INTRODUCTION

The growth in the use of time-sharing systems and, more recently, computer networks has brought with it a growth in concern for the protection of information.  The nature of the threat that concerns an organization will vary greatly depending on the circumstances.  However, there are some general-purpose tools that can be built into computers and operating systems that support a variety of protection and security mechanisms.  This section will introduce you to the security risk of computers, by way of their operating systems and how these can be addressed.

​

2.1     COMPUTER SECURITY CATEGORIZATION

In general, we are concerned with the problem of controlling access to computer systems and the information stored in them.  Much of the work in security and protection as it relates to operating systems can be roughly grouped into four categories:

• Availability: Concerned with protecting the system against interruption

• Confidentiality: Assures that users cannot read data for which access is unauthorized

• Data integrity: Protection of data from unauthorized modification

• Authenticity: Concerned with the proper verification of the identity of users and the validity of messages or data

​​

An OS associates a set of privileges with each process.  These privileges dictate what resources the process may access, including regions of memory, files, privileged system instructions, and so on.  Typically, a process that executes on behalf of a user has the privileges that the OS recognizes for that user.  A system or utility process may have privileges assigned at configuration time.  On a typical system, the highest level of privilege is referred to as administrator, supervisor, or root, access.  This access provides access to all the functions and services of the operating system.  With root access, a process has complete control of the system and can add or changes programs and files, monitor other processes, send and receive network traffic, and alter privileges.  A key security issue in the design of any OS is to prevent, or at least detect, attempts by a user or a piece of malicious software (malware) from gaining unauthorized privileges on the system and, in particular, from gaining root access.

​

2.2     SYSTEM ACCESS THREATS

System access threats fall into two general categories:

• Intruders

• Malicious software.

 

Intruders

One of the most common threats to security is the intruder (the other is viruses), often referred to as a hacker or cracker.  In an important early study of intrusion, Anderson identified three classes of intruders:
Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account

Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges
Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection .

 

The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the clandestine user can be either an outsider or an insider.  Intruder attacks range from the benign to the serious.  At the benign end of  the scale, there are many people who simply wish to explore internets and see what is out there.  At the serious end are individuals who are attempting to read privileged data, perform unauthorized modifications to data, or disrupt the system.

 

The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a system.  Most initial attacks use system or software vulnerabilities that allow a user to execute code that opens a back door into the system.  Intruders can get access to a system by exploiting attacks such as buffer overflows on a program that runs with certain privileges.  Alternatively, the intruder attempts to acquire information that should have been protected.  In some cases, this information is in the form of a user password.  With knowledge of some other user’s password, an intruder can log in to a system and exercise all the privileges accorded to the legitimate user.

 

Malicious Software

Perhaps the most sophisticated types of threats to computer systems are presented by programs that exploit vulnerabilities in computing systems.  Such threats are referred to as malicious software, or malware.  In this context, we are concerned with threats to application programs as well as utility programs, such as editors and compilers, and kernel-level programs.  Malicious software can be divided into two categories:

Dependent:  These are referred to as parasitic and are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program.  Examples are:

• Viruses

• Logic bombs

• Backdoors

 

Independent:

The latter are self-contained programs that can be scheduled and run by the operating system.  Examples are:

• Worms

• Bot programs

2.3     COUNTERMEASURES TO SYSTEM ACCESS THREATS

Intrusion Detection RFC 2828 (Internet Security Glossary) defines intrusion detection as follows:

• A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner.

Intrusion detection systems (IDSs) can be classified as follows:

• Host-based IDS: Monitors the characteristics of a single host and the events occurring within that host for suspicious activity

• Network-based IDS: Monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity

 

An IDS comprises three logical components:

• Sensors.  These are responsible for collecting data. The input for a sensor may be any part of a system that could contain evidence of an intrusion. Types of input to a sensor include network packets, log files, and system call traces.  Sensors collect and forward this information to the analyzer.

• Analyzers.  These receive input from one or more sensors or from other analyzers.  The analyzer is responsible for determining if an intrusion has occurred.  The output of this component is an indication that an intrusion has occurred.  The output may include evidence supporting the conclusion that an intrusion occurred.  The analyzer may provide guidance about what actions to take as a result of the intrusion.

• User interface.  The user interface to an IDS enables a user to view output from the system or control the behavior of the system.  In some systems, the user interface may equate to a manager, director, or console component.

 

Intrusion detection systems are typically designed to detect human intruder behavior as well as malicious software behavior. Authentication In most computer security contexts, is the fundamental building block and the primary line of defense.  User authentication is the basis for most types of access control and for user accountability.  RFC 2828 defines user authentication as follows:

• The process of verifying an identity claimed by or for a system entity.

 

An authentication process consists of two steps:

• Identification step: Presenting an identifier to the security system.  (Identifiers should be assigned carefully, because authenticated identities are the basis for other security services, such as access control service)

• Verification step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier.

 

In essence, identification is the means by which a user provides a claimed identity to the system; user authentication is the means of establishing the validity of the claim.  There are four general means of authenticating a user’s identity, which can be  used alone or in combination:

• Something the individual knows: Examples include a password, a personal identification number (PIN), or answers to a prearranged set of questions.

• Something the individual possesses: Examples include electronic keycards, smart cards, and physical keys.  This type of authenticator is referred to as a token.

• Something the individual is (static biometrics): Examples include recognition by fingerprint, retina, and face.

• Something the individual does (dynamic biometrics): Examples include recognition by voice pattern, handwriting characteristics, and typing rhythm.

2.4     FIREWALLS

Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world via wide area networks and the Internet.  Traditionally, a firewall is a dedicated computer that interfaces with computers outside a network and has special security precautions built into it in order to protect sensitive files on computers within the network.  It is used to service outside network, especially Internet, connections and dial-in lines.  Personal firewalls that are implemented in hardware or software, and associated with a single workstation or PC, are also common.

2.5     RECOMMENDED DESIGN GOALS FOR FIREWALLS

• All traffic from inside to outside, and vice versa, must pass through the firewall.  This is achieved by physically blocking all access to the local network except via the firewall.

• Only authorized traffic, as defined by the local security policy, will be allowed to pass.  Various types of firewalls are used, which implement various types of security policies.

• The firewall itself is immune to penetration.  This implies the use of a hardened system with a secured operating system.  Trusted computer systems are suitable for hosting a firewall and often required in government applications.