Page 208 - DCAP403_Operating System
P. 208
Unit 11: System Security
Early detection of interface errors can often prevent contamination of a healthy subsystem by a Notes
subsystem that is malfunctioning. An unprotected resource cannot defend against use (or misuse)
by an unauthorised or incompetent user.
Even if a perfectly secure operating system was created, human error (or purposeful human
malice) can make it insecure. More importantly, there is no such thing as a completely secure
system. No matter how secure the experts might think a particular system is, there exists someone
who is clever enough to bypass the security.
It is important to understand that a trade-off always exists between security and the ease of use. It
is possible to be too secure but security always extracts a price, typically making it more diffi cult
to use your systems for their intended purposes. Users of a secure system need to continually
type in, continually change and memorise complex passwords for every computer operation,
or use biometric systems with retina and fi ngerprint and voice scans. All these measures along
with confirmations are likely to bring any useful work to a snail’s pace. If the consequences are
great enough, then you might have to accept extreme security measures. Security is a relative
concept, and gains in security often come only with penalties in performance. To date, most
systems designed to include security in the operating system structure have exhibited either slow
response times or awkward user interfaces-or both.
11.1 System Security
Computer security can be very complex and may be very confusing to many people. It can even
be a controversial subject. Network administrators like to believe that their network is secure and
those who break into networks may like to believe that they can break into any network.
Computer security is the prevention and protection of computer assets from unauthorized
access, use, alteration, degradation, destruction, and other threats. There are two main subtypes:
physical and logical. Physical computer security involves tangible protection devices, such as
locks, cables, fences, safes, or vaults.
Logical computer security involves non-physical protection, such as that provided by
authentication or encryption schemes. Make a point of noting that the physical versus
non-physical (logical) distinction runs through a number of areas in computer science, despite
minor differences in defi nition.
Computer security, in many ways, is about secrecy, not in the sense of being mysterious
or clandestine, but because of the fact that you are always dealing with authorization and
Authenticity.
The major technical areas of computer security are usually represented by the initials CIA:
confidentiality, integrity, and authentication or availability. Confidentiality means that
information cannot be access by unauthorized parties.
Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the
embarrassing to the disastrous. Integrity means that information is protected against unauthorized
changes that are not detectable to authorized users; many incidents of hacking compromise the
integrity of databases and other resources.
Authentication means that users are who they claim to be. Availability means that resources are
accessible by authorized parties; “denial of service” attacks, which are sometimes the topic of
national news, are attacks against availability. Other important concerns of computer security
professionals are access control and non-repudiation.
Maintaining access control means not only that users can access only those resources and services
to which they are entitled, but also that they are not denied resources that they legitimately can
expect to access. Non-repudiation implies that a person who sends a message cannot deny that
he sent it and, conversely, that a person who has received a message cannot deny that he received
LOVELY PROFESSIONAL UNIVERSITY 201
