MODULE 5- PROTECTION & SECURITY

PROTECTION
A method used in operating system that manages threats within the
system to maintain the proper functioning of the system.

SECURITY
A method used in operating system that handles threats from outside
of the system tom maintain the proper functioning of the system.
Policy (Security) & Mechanism (Protection)
 Policy or Security refers to what needs to be done (ie, a set of ideas
or a plan of what to do).
 Mechanism or Protection refers to how to do it (ie, a process,
technique or system to implement the policy).
 The following examples clearly illustrates the difference between
policy and mechanism:
1. A website requires users to login to the system (Policy). Users
can login using a user name and password pair (Mechanism).
2. Granting a resource to a process using First Come First Serve
algorithm (Policy). This policy can be implemented using a
Queue (Mechanism).

PROTECTION MECHANISMS
Access Matrix
 The Access Matrix is a security model for a computer system's
protection state. It is described as a matrix.
 An access matrix is used to specify the permissions of each process
running in the domain for each object.
 The rows of the matrix represent domains, whereas the columns
represent objects.
 Every matrix cell reflects a set of access rights granted to domain
processes, i.e., each entry (i, j) describes the set of operations that a
domain Di process may invoke on object Oj.
  There are various methods of implementing the access matrix in the
operating system. These methods are as follows:
1. Global Table
2. Access Lists for Objects
3. Capability Lists for Domains
 Global Table
 It is the most basic access matrix implementation.
 A set of ordered triples <domain, object, rights-set> is maintained
in a file.
 When an operation M has been performed on an object Oj within
domain Di, the table is searched for a triple <Di, Oj, Rk>.
 The operation can proceed if this triple is located; otherwise, an
exception (or error) condition has arrived.
 This implementation has various drawbacks. The table is generally
large and cannot be stored in the main memory, so additional input
and output are required.
 Access List for Objects
 Every access matrix column may be used as a single object's access
list. It is possible to delete the blank entries. For each object, the
resulting list contains ordered pairs <domain, rights-set> that define
all domains for that object and a nonempty set of access rights.
  When an operation M is being executed on an object Oj within
domain Di, We search for an entry <Domain(Di), right-
set(Rk)> with M € Rk in the access list for object Oj. If the triple is
present, the operation can proceed to continue, or else we check the
default set. If M is included in the default set, access is allowed;
otherwise, access is denied, and an exception is raised.
 Capability List for Domains/Objects
 A domain's capability list is a collection of objects and the
operations that can be done on them.
 A capacity is a name or address that is used to define an object. If
you want to perform operation M on object Oj, the process runs
operation M, specifying the capability for object Oj. The simple
possession of the capability implies that access is allowed.
 In this method, we can associate each row with its domain instead
of connecting the columns of the access matrix to the objects as an
access list.

SECURITY PROBLEMS
 Security refers to providing safety for computer system resources like
software, CPU, memory, disks, etc.
 It can protect against all threats, including viruses and unauthorized
access.
 It can be enforced by assuring the operating system's integrity,
confidentiality, and availability.
 If an illegal user runs a computer application, the computer or data
stored may be seriously damaged. System security may be threatened
through two violations, and these are as follows:
 1) Threat:- A program that has the potential to harm the system
seriously.
2) Attack:- A breach of security that allows unauthorized access to
a resource.
 There are two types of security breaches that can harm the system:
malicious and accidental. Malicious threats are a type of destructive
computer code or web script that is designed to cause system
vulnerabilities that lead to back doors and security breaches. On the
other hand, Accidental Threats are comparatively easier to protect
against.
 Some of the breaches
1) Breach of integrity: This violation has unauthorized data
modification.
2) Theft of service: It involves the unauthorized use of resources.
3) Breach of confidentiality: It involves the unauthorized reading
of data.
4) Breach of availability: It involves the unauthorized destruction
of data.
5) Denial of service: It includes preventing legitimate use of the
system. Some attacks may be accidental.
 Goals of Security System
1) Integrity: Unauthorized users must not be allowed to access the
system's objects, and users with insufficient rights should not
modify the system's critical files and resources.
 2) Secrecy: The system's objects must only be available to a small
number of authorized users. The system files should not be
accessible to everyone.
3) Availability: All system resources must be accessible to all
authorized users, i.e., no single user/process should be able to
consume all system resources. If such a situation arises, service
denial may occur. In this case, malware may restrict system
resources and preventing legitimate processes from accessing
them.
 Four-Layered Model of Security

TYPES OF THREATS
There are mainly two types of threats that occur. These are as follows:

1) Program Threats
2) System & Network Threats
 Program Threats
The operating system's processes and kernel carry out the specified
task as directed. Program Threats occur when a user program causes
these processes to do malicious operations. The common example of a
program threat is that when a program is installed on a computer, it
could store and transfer user credentials to a hacker. There are various
program threats. Some of them are as follows:
 Malware:-
 Malware is intrusive software that is designed to damage and
destroy computers and computer systems.
 Unlike computer viruses and worms, malware generally do not
attempt to inject themselves into other files or otherwise
propagate themselves. Some of the common malwares are as
follows:-
1) Trojan Horse:- This type of application captures user login
credentials. It stores them to transfer them to a malicious user
who can then log in to the computer and access system
resources.
2) Spyware:- Spyware is any software that installs itself on your
computer and starts covertly monitoring your online
behaviour without your knowledge or permission. Spyware is
a kind of malware that secretly gathers information about a
person or organization and relays this data to other parties.
3) Logic Bomb:- A logic bomb is a situation in which software
only misbehaves when particular criteria are met; otherwise, it
functions normally.
 4) Trap Door:- A trap door is kind of a secret entry point into a
program that allows anyone to gain access to any system
without going through the usual security access procedures. It
is a method of bypassing normal authentication methods.
Therefore it is also known as a back door. Trap Doors are
quite difficult to detect. Programmers use Trap door legally to
debug and test programs.
 Code Injection:-
 Code injection is the malicious injection or introduction of
code into an application.
 The code introduced or injected is capable of compromising
database integrity and/or compromising privacy properties,
security and even data correctness.
 It can also steal data and/or bypass access and authentication
control.
 Some of the common code injections are as follows:
1) SQL Injection:- It is used to corrupt a legitimate
database query to provide falsified data.
2) Script Injection:- It is an attack in which the attacker
provides programming code to the server side of the
scripting engine.
3) Shell Injection:- It is also known as operating system
command attacks, manipulate applications that are used
to formulate commands for the operating system.
 4) Dynamic Evaluation:- In this attack, an arbitrary code
replaces the standard input, which results in the former
being executed by the application.
 Viruses & Worms:-
 Viruses and worms are malicious programs that self-replicate
on computers or via computer networks without the user being
aware; each subsequent copy of such malicious programs is
also able to self-replicate.
 A virus is a malicious executable code attached to another
executable file that can be harmless or can modify or delete
data. When the computer program runs attached with a virus it
performs some action such as deleting a file from the computer
system. Viruses can’t be controlled by remote.
 The following are the types of viruses:-
1) File Virus:- This type of virus infects the system by
appending itself to the end of a file. It changes the start of
a program so that the control jumps to its code. After the
execution of its code, the control returns back to the main
program. Its execution is not even noticed. It is also
called a Parasitic virus because it leaves no file intact
but also leaves the host functional.
2) Boot sector Virus:- It infects the boot sector of the
system, executing every time system is booted and before
the operating system is loaded. It infects other bootable
media like floppy disks. These are also known
as memory viruses as they do not infect the file systems.
 3) Macro Virus:- Unlike most viruses which are written in
a low-level language(like C or assembly language), these
are written in a high-level language like Visual Basic.
These viruses are triggered when a program capable of
executing a macro is run. For example, the macro viruses
can be contained in spreadsheet files.
4) Browser Hijacker:- As the name suggests this virus is
coded to target the user’s browser and can alter the
browser settings. It is also called the browser redirect
virus because it redirects your browser to other malicious
sites that can harm your computer system.
 Worms are similar to a virus but it does not modify the
program. It replicates itself more and more to cause slow down
the computer system. Worms can be controlled by remote. The
main objective of worms is to eat the system resources.
 The following are the types of worms:-
1) Email worms:- To spread, email worms create and send
outbound messages to all addresses in a user's contact list.
When the recipient opens the mail, it contains a malicious
executable file that infects the new system. Successful
email worms typically use social engineering and
phishing approaches to persuade users to open the linked
file.
2) File-sharing worms:- File-sharing worms are malicious
programs that hide as media files. Stuxnet, one of the
most well-known computer worms of all time, comprises
 two parts: a worm that spreads malware via USB devices
infected with the host file and malware that targets
supervisory control and data acquisition systems.
3) Cryptoworms:- Cryptoworms encrypt data on the
victim's computer system. This worm can be used in
ransomware attacks, in which the attackers contact the
victim and seek payment in exchange for a key to decrypt
their files.
 System & Network Threats
It is described as the misuse of system services and network
connections to cause user problems. These threats may be used to
trigger the program threats over an entire network, known as program
attacks. System threats make an environment in which OS resources
and user files may be misused. There are various system threats. Some
of them are as follows:
1) Attacking Network Traffic:- Networks are common and
attractive targets of security threats, and hackers have many
options for carrying out network attacks. For example, an
attacker can opt to remain passive and intercept network traffic
(Sniffing), often obtaining useful information about types of
sessions conducted between systems. Alternatively, an attacker
can take a more active role, either masquerading as one of the
parties (Spoofing), or becoming a fully active man-in-middle,
intercepting and possibly modifying transaction between two
peers.
 2) Denial of Service (DoS):- Denial of service attacks usually
prevents users from legitimately using the system. For example,
if a denial-of-service attack is executed against the browser's
content settings, a user may be unable to access the internet.
Their purpose is to disrupt an organization’s network operations
by denying access to its users
3) Port Scanning:- It is a method by which the cracker determines
the system's vulnerabilities for an attack. It is a fully automated
process that includes connecting to a specific port via TCP/IP. To
protect the attacker's identity, port scanning attacks are launched
through Zombie Systems, which previously independent systems
now serve their owners while being utilized for such terrible
purposes.

CRYPTOGRAPHY AS SECURITY TOOL

What is Cryptography?
 Cryptography is the science to encrypt and decrypt data that enables
the users to store sensitive information or transmit it across insecure
networks so that it can be read only by the intended recipient.
 Data which can be read and understood without any special measures
is called plaintext, while the method of disguising plaintext in order
to hide its substance is called encryption.
 Encrypted plaintext is known as cipher text and process of reverting
the encrypted data back to plain text is known as decryption.
Features Of Cryptography are as follows:
1) Confidentiality: Information can only be accessed by the person for
whom it is intended and no other person except him can access it.
2) Integrity: Information cannot be modified in storage or transition
between sender and intended receiver without any addition to
information being detected.
3) Non-repudiation: The creator/sender of information cannot deny his
intention to send information at later stage.
4) Authentication: The identities of sender and receiver are confirmed.
As well as destination/origin of information is confirmed.

Types Of Cryptography:

1) Symmetric-Key Cryptography:-
It is also known as Private-Key or Secret-Key Cryptography. It is
an encryption system where the sender and receiver of message
use a single common key to encrypt and decrypt messages.
Symmetric Key Systems are faster and simpler but the problem is
that sender and receiver have to somehow exchange key in a
 secure manner. The most popular symmetric key cryptography
system is Data Encryption System (DES).

2) Asymmetric-Key Cryptography:-
It is also known as Public-Key Cryptography. Under this system a
pair of keys is used to encrypt and decrypt information. A public
key is used for encryption and a private key is used for decryption.
Public key and Private Key are different. Even if the public key is
known by everyone the intended receiver can only decode it
because he alone knows the private key.

3) Hashing:-
There is no usage of any key in this algorithm. A hash value with
fixed length is calculated as per the plain text which makes it
impossible for contents of plain text to be recovered. Many
operating systems use hash functions to encrypt passwords.
USER AUTHENTICATION & AUTHORIZATION

What is Authentication?
 Authentication is the process of identifying someone's identity by
assuring that the person is the same as what he is claiming for.
 It is used by both server and client. The server uses authentication
when someone wants to access the information, and the server needs
to know who is accessing the information. The client uses it when he
wants to know that it is the same server that it claims to be.
 Authentication does not ensure what tasks under a process one
person can do, what files he can view, read, or update. It mostly
identifies who the person or system is actually.
 A user’s Identity can be determined by:-
1) What he is:- A unique characteristic of the person (eg;
fingerprints)
2) What he has:- Ownership of an item (eg; identification card)
3) What he knows:- User knowledge (eg; password)
 Authentication Factors
1) Single-Factor Authentication (SFA):- It is the simplest way of
authentication. It just needs a username and password to allow a
user to access a system.

2) Two-factor Authentication (2FA):- Two-factor authentication

(2FA) is a security system that requires two separate, distinct
forms of identification in order to access something. The first
factor is a password and the second commonly includes a text with
a code sent to your smartphone, or biometrics using your
fingerprint, face, or retina.

3) Multi-factor Authentication (MFA):- Multi-factor

Authentication (MFA) is an authentication method that requires
the user to provide two or more verification factors to gain access
to a resource such as an application, online account, or a VPN.
Rather than just asking for a username and password, MFA
requires one or more additional verification factors, which
decreases the likelihood of a successful cyber-attack.
 Authentication Methods
1) Password:- Password verification is the most popular and
commonly used authentication technique. A password is a secret
text that is supposed to be known only to a user. In a password-
based system, each user is assigned a valid username and
password by the system administrator. The system stores all
usernames and Passwords. When a user logs in, their user name
and password are verified by comparing them with the stored
login name and password. If the contents are the same then the
user is allowed to access the system otherwise it is rejected.
2) One-Time Password:- A one-time password (OTP) is an
automatically generated sequence of numeric or alphanumeric
characters that will authenticate a user for a single login or
transaction. A one-time password is a password that has two
fundamental properties: it expires quickly, and it can’t be reused.
OTP passwords are commonly used as part of a multi-factor
authentication (MFA/2FA) procedure.
 3) Biometrics:- This method of authentication is based on the
unique biological characteristics of each user such as fingerprints,
voice or face recognition, signatures, and eyes. The word
biometric is a combination of two words: bio (human) and metric
(measurement). In simpler words, biometrics are any metrics
related to human features which make an individual different
from other individuals.

What is Authorization?
 Authorization is the procedure of permitting someone to do
something. It defines it an approach to check if the user has
permission to need a resource (eg; computer programs, files, services,
data and application features) or not. It can represent that what data
and information one user can access. It is also called as AuthZ.
 Authorization is generally preceded by authentication for customer
identity verification.
 During authorization, a system checks an authenticated user's access
rules and either grants or prevent resource access.
 Types of Authorization
1) Discretionary Access Control (DAC):- DAC determines
privileges depending on the specific user and their access groups.
A DAC model allows every object in a system to be accessed by
a particular group or identity. Those in charge of granting
authorization can provide admin permission to other users.
2) Mandatory Access Control (MAC):- MAC determines
authorization of entities at the operating system level. MAC
 commonly governs permissions for threads and processes,
defining which files and memory objects they can access.

MOBILE OPEARTING SYSTEM

1) Symbian
 It is a dropped mobile operating system and digital platform
developed for smartphones.
 It was initially developed for a closed-source operating system
for personal digital assistant in 1988 by Symbian Ltd.
 It was used by many popular brands named as Samsung, Sony
Ericsson, Nokia, etc.
 The OS of Symbian contains two components: microkernel
and user interface.
 The Symbian OS was written in C++ language.
 Various versions of Symbian OS:

 Evolution Of Symbian:
Symbian was begun from EPOC32. It was developed by Psion in the
1990s. In 1998, Psion software turns into Symbian Ltd. and established
a partnership with Nokia, Sony Ericsson, and Motorola. After that
Symbian OS goes under several different software platforms was
 created for Symbian with the help of these big companies. They
incorporate S60(for Nokia, LG, and Samsung), UIQ(Ericsson and
Motorola) and MOAP(for Japanese only). Symbian cover 67% of the
global market of the smartphone in 2006. Nokia was the biggest
shareholder of Symbian. In 2008, Nokia takes over Symbian Ltd. and
established a new non- profit organization named as Symbian
foundation. In 2010 Apple launched its iPhone and Google launched
its Android Os, which continuously decreasing the popularity of
Symbian. In 2012 Nokia launched the last Symbian smartphone named
as Nokia808 PureView. In 2014 Nokia breaks its all ties with Symbian.
 Features Of Symbian:
 Real-time
 Multimedia support
 Platform Security
 Fully object-oriented and component-based
 Optimized memory management
 Flexible user interface design
 Multi-tasking
 Advantages of Symbian OS:
 Symbian OS provides open platform to enable independent
technology and software vendors to develop third party app.
 Symbian allowed impressive battery life.
 Symbian required lower hardware requirements.
 Disadvantages of Symbian OS:
 Symbian OS is dependent on Nokia
  Major drawback of Symbian os is it provided a late response as
compared to ios and Android.
2) Android
 Android is a mobile operating system which is successfully
developed by Google.
 The Android OS is based on Linux operating system and open
source operating system which is specially developed for
touchscreen mobile devices like tablet, smartphones,
AndroidTv, wear OS, etc.
 Android os is written in java.
 Android brought a drastic change in the mobile technology.
 Various versions of Android OS:

 Evolution Of Android:
Originally android is developed by Android Inc. and in 2007 Google
brought android. The concept of Android was described by Andy
Rubin, Rich Miner, Nick Sears, and Chris White in 2003. In
September 2008, Android was released as the first commercial
 Android device. Afterward, the operating system of android undergoes
several major changes. The current member of the Android family is
9.0 (Name: Pie). The core code source of Android is known as
Android Open Source Project(AOSP) and it is licensed under Apache
license. Apache license is also free software and open source license.
HTC Dream was the first commercially available smartphone with
Android as an operating system of the smartphone. On September 23,
2008, Google officially released the first version of Android that is
android 1.0. After successfully release of Android 1.1 Android goes
through several updates, the updates of android continuous
improvement in the operating system, adding new features, fixing bugs
in the previous release.
 Features Of Android:
 Hardware based features: Audio, Bluetooth, GSM, Microphone,
NFC, and sensors.
 Software based features: app widgets, home screen, input method,
live wallpapers, layout, storage, messaging, multi-language
support, browser, Java support, media support, multi-touch, calls,
multitasking, accessibility, external storage, video calling,
optimized graphics, etc.
 Advantages of Android OS:
 Android can be built by anyone because it is based on Linux
open source.
 Android phones are multitasking, you can perform multiple tasks
at the same time. For example, while listening to music you can
chat with your friend.
  Android provides app market known as Play Store. From the play
store, you can download and install different types of apps in
your mobile phones.
 Android provides a notification facility. Whenever new message
comes, an email arrived on the phone it automatically shows on
the home screen of the phone.
 Android provides a widget. With the help of a widgets, you can
easily change or access an app.
 Disadvantages of Android OS:
 Most of the apps and features of android required an active
internet connection. Without the active internet connection, you
cannot access them.
 In android OS the wastage of battery is more due to the
background processing.
 Many of the android application contains virus, for example
counter strike ground force was supposed to have virus.
 Android system is not safe as iOS.
3) iOS
 iOS (iPhone OS) is a mobile operating system which is
successfully designed and developed by the Apple Inc.
 iOS is the largest used mobile operating system after Android.
 It is basically designed for iPhone, iPad, and iPod Touch.
 In terms of security, iOS is more secured than Android.
 The iOS interface depends upon the direct manipulation by
using touch gestures.
 Various versions of iOS:

 Evolution Of iOS:
The concept of iPhone was innovated by the Steve Jobs in 2005. For
iPhone, the iPhone OS is created by the Scott Forstall and Forstall also
develop software development kit for programmers to create iPhone
applications, as well as an App Store within iTunes. The first official
iPhone with iPhone OS was released in 2007. After the success of the
iPhone in 2008, Apple announced the iPhone SDK for developers to
develop applications for iPhone. In 2008 Apple released the iOS App
Store with 500 applications. In 2010 Apple renamed the iPhone OS as
iOS. The latest version of iOS is 11 and it is available for iPhone 5S,
iPad Pro, iPad Mini2 and sixth generation iPod Touch.
 Features Of iOS:
 iOS contains home screen, touchID for apps, icloud drive, health,
Siri(personal assistant), Safari(browser), multitasking, message,
interactive notification, camera, icloud photo library, game center,
bluetooth, calls, accessibility, voice recognition, face recognition,
battery usage indicator, Wi-Fi etc.
 Advantages of iOS:
 In terms of performance iOS is magnificent and smooth.
 iOS generate less heat while processing as compare to Android.
 iOS are best for gaming and business purposes.
 iOS provides excellent security.
 It provides good face recognition security.
 Disadvantages of iOS:
 iOS is depends upon iOS devices.
 iOS is not an open source.
 The price of iOS devices are very high.
 The cost of iOS apps are very high.
 iOS devices supports only single SIM.
 iOS applications are larger in size as compared to other mobile
platforms.