Introduction
- Interference in resource utilization is a very serious threat in an OS.
- The nature of the threat depends on the nature of a resource and the manner in which it is used.
- In this session, we will discuss the issues involved in protection and security.
- It involves guarding a user's data and programs against interference by other authorized users of the system.
Facets to Protection of Information
There are two facets to protection of information
- Secrecy : Implies that only authorized users should be able to access information.
- Privacy : Implies that information should be used only for the purposes(s) for which it is intended and shared.
Security and Protection : Policies and Mechanisms
Security Attributes
Security is traditionally defined by the three attributes namely:
- Confidentiality : It is the prevention of unauthorized modification of information or resources.
- Integrity : It is the prevention of unauthorized
- Availability : It is the prevention of unauthorized withholding of information or resources.
- Direct : This is any direct attack on your specific systems, whether from outside hackers or from disgruntled insiders.
- Indirect : This is general random attack, most commonly computer worms or Trojan horses.
Reasons for taking Security measures
- To prevent loss of data
- To prevent corruption of data
- To prevent compromise of data
- To prevent theft of data
- To prevent sabotage
Authentication
- Goal of Authentication : Reasonable assurance that anyone who attempts to access a system or a network is a legitimate user.
- 3 mechanisms
- Password
- Physical token or an artifact
- Biometric measure
Security models
Security models can be discretionary or mandatory.
- Discretionary : Holders of right can be allowed to transfer them at their discretion.
- Mandatory : Only designated roles are allowed to grand rights and users cannot transfer them.
- Security Policy : Outlines several high level points; how the data is accessed, the amount of security required and what are the steps when these requirements are not met.
- Security Model : The mechanism to support security policy. This involves in the design of the security system.
Access Matrix Model
Consists three principal components:
- A set of passive objects (files, terminals, devices and other entities)
- A set of active subjects, which may be manipulate the objects
- A set of rules governing the manipulation of objects by subjects.
- The access matrix is a rectangular array with one row per subject and one column per object.
Role Based Access Control
- Enforces access controls depending upon a user role(s).
- Roles represent specific organization duties and are commonly mapped to job title. Ex: Administrator, Developer etc.
- Role definitions and associated access rights must be based upon a thorough understanding of an organization's security policy.
Take-Grant Model
- This model use graphs to model access control.
- The graph structure can be represented as an adjacency matrix and labels on the arcs can be coded as different values in the matrix.
- Nodes in the graph are of two types, one corresponding to subjects and the other to objects.
- The possible access rights are read(r), write(w), take(t) and grant(g).
Example of Take
.jpg)
.jpg)
Posts
0 Comments:
Post a Comment