- Operating Systems Course
- Operating System Tutorial
- History of the Operating System
- Personal Computer OS
- OS Processes
- OS Process Model
- OS Process Creation
- OS Deadlocks
- OS Deadlock Recovery
- OS Two-Phase Locking
- OS Memory Management
- OS Monoprogramming
- OS Shared Pages
- Operating System Input/Output
- OS Input/Output Devices
- OS Input/Output Software Layers
- OS Disk Hardware
- OS Files
- OS File Naming
- OS File Types
- OS Hierarchical Directory System
- OS Directory Operations
- OS File Operations
- Multimedia Operating System
- OS Multiprocessors
- Operating System Security
- OS User Authentication
- Computer Programming
- Learn Python
- Python Keywords
- Python Built-in Functions
- Python Examples
- Learn C++
- C++ Examples
- Learn C
- C Examples
- Learn Java
- Java Examples
- Learn Objective-C
- Web Development
- Learn HTML
- Learn CSS
- Learn JavaScript
- JavaScript Examples
- Learn SQL
- Learn PHP
Operating System Security
Operating system security is important because if your operating system isn't protected from both inside and outside attacks, the attackers can change, delete, or do other things to your important documents and files.
The need to safeguard every piece of data in a computer system is becoming increasingly important. As a result, it is critical for every operating system (OS) to protect computer systems' information (private information).
This post is divided into the following sections on "operating system security":
- Threats
- Intruders
- Accidental Data Loss
- Basics of Cryptography
- Secret-Key Cryptography
- Public-Key Cryptography
- Digital Signature
- User Authentication
Threats
From a safety and protection standpoint, computer systems strive to accomplish the following three general goals:
- Data confidentiality
- Data integrity
- System availability
The following table provides a list of all of the aforementioned goals along with the threads that correspond to them:
Security Goal | Threat |
---|---|
Data confidentiality | Exposure of data |
Data integrity | Tempering with data |
System availability | Denial of service |
Now, the following table provides a description of all three objectives, from a safety point of view, that virtually every computer system strives to achieve:
Goal | Description |
---|---|
Data integrity | Users who are not authorized to make modifications to any data shouldn't be able to do so without the permission of the data's owner. In this scenario, modifying data not only results in the data being changed, but it also results in the data being removed and may result in the addition of some incorrect data. If a computer system cannot guarantee that the data that are stored in it will remain unchanged until and unless the owner of the system decides to change them, then it is not very useful as an information system and should be avoided. |
Data confidentiality | When there is a need for data confidentiality, confidential information is kept confidential. If the owner of the data has decided that the data should only be made available to specific or certain people and no others, then the system should ensure that the data is not released to people who are not authorized to receive it. In other words, if the owner of the data has decided that the data should only be made available to specific or certain people and no others, then the system should. In addition, the owner ought to have the ability to decide who can see what, and the system ought to be able to ensure that this happens. |
System availability | No one is able to interfere with the system and render it unusable. |
Intruders
In the world of computer security, intruders are people who want to cause trouble for their own amusement or commercial gain.
Basically, intruders are of the following two types:
Now, let's talk briefly about the above two different types of intruders.
Active Intruders
Active intruders are malicious. It is constantly attempting to gain unauthorized access to someone else's system in order to change, modify, or delete data.
Passive Intruders
Passive intruders are less malicious than active ones. It wants to read the files they aren't authorized to read.
Accidental Data Loss
The loss of data or computer data as a result of an accident is referred to as accidental data loss. In most cases, data or information from a computer system is lost as a result of threats posed by malicious intruders. However, valuable information or data can be lost by accident.
Here is a list of some of the most common causes of accidental data loss or data loss from a computer system by accident:
- Natural causes such as floods, earthquakes, and fires, among others.
- Errors in hardware and software, such as program bugs, unreadable discs, CPU errors or malfunctions, and so on.
- Self-inflicted errors such as selecting the incorrect tape, incorrect data entry, a lost disc, or telecommunication errors
You can store your critical computer data and information on the Internet and retrieve it at any time and from any location.
If you accidentally delete data from your computer, you won't be able to recover it unless the data is saved somewhere other than your computer. As a result, to recover any data, simply upload it to the Internet.
There are many ways to send your data over the Internet, such as creating an email account and storing all of your files and data in it, or creating your own website and storing all of your data on it, etc.
Cryptography Basics
This section will teach you the fundamentals of cryptography as well as how to encrypt files with cryptographic algorithms and code.
You can use cryptography to encrypt any file so that only the authorized person has access to it.
The primary goal of cryptography is to encrypt a file or message (called plaintext) so that only the authorized person knows how to decrypt the message or file.
The secrecy is determined by the parameters of the algorithms, known as keys.
Assume P is a plaintext file, KE is the encryption key, C is the ciphertext, and E is the encryption algorithm, or function.
C = E(P, KE)
is an explanation of encryption.
According to the encryption equation above, the ciphertext is obtained by using the known encryption algorithm, E, as well as plaintext, P, and the secret encryption key, KE, as parameters.
Similarly,
P = D(C, KD)
where D denotes the decryption algorithm and KD denotes the key.
This equation states that in order to recover the plaintext, P, from the encrypted text, that is, the ciphertext, C, and the decryption key, KD, the algorithm D with C and KD as parameters must be run.
Here's an example of how to use cryptography to encrypt and decrypt files in the C and C++ programming languages:
Cryptography is a lengthy and difficult subject to master. Assume you've hidden your secret file somewhere in your computer system. Anyone who finds that file in that secret location can access it, but if the file is encrypted, he or she will not be able to see the contents of the file after accessing it.
Secret-key Cryptography
To understand secret-key cryptography, imagine an encryption algorithm in which each letter is replaced by another letter, such as all As being replaced by Qs, all Bs being replaced by Ws, all Cs being replaced by Es, and so on.
Plaintext = ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext = QWERTYUIOPASDFGHJKLZXCVBNM
Here, the encryption key is QWERTYUIOPASDFGHJKLZXCVBNM
Now, for the above key, the plaintext CODESCRACKER would be transformed (from the above encryption key) into the ciphertext EGRTLEKQEATK.
The decryption key tells how to get back from ciphertext to plaintext, the original text, normal text, or unencrypted text.
Therefore, in the example above, KXVMCNOPHQRSZYIJADLEGWBUFT is the decryption key because an A in ciphertext is a K in plaintext, a B in ciphertext is an X in plaintext, etc.
Many cryptographic systems have the property that, given the encryption key, it is easy to find the decryption key and vice versa. Such cryptographic systems are called "secret-key cryptography."
Secret-key cryptography can also be called symmetric-key cryptography.
Public-key Cryptography
A cryptographic system that uses a secret key requires both the sender and the receiver to have possession of a shared secret key in order for the system to function properly. A significant limitation of this system is that individuals may need to physically interact with one another in order for one person to hand it off to another.
The use of public-key cryptography is necessary, as a result, in order to circumvent this problem.
Given a carefully selected encryption key, it is next to impossible to figure out the corresponding decryption key in a public-key cryptographic system. This is because different keys are used for encryption and decryption in a public-key system, and because it is almost impossible to figure out which key corresponds to which encryption key.
As a consequence of this, the encryption key can be made public under these conditions, and the private decryption key is the only one that can be protected from public view.
Digital Signatures
In today's world, it is essential to sign a document using a digital device. Digital signatures make it possible to sign electronic mail messages and other digital documents in a way that prevents the sender from denying responsibility for the content of the message at a later time.
Putting the document through a one-way hashing algorithm, which is extremely difficult to create on your own, is a method that is used frequently and generally.
The hashing function generates a result that is always the same length, regardless of the size of the original document.
The hashing functions with the most widespread use are MD5 and SHA. Here, MD5 stands for message digest, and SHA stands for secure hash algorithm. MD5 generates a result that is 16 bytes, while SHA generates a result that is 20 bytes.
« Previous Topic Next Topic »