Security is considered as the ability of an operating system to enforce control over the storage and transportation of data in and between the objects that the operating system supports. In multi user operating system, the concepts of security and protection are very important. User programs should not interfere with one another or with the operating system. Security systems are those, which control through the use of specific security features, access to information that only properly authorized individuals or processes operating on their behalf will have access to read, write, create or delete. There are 3 main elements of security; Confidentiality, integrity and availability.
Confidentiality ensures that information is not accessed in an unauthorized manner. It is generally related to the read operations.
Integrity ensures that the information is not amended or deleted by an unauthorized manner. It is generally related to write operations.
It ensures that information is available to the authorized users at right time.
Threats to security
Sharing and protection are requirements of modern computing environments. But these two are contradictory to each other as more sharing gives rise to possibility of more security threats. The major threats to the computing security environment are as follows:
- Tapping: Unauthorized use of servicing.
- Disclosure: Unauthorized disclosure to information.
- Amendment: Unauthorized alteration or deletion of information.
- Fabrication: Unauthorized fabrication of information.
- Denial: Denial of service to the authorized users.
In tapping the third party accesses information without the knowledge of the other two parties. Whereas, in disclosure the source part willingly discloses information to the third party.
The security can be attacked and penetrated in number of ways:
Authentication means verification of access to the system resources. Following are some of the ways in which authentication may take place:
- By stealing and using someone’s password.
- Use of vendor supplied password which can be used by only system administrator.
- Finding password by trial and error method.
- Writing dummy login programs to fool the user.
- There exist files with access controls, which are very permissive.
- One can browse through the system file to get this information, after which unprotected files/databases could be easily accessed.
- Confidential information can be read or even modified.
- Sometimes software engineers leave some secret entry point to modify their programs. These are called trap doors.
- They can be misused by others.
Electric data capture
Use of active or passive wire traps, or mechanisms to pick up the screen radiation and to recognize what is displayed on screen is called electric data capture.
Passing invalid parameters may cause serious security violations.
A special terminal is used to tap into communication line. It causes access to confidential data.
By using some technique, deleted files can be recovered, password may be recollected.
Certain programs like worms, viruses attack on system.