Many operating systems include some level of security. Security is based on the two ideas that:
The operating system provides access to a number of resources, directly or indirectly, such as files on a local disk, privileged system calls, personal information about users, and the services offered by the programs running on the system;
The operating system is capable of distinguishing between some requesters of these resources who are authorized (allowed) to access the resource, and others who are not authorized (forbidden). While some systems may simply distinguish between "privileged" and "non-privileged", systems commonly have a form of requester identity, such as a user name. Requesters, in turn, divide into two categories:
Internal security: an already running program. On some systems, once a program is running it has no limitations, but commonly the program has an identity which it keeps and is used to check all of its requests for resources.
External security: a new request from outside the computer, such as a login at a connected console or some kind of network connection. To establish identity there may be a process of authentication. Often a username must be quoted, and each username may have a password. Other methods of authentication, such as magnetic cards or biometric data, might be used instead. In some cases, especially connections from the network, resources may be accessed with no authentication at all.
In addition to the allow/disallow model of security, a system with a high level of security will also offer auditing options. These would allow tracking of requests for access to resources (such as, "who has been reading this file?").
Internal security
Internal security can be thought of as protecting the computer's resources from the programs concurrently running on the system. Most operating systems set programs running natively on the computer's processor, so the problem arises of how to stop these programs doing the same task and having the same privileges as the operating system (which is after all just a program too). Processors used for general purpose operating systems generally have a hardware concept of privilege. Generally less privileged programs are automatically blocked from using certain hardware instructions, such as those to read or write from external devices like disks. Instead, they have to ask the privileged program (operating system kernel) to read or write. The operating system therefore gets the chance to check the program's identity and allow or refuse the request.
External security
Typically an operating system offers (or hosts) various services to other network computers and users. These services are usually provided through ports or numbered access points beyond the operating system's network address. Services include offerings such as file sharing, print services, email, web sites, and file transfer protocols (FTP), most of which can have compromised security.
At the front line of security are hardware devices known as firewalls or intrusion detection/prevention systems. At the operating system level, there are a number of software firewalls available, as well as intrusion detection/prevention systems. Most modern operating systems include a software firewall, which is enabled by default. A software firewall can be configured to allow or deny network traffic to or from a service or application running on the operating system. Therefore, one can install and be running an insecure service, such as Telnet or FTP, and not have to be threatened by a security breach because the firewall would deny all traffic trying to connect to the service on that port.
An alternative strategy, and the only sandbox strategy available in systems that do not meet the Popek and Goldberg virtualization requirements, is the operating system not running user programs as native code, but instead either emulates a processor or provides a host for a p-code based system such as Java.
Internal security is especially relevant for multi-user systems; it allows each user of the system to have private files that the other users cannot tamper with or read. Internal security is also vital if auditing is to be of any use, since a program can potentially bypass the operating system, inclusive of bypassing auditing.
Please follow these links for details on other tasks performed by Operating System:
Memory Management
Process Management
Disk and File Management
Networking
Security
Graphical User Interface
Device Driver Management
skip to main |
skip to sidebar
I read one Chinese proverb that says, "It is better to light one candle than to curse the darkness.".
I step forward to light that one candle by scattering the knowledge I gained in my career as an IT professional.
Dedicated to my father for providing inspiration to learn and succeed in Life.
I step forward to light that one candle by scattering the knowledge I gained in my career as an IT professional.
Dedicated to my father for providing inspiration to learn and succeed in Life.
Blog Archive
-
▼
2008
(66)
-
▼
April
(38)
- Features Of Common Language Runtime
- .NET Framework
- Creating Database Objects Using Managed Code (Micr...
- Designing N-Tier Client/Server Architecture
- Steps to Implement ClickOnce Deployment in .NET 2.0
- ClickOnce Deployment In .NET Framework 2.0
- 2D Graphics Techniques
- 2D Computer Graphics
- Subfields Of Computer Graphics
- Computer Graphics
- Types Of Operating System
- Functions of Operating System
- Technical Approach for Migrating VB 6.0 Applicatio...
- Migration Strategy for Upgrading VB 6.0 Applicatio...
- Migrating Applications from VB 6.0 to VB .NET
- Different Types Of Operating Systems
- Graphical User Interface
- Networking
- Device driver
- Security
- Disk and file system management
- Process Management
- Memory Management On Operating Systems
- Maximum Message Size For Web Services (.NET 3.5)
- C# Coalesce
- Programmatically retrieving Site Usage in MOSS 2007
- Business Data Catalog Overview
- Excel Services - Architecture
- Technical Architecture
- Service Oriented Architecture (SOA) - The Basics
- Disable Right Click On SharePoint Site
- Reconnecting Content Databases in MOSS 2007
- Globalization In .NET
- Pros & Cons: Custom Templates and Site Definitions
- Difference Between MOSS 2007 and WSS 3.0
- Create an IE Favorite to quickly resize your browser
- Apply a Theme to all sub sites in SharePoint 2007
- We Developers Do the Dumbest Things
-
▼
April
(38)
Followers
About Me
Copyright 2009 Learn IT
0 comments:
Post a Comment