1. Home
  2. Operating systems
  3. Lecture notes
  4. Protection and security

1.8 Protection and security

<< Chapter < Page
  Operating systems     Page 1 / 5
Chapter >> Page >
Protection and Security

Protection and security

The purpose of a protection system is to prevent accidental or intentional misuse of a system.

  • Accidents: Problems of this kind are easy to anticipate (It’s possible to take action to minimize the likelihood of an accident).
  • Malicious abuse: Problems of this kind are very hard to completely eliminate (In order to protect completely against malicious abuse, one mustanticipate and eliminate every loophole and resist any temptation to play on probabilities).

There are three aspects to a protection mechanism:

  • User identification (authentication): make sure we know who is doing what.
  • Authorization determination: must figure out what the user is and is not allowed to do. Need a simple database for this.
  • Access enforcement: must make sure there are no loopholes in the system.

Even the slightest flaw in any of these areas may ruin the whole protection mechanism.

Authentication

User identification is most often done with passwords. This is a relatively weak form of protection.

  • A password is a secret piece of information used to establish the identity of a user.
  • Passwords should not be stored in a readable form. One-way transformations should be used. A 1-way function is an interesting function thatis relatively easy to compute, but difficult to invert (essentially the only way to invert it is to compute all the forward transforms looking for one thatmatches the reverse).
  • Passwords should be relatively long and obscure.
  • Systems like UNIX(R) don't store the password, but the result of a 1-way function on the password. To check a user's password, the system takesthe password as input, computes the 1-way function on it, and compares it with the result in the password file. If they match, the password was (with highprobability) correct. Note that even knowing the algorithm and the encrypted password, it's still impossible to easily invert the function.

Although it's theoretically reasonable to leave a hashed password file in the open, it is rarely done anymore. There are a couplereasons:

  • In practice, bad passwords are not uncommon enough, so rather than having to try all the passwords (or half the passwords on average), tryinga large dictionary of common passwords is often enough to break into an account on the system.
  • Password file can be attacked off-line, with the system under attack completely unaware that it is under attack. By forcing the attacker toactually try passwords on the system that they're invading, the system can detect an attack.

Another form of identification: badge or key.

  • Does not have to be kept secret.
  • Should not be able to be forged or copied.
  • Can be stolen, but the owner should know if it is.

Key paradox: key must be cheap to make, hard to duplicate. This means there must be some trick (i.e. secret) that has to beprotected.

Once identification is complete, the system must be sure to protect the identity since other parts of the system will rely on it.

Authorization determination

Must indicate who is allowed to do what with what. Draw the general form as an access matrix with one row per user, one column perfile. Each entry indicates the privileges of that user on that object. There are two general ways of storing this information: access lists and capabilities.

Questions & Answers

what does preconceived mean
sammie Reply
physiological Psychology
Nwosu Reply
How can I develope my cognitive domain
Amanyire Reply
why is communication effective
Dakolo Reply
Communication is effective because it allows individuals to share ideas, thoughts, and information with others.
effective communication can lead to improved outcomes in various settings, including personal relationships, business environments, and educational settings. By communicating effectively, individuals can negotiate effectively, solve problems collaboratively, and work towards common goals.
it starts up serve and return practice/assessments.it helps find voice talking therapy also assessments through relaxed conversation.
miss
Every time someone flushes a toilet in the apartment building, the person begins to jumb back automatically after hearing the flush, before the water temperature changes. Identify the types of learning, if it is classical conditioning identify the NS, UCS, CS and CR. If it is operant conditioning, identify the type of consequence positive reinforcement, negative reinforcement or punishment
Wekolamo Reply
please i need answer
Wekolamo
because it helps many people around the world to understand how to interact with other people and understand them well, for example at work (job).
Manix Reply
Agreed 👍 There are many parts of our brains and behaviors, we really need to get to know. Blessings for everyone and happy Sunday!
ARC
A child is a member of community not society elucidate ?
JESSY Reply
Isn't practices worldwide, be it psychology, be it science. isn't much just a false belief of control over something the mind cannot truly comprehend?
Simon Reply
compare and contrast skinner's perspective on personality development on freud
namakula Reply
Skinner skipped the whole unconscious phenomenon and rather emphasized on classical conditioning
war
explain how nature and nurture affect the development and later the productivity of an individual.
Amesalu Reply
nature is an hereditary factor while nurture is an environmental factor which constitute an individual personality. so if an individual's parent has a deviant behavior and was also brought up in an deviant environment, observation of the behavior and the inborn trait we make the individual deviant.
Samuel
I am taking this course because I am hoping that I could somehow learn more about my chosen field of interest and due to the fact that being a PsyD really ignites my passion as an individual the more I hope to learn about developing and literally explore the complexity of my critical thinking skills
Zyryn Reply
good👍
Jonathan
and having a good philosophy of the world is like a sandwich and a peanut butter 👍
Jonathan
generally amnesi how long yrs memory loss
Kelu Reply
interpersonal relationships
Abdulfatai Reply
What would be the best educational aid(s) for gifted kids/savants?
Heidi Reply
treat them normal, if they want help then give them. that will make everyone happy
Saurabh
What are the treatment for autism?
Magret Reply
hello. autism is a umbrella term. autistic kids have different disorder overlapping. for example. a kid may show symptoms of ADHD and also learning disabilities. before treatment please make sure the kid doesn't have physical disabilities like hearing..vision..speech problem. sometimes these
Jharna
continue.. sometimes due to these physical problems..the diagnosis may be misdiagnosed. treatment for autism. well it depends on the severity. since autistic kids have problems in communicating and adopting to the environment.. it's best to expose the child in situations where the child
Jharna
child interact with other kids under doc supervision. play therapy. speech therapy. Engaging in different activities that activate most parts of the brain.. like drawing..painting. matching color board game. string and beads game. the more you interact with the child the more effective
Jharna
results you'll get.. please consult a therapist to know what suits best on your child. and last as a parent. I know sometimes it's overwhelming to guide a special kid. but trust the process and be strong and patient as a parent.
Jharna
Got questions? Join the online conversation and get instant answers!
Jobilize.com Reply
<< Chapter < Page Page > Chapter >>

Read also:

Get Jobilize Job Search Mobile App in your pocket Now!

Get it on Google Play Download on the App Store Now




Source:  OpenStax, Operating systems. OpenStax CNX. Aug 13, 2009 Download for free at http://cnx.org/content/col10785/1.2
Google Play and the Google Play logo are trademarks of Google Inc.

Notification Switch

Would you like to follow the 'Operating systems' conversation and receive update notifications?

Ask