OS202 - johanessteven19 - Updated Weekly throughout the semester!
Security in Computer Systems.
A vital part of every computer system. Security is the measure of confidence towards maintaining the integrity of the system and the preservation of the data stored in it. Its main job is to make sure that whatever resources stored in the computer are not compromised by unauthorised influences, whether accidentally or intentionally done.
Protection in Computer Systems.
A different, separate concept from security, yet also vital to the computer system. If security is the measure of confidence, then protection is the set of mechanisms that will regulate the access of computer processes and users to the computer’s resources. It’s the gatekeeper of the computer, so to speak.
Threats against security.
Harmful attacks from the outside could be launched against programs or the computer itself. There are several techniques, such as stack and buffer overflow which gives the attackers the opportunity to slip in behind the computer’s security. From there, the attackers can do whatever they want to the resources of the computer.
Why encryptions are important.
To protect the data stored inside of the computer, it can be encrypted behind a wall of protection. To access it, the user requires a key, which can be different based on the type of encryption used. Symmetric encryptions require a shared key, while asymmetric encryptions provide a public key and a private key. To access the encrypted data, the user needs the required key. Therefore, as long as the attacker does not find the key, the data will be safely locked away.
User authentications.
Legitimate users that access the computer through proper means will receive full service of the computer. The computer is able to differentiate legitimate users from illegitimate ones through the process of user authentication. There are many types of authentication, most of which we have encountered in the real world, from simple authentications such as entering your passwords and PIN numbers, to more advanced ones, such as fingerprint and retina scans.
Range of protection.
Protection covers both the hardwares and the softwares of the computer. The hardwares can be memory, CPU, and other I/O devices, while the softwares range from files, programs, to semaphores. To access these protected objects, the user needs a domain, which is a set of access rights. Basically, a user will execute a certain program located on a domain. The program will then be able to use the access rights in the domain to access and manipulate the objects inside. These objects are commonly secured behind a series of ‘protection rings’, which are layered on top of another. The deeper you go in the rings, the more privilege is granted to the user.
Access matrices.
Access matrices are used to show a general model of protection that provides the mechanism of protection. It is done without having a protection policy being imposed to the users. They are normally implemented to each object as an access list or a capability list to a domain.
Capability-based systems.
First introduced in early 1970s, and proved to be an interesting concept for protection theories. First two systems to incorporate this concept were named Hydra and CAP. Nowadays, we see Linux also incorporate this concept to address the limitations of the UNIX model. Linux’s capabilities will essentially categorize the powers of root into practically three areas represented by a bit in a bitmask. Each area denotes their own capabilities, which are permitted, effective, and inheritable.