Chapter 4
Protection in General-Purpose
Operating Systems
In this chapter
·
Protection features provided by general-purpose operating systems:
protecting memory, files, and the execution environment
·
Controlled access to objects
·
User authentication
In the previous chapter, we
looked at several types of security problems that can occur in programs. The
problems may be unintentional, as with buffer overflows, or intentional, as
when a virus or worm is inserted in code. In addition to these general
problems, some kinds of programs may be vulnerable to certain kinds of security
problems simply because of the nature of the program itself. For example,
operating systems and databases offer security challenges beyond those in more
general programs; these programs offer different access to different items by
different kinds of users, so program designers must pay careful attention to
defining access, granting access, and controlling intentional and unintentional
corruption of data and relationships. For this reason, we devote three chapters
to these specialized programs and their particular security concerns. In this
chapter and the next, we study operating systems and their role in computer
security; we look at databases in Chapter 6.
An operating system has two
goals: controlling shared access and implementing an interface to allow that
access. Underneath those goals are support activities, including identification
and authentication, naming, filing objects, scheduling, communication among
processes, and reclaiming and reusing objects. Operating system functions can
be categorized as
·
access control
·
identity and credential management
·
information flow
·
audit and integrity protection
Each of these activities has
security implications. Operating systems range from simple ones supporting a
single task at a time (such an operating system might run a personal digital
assistant) to complex multiuser, multitasking systems, and, naturally, security
considerations increase as operating systems become more complex.
We begin by studying the
contributions that operating systems have made to user security. An operating
system supports multiprogramming (that is, the concurrent use of a system by more
than one user), so operating system designers have developed ways to protect
one user's computation from inadvertent or malicious interference by another
user. Among those facilities provided for this purpose are memory protection,
file protection, general control of access to objects, and user authentication.
This chapter surveys the controls that provide these four features. We have
oriented this discussion to the user: How do the controls protect users, and
how do users apply those controls? In the next chapter, we see how operating
system design is affected by the need to separate levels of security
considerations for particular users.
There are many commercially available operating systems, but we draw examples largely from two families: the Microsoft Windows NT, 2000, XP, 2003 Server, and Vista operating systems (which we denote NT+) and Unix, Linux, and their derivatives (which we call Unix+). Other proprietary operating systems are in wide use, notably Apple's Mac OS X (based on a system called Darwin that is derived from Mach and FreeBSD) and IBM's z/OS, the successor to S/390, but for security purposes, NT+ and Unix+ are the most widely known.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.