os202

Logo

OS202 - johanessteven19 - Updated Weekly throughout the semester!

View the Project on GitHub johanessteven19/os202

Back to Home


Top 10 List of Week 02

  1. Security in Computer Systems.
    A vital part of every computer system. Security is the measure of confidence towards maintaining the integrity of the system and the preservation of the data stored in it. Its main job is to make sure that whatever resources stored in the computer are not compromised by unauthorised influences, whether accidentally or intentionally done.

  2. Protection in Computer Systems.
    A different, separate concept from security, yet also vital to the computer system. If security is the measure of confidence, then protection is the set of mechanisms that will regulate the access of computer processes and users to the computer’s resources. It’s the gatekeeper of the computer, so to speak.

  3. Threats against security.
    Harmful attacks from the outside could be launched against programs or the computer itself. There are several techniques, such as stack and buffer overflow which gives the attackers the opportunity to slip in behind the computer’s security. From there, the attackers can do whatever they want to the resources of the computer.

  4. Why encryptions are important.
    To protect the data stored inside of the computer, it can be encrypted behind a wall of protection. To access it, the user requires a key, which can be different based on the type of encryption used. Symmetric encryptions require a shared key, while asymmetric encryptions provide a public key and a private key. To access the encrypted data, the user needs the required key. Therefore, as long as the attacker does not find the key, the data will be safely locked away.

  5. User authentications.
    Legitimate users that access the computer through proper means will receive full service of the computer. The computer is able to differentiate legitimate users from illegitimate ones through the process of user authentication. There are many types of authentication, most of which we have encountered in the real world, from simple authentications such as entering your passwords and PIN numbers, to more advanced ones, such as fingerprint and retina scans.

  6. Range of protection.
    Protection covers both the hardwares and the softwares of the computer. The hardwares can be memory, CPU, and other I/O devices, while the softwares range from files, programs, to semaphores. To access these protected objects, the user needs a domain, which is a set of access rights. Basically, a user will execute a certain program located on a domain. The program will then be able to use the access rights in the domain to access and manipulate the objects inside. These objects are commonly secured behind a series of ‘protection rings’, which are layered on top of another. The deeper you go in the rings, the more privilege is granted to the user.

  7. Access matrices.
    Access matrices are used to show a general model of protection that provides the mechanism of protection. It is done without having a protection policy being imposed to the users. They are normally implemented to each object as an access list or a capability list to a domain.

  8. Capability-based systems.
    First introduced in early 1970s, and proved to be an interesting concept for protection theories. First two systems to incorporate this concept were named Hydra and CAP. Nowadays, we see Linux also incorporate this concept to address the limitations of the UNIX model. Linux’s capabilities will essentially categorize the powers of root into practically three areas represented by a bit in a bitmask. Each area denotes their own capabilities, which are permitted, effective, and inheritable.

  9. Other protection methods.
    • System Integrity Protection (SIP), introduced by Apple in macOS 10.11. It uses extended attributes on files to restrict them from being seen or manipulated.
    • System-Call Filtering, filters access attempts from outside between trusted and untrusted system calls by using a specific code in the kernel that is able to inspect each access attempt.
    • Sandboxing, limiting the capabilities of what running processes is able to achieve. Giving specific process just enough privileges to do their job, rather than giving them all root permissions.
    • Code Signing, signing each executable programs so that the system knows whether or not the program has been tampered with since the author released it. This allows the system to trust the program since it has not been changed from the start.
  10. Checklist 02
    • Reading chapter 16 and 17 of OSC10 Textbook.
    • Generating a gpg public key.
    • Importing a public key from osp4diss.
    • Exporting generated gpg public key and displaying it onto GitHub page.
    • Reviewing 10 and picking 3 of the best GitHub pages from this list.
    • Writing and implementing a bash script.
    • Updating the weekly log.
    • Making SHA256SUM and signing it.