Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/cmpt300 12 Protection & Security The last topic to be covered in this course would be protection and.

Published byHollie Washington Modified over 6 years ago

Similar presentations

Presentation on theme: "Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/cmpt300 12 Protection & Security The last topic to be covered in this course would be protection and."— Presentation transcript:

1 Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/cmpt300
12 Protection & Security The last topic to be covered in this course would be protection and security. Kai Bu

2 Protection & Security strictly an internal problem:
how to provide controlled access to programs and data stored in a computer system? Protection & Security Protection is strictly an internal problem: how do we provide controlled access to programs and data stored in a computer system?

3 Protection & Security strictly an internal problem:
how to provide controlled access to programs and data stored in a computer system? Protection & Security internal and external problem: how to protect information integrity by preventing unauthorized access, malicious destruction or alteration of data, and accidental introduction of inconsistency? Security, however, requires not only an adequate protection system but also consideration of the external environment within which the system operates. It ensures the authentication of system users to protect the integrity of the information stored in the system (both data and code), as well as the physical resources of the computer system. The security system prevents unauthorized access, malicious destruction or alteration of data, and accidental introduction of inconsistency.

4 Protection Security Now let’s start from protection.

5 Protection Security specify&enforce access controls
A protection mechanism must provide a means for specifying the access controls to be imposed, together with a means of enforcement.

6 Principle of Least Privilege
Give programs, users, & even systems just enough privileges to perform tasks Minimize the damage from failure or compromise of a component A key guiding principle for protection is the principle of least privilege. It dictates that programs, users, and even systems be given just enough privileges to perform their tasks. Then failure or compromise of a component does the minimum damage.

7 Need-to-Know Principle
At any time, a process should be able to access only resources that it currently requires to complete its task Example: when process p invokes procedure A(), A() should access only its own variables and formal parameters Minimize the risks of possible security violations Furthermore, at any time, a process should be able to access only those resources that it currently requires to complete its task. This requirement is commonly referred to as the need-to-know principle; It’s useful in limiting the amount of damage a faulty process can cause in the system. For example, when process p invokes procedure A(), the procedure should be allowed to access only its own variables and the formal parameters passed to it; it should not be able to access all the variables of process p. Similarly, consider the case in which process p invokes a compiler to compile a particular file. The compiler should not be able to access files arbitrarily but should have access only to a well-defined subset of files (such as the source file, listing file, and so on) related to the file to be compiled. Conversely, the compiler may have private files used for accounting or optimization purposes that process p should not be able to access. The need-to-know principle is similar to the principle of least privilege discussed in Section 14.2 in that the goals of protection are to minimize the risks of possible security violations.

8 Protection Domain Specify resources a process may access
Define a set of objects and the types of operations to be invoked on each object Access right: the ability to execute an op on an object Domain: a collection of ordered-pair access rights <object-name, rights-set> Such principles are usually enforced through protection domains. A protection domain specifies the resources a process may access. Specifically, it defines a set of objects and the types of operations that may be invoked on each object. The ability to execute a operation on an object is called as access right. Then a domain is a collection of access rights, each of which is an ordered pair <object-name, rights-set>.

9 Protection Domain <O4, {print}> shared by D2 and D3
In this example, we have three domains D1, D2, and D3. A process must be executing in domain D1 to read and write object O1, while only processes in domain D3 may execute object O1. The access right <O4, {print}> is shared by D2 and D3, Implying that a process executing in either of these two domains can print object O4,

10 Protection Domain Static vs Dynamic
the association between proc & domain is fixed or dynamic throughout the process’s lifetime Domain switching enable proc to switch from one domain to another toward need-to-know the association between a process and a domain may be either static, if the resources available to the process is fixed throughout the process’s lifetime, or dynamic. If the association between processes and domains is fixed, it’s complex to adhere to the need-to-know principle. For example, a process may execute in two different phases and may, for example, need read access in one phase and write access in another. If the domain is static, we must define the domain to include both read and write access. However, this arrangement provides more rights than are needed in each of the two phases, since we have read access in the phase where we need only write access, and vice versa. Thus, the need-to-know principle is violated. By domain switching, we enable the process to switch from one domain to another.

11 Domain Realization User as a domain
object access depends on user identity Process as a domain object access depends on proc identity Procedure as a domain object access depends on local variables defined within the procedure A domain can be realized in a variety of ways: • Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. Domain switching occurs when the user is changed—generally when one user logs out and another user logs in. • Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. Domain switching occurs when one process sends a message to another process and then waits for a response. • Each procedure may be a domain. In this case, the set of objects that can be accessed corresponds to the local variables defined within the procedure. Domain switching occurs when a procedure call is made.

12 Access Matrix access(i,j): define a set of operations that a process
in domain Di can invoke on object Oj Actually, this general model of protection can be abstracted as a matrix, which is called an access matrix. The rows of the access matrix represent domains, and the columns represent objects. Each entry in the matrix consists of a set of access rights. Because the column defines objects explicitly, we can omit the object name from the access right. Thus, the entry access(i,j) defines the set of operations that a process executing in domain Di can invoke on object Oj. Example: Four domains D1 – D4; Four objects: three files, F1-F3; and one printer;

13 Access Right Switch Include domains among the objects of
the access matrix Switching access rights in the access matrix requires three additional operations: copy, owner, and control. Require three additional ops: copy, owner, control

14 Copy Denote by an asterisk * Copy only within a column Example:
copy F2-read from D2 to D3 The ability to copy an access right from one domain to another is denoted by an asterisk *. The copy right allows the access right to be copied only within the column (i.e., for the object) for which the right is defined. In this example, a process executing in domain D2 can copy the read operation into any entry associated with file F2.

15 Copy: Variants Transfer copy access(i,j) to access(k,j);
remove access(i,j); Limited Copy copy R* only as R to access (k,j); proc in Dk cannot further copy R; The copy scheme has also two other variants. The first one is transfer, after copying an access right, it’ll remove the original access right. The other is limited copy, that is, propagation of the copy right may be limited. When the right R* is copied from access(i,j) to access(k,j), only the right R (not R*) is created. A process executing in domain Dk cannot further copy the right R.

16 Owner If access(i,j) includes the owner right, proc in domain Di can
add or remove any right in any entry in column j; When we need to add new rights to or remove some rights from the access matrix, we can use the owner right. If access(i,j) includes the owner right, the a process executing in domain Di can add and remove any right in any entry in column j. For example, domain D1 is the owner of F1 and thus can add and delete any valid right in column F1; Similarly, domain D2 is the owner of F2 and F3 and thus can add and remove any valid right within these two columns.

17 Control Apply only to domain objects
If access(i,j) includes the control right, proc executing in domain Di can change any right in row j So far, the copy and owner rights allow a process to change the entries in a column. When we need to change the entries in a row, we can use the control right, which applies only to domain objects. If access(i,j) includes the control right, then a process executing in domain Di can remove any acesss right from row j. For example, we include the control right in access(D2, D4). original

18 Control Apply only to domain objects
If access(i,j) includes the control right, proc executing in domain Di can change any right in row j Then, a process executing in domain D2 could modify domain D4 by, for example, removing the read rights therein. modified

19 how to implement access matrix?
The reading speed on a disk depends on two factors.

20 Global Table Consist of a set of ordered triples
<domain, object, rights-set> Search and compare, allow or error Limitations: possibly large, addition I/O needed; data redundancy: e.g., if all can read a particular obj, a separate entry needed in every domain; The simplest implementation of the access matrix is a global table consisting of a set of ordered triples <domain, object, rights-set>; Whenever an operation M is executed on an object Oj within domain Di , the global table is searched for a triple <Di , Oj , Rk>, with M ∈ Rk . If this triple is found, the operation is allowed to continue; otherwise, an exception (or error) condition is raised. This implementation suffers from several drawbacks. The table is usually large and thus cannot be kept in main memory, so additional I/O is needed. Virtual memory techniques are often used for managing this table. In addition, it is difficult to take advantage of special groupings of objects or domains. For example, if everyone can read a particular object, this object must have a separate entry in every domain.

21 Access Lists for Objects
Each column as an access list for an obj Consist of a set of ordered pairs: <domain, rights-set> An additional default set of access rights may be used This approach can be extended easily to define a list plus a default set of access rights. When an operation M on an object Oj is attempted in domain Di , we search the access list for object Oj , looking for an entry <Di , Rk> with M ∈ Rk . If the entry is found, we allow the operation; if it is not, we check the default set. If M is in the default set, we allow the access. Otherwise, access is denied, and an exception condition occurs. For efficiency, we may check the default set first and then search the access list.

22 Capability Lists for Domains
Each row as an access list for a domain Consist of a set of ordered pairs: <object, rights-set> We cal also associate each row with its domain. In this way, a capability list for a domain is a list of objects together with the operations allowed on those objects.

23 Lock-Key Each object has a list of unique locks
Each domain has a list of unique keys A process executing in a domain can access an object only if that domain has a key that matches one of the locks of the object The lock-key scheme is a compromise between access lists and capability lists. Each object has a slit of unique bit patterns, called locks. Similarly, each domain has a slit of unique bit patterns, called keys. A process executing in a domain can access an object only if that domain has a key that matches one of the locks of the object.

24 Revocation of Access Rights
For access-list scheme: search the access list for any rights to be revoked; delete them from the list. In a dynamic protection system, we may sometimes need to revoke access rights to objects shared by different users. With an access-list scheme, revocation is easy. The access list is searched for any access rights to be revoked, and they are deleted from the list.

25 Revocation of Capabilities
Reacquisition Back-pointers Indirection Keys For capability-based scheme, however, revocation is much more complex because the capabilities are distributed throughout the system. There are several schemes we can use for capability revocation.

26 Revocation of Capabilities
Reacquisition periodically delete capabilities from each domain; reacquire deleted capabilities upon next access; Back-pointers Indirection Keys First, the reacquisition scheme periodically deletes capabilities from each domain. If a process wants to use a capability and the capability happens to have been deleted, The process may then try to reacquire the capability.

27 Revocation of Capabilities
Reacquisition Back-pointers maintain a list of pointers for each obj; point to the obj’s capabilities; follow pointers to change capabilities; Indirection Keys Second, the back-pointer scheme maintains a list of pointers with each object; The pointers point to all capabilities associated with that object; When revocation is required, we can follow these pointers, changing the capabilities as necessary.

28 Revocation of Capabilities
Reacquisition Back-pointers Indirection indirectly point capabilities to objects; capability points to a unique entry in a global table, which points to the object; delete a table entry to revoke; Keys The third scheme is called indirection. Here the capabilities point indirection to the objects. Each capability points to a unique entry in a global table, which in turn points to the object. We implement revocation by searching the global table for the desired entry and deleting it. Then, when an access is attempted, the capability is found to point to an illegal table entry.

29 Revocation of Capabilities
Reacquisition Back-pointers Indirection Keys associate each capability with a key; associate each object with a master key; match the keys when assigning rights; replace master keys to revoke; The final scheme uses keys. A key is a unique bit pattern that can be associated with a capability. The key is defined when the capability is created. A master key is associated with each object, it can be defined or replaced with the set-key operation. When a capability is created, the current value of the master key is associated with the capability. When the capability is exercised, its key is compared with the master key. If the keys match, the operation is allowed to continue; otherwise, an exception condition is raised. Revocation replaces the master key with a new value via the set-key operation, invalidating all previous capabilities for this object.

30 Protection Security specify&enforce access controls
So far, we have walked through a series of protection schemes for use to provide controlled access to programs and data stored in a computer system.

31 Protection Security what if AccessControl violation?
But what if such access control policies are violated by compromised programs or unauthorized users?

32 Security Security what if AccessControl violation?
To guard our computer resources against such violations, we need to adopt security schemes.

33 Security what if AccessControl violation? intruder/cracker:
those attempting to breach security; threat: the potential for security violation; attack: the attempt to break security; Usually, we use the terms intruder and cracker for those attempting to breach security; In addition, a threat is the potential for a security violation, such as the discovery of a vulnerability, whereas an attack is the attempt to break security;

34 Security Violations Breach of confidentiality Breach of integrity
unauthorized reading of data Breach of integrity unauthorized modification of data Breach of availability unauthorized destruction of data Theft of service unauthorized use of resources Denial of service prevent legitimate use of the system Security violations can be either intentional (malicious) or accidental. Here’re several forms of accidental and malicious security violations. • Breach of confidentiality. This type of violation involves unauthorized reading of data (or theft of information). Typically, a breach of confidentiality is the goal of an intruder. Capturing secret data from a system or a data stream, such as credit-card information or identity information for identity theft, can result directly in money for the intruder. • Breach of integrity. This violation involves unauthorized modification of data. Such attacks can, for example, result in passing of liability to an innocent party or modification of the source code of an important commercial application. • Breach of availability. This violation involves unauthorized destruction of data. Some crackers would rather wreak havoc and gain status or bragging rights than gain financially. Website defacement is a common example of this type of security breach. • Theft of service. This violation involves unauthorized use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server. • Denial of service. This violation involves preventing legitimate use of the system. Denial-of-service (DOS) attacks are sometimes accidental. The original Internet worm turned into a DOS attack when a bug failed to delay its rapid spread.

35 Security Attacks Masquerading breach authentication;
pretend someone else Man-in-the-middle masquerade as sender to receiver, AND masquerade receiver to sender The most common security attacks is masquerading, in which one participant in a communication pretends to be someone else. By masquerading, attackers breach authentication, the correctness of identification; they then can gain access that they would not normally be allowed or escalate their privileges---obtain privileges to which they would not normally be entitled. Another common security attack is the man-in-the-middle attack, in which an attacker sits in the data flow of a communication, Masquerading as the sender to the receiver, and vice versa.

36 how programs breach security?
Since processes, along with the kernel, are the only means of accomplishing work on a computer, writing a program that creates a breach of security, or causing a normal process to change its behavior and create a breach, is a common goal of crackers.

37 Trojan, Trap, Bomb Trojan Horse a code segment that misuses its env
Trap Door a hole in the software that can be used only by its designer Logic Bomb a security hole to be created when a predefined set of parameters was met

38 Stack/Buffer Overflow
Program neglects bounds checking Attacker sends more data than expected Overwrite return address on the stack with address of the exploit code The stack- or buffer- overflow is the most common way for an attacker to gain unauthorized access to the target system. An authorized user of the system may also use this exploit for privilege escalation. Essentially, the attack exploits a bug in a program, in which the programmer neglected to code bounds checking on an input field. In this case, the attacker sends more data than the program was expecting.

39 Viruses A fragment of self-replicating code embedded in a legitimate program Categories: file, boot, macro, source code, polymorphic, encrypted, stealth, tunneling, multipartite, armored Another form of program threats is a virus. It is a fragment of code embedded in a legitimate program. There are many viruses in the wild. They can be classified into a number of categories. Among them, cont.

40 Viruses Polymorphic change each time it is installed to
avoid detection by antivirus software; Encrypted include decryption code along with the encrypted virus Stealth modify parts of the system that could be used to detect it; A polymorphic virus changes each time it is installed to avoid detection by antivirus software. The changes do not affect the virus’s functionality but rather change the virus’s signature. A virus signature is a pattern that can be used to identify a virus, typically a series of bytes that make up the virus code. An encrypted virus includes decryption code along with the encrypted virus, again to avoid detection. The virus first decrypts and then executes. A stealth virus attempts to avoid detection by modifying parts of the system that could be used to detect it. For example, it could modify the read system call so that if the file it has modified is read, the original form of the code is returned rather than the infected code.

41 what’s beyond program? A larger codebase than individual program, that is, operating system; And an even larger context/environment, that is, network;

42 system and network threats
Usually, system and network threats involve

43 system and network threats
abuse of service & network connection The abuse of services and network connections.

44 Worms A process that uses spawn mechanism to duplicate itself
Use up system resources and lock out all other processes A worm is a process that uses the spawn mechanism to duplicate itself. The worm spawns copies of itself, using up system resources and perhaps locking out all other processes. On computer networks, worms are particularly potent, since they may reproduce themselves among systems and thus shut down an entire network. The Morris Internet Worm: copy worm to hooked systems:

45 Port Scanning A means for a cracker to detect a
system’s vulnerabilities to attack Create a TCP/IP connection to a specific port or a range of ports Use known bugs of answering services

46 Denial of Service Disrupt legitimate use of a system or facility
Example: TCP SYN Flood DDoS: Distributed Denial of Service Denial-of-service attacks are aimed not at gaining information or stealing resources but rather at disrupting legitimate use of a system or facility. SYN SYN-ACK ACK

47 how to defend against attacks?

48 how to defend against attacks?
cryptography based on secrets The broadest tool available to system designers and users is cryptography. Modern cryptography is based on secrets called keys that are selectively distributed to computers in a network and used to process messages. It enables a recipient of a message to verify that the message was created by some computer possessing a certain key. A sender can encode its message so that only a computer with a certain key can decode the message.

49 Encryption Components: A set K of keys A set M of messages
A set C of ciphertexts An encrypting function E : K  (M  C) A decrypting function D : K  (C  M) Types: symmetric vs asymmetric A key technique for cryptography is encryption. An encryption algorithm enables the sender of a message to ensure that only a computer possessing a certain key can read the message, or ensure that the writer of data is the only reader of that data. An encryption algorithm consists of the following components; There are two main types of encryption algorithms: symmetirc and asymmetric.

50 Symmetric Encryption The same key to encrypt and decrypt
In a symmetric encryption algorithm, the same key is used to encrypt and to decrypt.

51 Asymmetric Encryption
Different keys to encrypt and decrypt public key ke for encryption available to anyone Private key kd for decryption kept secret to the owner In an asymmetric encryption algorithm, there are different encryption and decryption keys.

52 Asymmetric Encryption
Example: RSA Choose two prime numbers p = 7, q = 13 Calculate products N = p x q = 91 (p-1) x (q-1) = 72 Select ke: e.g., 5 relatively prime to 72 and <72 RSA is the most widely used asymmetric encryption algorithm. cont.

53 Asymmetric Encryption
Example: RSA Calculate kd, such that kekd mod (p-1)(q-1) = 1;  kd = 29 RSA is the most widely used asymmetric encryption algorithm. cont.

54 Asymmetric Encryption
Example: RSA Encryption: c = Eke(m) = mke mod N Decryption: Dkd(c) = ckd mod N RSA is the most widely used asymmetric encryption algorithm.

55 encryption to constrain recv
We have seen that encryption offers a way of constraining the set of possible receivers of a message. If one doesn’t hold the correct key, then even if the one receives the message, the one can hardly decrypt it.

56 authentication to constrain sender
When we want to constrain the set of potential senders of a message, we need to use authentication.

57 Authentication Components: A set K of keys A set M of messages
A set A of authenticators A function S : K  (M  A) A function V : K  (M x A  {true, false}) Types: message-authentication code Digital signature

58 Authentication MAC: message-authentication code
Use symmetric encryption Sender: generate a cryptographic checksum Sk from a message using a secret key k; append Sk to the message; Receiver: generate checksum Vk using k; compare Sk and Vk;

59 Authentication Digital signature Use asymmetric encryption
Generate digital-sig using priv key ks Enable anyone to verify msg authenticity using public key kv

60 how to authenticate users?
So far, the encryption and authentication we have discussed focus mainly on messages. But what about users? If a system cannot authenticate a user, then authenticating that a message came from that user is pointless.

61 how to authenticate users?
possession of something (key, card)? knowledge of something (id, psw)? attribute of the user (fingerprint, sig)? Generally, user authentication is based on one or more of three things: The user’s possession of something (a key or card); The user’s knowledge of something (a user identifier and password); Or an attribute of the user (fingerprint, retina pattern, or signature);

62 Password Store their hash instead of original
Vulnerable to dictionary attack Secret “salt” added to each password The most common approach to authenticating a user identity is the use of passwords.

63 One-Time Password Challenge-response authentication
System issues a challenge ch User generates a response H(pw, ch) using password pw and challenge ch System also knows pw System computes H(pw, ch) and compares with the one from user Password is never transmitted to avoid exposure

64 Review How to model protection domains?
How to maintain access matrices? How to attack protection schemes? How to defend against security attacks?

65 Chapter 14-15

66 Reminder Assignment 3 Due: July 26, 2018 on CourSys Assignment 4 Due: July 31, 2018 on CourSys Final Exam 12:00 – 15:00, August 9, 2018

67 ?

68 Thank You

69 #What’s More How to Make Stress Your Friend by Kelly McGonigal

Download ppt "Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/cmpt300 12 Protection & Security The last topic to be covered in this course would be protection and."

Similar presentations

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.

1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Silberschatz and Galvin  1999 20.1 Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.

Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Protection.

Protection.
Operating Systems 1 K. Salah Module 6.0: Security and Protection  Types of misuse: –1. Accidental –2. Intentional –Protection is to prevent either accidental.

Operating Systems 1 K. Salah Module 6.0: Security and Protection  Types of misuse: –1. Accidental –2. Intentional –Protection is to prevent either accidental.
Chapter 14 Protection Bernard Chen Spring 2007. 14.1 Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.

Chapter 14 Protection Bernard Chen Spring Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.
Operating system Security By Murtaza K. Madraswala.

Operating system Security By Murtaza K. Madraswala.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)

Similar presentations

Ads by Google