1.8 Protection and security

<< Chapter < Page

Operating systems

Page 1 / 5

Chapter >> Page >

Protection and Security

Protection and security

The purpose of a protection system is to prevent accidental or intentional misuse of a system.

Accidents: Problems of this kind are easy to anticipate (It’s possible to take action to minimize the likelihood of an accident).
Malicious abuse: Problems of this kind are very hard to completely eliminate (In order to protect completely against malicious abuse, one mustanticipate and eliminate every loophole and resist any temptation to play on probabilities).

There are three aspects to a protection mechanism:

User identification (authentication): make sure we know who is doing what.
Authorization determination: must figure out what the user is and is not allowed to do. Need a simple database for this.
Access enforcement: must make sure there are no loopholes in the system.

Even the slightest flaw in any of these areas may ruin the whole protection mechanism.

Authentication

User identification is most often done with passwords. This is a relatively weak form of protection.

A password is a secret piece of information used to establish the identity of a user.
Passwords should not be stored in a readable form. One-way transformations should be used. A 1-way function is an interesting function thatis relatively easy to compute, but difficult to invert (essentially the only way to invert it is to compute all the forward transforms looking for one thatmatches the reverse).
Passwords should be relatively long and obscure.

Systems like UNIX(R) don't store the password, but the result of a 1-way function on the password. To check a user's password, the system takesthe password as input, computes the 1-way function on it, and compares it with the result in the password file. If they match, the password was (with highprobability) correct. Note that even knowing the algorithm and the encrypted password, it's still impossible to easily invert the function.

Although it's theoretically reasonable to leave a hashed password file in the open, it is rarely done anymore. There are a couplereasons:

In practice, bad passwords are not uncommon enough, so rather than having to try all the passwords (or half the passwords on average), tryinga large dictionary of common passwords is often enough to break into an account on the system.
Password file can be attacked off-line, with the system under attack completely unaware that it is under attack. By forcing the attacker toactually try passwords on the system that they're invading, the system can detect an attack.

Another form of identification: badge or key.

Does not have to be kept secret.
Should not be able to be forged or copied.
Can be stolen, but the owner should know if it is.

Key paradox: key must be cheap to make, hard to duplicate. This means there must be some trick (i.e. secret) that has to beprotected.

Once identification is complete, the system must be sure to protect the identity since other parts of the system will rely on it.

Authorization determination

Must indicate who is allowed to do what with what. Draw the general form as an access matrix with one row per user, one column perfile. Each entry indicates the privileges of that user on that object. There are two general ways of storing this information: access lists and capabilities.

Questions & Answers

A golfer on a fairway is 70 m away from the green, which sits below the level of the fairway by 20 m. If the golfer hits the ball at an angle of 40° with an initial speed of 20 m/s, how close to the green does she come?

Aislinn Reply

tijani

what is titration

John Reply

what is physics

Siyaka Reply

A mouse of mass 200 g falls 100 m down a vertical mine shaft and lands at the bottom with a speed of 8.0 m/s. During its fall, how much work is done on the mouse by air resistance

Jude Reply

Can you compute that for me. Ty

Jude

what is the dimension formula of energy?

David Reply

what is viscosity?

David

what is inorganic

emma Reply

what is chemistry

Youesf Reply

what is inorganic

emma

Chemistry is a branch of science that deals with the study of matter,it composition,it structure and the changes it undergoes

Adjei

please, I'm a physics student and I need help in physics

Adjanou

chemistry could also be understood like the sexual attraction/repulsion of the male and female elements. the reaction varies depending on the energy differences of each given gender. + masculine -female.

Pedro

A ball is thrown straight up.it passes a 2.0m high window 7.50 m off the ground on it path up and takes 1.30 s to go past the window.what was the ball initial velocity

Krampah Reply

2. A sled plus passenger with total mass 50 kg is pulled 20 m across the snow (0.20) at constant velocity by a force directed 25° above the horizontal. Calculate (a) the work of the applied force, (b) the work of friction, and (c) the total work.

Sahid Reply

you have been hired as an espert witness in a court case involving an automobile accident. the accident involved car A of mass 1500kg which crashed into stationary car B of mass 1100kg. the driver of car A applied his brakes 15 m before he skidded and crashed into car B. after the collision, car A s

Samuel Reply

can someone explain to me, an ignorant high school student, why the trend of the graph doesn't follow the fact that the higher frequency a sound wave is, the more power it is, hence, making me think the phons output would follow this general trend?

Joseph Reply

Nevermind i just realied that the graph is the phons output for a person with normal hearing and not just the phons output of the sound waves power, I should read the entire thing next time

Joseph

Follow up question, does anyone know where I can find a graph that accuretly depicts the actual relative "power" output of sound over its frequency instead of just humans hearing

Joseph

"Generation of electrical energy from sound energy | IEEE Conference Publication | IEEE Xplore" ***ieeexplore.ieee.org/document/7150687?reload=true

Ryan

what's motion

Maurice Reply

what are the types of wave

Maurice

answer

Magreth

progressive wave

Magreth

hello friend how are you

Muhammad Reply

fine, how about you?

Mohammed

Mujahid

A string is 3.00 m long with a mass of 5.00 g. The string is held taut with a tension of 500.00 N applied to the string. A pulse is sent down the string. How long does it take the pulse to travel the 3.00 m of the string?

yasuo Reply

Who can show me the full solution in this problem?

Reofrir Reply

Got questions? Join the online conversation and get instant answers!

Jobilize.com Reply

<< Chapter < Page Page > Chapter >>

Read also:

Get Jobilize Job Search Mobile App in your pocket Now!

100% Free Mobile Applications
Receive real-time job alerts and never miss the right job again

Source: OpenStax, Operating systems. OpenStax CNX. Aug 13, 2009 Download for free at http://cnx.org/content/col10785/1.2

Google Play and the Google Play logo are trademarks of Google Inc.

Notification Switch

Would you like to follow the 'Operating systems' conversation and receive update notifications?

Ask

	Social Psychology MCQ By Saylor Foundation Start Quiz
	25 AP Key Terms 25 The Urinary System By OpenStax Start Key Terms
	Does your crush like you? By Hoy Wen Start Quiz
©flickr: Miguel	Protozoal and Parasitic Infections By Cath Yu Start Quiz
	3 Psychology MCQ 2009 2 Exam By John Gabrieli Start Exam
	13 Sociology 13 Aging and the Elderly MCQ By OpenStax Start Quiz
	1 Timeshare 1 By Jams Kalo Start Quiz
	8 Neuroanatomy 08 The Vestibular System By Stephen Voron Start Quiz
	1 Psychology Concept Test By John Gabrieli Start Test
	10 Physiotherapy Modalities-Thermo By Rhodes Start Quiz