Protection and Security in Operating System

Learn via video courses

Overview

Operating systems manage both logical and physical resources to prevent interference with each other and unauthorized access from external sources. These methods are categorized as protection and security in the operating system. Computing resources, such as CPUs, disks, and memory, are secured and protected by this management. This can be accomplished by assuring the operating system's, confidentiality,  availability, and integrity. Unauthorized access, viruses, worms, and other threats must be prevented from entering the system.

What is Protection and Security in Operating Systems?

OS uses two sets of techniques to counter threats to information namely:

  • Protection
  • Security

Protection

Protection tackles the system's internal threats. It provides a mechanism for controlling access to processes, programs, and user resources. In simple words, It specifies which files a specific user can access or view and modify to maintain the proper functioning of the system. It allows the safe sharing of common physical address space or common logical address space which means that multiple users can access the memory due to the physical address space.

Let's take an example for a better understanding, suppose In a small organization there are four employees p1, p2, p3, p4, and two data resources r1 and r2. The various departments frequently exchange information but not sensitive information between all employees. The employees p1 and p2 can only access r1 data resources and employees p3 and p4 can only access r2 resources. If the employee p1 tries to access the data resource r2, then the employee p1 is restricted from accessing that resource. Hence, p1 will not be able to access the r2 resource.

Security

Security tackles the system's external threats. The safety of their system resources such as saved data, disks, memory, etc. is secured by the security systems against harmful modifications, unauthorized access, and inconsistency. It provides a mechanism  (encryption and authentication) to analyze the user before allowing access to the system.

As discussed in the previous example, In the organization data resources are shared with many employees but a user who does not work for that specific company cannot access this information. Security can be achieved by three attributes: confidentiality (prevention of unauthorized resources and modification), integrity (prevention of all unauthorized users), and availability (unauthorized withholding of resources).

Difference between Protection and Security

ProtectionSecurity
Protection deals with who has access to the system resources.Security gives the system access only to authorized users.
Protection tackles the system's internal threats.Security tackles the system's external threats.
Protection addresses simple queries.More complex queries are addressed in security.
It specifies which files a specific user can access or view and modify.It defines who is permitted to access the system.
An authorization mechanism is used in protection.Encryption and certification (authentication) mechanisms are implemented.
Protection provides a mechanism for controlling access to processes, programs, and user resources.While security provides a mechanism to safeguard the system resources and the user resources from all external users.

Threats to Protection and Security

A program that is malicious in nature and has harmful impacts on a system is called a threat. Protection and security in an operating system refer to the measures and procedures that can ensure the confidentiality, integrity, and availability (CIA) of operating systems. The main goal is to protect the OS from various threats, and malicious software such as trojans, worms, and other viruses, misconfigurations, and remote intrusions.

Common Threats That Occur in a System

In a system, some common threats include the following:

Virus

A computer virus is a form of malware, or malicious software, that transmits between computers and corrupts software and data. Generally, viruses are small pieces of code that are embedded in a system. They can corrupt files, erase data, crash systems, and other things, making them extremely dangerous. Also, they can expand by replicating themselves.

Trojan Horse

A Trojan Horse Virus is a form of malware that downloads on a computer by impersonating a trustworthy program. A Trojan horse can get unauthorized access to a system's login information. A malicious user may then use them to enter the system.

Worm

A computer worm is a sort of malware whose main purpose is to keep operating on infected systems while self-replicating and infecting other computers. By using a system's resources to extreme levels, a worm can completely destroy it. It has the ability to produce duplicate copies that occupy all available resources and prevent any other processes from using them.

Trap Door

A trap door is basically a back door into software that anyone can use to access any system without having to follow the normal security access procedures. It may exist in a system without the user's knowledge. As they're so hard to detect, trap doors need programmers or developers to thoroughly examine all of the system's components in order to find them.

Denial of Service

A Denial-of-Service (DoS) attack aims to shut down a computer system or network so that its intended users are unable to access it. These kinds of attacks prevent authorized users from accessing a system.

Methods to Ensure Protection and Security in Operating System

  • Keep a Data Backup: It is a safe option in case of data corruption due to problems in protection and security, you can always require it from the Backup.
  • Beware of suspicious emails and links: When we visit some malicious link over the internet, it can cause a serious issue by acquiring user access.
  • Secure Authentication and Authorization: OS should provide secure authentication and authorization for access to resources and also users should keep the credentials safe to avoid illegal access to resources.
  • Use Secure Wi-Fi Only: Sometimes using free wifi or insecure wifi may cause security issues, because attackers can transmit harmful programs over the network or record the activity etc, which could cause a big problem in the worst case.
  • Install anti-virus and malware protection: It helps to remove and avoid viruses and malware from the system.
  • Manage access wisely: The access should be provided to apps and software by thorough analysis because no software can harm our system until it acquires access. So, we can ensure to provide suitable access to software and we can always keep an eye on software to see what resources and access it is using.
  • Firewalls Utilities: It enables us to monitor and filter network traffic. We can use firewalls to ensure that only authorized users are allowed to access or transfer data.
  • Encryption and Decryption Based transfer: The data content must be transferred according to an encryption algorithm that can only be reversed with the appropriate decryption key. This process protects your data from unauthorized access over the internet, also even if data is stolen it would always remain unreadable.
  • Be cautious when sharing personal information: The personal information and credentials must be shared only with trusted and safe sources by not doing so attackers can use this information for their intent which could be harmful to the system's security.

Conclusion

  • Protection and security are required for the protection of computer resources such as the CPU, memory, etc.
  • It can be accomplished by assuring the operating system's, confidentiality,  availability, and integrity.
  • Protection tackles the system's internal threats. While Security tackles the system’s external threats.
  • A program that is malicious in nature and has harmful impacts on a system is called a threat.
  • We learned some common threats such as virus, trojan horse, worm, Trap Door, and Denial of Service.
  • We have also discussed the methods that can provide protection and security for different computer systems.