Security and
Operating

Systems

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Abstract

While, the original operating
systems for large centralized computing focused their security efforts
primarily on separating users, operating systems security has had to adapt to
cater for a wider range of technology, such as desktop computers, smartphones
and cloud platforms, and the different threats that have evolved as a
consequence. This editorial examines some of the core security mechanisms that
every operating system needs and the continuing evolution towards offering a
more secure platform. Also discuss about identification, prevention, detection
and correction. . Identification is a unique
identifier. It is what a user (person, client, software application, hardware
or network) uses to differentiate from other object itself.

 

Keyword
words:
stand-alone mainframes, malicious Malware, identification, prevention,
detection and correction.

Introduction

Informal:
Security is keeping unauthorized entities from doing things you don’t want them
to do. More formal: Confidentiality, integrity, availability.

Having
evolved from running on shared stand-alone computers to being highly optimized
and networked computers it’s not surprising that operating systems have had to
evolve their security to diminish different threats.

The
shared stand-alone mainframes used
by large organizations and universities faced threats from (predominately
internal) users accessing data and computing ‘time’ that they were not entitled
to. The range of applications and network connectivity that operating systems
had to support increased significantly. With increasing connectivity threats
arose around the exchange of malicious files
or network access to data by both internally connected users as well as an
external individuals and groups of ‘hackers’.

·        
Increased availability of wireless
networks has required devices to be ‘always connected’ to a variety of public
networks and other devices, thus increasing the number of types and potential
network attacks against the platform.

·        
 Operating systems (from different
organizations) are increasingly deployed onto shared public computation and
storage resources in cloud data centers, which brings with it concerns about
protecting the data and availability of these services from attacks against the
collocated operating systems and its hosting platform.

 

 

 

 

 

 

Fig. 1 Key threats and
operating system 

 

The
main security Features

Access
control

At
the center of all operating system security is the ability to enforce control
over access to system resources and information, either to mitigate malicious
actions or accidental damage by users. While controlling access to confidential
patient or financial files from multiple users on a shared system may seem like
an obvious security feature, just as important is the need to prevent the
inadvertent download of malware from within a browser from executing and
installing unwanted spying software; as is the need to prevent a badly
implemented application accessing other users’ private data held within the
memory. Access control lies at the heart of
many operating systems, ensuring that legitimate users and processes

are
only allowed to access the resources that they are entitled to do so.
Unfortunately, it’s not necessarily as simple as it may seem.

It
is not just access by users to files we need to worry about, but also the need
to control the access by processes or machines to resources that includes not
just data files, but memory, peripherals, networks and so on.

Access
is also a term that can be used to describe quite a number of operations; at
the simplest it could be the ability to write to, read from or execute a file.
This is the case within many commercial UNIX systems where ‘files’ represent
all resources, such as memory, I/O and network connections. However, in other
operating systems (such as Microsoft Windows) the access operations are richer
and include the capability to ‘delete’ or ‘take ownership’ of a data type
(rather than just a file type), for example.

The
fact that we need to store a range of permitted operations with a large number
of users and with access to a large number resources, can cause practical
difficulties (having to store and check each time an individual user needs to
access a particular resource that they have permission to). Hence a popular
strategy is to either group users into groups (with defined group access
permissions) or to store individual lists of users and access permissions for
each resource.

However,
the principles that operating systems need to achieve in order to control
access securely are well known. Firstly, they need to ensure that they have a
trusted mechanism for deciding and enforcing the rights of the requesting
process/user with the designated rights of the object. Secondly, that
enforcement capability needs to be free from tampering, modification and
vulnerabilities, a concept often referred to within the operating system as the
Trusted Computing Base. Finally, the path by which that enforcement happens
also needs to also be trusted, such that there can be no opportunity for
malicious processes or users to interrupt that execution path, a concept known
as the trusted path.

Network
protection

Today,
many operating systems are arranged in highly networked environments, with
communications essential for most users to access applications, data and
communicate with each other. In the early development of operating systems just
as the files were believed to be trustworthy from users, so too were the
networks to which they were connected often connecting organizations on trusted
or in-house networks, rather than the highly mobile devices now connecting over
untrusted and public networks, such as the Internet. Hence operating systems
have had to adapt to embed a number of security features into their systems to
mitigate this including network encryption, firewalls and network access
protection. The connectivity of operating systems to the Internet also signaled
the start of a rapid increase in reported vulnerabilities with many Internet
facing services for UNIX and Windows Systems found to have either vulnerability
in the services themselves or fundamental flaws in the protocols used by the
operating systems to move data around. In the former case, unexpected or
malformed messages are used to overflow the memory and execute malicious
instructions, as or simply access sensitive memory and return it to an
attacker.

In
the latter case, vulnerabilities were found in the implementation of network
protocols themselves, where constant requests to open a network connection on a
system from an attacker without them subsequently closing that connection
caused the operating systems to consume too many resources and stop
communicating.

As
a consequence of these threats many operating systems have built firewalls into
their operating systems to reduce the ability of attackers to access networks
services and applications that they should not. As well as limit the number of
external connections that can be made to only those that are trusted,
especially important with many operating systems outside of an organizational
network and directly on the Internet.

Similarly,
operating systems have also increased their support over time for more secure
protocols (e.g. IPSEC, TLS/SSL and WPA2) to enable trusted connections either
to organizational networks remotely across the internet or direct to other
individual systems and networks using encryption and mutual authentication
based upon Public Key Cryptography (PKI). That mutual authentication often
needs to be used to help identify the operating system itself and its general
security health (e.g. that it has not been compromised and will not help
propagate malware or a worm) before it is given access to a corporate network,
a scheme know as Network Access Protection.

Malware
protection

Malware has become an increasing issue for operating systems to
deal with as users need and want to access and exchange files and applications
through a variety of means, such as web portals, messaging/chat systems and
social media. Indeed, many of the recent cyber security attacks have been as a
consequence of the receipt of a malicious file from a web site or email rather
than direct attack via the network.

Physical
Theft

With widespread Internet connectivity and a production of mobile
and smart devices, operating system security has had to turn its attention to
the simplest and oldest of threats, that of theft and physical access to the
device. Operating systems now have the capacity to access online services and
store locally on the devices increasing volumes of information, such that
access to the device could provide access to significant online resources and
local data.

Security processes

Prevention

Security has different processes we group them in to distinct
phases prevention detection, identification and correction. The main purpose of
the security is only the authorized access to the information. Information must
be reliable and accurate. It must sure the availability of data the authorized
person. Information needs prevention from an unauthorized access in the
prevention phase security,   policy and
control area designed and implemented. First step is a security awareness,
security awareness should must be conducted to educate employees on security
importance. Access control is managed by issuing identification, authentication
that verifies identifiers and authorization rules as established.
Identification uniquely identifies the user .Authentication process validates
the identifiers. Basic factors that are involved in authentication process  what you know password etc. what you
have  award or a token etc and the third
one is  physical characteristic such
as  figure print , ratina, or DNA these
factors also called biometric. The best authentication process consists of all
of these three factors. A user who have been identified and authenticated to
user certain resources are the authorized user.

Detection

 After the
prevention the detection of the system is a critical process. No matter how
much a system is secured there is no full proof security solution. There should
must be a timely detection and notification of security compromises. Intrusion
detection system (IDS) are utilized for this purpose. IDS monitors the
system.  It can detect attacks, change in
file, configuration and activities, Entire system should be monitored. IDS must
have an ability to distinguish between normal activities and malicious
activities. Detection process is much more than an Alarm. It’s an alarm with
brain as it detects, distinguish the type of activities, and also pinpoints its
source path. Once your IDS is properly

Identification:

Operating systems are the core of the computing environment
providing users a common and easy-to-use interface to the hardware and software installed on a computer. Operating system security is
crucial because it protects the central control system of a computer.
Identification is a unique identifier. It is what a user (person, client,
software application, hardware or network) uses to differentiate from other
object itself. A user presents identification to show who he/she is.
Identifiers that are created for users should not be shared with any other
users or groups. Once a user has an identifier the next step taken to access a
resource is authentication. . Operating Systems generally identifies users
using following three ways ?Username /
Password ? User need to enter a registered username and password
with Operating system to login into the system. User card/key ? User need to punch card in card slot, or
enter key generated by key generator in option provided by operating system to
login into the system. User
attribute – fingerprint/ eye retina pattern/ signature ? User need
to pass his/her attribute via designated input device used by operating system
to login into the system. OS should provide protection mechanisms and implement
a system administrator  defined security
External authentication mechanism for the user and a mechanism meant to prevent
an application run unless the user registers and the system administrator
(software) authorizes  Internal
authentication for the process, and the process should not appear (impersonate)
as some like other processes.  User authentication
can become difficult if the user disseminates password passwords or other
authentication methods. Authentication refers to identifying each user of the
system and associating the executing programs with those users. It is the
responsibility of the Operating System to create a protection system which
ensures that a user who is running a particular program is authentic

Correction:

Today, roughly 20% of user identifications and passwords have
never been changed. The word password is still a common
password in many organizations. Once the network has been provisioned, administrators
need to be able to verify policy compliance, which defines user access rights
and ensures that all configurations are correct. An agent running on the
network or remotely can monitor each server continuously, and such monitoring
wouldn’t interfere with normal operations. Second, account management needs to
be centralized to control access to the network and to ensure that users have
appropriate access to enterprise resources. Policies, rules and intelligence
should be located in one place—not on each box—and should be pushed out from
there to provision user systems with correct IDs and permissions. An ID life
cycle manager can be used to automate this process and reduce the pain of doing
this manually. Third, the operating system should be configured so that it can
be used to monitor activity on the network easily and efficiently—revealing who
is and isn’t making connections, as well as pointing out potential security
events coming out of the operating system. Administrators can use a central dashboard
that monitors these events in real time and alerts them to serious problems
based on preset correlations and filtering. Just as important, this monitoring
system should be set up so that administrators aren’t overwhelmed by routine
events that don’t jeopardize network security. Security doesn’t have to be a
budget buster or interfere with normal business operations. As organizations
move from manual to automated security processes, there are significant cost
savings to be had. Manual processes are not only expensive and inflexible; they
contribution significantly to breakdowns that add to costs. Properly configured
operating system security is a business enabler that will save money as it
keeps the bad guys where they belong—on the defensive.configured and
strategically placed, it’s only a matter of time before an alert will sound and
notifications sent. For the detection process to have any value there must be a
timely response. The response to an incident should be planned well in advance.
Making important decisions or developing policy while under attack is a recipe
for disaster.

References

 1 List of
operating systems: http://www.en.wikipedia.org/wiki/List_of_operating_systems,
accessed October 2014

2 At 10-Year Milestone, Microsoft’s Trustworthy Computing

Initiative More Important than Ever, http://www.news.

microsoft.com/2012/01/12/at-10-year-milestone-microsoftstrustworthy-

Computing-initiative-more-important-than-ever/, accessed October
2014

3 Sourcefire Vulnerability Research Team (VRTTM): 25 Years of

Vulnerabilities: 1988–2012, Research Report, Yves Younan

4 Linux Kernel caiaq USB Drivers Buffer Overflow Vulnerability:

https://www.labs.mwrinfosecurity.com/system/assets/153/original/mwri_caiaq-usb-drivers-buffer-overflow_2011-03-07.pdf,
accessed April 2015

5 MS13-027 Vulnerabilities in Kernel-Mode Drivers Could

Allow Elevation of Privilege, https://www.technet.microsoft.

com/library/security/ms13-027, accessed April 2015

6 Malisow, Ben. “Moment’s Notice: The Immediate Steps of
Incident Handling. 7 July2000. URL: http://www.securityfocus.com/focus/ih/articles/moments.html

7 Shipley, Greg. “The Price of Vulnerability.” 19 February 2001.
URL:

http://www.nwc.com/1204/1204colshipley.html