1. Operating system
A system having basic kernel functions of process
and memory management ,file, i/o device and
network management functions and many other
functions.
Protection of memory and resources from any
unauthorized into the PCB or resource ,or mix up of
access of one by another becomes imperative.
2. Introduction to OS security
issues
The OS security issue is a critical issue.
Each process determines whether it has a control
of a system resoure exclusively or whether it is
isolated from the other processes or whether it
shares a resource common to a set of processes.
The OS then configures when a resource is
isolated from from one process and a resource is
shared with a defined with a define set of
processes.
3. The OS should also have the flexibility to change
this configuration when needed, to full fill the
requirements all the process.
For example, a process has 32 memory blocks at
an instance and the OS configures the system
accordingly.
The OS should provide protection mechanism
and implement a system administration(s) –
defined security policy.
An application software programmer can find a
hole in the protection mechanism and an
unauthorized access.
4. Important security issues
Protection mechanism
Flexibility to of change.
Control resource sharing
Confinement mechanism
Security policy (strategy).
Authentication mechanism.
Authorization.
Encryption
5. Protection Mechanism
OS should provide protection mechanisms
and implement a system administrator (s)
defined security
6. Flexibility to of change
when needed to fulfill the need
requirements of all the processes.
For example, a process has control of 32
memory blocks at an instance and the OS
configured the system accordingly. t
Later when more processes are created, this
can be reconfigured.
7. Controlled resource sharing
Controlling read and write of the resources
and parameters by user processes.
For example, some resources write only for
a process and some read only for a set of
processes
Another example, memory buffer to which
one process writes at an instant till that
buffer is emptied by other process
9. Security Policy (Strategy)
Rules for authorizing access to the OS,
system and information.
A policy example is that a communication
system may having a policy of peer-to-peer
communication (connection establishment
preceding the data packets flow).
10. Authentication Mechanism
External authentication mechanism for the user
and a mechanism meant to prevent an
application run unless the user registers and the
system administrator (software) authorizes
Internal authentication for the process, and the
process should not appear (impersonate) as some
like other processes.
User authentication can become difficult if the
user disseminates password passwords or other
authentication methods
11. Authorization
User or process (s) allowed to use the
system resources as per the security policy
12. Encryption
A tool to change information to make it
unusable by any other user or process unless
without the appropriate key is used for
deciphering it.
13. CONCLUSION
OS security issues are important
considerations.
Protection of memory and resources from
any unauthorized and without explicit
authorization write into the PCB or
resource
Mix up of accesses of one by
another, becomes imperative from an OS
security and protection mechanism