PROTECTION IN GENERAL PURPOSE OPERATING SYSTEM PROTECTED OBJECT AND METHOD OF PROTECTION
Protected objects: The rise of multiprogramming meant that several aspects of a computing system required protection viz. memory, sharable I/O devices, such as disks,serially reusable I/O devices, such as printers and tape drives, sharable programs and subprocedures,networks,sharable data. As it assumed responsibility for controlled sharing, the operating system had to protect these objects.
Security in operating system: The basis of protection is separation: keeping one user's objects separate from other users. Rushby and Randell noted that separation in an operating system can occur in several ways:
- physical separation, in which different processes use different physical objects, such as separate printers for output requiring different levels of security
- temporal separation, in which processes having different security requirements are executed at different times
- logical separation, in which users operate under the illusion that no other processes exist, as when an operating system constrains a program's accesses so that the program cannot access objects outside its permitted domain
- cryptographic separation, in which processes conceal their data and computations in such a way that they are unintelligible to outside processes
Of course, combinations of two or more of these forms of separation are also possible. The categories of separation are listed roughly in increasing order of complexity to implement, and, for the first three, in decreasing order of the security provided. However, the first two approaches are very stringent and can lead to poor resource utilization. Therefore, we would like to shift the burden of protection to the operating system to allow concurrent execution of processes having different security needs.
But separation is only half the answer. We want to separate users and their objects, but we also want to be able to provide sharing for some of those objects. For example, two users with different security levels may want to invoke the same search algorithm or function call.
We would like the users to be able to share the algorithms and functions without compromising their individual security needs. An operating system can support separation and sharing in several ways, offering protection at any of several levels.
- Do not protect. Operating systems with no protection are appropriate when sensitive procedures are being run at separate times.
- Isolate. When an operating system provides isolation, different processes running concurrently are unaware of the presence of each other. Each process has its own address space, files, and other objects. The operating system must confine each process somehow so that the objects of the other processes are completely concealed.
- Share all or share nothing. With this form of protection, the owner of an
object declares it to be public or private. A public object is available to all users,
whereas a private object is available only to its owner.
- Share via access limitation. With protection by access limitation, the operating system checks the allowability of each user's potential access to an object. That is, access control is implemented for a specific user and a specific object. Lists of acceptable actions guide the operating system in determining whether a user should have access to a particular object. In some sense, the operating system acts as a guard between users and objects, ensuring that only authorized accesses occur.
- Share by capabilities. An extension of limited access sharing, this form of protection allows dynamic creation of sharing rights for objects. The degree of sharing can depend on the owner or the subject, on the context of the computation, or on the object itself.
- Limit use of an object. This form of protection limits not just the access to an object but the use made of that object after it has been accessed. For example, a user may be allowed to view a sensitive document, but not to print a copy of it. More powerfully, a user may be allowed access to data in a database to derive statistical summaries (such as average salary at a grade level), but not to determine specific data values (salaries of individuals).
Methods of memory protection:Memory protection is a way to control memory access rights on a computer, and is a part of most modern operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug within a process from affecting other processes, or the operating system itself, and instead results in a segmentation fault or storage violation exception being sent to the offending process, generally causing abnormal termination (killing the process). Memory protection for computer security includes additional techniques such as address space layout randomization executable space protection.These includes
- Paged virtual memory
- Simulated segmentation
- P. Pfleeger, Shari Lawrence Pfleeger Charles: Security in Computing, PHI
- Notes: Veer Surendra Sai University of Technology (VSSUT)