsually granted to groups
qIn multi-user operating systems like Linux, access is given only to
authorized users
qSuper (root) user:
qHas special privileges –
q In a sense owns everything
qCan change file ownerships
qBypass permissions that owner of file may have set
qUses root account to provide administrative functions

Indian Institute of Technology Indore


File Ownership and Permissions
qUnix systems treat everything as a file
qSpecial files
qDevices- a piece of hardware either part of system or an external
unit
qSockets- a means of communicating with other processes
qPermissions can be of
qRead
qWrite and
qExecute

Indian Institute of Technology Indore


Sticky Bit in Unix
qSticky Bit: Mainly used to avoid some other user deleting a file though she
has a write permission on the folder
qIf Sticky bit is enabled on a folder, the folder contents are deleted by only
owner who created them and the root user.
qThis is a security measure to avoid deletion of critical folders and their
content(sub-folders and files), though other users have full permissions.
qSetting sticky bit
qchmod +t /opt/dump/
q+t indicates sticky bit setting\
qCheck sticky bit
qls –l : a t will appear in the listing
qRevoking sticky bit
qChmod -t /opt/dump/

Indian Institute of Technology Indore

You might also like