Operating System Security

Protection refers to a mechanism that controls the access of programs, processes, or users to the resources defined by a computer system. We can take protection as a helper to multiprogramming operating systems so that many users might safely share a common logical namespace such as a directory or files.

Security can be attacked in the following ways:

1. Authorization
2. Browsing
3. Trap doors
4. Invalid Parameters
5. Line Tapping
6. Electronic Data Capture
7. Lost Line
8. Improper Access Controls
9. Waste Recovery
10. Rogue Software

Operating Systems Employ Security and Protection 

Measures to prevent a person from illegally using resources in a computer system, or interfering with them in any manner. These measures ensure that data and programs are used only by authorized users and only in a desired manner, and that they are neither modified nor denied to authorized users. Security measures deal with threats to resources that come from outside a computer system, while protection measures deal with internal threats. Passwords are the principal security tool. 

A password requirement thwarts attempts by unauthorized persons to masquerade as legitimate users of a system. The confidentiality of passwords is upheld by encryption. Computer users need to share data and programs stored in files with collaborators, and here is where an operating system’s protection measures come in. 

The owner of a file informs the OS of the specific access privileges other users are to have—whether and how others may access the file. The operating system’s protection function then ensures that all accesses to the file are strictly in accordance with the specified access privileges. We begin by discussing how different kinds of security breaches are carried out: Trojan horses, viruses, worms, and buffer overflows. Their description is followed by a discussion of encryption techniques. We then describe three popular protection structures called access control lists, capability lists, and protection domains, and examine the degree of control provided by them over sharing of files. In the end, we discuss how security classifications of computer systems reflect the degree to which a system can withstand security and protection threats

Security measures guard a user’s data and programs against interference from persons or programs outside the operating system; we broadly refer to such persons and their programs as nonusers.

Buffer Overflow Technique

 The buffer overflow technique can be employed to force a server program to execute an intruder-supplied code to breach the host computer system’s security. It has been used to a devastating effect in mail servers and other Web servers. 

The basic idea in this technique is simple: Most systems contain a fundamental vulnerability—some programs do not validate the lengths of inputs they receive from users or other programs. 

Because of this vulnerability, a buffer area in which such input is received may overflow and overwrite contents of adjoining areas of memory. On hardware platforms that use stacks that grow downward in memory  e.g., the Intel 80×86 architecture, such overflows provide an opportunity to execute a piece of code that is disguised as data put in the buffer. This code could launch a variety of security attacks

How a buffer overflow can be used to launch a security attack?

1. The stack grows downward, i.e., toward smaller addresses in memory. It looks as shown on the left before the currently executing function calls the function sample.
2. The code of the calling function pushes a return address and two parameters of sample onto the stack. Each of these occupies four bytes.
3. The code of sample allocates the variable beta and other variables on the stack. The stack now looks as shown on the right. Notice that the start address of beta is at the low end of the memory allocated to it. The end address of beta adjoins the last byte of the parameters.
4. The function sample copies 412 bytes into the variable beta. The first 408 bytes contain code whose execution would cause a security violation. Bytes 409–412 contain the start address of this code. These four bytes overwrite the return address in the stack.
5. The function sample executes a return statement. Control is transferred to the address found in the stack entry that is expected to contain the return address. Effectively, the code in variable beta is invoked. It executes with the privileges of the calling function.

1. Authorization: It means verification of access to the system  resources. Intruders may guess or steal password and use it. Intruder may use a vendor-supplied password, which is expected to use by system administrator. It may find password by trial and error method. If the user logs on and goes for a break then the intruder may use the terminal. An intruder can write a dummy  login program to fool user and that program collects information for its use later on.

2. Authentication: Authentication is verification of a user’s identity. Operating systems most often perform authentication by knowledge. That is, a person claiming to be some user X is called upon to exhibit some knowledge shared only between the OS and user X, such as a password

3. Browsing: Files are very permissive so one can easily browse system files. Due to that it may access database and confidential information can be read.

4. Trap doors: Sometimes Software designers want to modify their programs after installation. for that there are some secret entry points which programmers keep and it does not require and permission . These are called trap doors. Intrudes can use these trap doors.

5. Invalid Parameters: Due to invalid parameters some security violation can take place.

6. Line Tapping: Tapings in the communication line can access or modify confidential data.

7. Electronic data capture: Using wiretaps or mechanism to pick up screen radiation and recognize what is displayed on screen is termed electronic data capture.

8. Lost Line: In networking, the line way gets lost. In such case some o/s log out and allow access only after correct identify of user. some o/s cannot do this. So process will be floating and allow intruder to access data.

9. Improper Access Controls: Some administrators may not plan about all rights. So some users may have more access and some users have very less access.

10. Waste Recovery: If the block is deleted its information will be as it is. until it is allocated to another file. Intruder may use some mechanism to scan these blocks.

11. Rogue Software: Programs are written to create mischief . Some of the programs under this are as follows:

•    Trojan Horse: These programs seem to be harmless but actually harmful.
•    Chameleon: It is similar to a Trojan horse. It is mimic logon program to collect all valid usernames and passwords on a system.
•    Ordinary Software Bomb: It explodes as soon as it is executed.
•   Timed S/W: It becomes active only at specific time.
•   Logical S/W: It is activated only if logical condition is satisfied.
•   Worms: Programs attacking on node and spreading to other nodes.
•  Virus: It gets attacked to other programs to cause damage.

For more details, you can refer to System Protection in Operating System, and the Difference between Virus, Worm, and Trojan Horse article.