Protection & security

SAMBUNG....

Authentic basic concept

• A major security problem for operating system is the authentication problem.
• The protection system depends on an ability to identify the programs and processes that are executing.
• This ability in turn, eventually rests on our power to identify each user of the system.
• A user normally identifies himself.
• Generally, authentication is base on some combination of three set of items: user possession (a key or card), user knowledge (a user identifier and password), and a user attribute ( finger print, retina pattern, or signature).
• The most common approach to authenticating a user identity is the use of user passwords.
• When the user identifies herself by user id or account name, she is asked for a password.
• If the user supplied password, matches the password stored in the system, the system assume that the user is legitimate.

1. Password

• Passwords are often used to protect object in the computer system, in the absence of more complete protection scheme.
• They can be considered a special case of either keys or capabilities.
• For instance, a password could be associate with each resource such as file.
• Whenever a request is made to use the resource, the password must be given.
• If the password is correct, access is granted. Different passwords may be associated with different access rights.
• For example, different password may be used for reading, appending and updating a file.
• Although there are some problems associated with the use of password, they are nevertheless extremely common, because they are easy to understand and use.
• The problems with passwords are related to the difficulty of keeping a password secret.
• Password can be compromise by being guessed, accidentally exposed, or illegally transferred from an authorized user to an unauthorized one.

2. Artifact

• A completely different approach to authorization is to check to see if the user has some item, normally a plastic card with a magnetic stripe on it.
• The card is inserted into the terminal, which then checks to see whose card it is.
• This method can be combined with a password, so a user can only log in if he

1. has the card

2. knows the password

• Automated cash dispensing machine usually work this way.
• Another technique is signature analysis.
• The user sign his name with a special pen connected to the terminal and the computer compares it to a known specimen stored online.
• Even better is not to compare the signature, but compare the pen motion made while writing it.
• A good forger may be able to copy the signature, but will not have a clue as to the exact order in which the stroke were made.

3. Biometric Technique

• Yet another approach is to measure physical characteristic that are hard to forge.
• For example a finger print or a voiceprint reader in the terminal could verify the users identity (it make the search go faster if the user tells the computer who he is, rather then making the computer compare the given fingerprint to the entire database).
• Finger length analysis is surprisingly practical.
• When this is used each terminal has a device.
• The user inserts his hand into it and the length of all his finger is measured and check against the database.

Protection & security

Introduction Of Protection And Security

• File system often contain information that is highly valuable to their users.
• Protecting information against unauthorized usage is therefore major concern of all file system.
• In the following unit we will look at a variety of issues concerned with security and protection.

Security Policy and Mechanism

• The term security and protection are often used interchangeable.
• Nevertheless, it is frequently useful to make a distinction between the general problems involved in making sure that files are not read or modified by unauthorized persons, which include technical, managerial, legal and political issues on the one hand, and the specific operating system mechanism used to provide security on the other to avoid confusion, we will use the term security to refer to the overall problem, and the term protection mechanisms to refer to the specific operating system mechanisms used to safeguard information in the computer.
• The boundary between them is not well defined, however.
• A more interesting problem is what to do about intruders.
• These come in two varieties.
• Passive intruders just want to read files they are not authorized or read.
• Active intruders are more malicious; they want to make unauthorized changes to data.
• When designing a system to be secure against intruders, it is important to keep in the mind the kind of intruders one is trying to protect against.
• Some common categories are:

1. Casual prying by non technical users. Many people have terminals to timesharing systems on their desks, and human nature being what it is, some of them will read other people’s electronic mail and other files if no barriers are placed in the way. Most UNIX systems, for example, have the default that all files are publicly readable.


2. Snooping by insiders. Student, systems programmers, operators, and other technical personal often consider it to be a personal challenge to break the security of the local computer system. They often are highly skilled and are willing to devote a substantial amount of time to effort.


3. Determined attempt to make money. Some bank programmers have attempted to break into a banking system to steal from the bank. Scheme have varied from changing the software to truncate rather than round interest, keeping the fraction of a cent for themselves, to siphoning off accounts not used in years, to blackmail.


4. Commercial or military espionage. Espionage refers to serious and wellfunded attempt by a competitor or foreign country to steal programs, trade secret, patents, technology, circuit design, marketing plans, and so forth. Often this attempt will involve wiretapping or even erecting antennas directed at the computer to pick up its electromagnetic radiation.

File System Management

File System

o Also referred to as simply a file system orfilesystem.

o The system that an operating system or program uses to organize and keep track of files.

o For example, a hierarchical file system is one that uses directories to organize files into a tree structure. 

o Although the operating system provides its own file management system, you can buy separate file management systems.

o  These systems interact smoothly with the operating system but provide more features, such as improved backup procedures and stricter file protection. 

1.      Single level Directory

·        The simplest directory structure is the single-level directory.

·        All files are contained in the same directory, which is easy to support and understand.

·        A single level directory has significant limitation, however, when the number of the file increases or when there is more than one user.

·        Since all files are in the same directory, they must have unique names.

·        If we have two users who call their data file test, then the unique name rule is violated.

·        For example in one programming class 23 student call the program for their second assignment prog2: another 11 call it assign2.

·        Although file names are generally selected to reflect the content of the file, there are often limited in length.

·        The MS-DOS operating system allows only 11 characters file names: Unix allows 255 characters.

·        Even with a single user, as the number of files increases, it becomes difficult to remember the name of all the file, so as to create only file with unique name.

·        It is not uncommon for a user to have 100 of files on one computer system and an equal number of additional files on another system.

·        In such an environment, keeping track of so many files is a daunting task.

2. Two level directory

The major disadvantage to a single level directory is the confusion of file names between different users.

The standard solution is to create a separate directory for each user.

· In the two level directory structures, each user has her own user file directory (UFD).

· Each UFD has a similar structure, but lists only the files of a single user.

· When a user job starts or a user log in, the system master file directory (MFD), is search.

· The master file directory is index by user name or account number, and each entry point to the UFD for that user.

· When a user refers to a particular file, only his own UFD is search.

· Thus different users may have files with the same name, as long as all the file names within it UFD are unique.

3. Multilevel directory

· Once have seen how to view a two level directory as two-level tree, the natural generalization is to extend the directory structure to a tree of a arbitrary height.

· This generalization allows users to create their own subdirectories and to organize their files accordingly.

· The MS-DOS system for instance is structured as a tree.

·  In fact a tree is the most common directory structure.

·  The tree has a root directory.

·  Every files in the system has a unique path name.

·  A path name is the path from the root through all the sub directories to a specified file.

Access Right

· None: The user may not even learn of the existence of the file much less access it. To enforce this restriction, the user is not allowed to read the user directory that includes this file.

· Knowledge: The user can determine that the file exists and who its owner is. The user is then able to petition the owner for additional access rights

·  Execution: The user can load and execute a program but cannot copy it. Proprietary programs are often made accessible with this restriction.

· Reading: The user can read the file for any purpose, including copying and execution. Some system is able to enforce a distinction between viewing and copying. In the former case, the content of the file can be displayed to the user, but the user has no means for making copy.

· Appending: The user can add data to the file, often only at the end, but cannot modify or delete any of the file’s content. This right is useful in collecting data from a number of sources.

· Updating: The user can modify, delete and add to the file’s data. Updating normally includes writing the file initially, rewriting it completely or in part and removing all or portion of the data. Some systems distinguish among different degrees of updating.

- Changing protection: The user can change the access rights granted to other users. Typically this right is held only by the owner of the file. In some systems, the owner can extend this right to others. To prevent abuse of this mechanism, the file owner is typically able to specify which rights can be changed by the holder of this right.

· Deletion: The user can delete the file from the file system.

Secondary Storage Organization Program

A file may contain more than one block of secondary storage. It means few block should linking to form file. There are three methods which are:

·  Linking block

·  File map

·  Index block

Linking block

·  Every block that use to from a file will link using a pointer.

·  The pointer in UFD (User file directory) link to the first block in a chain.

·  The Problem to this method is there are many access to disk and need to be done to find the last file, for example to delete file, clear information about the earlier position of the file. 

File map

· This method linking the block to form a file and were recorded using file map.

· It is known as file scheduling.

· The pointer in the file of UFD will link to the location in the map file which is representing the first block to form the file.

·  The last block will stated using zero pointers.

Index Block

· This method will link the entire block using the index block.

·  The pointer in the UFD will link to that index block.

·  The advantage of this method is file can be accessed without parallel system.

While the disadvantages are too many space should be used to keep the index block.

Input Output procuder

Input Output Management

· Managing input & output in Windows XP involves many operating system components.

· User-mode processes interact with an environment subsystem and not directly with kernel-mode components.

· The environment subsystem pass input & output request to the input & output manager, which interacts with devices drivers to handle such request.

· Several device drivers, organized into a driver stack, cooperate to fulfill an input & output request.

· The plug and play manager dynamically recognizes when new devices are added to the system and allocates and deallocates  resources, such as input & output ports or DMA channels, to them.

· The power manger administers the operating system’s power management policy.

BUFFERING

· Buffer overflow weakness is one of the many disadvantages of this type of security computer.

· Buffer overflow attacks occur when the excessive Attacker provide input on the plan on the run.

· Buffer overflow results from the weakness of the programming language c, c + +, fortran, and assembly, which does not automatically check the limit input when the program is executed.

· The program is so complex, until programmers themselves do not know the weaknesses of the program.

· Relies on external data to control the program.

· Buffer is provided at the memory allocation, such as arrays or pointers in C. in the language C and C + +, there is no automatic restrictions on buffer, where users can write through the input buffer. For example:

int main () {

int buffer [10];

buffer [20] = 10;

}

· Program in C above is a valid program, and each compiler to compile without error.

· A process is a program in execution.

Spoiling Techniques

· In computer science, spooling refers to a process of transferring data by placing it in a temporary working area where another program may access it for processing at a later point in time.

· The normal English verb "spool" can refer to the action of a storage device that incorporates a physical spool or reel, such as a tape drive.

· Spooling refers to copying files in parallel with other work.

· The most common use is in reading files used by a job into or writing them from a buffer on a magnetic tape or a disk.

· Spooling is useful because devices access data at different rates. The buffer provides a waiting station where data can rest while the slower device catches up.

· This temporary working area would normally be a file or storage device.

· The most common spooling application is print spooling: documents formatted for printing are stored onto a buffer (usually an area on a disk) by a fast processor and retrieved and printed by a relatively slower printer at its own rate.

· Spooler or print management software may allow priorities to be assigned to jobs, notify users when they have printed, distribute jobs among several printers, allow stationery to be changed or select it automatically, generate banner pages to identify and separate print jobs, etc.

· The temporary storage area to which E-mail is delivered by a Mail Transfer Agent and in which it waits to be picked up by a Mail User Agent is sometimes called a mail spool

Memory Management

· effective memory management is vital in a multiprogramming system.

· if only a few processes are in memory, then for much of the time of the processes will be waiting for input  

  output and the processors will be idle.

· thus, memory needs to be allocated efficiently to pack as many processors into memory possible

Objectives

While surveying the various mechanisms and policies associated with

memory management, it is well to keep in mind the requirements that

memory management is intended to satisfy. It suggests five requirements:

· Relocation

· Protection

· Sharing

· Logical organization

· Physical organization

Relocation

· in a multiprogramming system, the available main memory is generally shared among a number of processes.

· typically it is not possible for programmer to know in advance which are the programs that will reside in  the memory during the execution time of a program.

· able to swap active processes in and out of main memory to maximize processors usage by providing a large pool of ready processes to execute.

· once a program has been swapped to disk, it would be quite limiting to declare that when it is next swapped back in it must be placed in the same main memory region as before.

Protection

·        each process should be protected against unwanted interference by other processes, whether accidental or intentional.

·        programs in other processes should not be able to reference memory locations in a process, for reading and writing purposes without permission.

·        in one sense, satisfaction of the relocation requirement increases under difficulty of satisfying the protection requirement.

·        because the location of a program in main memory is unknown, it is possible to check absolute addresses at compile time to assure protection.

Sharing

· any protection mechanisms that are implemented must have the

flexibility to allow several processors to access the same portion of main memory.

· for example, if a number of processes are executing the same program, it is advantageous to allow each process to access the same copy of the program rather than have it on separate copy.

· processes that are cooperating on some task may need to share access to the same data structure.

· the memory management system must therefore allow control access to shared areas of memory without compromising essential protection.

Logical Organization

· almost invariably, main memory in a computer system is organized as a linear, or one-dimensional, address space that consists of sequence of byte or words.

· secondary memory, at its physical level, is similarly organized.

· although the organization closely mirrors the actual machine hardware, it does not correspond to the way in which program are typically instructed.

Physical Organization

· computer memory is organized into at least two levels: main memory and secondary memory.

· main memory provides fast access at relatively high cost.

· main memory is volatile; that is, it does not provide permanent storage.

· Secondary memory is slower and cheaper than main memory, and it is usually not volatile.

· secondary memory’s large capacity can be provided to allow long term storage of programs and data, while a smaller main memory holds programs and data currently in use.

Virtual Memory Implementation

Paging

· Logical address space of a process can be noncontiguous;

process is allocated physical memory whenever the latter is

available

· Divide physical memory into fixed-sized blocks called frames

(size is power of 2, between 512 bytes and 8,192 bytes)

· Divide logical memory into blocks of same size called pages

· Keep track of all free frames

· To run a program of size n pages, need to find n free frames

and load program

· Set up a page table to translate logical to physical addresses

· Internal fragmentation

Segmentation

· Memory-management scheme that supports user view of memory

· A program is a collection of segments. A segment is a logical unit
such as:

main program,

procedure,

function,

method,

object,

local variables, global variables,

common block,

stack,

symbol table, arrays

Relocation policy

· before consider ways of dealing with the shortcomings of partitioning, we must clear up one loose end, which relates to the placement of processes in memory.

- when the fix partition scheme is used, we can expect that a process will always be a sign to the same partition.

· that is, the partition that is selected when a new process is loaded will always be used to swapped the process back into memory after it has been swapped up.

· when the process is first loaded all relative memory references in the code are replaced by absolute main memory addresess determine by the base address of the loaded process.

· in the case of equal size partitions and in the case of a single process queue for unequal size partitions, a process may occupied different partitions during the course of its life.

· when a process image is first created, it is loaded into some partitions in main memory.

· Later, the process may be swapped out; when it is subsequently swapped back in, it may be assigned to a partition different from the previous one.

· The same is true for dynamic partitioning.

Relocation of paging system - Least Recently Used (LRU), First In First Out (FIFO)

Least Recently Used (LRU):

· Removes page least recently accessed

· Efficiency

· Causes either decrease in or same number of interrupts

· Slightly better (compared to FIFO): 8/11 or 73%

· LRU is a stack algorithm removal policy

· Increasing main memory will cause either a decrease in or the same number of page    interrupts

· Does not experience FIFO anomaly

Two variations:

· Clock replacement technique

· Paced according to the computer’s clock cycle

· Bit-shifting technique

· Uses 8-bit reference byte and bit-shifting technique

· Tracks usage of each page currently in memory

First In First Out (FIFO):

· Removes page in memory the longest

· Efficiency

· Ratio of page interrupts to page requests

· FIFO example: not so good

· Efficiency is 9/11 or 82%