Introduction to Operating System Security

“A chain is only as strong as its weakest link. ” Security of an operating system must never be disregarded by it designers since it will cause many disadvantages and fallbacks, not only for the users but also for the manufacturers and OS developers. Heidari believes that OS security is an important matter and mentioned his paper a possible upshot of an unsecured OS: Operating systems are close to the hardware, it masks the details of the underlying hardware from the programmer and provides lowest layer of software visible to users.

It can be viewed as a resource manager, responsible for fair resource sharing between different processes in the system. On the other hand, Operating systems control access to application memory and scheduling of the processor. Applications must be run like OS-Level services and the developer of these apps does not know the level of details needed to develop secure applications on their own, If the OS isn’t doing these things securely, it generally compromise all security at higher levels (Heidari 1).

He also refers to the operating system as a “logical place to enforce and support security. ” Security of an operating system is generally defined as the defense of the system against the external and internal attacks (Silberschatz, Galvin and Gagne). Many security flaws on operating systems are discovered and reported everyday (University of Washington). As the machine’s computing power and operating system continue to expand, malicious attacks and actions also continues to upgrade. Most operating systems are still susceptible to these assaults.

As of now, there exists a long list of operating system attacks which includes denial-of-service, worms, viruses, identity thefts and theft of service. 3. Concepts Related to Operating System Security There are four basic concepts that comprise the security of an operating system: confidentiality, integrity, availability and authenticity (Heidari 1). Confidentiality refers to the prevention of unauthorized access and leak of information. On the other hand, integrity ensures that the data being processed is the actual correct data.

As defined in RFC 2828, availability is “the property of a system or system resource being accessible and usable upon demand by an authorized system entity, according to performance specification for the system. ” Threats on software are considered as attacks on availability. Lastly, authenticity gives the system the ability to identify of the users. Each element of OS security faces set of attacks and apparently, uses set of counterattacks for these attacks. Confidentiality and integrity of an operating system cover three important roles: protection models, capabilities and assurance (Heidari 1).

Protection models are important models used in designing the security section of an operating system. Heidari describes the OS protection model as “the most important aspect of security, even if everything else in the system is perfect, it will still be exploitable if a weak model is used. ” On the other hand, capabilities refer to the “tools and functionality that the operating system uses to implement a given model and may include things like the specific access controls or what privileges are available and how they are defined” (Heidari 1).

Assurance, meanwhile, covers the aspect of making sure that the model used is implemented correctly, thus cannot be outsmarted. Using these concepts, discussions on some considerations that must be examined in operating system security is a continuous process. As long as attacks and malicious actions that may harm operating systems still exist, security is always regarded to be a major issue.