- File system often contain information that is highly valuable to their users.
- Protecting information against unauthorized usage is therefore major concern of all file system.
- In the following unit we will look at a variety of issues concerned with security and protection.
Security Policy and Mechanism
- The term security and protection are often used interchangeable.
- Nevertheless, it is frequently useful to make a distinction between the general problems involved in making sure that files are not read or modified by unauthorized persons, which include technical, managerial, legal and political issues on the one hand, and the specific operating system mechanism used to provide security on the other to avoid confusion, we will use the term security to refer to the overall problem, and the term protection mechanisms to refer to the specific operating system mechanisms used to safeguard information in the computer.
- The boundary between them is not well defined, however.
- A more interesting problem is what to do about intruders.
- These come in two varieties.
- Passive intruders just want to read files they are not authorized or read.
- Active intruders are more malicious; they want to make unauthorized changes to data.
- When designing a system to be secure against intruders, it is important to keep in the mind the kind of intruders one is trying to protect against.
- Some common categories are:
1. Casual prying by non technical users. Many people have terminals to timesharing systems on their desks, and human nature being what it is, some of them will read other people’s electronic mail and other files if no barriers are placed in the way. Most UNIX systems, for example, have the default that all files are publicly readable.
2. Snooping by insiders. Student, systems programmers, operators, and other technical personal often consider it to be a personal challenge to break the security of the local computer system. They often are highly skilled and are willing to devote a substantial amount of time to effort.
3. Determined attempt to make money. Some bank programmers have attempted to break into a banking system to steal from the bank. Scheme have varied from changing the software to truncate rather than round interest, keeping the fraction of a cent for themselves, to siphoning off accounts not used in years, to blackmail.
4. Commercial or military espionage. Espionage refers to serious and wellfunded attempt by a competitor or foreign country to steal programs, trade secret, patents, technology, circuit design, marketing plans, and so forth. Often this attempt will involve wiretapping or even erecting antennas directed at the computer to pick up its electromagnetic radiation.
2. Snooping by insiders. Student, systems programmers, operators, and other technical personal often consider it to be a personal challenge to break the security of the local computer system. They often are highly skilled and are willing to devote a substantial amount of time to effort.
3. Determined attempt to make money. Some bank programmers have attempted to break into a banking system to steal from the bank. Scheme have varied from changing the software to truncate rather than round interest, keeping the fraction of a cent for themselves, to siphoning off accounts not used in years, to blackmail.
4. Commercial or military espionage. Espionage refers to serious and wellfunded attempt by a competitor or foreign country to steal programs, trade secret, patents, technology, circuit design, marketing plans, and so forth. Often this attempt will involve wiretapping or even erecting antennas directed at the computer to pick up its electromagnetic radiation.
No comments:
Post a Comment