SlideShare a Scribd company logo

Protection and security

Download as PPTX, PDF
M
mbadhi

1. Protection and security are mechanisms used in operating systems to control access to resources and safeguard them from threats. Protection focuses on internal threats while security addresses external threats. 2. Protection involves setting and changing access permissions for resources and checking access for users. Security involves authenticating users, adding/removing them, and using anti-malware software to protect from external threats. 3. A security model like the access matrix model defines the set of subjects, objects, and access rules to represent an organization's security policy for controlling access between users and resources.

1 of 29
Downloaded 84 times
Protection and Security GROUP 7
members OPULOT PHILIP.A NANTEGE BRIDGET NJAWEZI EZEKIEL NYUMBI SHARRIFU MBADHI BARNABAS OMOIT ANDREW
Protection Definitions • Protection: It refers to a mechanisim for controling the access of programs, processes, or users to the resouces defined by an Operating system. it involves guarding a user's data and programs against interference by other authorized users of the system.
Why we need protection -to prevent mischievous -to prevent intential violation of an access restriction by a user -to ensure that each program component active in a system uses system resources only in ways consistent with stated polices
Advantages of protection. - It allows safe sharing of a common logical address space or common physical address space. Considering the logical address space, if there is a directory of files that has to be shared among multiple users, the protection techniques help to accomplish safe sharing. Considering the physical address space, multiple users can have access to the memory. - it also provides fair and reliable resource usage.
Goals of Protection Operating system consists of a collection of objects (hardware or software). Each object has a unique name and can be accessed through a well-defined set of operations. Protection problem – to ensure that each object is accessed correctly and only by those processes that are allowed to do so.
FACETS TO PROTECTION OF INFORMATION There are two facets to protection of information: - SECRECY; it implise that only authorised users should be able to access information - PRIVACY; implises that informtion should be used only for the purpose(s) for which it is intended and shared :- Operating sytems focus on guaranteeing secrecy of information and leaves the issuse of privacy to the users and their processes.
Security Definitions Security: It refers to providing protection to computer system resouces such as CPU(Central Processing Unit), memory, Disk, software programs it involves guarding a user's data and programs against interference by external entities. eg unauthorized persons.
Security Attributes Security is defined by three attributes: confidentiality, integrity, and availability. Confidentiality is the prevention of unauthorized modification of information and resources. Integrity is the prevention of unauthorized users. Availability is the prevention of unauthorized withholding of information or resources.
Reasons for taking security measures - To prevent loss of data - To prevent corruption of data - To prevent compromise of data - To prevent theft of data - To prevent sabotage
Security Threats The external threats can be of two types as direct threats and indirect threats. A direct threat is an attack on the system from a hacker or a disgruntled insider. An indirect threat is a random attack such as a computer virus, worm, Trojan horse, etc.
Intruders Intruders and viruses are the two most publicized security threats. We identify three classes of intruders: A masquerador is an unauthorized individual (an outsider) who penetrates a system to exploit legitimate users’ accounts. A misfeasor is a legitimate user (an insider) who accesses resources to which they are not privileged, or who abuses such privilege. A clandestine user is an individual (an insider or an outsider) who seizes control of a system to evade auditing controls, or to suppress audit collection.
Malicious Software(program threats) The most sophisticated threats to computer systems are through malicious software, sometimes called malware. Malware attempts to cause damage to, or consume the resources of, a target system. Malware can be divided into programs that can operate independently, and those that need a host program; and also into programs that can replicate themselves, and those that cannot. A trap door is a secret entry point into a program, often left by the program’s developers, or sometimes delivered via a software update. A logic bomb is code embedded in a program that ”explodes” when certain conditions are met, e.g. a certain date or the presence of certain files or users. Logic bombs also often originate with the developers of the software. A Trojan horse is a useful (or apparently useful) program that contains hidden code to perform some unwanted or harmful function.
A virus is a program that can ”infect” other programs by modification, as well as causing local damage. Such modification includes a copy of the virus, which can then spread further to other programs. A worm is an independent program that spreads via network connections, typically using either email, remote execution, or remote login to deliver or execute a copy of itself to or on another system, as well as causing local damage. A zombie is an independent program that secretly takes over a system and uses that system to launch attacks on other systems, thus concealing the original instigator. Such attacks often involve further replication of the zombie itself. Zombies are often used in denial-of-service attacks.
Authenitcation Goal of authentication: Reasonable assurance that anyone who attempts to access a system or a network is a legitmate user Three mechanisms include;- -Password(patterns or pin) - Physical token or an artifact eg. Swipe cards -Biometric measures eg.finger prints,facerecogintion etc
Assets and their Vulnerabilities I.Hardware is mainly vulnerable to interruption, either by theft or by vandalism. Physical security measures are used to prevent these attacks. II.Software is also vulnerable to interruption, as it is very easy to delete. Backups are used to limit the damage caused by deletion. Modification or fabrication through alteration (e.g. by viruses) is a major problem, as it can be hard to spot quickly. Software is also vulnerable to interception through unauthorized copying: this problem is still largely unsolved.
III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences.
III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences. IV.Communications are vulnerable to all types of threats. Passive attacks take the form of eaves dropping, and fall into two categories: reading the contents of a message, or more subtly, analyzing patterns of traffic to infer the nature of even secure messages. Passive attacks are hard to detect, so the emphasis is usually on prevention. Active attacks involve modification of a data stream, or creation of a false data stream. One entity may masquerade as another (presumably one with more or different privileges), maybe by capturing and replaying an authentication sequence. Replay is a similar attack, usually on data. Message contents may also be modified, often to induce incorrect behaviour in other users. Denial of service attacks aim to inhibit the normal use of communication facilities. Active attacks are hard to prevent (entirely), so the emphasis is usually on detection and damage control.
V.Protection Muti-programming involves the sharing of many resources, including processor, memory, I/O devices, programs, and data. Protection of such resources runs along the following spectrum: - No protection may be adequate e.g. if sensitive procedures are run at separate times. - Isolation implies that entities operate separately from each other in the physical sense. - Share all or nothing implies that an object is either totally private or totally public. - Share via access limitation implies that different entities enjoy different levels of access to an object, at the gift of the owner. The Operating System acts as a guard between entities and objects to enforce correct access. - Share via dynamic capabilities extends the former to allow rights to be varied dynamically. - Limit use of an object implies that not only is access to the object controlled, the use to which it may be put also varies across entities. The above spectrum is listed roughly in order of increasing fineness of control for owners, and also increasing difficulty of implementation.
Computer protection and security mechanisms provided by an operating system must address the following requirements: 1.Confidentiality : (or privacy) the requirement that information maintained by a computer system be accessible only by authorized parties (users and the processes that run as/represent those users). Interception occurs when an unauthorized party gains access to a resource; examples include illicit file copying and the invocation of programs. 2.Integrity: the requirement that a computer system’s resources can be modified only by authorized parties. Modification occurs when an unauthorized party not only gains access to but changes a resource such as data or the execution of a running process. 3.Availability: the requirement that a computer system be accessible at required times by authorized parties. Interruption occurs when an unauthorized party reduces the availability of or to a resource. 4.Authenticity: the requirement that a computer system can verify the identity of a user. Fabrication occurs when an unauthorized party inserts counterfeit data amongst valid data.
Protection and Security Design Principles Least privilege: Every object (users and their processes) should work within a minimal set of privileges; access rights should be obtained by explicit request, and the default level of access should be “none”. Economy of mechanisms: security mechanisms should be as small and simple as possible, aiding in their verification. This implies that they should be integral to an operating system’s design, and not an afterthought. Acceptability: security mechanisms must at the same time be robust yet non-intrusive. An intrusive mechanism is likely to be counter-productive and avoided by users, if possible. Complete: Mechanisms must be pervasive and access control checked during all operations — including the tasks of backup and maintenance. Open design: An operating system’s security should not remain secret, nor be provided by stealth. Open mechanisms are subject to scrutiny, review, and continued refinement.
Security and protection: Policies and Mechanisms Security policy -Specify whether a person can become a user of the system. This funtion is performed by the system adimistrator mechanisms Add or delete usersVerify whether a person is an autherised user Protection policy -Specify whether a user can access a specific file. The owner of a file performs this function while creating it mechanisms Set or change protection of informantion for a fileChecks whether a file can be accessed by a user
Security models. Security models can be discretionary or mandatory - Discretionary Holders of right can be allowed to transfer them at their discretion - Mandatory Only designated roles are allowed to grant right and user connot transfer them
Consists of three principal componets -A set of passive object,(files, terminals,devices and other entities) -A set of active subjects, which may manipulate the object. -A set of rules governing the manipulation of objects by subjects -Access matrix Model Objects Subjects File 1 File 2 File 3 User 1 r,w r r,w,x User 2 r r r,w,x User 3 r,w,x r,w r,w,x
- Role Based Acces control - Enforces access controls depending upon a user role(s) -Roles represent specific Organistion duties and are commonly mapped to job titles, for example.Adimistrator, Developer etc
- Take Grant Model - This model use graphs to model access control - The graph structure can be represented as an adjancency matrix and labels on the arcs can be coded as different values in the matrix., Nodes in the graph are of two types, one crosseponding to subject and other to object. The possible access rights are read(r), write(w), take(t) and grant(g)
Security policy verses security model - Security policy Outlines several high level points, how the data is accessed, the amount of security requried and what are the steps when these requirement are not met - Security model The mechanism to support the security policy, these involves in the design of the security system
PROTECTION VERSES SECURITY Protection Security By difintion - a method used in operating systems that manages threats with the system to maintain the proper functioning of the system - a method used in operating systems that handles the threats from outside of the system Main focus - focuses on internal threats of the systems - focuses on external threats to the systems By functionality - provides a mechanism for controlling the access to programs, processes and user resources - provides a mechanism to safe guard the system resources and user resources from external users By mechanism - involves mechanism such as setting or changing protection information of a resource and checking whether that resource is accessible by a user - involves mechanisms such as adding, deleting users, verifying whether a specific user is authorised, using anti-malware software.etc
END THANK YOU
Ad

Recommended

Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systems
vampugani
 
Digital Marketing Vs Traditional Marketing: Which Produces Better?
Digital Marketing Vs Traditional Marketing: Which Produces Better?Digital Marketing Vs Traditional Marketing: Which Produces Better?
Digital Marketing Vs Traditional Marketing: Which Produces Better?
Purpple Designs
 
voting project mini project .pdf
voting project mini project .pdfvoting project mini project .pdf
voting project mini project .pdf
SRIDHAMCH
 
Computer based information system
Computer based information systemComputer based information system
Computer based information system
shoaibzaheer1
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Design Issues of an OS.ppt
Design Issues of an OS.pptDesign Issues of an OS.ppt
Design Issues of an OS.ppt
Senthil Vit
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
التجارة الالكترونية
التجارة الالكترونيةالتجارة الالكترونية
التجارة الالكترونية
Bassam Alharthi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
System security
System securitySystem security
System security
sommerville-videos
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
introduction to system administration
introduction to system administrationintroduction to system administration
introduction to system administration
gamme123
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Information security
Information security Information security
Information security
razendar79
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
Abdullah Khosa
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
RohitK71
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
Nurkholish Halim
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Distributed Systems Architecture in Software Engineering SE11
Distributed Systems Architecture in Software Engineering SE11Distributed Systems Architecture in Software Engineering SE11
Distributed Systems Architecture in Software Engineering SE11
koolkampus
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
Yisal Khan
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
Ad

More Related Content

What's hot (20)

Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
System security
System securitySystem security
System security
sommerville-videos
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
introduction to system administration
introduction to system administrationintroduction to system administration
introduction to system administration
gamme123
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Information security
Information security Information security
Information security
razendar79
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
Abdullah Khosa
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
RohitK71
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
Nurkholish Halim
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Distributed Systems Architecture in Software Engineering SE11
Distributed Systems Architecture in Software Engineering SE11Distributed Systems Architecture in Software Engineering SE11
Distributed Systems Architecture in Software Engineering SE11
koolkampus
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
Yisal Khan
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
System security
System securitySystem security
System security
sommerville-videos
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
introduction to system administration
introduction to system administrationintroduction to system administration
introduction to system administration
gamme123
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Information security
Information security Information security
Information security
razendar79
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
Abdullah Khosa
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
RohitK71
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
SHUBHA CHATURVEDI
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
Nurkholish Halim
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Distributed Systems Architecture in Software Engineering SE11
Distributed Systems Architecture in Software Engineering SE11Distributed Systems Architecture in Software Engineering SE11
Distributed Systems Architecture in Software Engineering SE11
koolkampus
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
Yisal Khan
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 

Similar to Protection and security (20)

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
 
System Security
System SecuritySystem Security
System Security
Reddhi Basu
 
Lecturesocial media ppt social media ppt social media ppt 5.pptx
Lecturesocial media ppt social media ppt social media ppt 5.pptxLecturesocial media ppt social media ppt social media ppt 5.pptx
Lecturesocial media ppt social media ppt social media ppt 5.pptx
1230200206
 
Sec0001 .pdf
Sec0001 .pdfSec0001 .pdf
Sec0001 .pdf
mah902110
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
Manoj VNV
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
Argie242424
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
Is4560
Is4560Is4560
Is4560
Tara Hardin
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
ManassahIjudigal
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system
Kushagr sharma
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
 
System Security
System SecuritySystem Security
System Security
Reddhi Basu
 
Lecturesocial media ppt social media ppt social media ppt 5.pptx
Lecturesocial media ppt social media ppt social media ppt 5.pptxLecturesocial media ppt social media ppt social media ppt 5.pptx
Lecturesocial media ppt social media ppt social media ppt 5.pptx
1230200206
 
Sec0001 .pdf
Sec0001 .pdfSec0001 .pdf
Sec0001 .pdf
mah902110
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
Manoj VNV
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
Argie242424
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
Is4560
Is4560Is4560
Is4560
Tara Hardin
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
ManassahIjudigal
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system
Kushagr sharma
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
Ad

Recently uploaded (20)

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Ad

Protection and security

  • 2. members OPULOT PHILIP.A NANTEGE BRIDGET NJAWEZI EZEKIEL NYUMBI SHARRIFU MBADHI BARNABAS OMOIT ANDREW
  • 3. Protection Definitions • Protection: It refers to a mechanisim for controling the access of programs, processes, or users to the resouces defined by an Operating system. it involves guarding a user's data and programs against interference by other authorized users of the system.
  • 4. Why we need protection -to prevent mischievous -to prevent intential violation of an access restriction by a user -to ensure that each program component active in a system uses system resources only in ways consistent with stated polices
  • 5. Advantages of protection. - It allows safe sharing of a common logical address space or common physical address space. Considering the logical address space, if there is a directory of files that has to be shared among multiple users, the protection techniques help to accomplish safe sharing. Considering the physical address space, multiple users can have access to the memory. - it also provides fair and reliable resource usage.
  • 6. Goals of Protection Operating system consists of a collection of objects (hardware or software). Each object has a unique name and can be accessed through a well-defined set of operations. Protection problem – to ensure that each object is accessed correctly and only by those processes that are allowed to do so.
  • 7. FACETS TO PROTECTION OF INFORMATION There are two facets to protection of information: - SECRECY; it implise that only authorised users should be able to access information - PRIVACY; implises that informtion should be used only for the purpose(s) for which it is intended and shared :- Operating sytems focus on guaranteeing secrecy of information and leaves the issuse of privacy to the users and their processes.
  • 8. Security Definitions Security: It refers to providing protection to computer system resouces such as CPU(Central Processing Unit), memory, Disk, software programs it involves guarding a user's data and programs against interference by external entities. eg unauthorized persons.
  • 9. Security Attributes Security is defined by three attributes: confidentiality, integrity, and availability. Confidentiality is the prevention of unauthorized modification of information and resources. Integrity is the prevention of unauthorized users. Availability is the prevention of unauthorized withholding of information or resources.
  • 10. Reasons for taking security measures - To prevent loss of data - To prevent corruption of data - To prevent compromise of data - To prevent theft of data - To prevent sabotage
  • 11. Security Threats The external threats can be of two types as direct threats and indirect threats. A direct threat is an attack on the system from a hacker or a disgruntled insider. An indirect threat is a random attack such as a computer virus, worm, Trojan horse, etc.
  • 12. Intruders Intruders and viruses are the two most publicized security threats. We identify three classes of intruders: A masquerador is an unauthorized individual (an outsider) who penetrates a system to exploit legitimate users’ accounts. A misfeasor is a legitimate user (an insider) who accesses resources to which they are not privileged, or who abuses such privilege. A clandestine user is an individual (an insider or an outsider) who seizes control of a system to evade auditing controls, or to suppress audit collection.
  • 13. Malicious Software(program threats) The most sophisticated threats to computer systems are through malicious software, sometimes called malware. Malware attempts to cause damage to, or consume the resources of, a target system. Malware can be divided into programs that can operate independently, and those that need a host program; and also into programs that can replicate themselves, and those that cannot. A trap door is a secret entry point into a program, often left by the program’s developers, or sometimes delivered via a software update. A logic bomb is code embedded in a program that ”explodes” when certain conditions are met, e.g. a certain date or the presence of certain files or users. Logic bombs also often originate with the developers of the software. A Trojan horse is a useful (or apparently useful) program that contains hidden code to perform some unwanted or harmful function.
  • 14. A virus is a program that can ”infect” other programs by modification, as well as causing local damage. Such modification includes a copy of the virus, which can then spread further to other programs. A worm is an independent program that spreads via network connections, typically using either email, remote execution, or remote login to deliver or execute a copy of itself to or on another system, as well as causing local damage. A zombie is an independent program that secretly takes over a system and uses that system to launch attacks on other systems, thus concealing the original instigator. Such attacks often involve further replication of the zombie itself. Zombies are often used in denial-of-service attacks.
  • 15. Authenitcation Goal of authentication: Reasonable assurance that anyone who attempts to access a system or a network is a legitmate user Three mechanisms include;- -Password(patterns or pin) - Physical token or an artifact eg. Swipe cards -Biometric measures eg.finger prints,facerecogintion etc
  • 16. Assets and their Vulnerabilities I.Hardware is mainly vulnerable to interruption, either by theft or by vandalism. Physical security measures are used to prevent these attacks. II.Software is also vulnerable to interruption, as it is very easy to delete. Backups are used to limit the damage caused by deletion. Modification or fabrication through alteration (e.g. by viruses) is a major problem, as it can be hard to spot quickly. Software is also vulnerable to interception through unauthorized copying: this problem is still largely unsolved.
  • 17. III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences.
  • 18. III.Data is vulnerable in many ways. Interruption can occur through the simple destruction of data files. Interception can occur through unauthorized reading of data files, or more perniciously through unauthorized analysis and aggregation of data. Modification and fabrication are also obvious problems with potentially huge consequences. IV.Communications are vulnerable to all types of threats. Passive attacks take the form of eaves dropping, and fall into two categories: reading the contents of a message, or more subtly, analyzing patterns of traffic to infer the nature of even secure messages. Passive attacks are hard to detect, so the emphasis is usually on prevention. Active attacks involve modification of a data stream, or creation of a false data stream. One entity may masquerade as another (presumably one with more or different privileges), maybe by capturing and replaying an authentication sequence. Replay is a similar attack, usually on data. Message contents may also be modified, often to induce incorrect behaviour in other users. Denial of service attacks aim to inhibit the normal use of communication facilities. Active attacks are hard to prevent (entirely), so the emphasis is usually on detection and damage control.
  • 19. V.Protection Muti-programming involves the sharing of many resources, including processor, memory, I/O devices, programs, and data. Protection of such resources runs along the following spectrum: - No protection may be adequate e.g. if sensitive procedures are run at separate times. - Isolation implies that entities operate separately from each other in the physical sense. - Share all or nothing implies that an object is either totally private or totally public. - Share via access limitation implies that different entities enjoy different levels of access to an object, at the gift of the owner. The Operating System acts as a guard between entities and objects to enforce correct access. - Share via dynamic capabilities extends the former to allow rights to be varied dynamically. - Limit use of an object implies that not only is access to the object controlled, the use to which it may be put also varies across entities. The above spectrum is listed roughly in order of increasing fineness of control for owners, and also increasing difficulty of implementation.
  • 20. Computer protection and security mechanisms provided by an operating system must address the following requirements: 1.Confidentiality : (or privacy) the requirement that information maintained by a computer system be accessible only by authorized parties (users and the processes that run as/represent those users). Interception occurs when an unauthorized party gains access to a resource; examples include illicit file copying and the invocation of programs. 2.Integrity: the requirement that a computer system’s resources can be modified only by authorized parties. Modification occurs when an unauthorized party not only gains access to but changes a resource such as data or the execution of a running process. 3.Availability: the requirement that a computer system be accessible at required times by authorized parties. Interruption occurs when an unauthorized party reduces the availability of or to a resource. 4.Authenticity: the requirement that a computer system can verify the identity of a user. Fabrication occurs when an unauthorized party inserts counterfeit data amongst valid data.
  • 21. Protection and Security Design Principles Least privilege: Every object (users and their processes) should work within a minimal set of privileges; access rights should be obtained by explicit request, and the default level of access should be “none”. Economy of mechanisms: security mechanisms should be as small and simple as possible, aiding in their verification. This implies that they should be integral to an operating system’s design, and not an afterthought. Acceptability: security mechanisms must at the same time be robust yet non-intrusive. An intrusive mechanism is likely to be counter-productive and avoided by users, if possible. Complete: Mechanisms must be pervasive and access control checked during all operations — including the tasks of backup and maintenance. Open design: An operating system’s security should not remain secret, nor be provided by stealth. Open mechanisms are subject to scrutiny, review, and continued refinement.
  • 22. Security and protection: Policies and Mechanisms Security policy -Specify whether a person can become a user of the system. This funtion is performed by the system adimistrator mechanisms Add or delete usersVerify whether a person is an autherised user Protection policy -Specify whether a user can access a specific file. The owner of a file performs this function while creating it mechanisms Set or change protection of informantion for a fileChecks whether a file can be accessed by a user
  • 23. Security models. Security models can be discretionary or mandatory - Discretionary Holders of right can be allowed to transfer them at their discretion - Mandatory Only designated roles are allowed to grant right and user connot transfer them
  • 24. Consists of three principal componets -A set of passive object,(files, terminals,devices and other entities) -A set of active subjects, which may manipulate the object. -A set of rules governing the manipulation of objects by subjects -Access matrix Model Objects Subjects File 1 File 2 File 3 User 1 r,w r r,w,x User 2 r r r,w,x User 3 r,w,x r,w r,w,x
  • 25. - Role Based Acces control - Enforces access controls depending upon a user role(s) -Roles represent specific Organistion duties and are commonly mapped to job titles, for example.Adimistrator, Developer etc
  • 26. - Take Grant Model - This model use graphs to model access control - The graph structure can be represented as an adjancency matrix and labels on the arcs can be coded as different values in the matrix., Nodes in the graph are of two types, one crosseponding to subject and other to object. The possible access rights are read(r), write(w), take(t) and grant(g)
  • 27. Security policy verses security model - Security policy Outlines several high level points, how the data is accessed, the amount of security requried and what are the steps when these requirement are not met - Security model The mechanism to support the security policy, these involves in the design of the security system
  • 28. PROTECTION VERSES SECURITY Protection Security By difintion - a method used in operating systems that manages threats with the system to maintain the proper functioning of the system - a method used in operating systems that handles the threats from outside of the system Main focus - focuses on internal threats of the systems - focuses on external threats to the systems By functionality - provides a mechanism for controlling the access to programs, processes and user resources - provides a mechanism to safe guard the system resources and user resources from external users By mechanism - involves mechanism such as setting or changing protection information of a resource and checking whether that resource is accessible by a user - involves mechanisms such as adding, deleting users, verifying whether a specific user is authorised, using anti-malware software.etc