Page 300 - DCAP103_Principle of operating system
P. 300
Unit 9: System Security
anti-virus programs from detecting them. Rootkits modify the operating system on the computer Notes
and alter its basic functions to hide its own existence and actions that the hacker undertakes
on the infected computer.
Give the basic security task used in operating system.
9.3.2 System Threats
In all the device drivers considered so far in the book, we have not been overly concerned
about the thread context in which our driver subroutines have executed. Most of the time, our
subroutines run in an arbitrary thread context, which means we cannot block and cannot directly
access user-mode virtual memory. Some devices are very difficult to program when faced with
the first set of these constraints.
Some devices are best handled by polling. A device that can not asynchronously interrupt the
CPU, for example, needs to be interrogated from time-to-time to check its state. In other cases,
the natural way to program the device might be to perform an operation in steps with waits
in between. A floppy disk driver, for example, goes through a series of steps to perform an
operation. In general, the driver has to command the drive to spin upto speed, wait for the spin-
up to occur, commence the transfer, wait for a short while, and then spin the drive back down.
You could design a driver that operates as a finite state machine to allow a callback function to
properly sequence operations. It would be much easier, though, if you could just insert event
and timer waits at the appropriate spots of a straight-line program.
Dealing with situations that require you to periodically interrogate a device is easy with the help
of a system thread belonging to the driver. A system thread is a thread that operates within the
overall umbrella of a process belonging to the operating system as a whole. In the next section,
we will discuss about system threads that execute solely in kernel mode and the mechanism by
which you create and destroy your own system threads. Next, we will discuss about an example
that how to use a system thread to manage a polled input device.
9.3.3 Network Threats
Trojan horses, worms and DoS (denial of service) attacks are often maliciously used to consume
and destroy the resources of a network. Sometimes, misconfigured servers and hosts can serve
as network security threats as they unnecessarily consume resources. In order to properly
identify and deal with probable threats, one must be equipped with the right tools and security
mechanisms. In this article, we will discuss some of the best practices for identifying and dealing
with such threats.
9.3.4 Types of Network Threats
Most experts classify network security threats in two major categories—logic attacks and resource
attacks. Logic attacks are known to exploit existing software bugs and vulnerabilities with the
intent of crashing a system. Some use this attack to purposely degrade network performance
or grant an intruder access to a system.
One such exploit is the Microsoft PnP MS05-039 overflow vulnerability. This attack involves an
intruder exploiting a stack overflow in the Windows PnP (plug and play) service and can be
executed on the Windows 2000 system without a valid user account. Another example of this
network security threat is the infamous ping of death where an attacker sends ICMP packets
LOVELY PROFESSIONAL UNIVERSITY 293
