Protection and Security

F2007/Unit9/1

Unit 9

OBJECTIVES

General Objective: To understand the protection and security in operating System Specific Objectives: At the end of the unit you should be able to: define the protection and security discuss the security policy and mechanism explain the Authentic basic concept

Protection and Security

F2007/Unit9/2

INPUT

9.0 Introduction File system often contain information that is highly valuable to their users. Protecting information against unauthorized usage is therefore major concern of all file system. In the following unit we will look at a variety of issues concerned with security and protection.

9.1 Security policy and mechanism

The term security and protection are often used interchangeable. Nevertheless, it is frequently useful to make a distinction between the general problems involved in making sure that files are not read or modified by unauthorized persons, which include technical, managerial, legal and political issues on the one hand, and the specific operating system mechanism used to provide security on the other to avoid confusion, we will use the term security to refer to the overall problem, and the term protection mechanisms to refer to the specific operating system mechanisms used to safeguard information in the computer. The boundary between them is not well defined, however.

A more interesting problem is what to do about intruders. These come in two varieties. Passive intruders just want to read files they are not authorized o read. Active intruders are more malicious; they want to make unauthorized changes to data. When designing a system to be secure against intruders, it is

Protection and Security

F2007/Unit9/3

important to keep in the mind the kind of intruders one is trying to protect against. Some common categories are:

1. Casual prying by non technical users. Many people have terminals to timesharing systems on their desks, and human nature being what it is, some of them will read other peoples electronic mail and other files if no barriers are placed in the way. Most UNIX systems, for example, have the default that all files are publicly readable.

2. Snooping by insiders. Student, systems programmers, operators, and other technical personal often consider it to be a personal challenge to break the security of the local computer system. They often are highly skilled and are willing to devote a substantial amount of time to effort.

3. Determined attempt to make money. Some bank programmers have attempted to break into a banking system to steal from the bank. Scheme have varied from changing the software to truncate rather than round interest, keeping the fraction of a cent for themselves, to siphoning off accounts not used in years, to blackmail.

4. Commercial or military espionage. Espionage refers to serious and wellfunded attempt by a competitor or foreign country to steal programs, trade secret, patents, technology, circuit design, marketing plans, and so forth. Often this attempt will involve wiretapping or even erecting antennas directed at the computer to pick up its electromagnetic radiation.

Protection and Security

F2007/Unit9/4

ACTIVITY 9A

Test Your Understanding from the input given

9.1 Fill in the blank.

i.

Two types of intruders P __ ss__ __ e A __t __ __e

ii.

Who are the intruders P__g__m__ __ r S__u__ __n__ N__n T__c__n__ __a __ user.

Protection and Security

F2007/Unit9/5

FEEDBACK TO ACTIVITY 9 A

9.1Passive Active

9.2Programmer Student Non Technical User

Protection and Security

F2007/Unit9/6

INPUT

9.2 Authentic basic concept

A major security problem for operating system is the authentication problem. The protection system depends on an ability to identify the programs and processes that are executing. This ability in turn, eventually rests on our power to identify each user of the system. A user normally identifies himself. How do we determine if a user identity is authentic? Generally, authentication is base on some combination of three set of items: user possession (a key or card), user knowledge (a user identifier and password), and a user attribute ( finger print, retina pattern, or signature)

The most common approach to authenticating a user identity is the use of user passwords. When the user identifies herself by user id or account name, she is asked for a password. If the user supplied password, matches the password stored in the system, the system assume that the user is legitimate.

9.2.1 Password Passwords are often used to protect object in the computer system, in the absence of more complete protection scheme. They can be considered a special case of either keys or capabilities. For instance, a password could be associate with each resource such as file. Whenever a request is made to use the resource, the password must be given. If the password is correct, access is

Protection and Security

F2007/Unit9/7

granted. Different passwords may be associated with different access rights. For example, different password may be used for reading, appending and updating a file.

Although there are some problems associated with the use of password, they are nevertheless extremely common, because they are easy to understand and use. The problems with passwords are related to the difficulty of keeping a password secret. Password can be compromise by being guessed, accidentally exposed, or illegally transferred from an authorized user to an unauthorized one.

9.2.2 Artifact

A completely different approach to authorization is to check to see if the user has some item, normally a plastic card with a magnetic stripe on it. The card is inserted into the terminal, which then checks to see whose card it is. This method can be combined with a password, so a user can only log in if he 1. has the card 2. knows the password Automated cash dispensing machine usually work this way.

Another technique is signature analysis. The user sign his name with a special pen connected to the terminal and the computer compares it to a known specimen stored online. Even better is not to compare the signature, but compare the pen motion made while writing it. A good forger may be able to copy the signature, but will not have a clue as to the exact order in which the stroke were made.

Protection and Security

F2007/Unit9/8

9.2.3 Biometric Technique Yet another approach is to measure physical characteristic that are hard to forge. For example a finger print or a voiceprint reader in the terminal could verify the users identity (it make the search go faster if the user tells the computer who he is, rather then making the computer compare the given fingerprint to the entire database) Finger length analysis is surprisingly practical. When this is used each terminal has a device. The user inserts his hand into it and the length of all his finger is measured and check against the database.

Protection and Security

F2007/Unit9/9

ACTIVITY 9B

Test Your Understanding from the input given

9.3 Give the definition of authentication.

9.4 What is the common approach to authentication?

9.5 What is the use of password?

Protection and Security

F2007/Unit9/10

FEEDBACK TO ACTIVITY 9B

9.1

Aauthentications is base on some combination of three set of items: user possession (a key or card), user knowledge (a user identifier and password), and a user attribute (finger print, retina pattern, or signature)

9.2 The most common approach to authenticating a user identity is the use of user passwords

9.3 Passwords are often used to protect object in the computer system, in the absence of more complete protection scheme. They can be considered a special case of either keys or capabilities

Protection and Security

F2007/Unit9/11

SELF-ASSESSMENT 1

You are approaching success. Try all the questions in this self-assessment section and check your answers with those given in the Feedback on SelfAssessment 1 given on the next page. If you face any problems, discuss it your lecturer. Good luck!!! Question 9-1

a. Why security is needed?

b. With your own word explain why security is important in university computer system.

Protection and Security

F2007/Unit9/12

SELF-ASSESSMENT 2 Question 9-2

a. Explain the artifact technique to ensure the computer security.

b. What do you understand of biometric technique?

Protection and Security

F2007/Unit9/13

FEEDBACK TO SELF ASSESSMENT 1 Question 9-1

a. File system often contain information that is highly valuable to their users. Protecting information against unauthorized usage is therefore major concern of all file system

b. Discuss with your lecturer.

Protection and Security

F2007/Unit9/14

FEEDBACK TO SELF ASSESSMENT 2

a. A completely different approach to authorization is to check to see if the user has some item, normally a plastic card with a magnetic stripe on it. The card is inserted into the terminal, which then checks to see whose card it is. This method can be combined with a password, so a user can only log in if he 1. has the card 2. knows the password Automated cash dispensing machine usually work this way. Another technique is signature analysis. The user sign his name with a special pen connected to the terminal, and the computer compares it to a known specimen stored online. Even better is not to compare the signature, but compare the pen motion made while writing it. A good forger may be able to copy the signature, but will not have a clue as to the exact order in which the stroke were made.

b. Yet another approach is to measure physical characteristic that are hard to forge. For example a finger print or a voiceprint reader in the terminal could verify the users identity (it make the search go faster if the user tells the computer who he is, rather then making the computer compare the given fingerprint to the entire database) Finger length analysis is surprisingly practical. When this is used each terminal has a device. The user inserts his hand into it and the length of all his finger is measured and check against the database