Security andOperatingSystems AbstractWhile, the original operatingsystems for large centralized computing focused their security effortsprimarily on separating users, operating systems security has had to adapt tocater for a wider range of technology, such as desktop computers, smartphonesand cloud platforms, and the different threats that have evolved as aconsequence. This editorial examines some of the core security mechanisms thatevery operating system needs and the continuing evolution towards offering amore secure platform. Also discuss about identification, prevention, detectionand correction. . Identification is a uniqueidentifier. It is what a user (person, client, software application, hardwareor network) uses to differentiate from other object itself.
Keywordwords:stand-alone mainframes, malicious Malware, identification, prevention,detection and correction. Introduction Informal:Security is keeping unauthorized entities from doing things you don’t want themto do. More formal: Confidentiality, integrity, availability.Havingevolved from running on shared stand-alone computers to being highly optimizedand networked computers it’s not surprising that operating systems have had toevolve their security to diminish different threats.Theshared stand-alone mainframes usedby large organizations and universities faced threats from (predominatelyinternal) users accessing data and computing ‘time’ that they were not entitledto.
The range of applications and network connectivity that operating systemshad to support increased significantly. With increasing connectivity threatsarose around the exchange of malicious filesor network access to data by both internally connected users as well as anexternal individuals and groups of ‘hackers’.· Increased availability of wirelessnetworks has required devices to be ‘always connected’ to a variety of publicnetworks and other devices, thus increasing the number of types and potentialnetwork attacks against the platform.· Operating systems (from differentorganizations) are increasingly deployed onto shared public computation andstorage resources in cloud data centers, which brings with it concerns aboutprotecting the data and availability of these services from attacks against thecollocated operating systems and its hosting platform.
Fig. 1 Key threats and operating system Themain security FeaturesAccesscontrolAtthe center of all operating system security is the ability to enforce controlover access to system resources and information, either to mitigate maliciousactions or accidental damage by users. While controlling access to confidentialpatient or financial files from multiple users on a shared system may seem likean obvious security feature, just as important is the need to prevent theinadvertent download of malware from within a browser from executing andinstalling unwanted spying software; as is the need to prevent a badlyimplemented application accessing other users’ private data held within thememory. Access control lies at the heart ofmany operating systems, ensuring that legitimate users and processesareonly allowed to access the resources that they are entitled to do so.Unfortunately, it’s not necessarily as simple as it may seem.Itis not just access by users to files we need to worry about, but also the needto control the access by processes or machines to resources that includes notjust data files, but memory, peripherals, networks and so on.Accessis also a term that can be used to describe quite a number of operations; atthe simplest it could be the ability to write to, read from or execute a file.This is the case within many commercial UNIX systems where ‘files’ representall resources, such as memory, I/O and network connections.
However, in otheroperating systems (such as Microsoft Windows) the access operations are richerand include the capability to ‘delete’ or ‘take ownership’ of a data type(rather than just a file type), for example.Thefact that we need to store a range of permitted operations with a large numberof users and with access to a large number resources, can cause practicaldifficulties (having to store and check each time an individual user needs toaccess a particular resource that they have permission to). Hence a popularstrategy is to either group users into groups (with defined group accesspermissions) or to store individual lists of users and access permissions foreach resource.
However,the principles that operating systems need to achieve in order to controlaccess securely are well known. Firstly, they need to ensure that they have atrusted mechanism for deciding and enforcing the rights of the requestingprocess/user with the designated rights of the object. Secondly, thatenforcement capability needs to be free from tampering, modification andvulnerabilities, a concept often referred to within the operating system as theTrusted Computing Base.
Finally, the path by which that enforcement happensalso needs to also be trusted, such that there can be no opportunity formalicious processes or users to interrupt that execution path, a concept knownas the trusted path.NetworkprotectionToday,many operating systems are arranged in highly networked environments, withcommunications essential for most users to access applications, data andcommunicate with each other. In the early development of operating systems justas the files were believed to be trustworthy from users, so too were thenetworks to which they were connected often connecting organizations on trustedor in-house networks, rather than the highly mobile devices now connecting overuntrusted and public networks, such as the Internet. Hence operating systemshave had to adapt to embed a number of security features into their systems tomitigate this including network encryption, firewalls and network accessprotection. The connectivity of operating systems to the Internet also signaledthe start of a rapid increase in reported vulnerabilities with many Internetfacing services for UNIX and Windows Systems found to have either vulnerabilityin the services themselves or fundamental flaws in the protocols used by theoperating systems to move data around. In the former case, unexpected ormalformed messages are used to overflow the memory and execute maliciousinstructions, as or simply access sensitive memory and return it to anattacker.
Inthe latter case, vulnerabilities were found in the implementation of networkprotocols themselves, where constant requests to open a network connection on asystem from an attacker without them subsequently closing that connectioncaused the operating systems to consume too many resources and stopcommunicating.Asa consequence of these threats many operating systems have built firewalls intotheir operating systems to reduce the ability of attackers to access networksservices and applications that they should not. As well as limit the number ofexternal connections that can be made to only those that are trusted,especially important with many operating systems outside of an organizationalnetwork and directly on the Internet.
Similarly,operating systems have also increased their support over time for more secureprotocols (e.g. IPSEC, TLS/SSL and WPA2) to enable trusted connections eitherto organizational networks remotely across the internet or direct to otherindividual systems and networks using encryption and mutual authenticationbased upon Public Key Cryptography (PKI).
That mutual authentication oftenneeds to be used to help identify the operating system itself and its generalsecurity health (e.g. that it has not been compromised and will not helppropagate malware or a worm) before it is given access to a corporate network,a scheme know as Network Access Protection. MalwareprotectionMalware has become an increasing issue for operating systems todeal with as users need and want to access and exchange files and applicationsthrough a variety of means, such as web portals, messaging/chat systems andsocial media. Indeed, many of the recent cyber security attacks have been as aconsequence of the receipt of a malicious file from a web site or email ratherthan direct attack via the network.PhysicalTheftWith widespread Internet connectivity and a production of mobileand smart devices, operating system security has had to turn its attention tothe simplest and oldest of threats, that of theft and physical access to thedevice. Operating systems now have the capacity to access online services andstore locally on the devices increasing volumes of information, such thataccess to the device could provide access to significant online resources andlocal data.
Security processes Prevention Security has different processes we group them in to distinctphases prevention detection, identification and correction. The main purpose ofthe security is only the authorized access to the information. Information mustbe reliable and accurate. It must sure the availability of data the authorizedperson. Information needs prevention from an unauthorized access in theprevention phase security, policy andcontrol area designed and implemented.
First step is a security awareness,security awareness should must be conducted to educate employees on securityimportance. Access control is managed by issuing identification, authenticationthat verifies identifiers and authorization rules as established.Identification uniquely identifies the user .Authentication process validatesthe identifiers. Basic factors that are involved in authentication process what you know password etc. what youhave award or a token etc and the thirdone is physical characteristic suchas figure print , ratina, or DNA thesefactors also called biometric. The best authentication process consists of allof these three factors.
A user who have been identified and authenticated touser certain resources are the authorized user.Detection After theprevention the detection of the system is a critical process. No matter howmuch a system is secured there is no full proof security solution. There shouldmust be a timely detection and notification of security compromises.
Intrusiondetection system (IDS) are utilized for this purpose. IDS monitors thesystem. It can detect attacks, change infile, configuration and activities, Entire system should be monitored. IDS musthave an ability to distinguish between normal activities and maliciousactivities. Detection process is much more than an Alarm. It’s an alarm withbrain as it detects, distinguish the type of activities, and also pinpoints itssource path. Once your IDS is properlyIdentification:Operating systems are the core of the computing environmentproviding users a common and easy-to-use interface to the hardware and software installed on a computer.
Operating system security iscrucial because it protects the central control system of a computer.Identification is a unique identifier. It is what a user (person, client,software application, hardware or network) uses to differentiate from otherobject itself. A user presents identification to show who he/she is.Identifiers that are created for users should not be shared with any otherusers or groups.
Once a user has an identifier the next step taken to access aresource is authentication. . Operating Systems generally identifies usersusing following three ways ?Username /Password ? User need to enter a registered username and passwordwith Operating system to login into the system. User card/key ? User need to punch card in card slot, orenter key generated by key generator in option provided by operating system tologin into the system. Userattribute – fingerprint/ eye retina pattern/ signature ? User needto pass his/her attribute via designated input device used by operating systemto login into the system. OS should provide protection mechanisms and implementa system administrator defined securityExternal authentication mechanism for the user and a mechanism meant to preventan application run unless the user registers and the system administrator(software) authorizes Internalauthentication for the process, and the process should not appear (impersonate)as some like other processes.
User authenticationcan become difficult if the user disseminates password passwords or otherauthentication methods. Authentication refers to identifying each user of thesystem and associating the executing programs with those users. It is theresponsibility of the Operating System to create a protection system whichensures that a user who is running a particular program is authenticCorrection:Today, roughly 20% of user identifications and passwords havenever been changed. The word password is still a commonpassword in many organizations. Once the network has been provisioned, administratorsneed to be able to verify policy compliance, which defines user access rightsand ensures that all configurations are correct. An agent running on thenetwork or remotely can monitor each server continuously, and such monitoringwouldn’t interfere with normal operations. Second, account management needs tobe centralized to control access to the network and to ensure that users haveappropriate access to enterprise resources. Policies, rules and intelligenceshould be located in one place—not on each box—and should be pushed out fromthere to provision user systems with correct IDs and permissions.
An ID lifecycle manager can be used to automate this process and reduce the pain of doingthis manually. Third, the operating system should be configured so that it canbe used to monitor activity on the network easily and efficiently—revealing whois and isn’t making connections, as well as pointing out potential securityevents coming out of the operating system. Administrators can use a central dashboardthat monitors these events in real time and alerts them to serious problemsbased on preset correlations and filtering. Just as important, this monitoringsystem should be set up so that administrators aren’t overwhelmed by routineevents that don’t jeopardize network security.
Security doesn’t have to be abudget buster or interfere with normal business operations. As organizationsmove from manual to automated security processes, there are significant costsavings to be had. Manual processes are not only expensive and inflexible; theycontribution significantly to breakdowns that add to costs.
Properly configuredoperating system security is a business enabler that will save money as itkeeps the bad guys where they belong—on the defensive.configured andstrategically placed, it’s only a matter of time before an alert will sound andnotifications sent. For the detection process to have any value there must be atimely response. The response to an incident should be planned well in advance.Making important decisions or developing policy while under attack is a recipefor disaster.References 1 List ofoperating systems: http://www.en.
wikipedia.org/wiki/List_of_operating_systems,accessed October 20142 At 10-Year Milestone, Microsoft’s Trustworthy ComputingInitiative More Important than Ever, http://www.news.
microsoft.com/2012/01/12/at-10-year-milestone-microsoftstrustworthy-Computing-initiative-more-important-than-ever/, accessed October20143 Sourcefire Vulnerability Research Team (VRTTM): 25 Years ofVulnerabilities: 1988–2012, Research Report, Yves Younan4 Linux Kernel caiaq USB Drivers Buffer Overflow Vulnerability:https://www.labs.mwrinfosecurity.com/system/assets/153/original/mwri_caiaq-usb-drivers-buffer-overflow_2011-03-07.
pdf,accessed April 20155 MS13-027 Vulnerabilities in Kernel-Mode Drivers CouldAllow Elevation of Privilege, https://www.technet.microsoft.com/library/security/ms13-027, accessed April 20156 Malisow, Ben. “Moment’s Notice: The Immediate Steps ofIncident Handling. 7 July2000. URL: http://www.
securityfocus.com/focus/ih/articles/moments.html7 Shipley, Greg. “The Price of Vulnerability.” 19 February 2001.URL:http://www.nwc.com/1204/1204colshipley.html