Protected objects: The rise of multiprogramming meant that several aspects of a computing system required protection viz. memory, sharable I/O devices, such as disks,serially reusable I/O devices, such as printers and tape drives, sharable programs and subprocedures,networks,sharable data. As it assumed responsibility for controlled sharing, the operating system had to protect these objects.

Security in operating system: The basis of protection is separation:  keeping one user's objects separate from other users. Rushby and Randell noted that separation in an operating system can occur in several ways:

  1. physical separation, in which different processes use different physical objects, such as separate printers for output requiring different levels of security
  2. temporal separation, in which processes having different security requirements are executed at different times
  3. logical separation, in which users operate under the illusion that no other processes exist, as when an operating system constrains a program's accesses so that the program cannot access objects outside its permitted domain
  4. cryptographic separation, in which processes conceal their data and computations in such a way that they are unintelligible to outside processes

Of course, combinations of two or more of these forms of separation are also possible. The categories of separation are listed roughly in increasing order of complexity to implement, and, for the first three, in decreasing order of the security provided. However, the first two approaches are very stringent and can lead to poor resource utilization. Therefore, we would like to shift the burden of protection to the operating system to allow concurrent execution of processes having different security needs.
But separation is only half the answer. We want to separate users and their objects, but we also want to be able to provide sharing for some of those objects. For example, two users with different security levels may want to invoke the same search algorithm or function call.

We would like the users to be able to share the algorithms and functions without compromising their individual security needs. An operating system can support separation and sharing in several ways, offering protection at any of several levels.

    Methods of memory protection:Memory protection is a way to control memory access rights on a computer, and is a part of most modern operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug within a process from affecting other processes, or the operating system itself, and instead results in a segmentation fault or storage violation exception being sent to the offending process, generally causing abnormal termination (killing the process). Memory protection for computer security includes additional techniques such as address space layout randomization executable space protection.These includes

    1. Segmentation
    2. Paged virtual memory
    3. Simulated segmentation



    1. P. Pfleeger, Shari Lawrence Pfleeger Charles: Security in Computing, PHI
    2. Notes: Veer Surendra Sai University of Technology (VSSUT)