SlideShare uma empresa Scribd logo

OPERATING SYSTEM SECURITY

R
RohitK71

OPERATING SYSTEM SECURITY

Engenharia
1 de 14
Baixar para ler offline
Operating System SECURITY
INTRODUCTION Security of a computer system is a crucial task. It is a process of ensuring confidentiality and integrity of the OS. On the other hand, this requires only adequate protection system but also consideration of external environment within which the system operates. A system is said to be secure if its resources are used and accessed as intended under all the circumstances.
SECURITY PROBLEM So, How exactly this security problem occurs ? ● In large commercial systems containing payroll or other financial data are inviting targets to thieves ● We say that a system is secure if its resources are used and accessed as intended under all circumstances. ● So, for this we must have mechanisms to make security breaches a rare occurrence rather than normal conditions.
SECURITY VIOLATIONS A security violation or infraction is any breach of security regulations, requirements, procedures or guidelines, whether or not a compromise results. Security of a system can be threatened via two violations: ● Threat: A program which has the potential to cause serious damage to the system. ● Attack: An attempt to break security and make unauthorized use of an asset. This System violations can be categorized into intentional and accidental. ● Intentional, A kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. Also known as MALICIOUS ● Accidental, on the other hand, are comparatively easier to be protected against. ○ Example: Denial of service DDoS Attack
BREACHES Security can be compromised via any of the breaches mentioned: ● Breach of confidentiality: This type of violation involves the unauthorized reading of data. ● Breach of integrity: This violation involves unauthorized modification of data. ● Breach of availability: It involves an unauthorized destruction of data. ● Theft of service: It involves an unauthorized use of resources. ● Denial of service: It involves preventing legitimate use of the system. As mentioned before, such attacks can be accidental in nature.
SECURITY SYSTEM GOALS 1. Integrity: The objects in the system mustn’t be accessed by any unauthorized user & any user not having sufficient rights should not be allowed to modify the important system files and resources. 2. Secrecy: The objects of the system must be accessible only to a limited number of authorized users. Not everyone should be able to view the system files. 3. Availability: In this kind of situation, a malware might hog the resources for itself & thus preventing the legitimate processes from accessing the system resources.
METHODS Attackers use several standard methods in their attempts to breach the security. ● One common attack is masquerading, in which the attacker pretends to be a trusted third party. A variation of this is the man-in-the-middle, in which the attacker masquerades as both ends of the conversation to two targets. ● A replay attack involves repeating a valid transmission. Sometimes this can be the entire attack, ( such as repeating a request for a money transfer ), or other times the content of the original message is replaced with malicious content.
SECURITY ATTACK ● Consider the damage that could be done if a request for authentication had a legitimate users information replaced with an unauthorized users. yet another kind of attack is the man-in-the-middle attack, in which an attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice-versa. ● In a network communication, a man-in-the-middle attack may be preceded by a session hijacking, in which an active communication session is intercepted. ● In some cases, such as a denial-of-service attack, it is preferable to prevent the attack but sufficient to detect the attack so that the counter measures can be taken. several attacks are depicted in the following diagram
SECURITY MEASURES ● There are four levels at which a system must be protected: 1. Physical - The easiest way to steal data is to pocket the backup tapes. Also, access to the root console will often give the user special privileges, such as rebooting the system as root from removable media. Even general access to terminals in a computer room offers some opportunities for an attacker. 2. Human - There is some concern that the humans who are allowed access to a system be trustworthy, and that they cannot be coerced into breaching security. ■ Phishing involves sending an innocent-looking e-mail or web site designed to fool people into revealing confidential information.. ■ Dumpster Diving involves searching the trash or other locations for passwords that are written down. ■ Password Cracking involves divining users passwords, either by watching them type in their passwords, knowing something about them like their pet's names, or simply trying all words in common dictionaries.
SECURITY MEASURES 3. Operating System - The OS must protect itself from security breaches, such as runaway processes, memory-access violations, stack overflow violations, the launching of programs with excessive privileges, and many others. 4. Network - As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system. This is a growing area of concern as wireless communications and portable devices become more and more prevalent.
DIFFERENCE BETWEEN SECURITY AND PROTECTION SECURITY ► Security grants the system access to the appropriate users only. ► External threats are involved. ► More convoluted queries are handled. ► Security illustrates that which person is granted for using the system. ► Encryption and certification mechanisms are used. PROTECTION ► While protection deals with the access to the system resources. ► Internal threats are involved. ► Simple queries are handled. ► Whereas protection determines that what files can be accessed or permeated by a special user. ► Authorization mechanism is implemented.
CONCLUSION Security at the physical and human levels, although important is for the most part beyond the scope. The security of Operating System depends on us because the more precautions we will take the more secure our Operating System will be. Security within the operating system and also in between the operating system is implemented in several ways ranging from passwords of authentication through guarding against viruses to detecting intrusions.
THANK YOU !

Recomendados

Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 

Recomendados

Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Program security
Program securityProgram security
Program securityG Prachi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Proxy Server
Proxy ServerProxy Server
Proxy Serverguest095022
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
System security
System securitySystem security
System securitysommerville-videos
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
system Security
system Security system Security
system Security Gaurav Mishra
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system Kushagr sharma
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 

Mais conteúdo relacionado

Mais procurados

Program security
Program securityProgram security
Program securityG Prachi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 

Mais procurados (20)

Program security
Program securityProgram security
Program security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Proxy Server
Proxy ServerProxy Server
Proxy Server
 
User authentication
User authenticationUser authentication
User authentication
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
System security
System securitySystem security
System security
 
Database security
Database securityDatabase security
Database security
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Software security
Software securitySoftware security
Software security
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
system Security
system Security system Security
system Security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Network security
Network securityNetwork security
Network security
 

Semelhante a OPERATING SYSTEM SECURITY

System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system Kushagr sharma
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurvkarthi314
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 
Information security
Information securityInformation security
Information securityRohit Gir
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 

Semelhante a OPERATING SYSTEM SECURITY (20)

System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system
 
System Security
System SecuritySystem Security
System Security
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introduction
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Module 1.pptx
Module 1.pptxModule 1.pptx
Module 1.pptx
 
Information security
Information securityInformation security
Information security
 
1.pptx
1.pptx1.pptx
1.pptx
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network Security
 

Mais de RohitK71

VIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYVIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYRohitK71
 
Gram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellationsGram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellationsRohitK71
 
Negotiation
Negotiation Negotiation
Negotiation RohitK71
 
QUEUEING NETWORKS
QUEUEING NETWORKSQUEUEING NETWORKS
QUEUEING NETWORKSRohitK71
 
INTEGRATION TESTING
INTEGRATION TESTINGINTEGRATION TESTING
INTEGRATION TESTINGRohitK71
 
INHERITANCE
INHERITANCEINHERITANCE
INHERITANCERohitK71
 
Dbms seminar
Dbms seminarDbms seminar
Dbms seminarRohitK71
 
Cn application layer_paradigms
Cn application layer_paradigmsCn application layer_paradigms
Cn application layer_paradigmsRohitK71
 
Compiler design error handling
Compiler design error handlingCompiler design error handling
Compiler design error handlingRohitK71
 
Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)RohitK71
 
Usp message queues
Usp message queuesUsp message queues
Usp message queuesRohitK71
 

Mais de RohitK71 (11)

VIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGYVIRTUALIZATION TECHNOLOGY
VIRTUALIZATION TECHNOLOGY
 
Gram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellationsGram-Schmidt procedure and constellations
Gram-Schmidt procedure and constellations
 
Negotiation
Negotiation Negotiation
Negotiation
 
QUEUEING NETWORKS
QUEUEING NETWORKSQUEUEING NETWORKS
QUEUEING NETWORKS
 
INTEGRATION TESTING
INTEGRATION TESTINGINTEGRATION TESTING
INTEGRATION TESTING
 
INHERITANCE
INHERITANCEINHERITANCE
INHERITANCE
 
Dbms seminar
Dbms seminarDbms seminar
Dbms seminar
 
Cn application layer_paradigms
Cn application layer_paradigmsCn application layer_paradigms
Cn application layer_paradigms
 
Compiler design error handling
Compiler design error handlingCompiler design error handling
Compiler design error handling
 
Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)Computer graphics curves and surfaces (1)
Computer graphics curves and surfaces (1)
 
Usp message queues
Usp message queuesUsp message queues
Usp message queues
 

Último

home automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadhome automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadaditya806802
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxsiddharthjain2303
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptJasonTagapanGulla
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
The SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsThe SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsDILIPKUMARMONDAL6
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONjhunlian
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfRajuKanojiya4
 
Class 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm SystemClass 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm Systemirfanmechengr
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substationstephanwindworld
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 

Último (20)

home automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasadhome automation using Arduino by Aditya Prasad
home automation using Arduino by Aditya Prasad
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptx
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.ppt
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
The SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teamsThe SRE Report 2024 - Great Findings for the teams
The SRE Report 2024 - Great Findings for the teams
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating System
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdf
 
Class 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm SystemClass 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm System
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substation
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdf
 

OPERATING SYSTEM SECURITY

  • 2. INTRODUCTION Security of a computer system is a crucial task. It is a process of ensuring confidentiality and integrity of the OS. On the other hand, this requires only adequate protection system but also consideration of external environment within which the system operates. A system is said to be secure if its resources are used and accessed as intended under all the circumstances.
  • 3. SECURITY PROBLEM So, How exactly this security problem occurs ? ● In large commercial systems containing payroll or other financial data are inviting targets to thieves ● We say that a system is secure if its resources are used and accessed as intended under all circumstances. ● So, for this we must have mechanisms to make security breaches a rare occurrence rather than normal conditions.
  • 4. SECURITY VIOLATIONS A security violation or infraction is any breach of security regulations, requirements, procedures or guidelines, whether or not a compromise results. Security of a system can be threatened via two violations: ● Threat: A program which has the potential to cause serious damage to the system. ● Attack: An attempt to break security and make unauthorized use of an asset. This System violations can be categorized into intentional and accidental. ● Intentional, A kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. Also known as MALICIOUS ● Accidental, on the other hand, are comparatively easier to be protected against. ○ Example: Denial of service DDoS Attack
  • 5. BREACHES Security can be compromised via any of the breaches mentioned: ● Breach of confidentiality: This type of violation involves the unauthorized reading of data. ● Breach of integrity: This violation involves unauthorized modification of data. ● Breach of availability: It involves an unauthorized destruction of data. ● Theft of service: It involves an unauthorized use of resources. ● Denial of service: It involves preventing legitimate use of the system. As mentioned before, such attacks can be accidental in nature.
  • 6. SECURITY SYSTEM GOALS 1. Integrity: The objects in the system mustn’t be accessed by any unauthorized user & any user not having sufficient rights should not be allowed to modify the important system files and resources. 2. Secrecy: The objects of the system must be accessible only to a limited number of authorized users. Not everyone should be able to view the system files. 3. Availability: In this kind of situation, a malware might hog the resources for itself & thus preventing the legitimate processes from accessing the system resources.
  • 7. METHODS Attackers use several standard methods in their attempts to breach the security. ● One common attack is masquerading, in which the attacker pretends to be a trusted third party. A variation of this is the man-in-the-middle, in which the attacker masquerades as both ends of the conversation to two targets. ● A replay attack involves repeating a valid transmission. Sometimes this can be the entire attack, ( such as repeating a request for a money transfer ), or other times the content of the original message is replaced with malicious content.
  • 8. SECURITY ATTACK ● Consider the damage that could be done if a request for authentication had a legitimate users information replaced with an unauthorized users. yet another kind of attack is the man-in-the-middle attack, in which an attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice-versa. ● In a network communication, a man-in-the-middle attack may be preceded by a session hijacking, in which an active communication session is intercepted. ● In some cases, such as a denial-of-service attack, it is preferable to prevent the attack but sufficient to detect the attack so that the counter measures can be taken. several attacks are depicted in the following diagram
  • 9.
  • 10. SECURITY MEASURES ● There are four levels at which a system must be protected: 1. Physical - The easiest way to steal data is to pocket the backup tapes. Also, access to the root console will often give the user special privileges, such as rebooting the system as root from removable media. Even general access to terminals in a computer room offers some opportunities for an attacker. 2. Human - There is some concern that the humans who are allowed access to a system be trustworthy, and that they cannot be coerced into breaching security. ■ Phishing involves sending an innocent-looking e-mail or web site designed to fool people into revealing confidential information.. ■ Dumpster Diving involves searching the trash or other locations for passwords that are written down. ■ Password Cracking involves divining users passwords, either by watching them type in their passwords, knowing something about them like their pet's names, or simply trying all words in common dictionaries.
  • 11. SECURITY MEASURES 3. Operating System - The OS must protect itself from security breaches, such as runaway processes, memory-access violations, stack overflow violations, the launching of programs with excessive privileges, and many others. 4. Network - As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system. This is a growing area of concern as wireless communications and portable devices become more and more prevalent.
  • 12. DIFFERENCE BETWEEN SECURITY AND PROTECTION SECURITY ► Security grants the system access to the appropriate users only. ► External threats are involved. ► More convoluted queries are handled. ► Security illustrates that which person is granted for using the system. ► Encryption and certification mechanisms are used. PROTECTION ► While protection deals with the access to the system resources. ► Internal threats are involved. ► Simple queries are handled. ► Whereas protection determines that what files can be accessed or permeated by a special user. ► Authorization mechanism is implemented.
  • 13. CONCLUSION Security at the physical and human levels, although important is for the most part beyond the scope. The security of Operating System depends on us because the more precautions we will take the more secure our Operating System will be. Security within the operating system and also in between the operating system is implemented in several ways ranging from passwords of authentication through guarding against viruses to detecting intrusions.