Linux-vs-Windows Security Operating System Security Linux-vs-Windows Security Erik P. Friebolin

Security in Operating Systems Security Breaches Security Goals Protected Objects of the general purpose OS Protection of Objects

Security Breaches Exposure Vulnerability Threats A form of possible loss or harm in a computing system. Vulnerability Weakness that might be exploited to cause loss or harm. Threats Circumstances that have the potential to cause loss or harm.

Types of Threats Interruption Interception Modification Fabrication

Security Goals Confidentiality Integrity Availability The assets of a computing system are accessible only by authorized parties. Integrity Assets can be modified only by authorized parties or only in authorized ways. Availability Assets are accessible to authorized parties.

Protection in General-Purpose OS Protected Objects and Methods Protecting Memory and Addressing Protecting Access to General Objects File Protection Mechanisms User Authentication

Protected Objects and Methods Memory Sharable I/O devices, such as disks Serially reusable I/O devices, such as printers Sharable programs and sub-programs Sharable data

Protected Objects and Methods Security Methods Seperation: keeping one user’s objects separate from other users’ Physical Seperation Temporal Seperation Logical Seperation Cryptographic Seperation Granularity of Control The larger the level of the object controlled, the easier it is to implement access control.

Protecting Memory and Addressing Fence Relocation Base/Bounds Registers Tagged Architecture Segmentation Paging

Protecting Access to General Objects Memory A file or data on an auxiliary storage device An executing program in memory A directory of files A hardware device A table of the operating system Passwords A data structure, such as a stack

Protecting Access to General Objects Directory OS maintains all directories. Each user has a list(directory) that contains all the objects that user is allowed to access. Access Control List Each object has an ACL. This list shows all subjects who should have access to the object and what the access is.

File Protection Mechanisms Basic Forms of Protection All-None Protection Group Protecton Single Permission Password or other token Temporary Acquired Permission

User Authentication Use of Passwords Attacks on Passwords Password Selection Criteria The Authentication Process

Linux Operating System An OS initially created by Linus Torvolds (Finland) and a team working over the Internet. Developed from MINIX, a small Unix system An open and free operating system, adaptable to meet individual nees.

Windows Operating System Developed by Microsoft Corporation Windows OS first introduced in 1983 Windows 3.1 sold +10million copies – best selling GUI in computing history. The most widely used GUI in the world today.

Linux Security Advantages Disadvantages Security has had years to be tested and verified Security is tied to a file Ability to merge systems/domains Firewall functionality built-in to server Disadvantages Limited file access control Security not as strict No Auditing

Windows Security Advantages Disadvantages Stricter security available Greater control of access permissions. Auditing of security events Disadvantages Security still in infancy Most widely used software

QUESTIONS?

References D. Denning, P. Denning, Certification of Programs for Secure Information Flow, CommACM, V20 N7, Jul 1977, pp. 504-513 J. Linn, Practical Authentication for Distributed Computing, Proc IEEE symp Security & Privacy, IEEE Comp Soc Press 1990, pp. 31-40 C.P. Pfleeger, Security in Computing, Prentice Hall, NJ, 1996 “The Great Linux-vs-NT Debate”, http://www.linux-tutorial.info/Linux-NT_Debate, accessed 7/12/02