The design and architecture of an operating system is very large and complex. Thus, the more complex, the more it is vulnerable to errors and attacks. However, many software tools and facilities have been developed to help operating systems in patching all the possible loopholes created during design and implementation. Heidari presented a table of the common security faults on an OS, as shown in Table 1. Operational Fault Configuration Error Object installed with incorrect permissions Utility installed in the wrong place
Utility installed with incorrect setup parameter Environment Fault Coding Fault Condition Validation Error Failure to handle exceptions Origin validation error Input validation error Access rights validation error Boundary condition error Synchronization Error Improper or inadequate serialization error Race condition error Table 1. Taxonomy of Security Faults (Heidari 7). Scrutinizing the taxonomy presented, Heidari expounded that five common OS security problems can be deduced from it.
These five common security problems identified are: improper input validation, weak cryptographic algorithms, weak authentication protocols, insecure bootstrapping and configuration mistakes. Improper input validation happens when a software routine that requires input validation failed. Heidari further explained what improper input validation is: The check may be with regard to the number of parameters provided, the type of each parameter, or to simply ensure that the amount of input data is not larger than the buffer allocated to store the data.
Improper or non-existent input validation is a well-known and serious problem in operating systems (Heidari 6). Weak cryptographic algorithms present another problem since it will be easy for a hacker to decrypt the passwords used the operating system. Cryptographic algorithms have been imposed by operating systems for a long time in encrypting passwords. As hacking tools get more complex, the usual algorithms used for encrypting passwords may not be as powerful as it was before. The process of authentication is done before the user actually utilize the system in order to confirm his identity.
Common authentication method that is used by operating system is the entering of password (Heidari 6). However, in distributed systems, authentication mechanisms must be more intricate in order to avoid system unauthorized infiltration. Operating systems today must reinforce the existing authentication protocols or formulate new ones. System initialization is one of the weakest points of an operating system. Most operating system studied by some computer scientist is all at risk during bootstrapping. Bootstrapping is a process wherein a bootstrap program is loaded on power-up or boot-up.
It basically loads the operating system kernel and starts execution (Silberschatz, Galvin and Gagne). Heidari cited some examples of operating system that presented some security breaches on boot-up: For example, many attackers discovered that the SunOS was easily rebooted in single-user mode. Commands entered in that mode run with root privileges, and it was possible to extend these privileges to the server, or. A Windows NT system executing on a PC can most often be rebooted with a foreign operating system, such as MS-DOS. Once a foreign system is booted on the PC, the NTFS volume may be mounted.
Access to files on the newly mounted volume will bypass the access control mechanism enforced when Windows NT is operating (Heidari 7). Lastly, configuration mistake is the only related to organizational management. The other problems are system-related. In most operating systems, security features are “seldom activated by default” (Heidari 7). To maintain a secure OS, the system owner must have the initiative to configuring the security features. 6. Conclusion Operating systems can be considered a work of art because of the complexity of its design.
However, the more intricate it gets, the more flaws it produces. There are various aspects that must be considered and examined in order to evaluate an operating system’s security features. Many concepts have been discussed but all boils down to how operating system will manage and cope with future attacks on it. The user of an operating system also plays a huge role in maintaining an acceptable level of OS security. It is important for the users to take care of his system himself in order to prevent hackers and infiltrators.
A wide range of software tools and mechanisms is now available for the users that can help him intensify the protection walls of his OS. Works Cited Silberschatz, Abraham, Peter Baer Galvin and Greg Gagne. Operating System Concepts. USA: John Wiley and Sons, 2005. Heidari, Mohammad. “Operating Systems Security Considerations”. 15 July 2005. SecurityDocs. com. 10 August 2010 < http://www. securitydocs. com/library/3465>. “Introduction to Operating System Security. ” Learning and Scholarly Technologies, University of Washington. 10 August 2010 <http://www. washington. edu/lst/help/computing_fundamentals/computermgmt>.