System protection in the operating systems (OS) actually refers to a mechanism that restricts the access of the resources specified by a computer system to programs, processes, or users. It requires the security of computer resources such as Processor, software, memory, etc. As a helper to multiprogramming operating system, users should take security, so that several users can safely share a common logical namespace such as directory or data (file). Security and protection can be achieved by maintaining honesty, confidentiality, and availability in the operating system (OS). It is important to protect the device from unauthorized access, viruses, worms, etc.
Need of System Protection:
- To prevent access of unauthorized users and
- To ensure that resources are used only as specified policy by each active program or mechanism in the scheme,
- To improve reliability by detecting latent errors.
Note that only the frameworks for implementing policies and maintaining stable systems are supported by security systems. It’s up to administrators and users to successfully enforce such processes.
(Example of System Protection In Operating System)
The function of security is to provide a mechanism that implements policies that determine the computer system’s use of resources. At the time of system creation, some policies are defined, some are designed by system management and some are defined by system users to protect their own files and programs. A threat is a program that is malicious in nature and causes the device to experience adverse effects. Some of the prevalent threats that happen in a system are –
- Virus: Small fragments of code inserted in a device are common viruses. They are very risky and can corrupt data, delete information, crash systems, etc. By replicating themselves as needed, they can also spread further.
- Trojan Horse: A Trojan horse is able to secretly access a system’s login data. These can then be used by a malicious user to access the system as a harmless being and wreak havoc.
- Trap Door: A trap door is a violation of security that may be present in a device without the users’ knowledge. It can be abused by malicious people to damage the data or files in a system.
- Worm: Through using its resources to extreme levels, a worm will kill a machine. It can create several copies that assert all resources and do not enable them to be accessed by any other processes. In this way, a worm can shut down a whole network.
- Denial of Service: These kinds (types) of attacks do not cause a device to be accessed by legitimate users. It overwhelms the device with requests so that it is overloaded and other users cannot operate properly.
Each application has different resource use policies and they can change over time, so device security is not just a concern of the operating system (OS) designer. The security mechanism should also be developed by the application programmer to protect their device from misuse. The concept of least privilege dictates that only enough rights are provided to programs, users, and systems to perform their tasks. It means that errors do the least amount of damage and cause the least damage to be done.
Each user is typically granted their own account and only has ample rights to edit their own files. The root account should not be used for regular day-to-day activities; the system administrator should still have an ordinary account, and the root account should be reserved for tasks that require root privileges only. The policy is distinct from mechanism; processes decide how to do something and policies determine what to do. Over time and location to place, policies are changed. For the flexibility of the system, the separation of mechanism and policy is essential.
The various techniques that can provide protection and security for various computer systems are –
- Authentication: It deals with defining every consumer in the system and ensuring that they are who they claim to be. The operating system ensures that before they enter the system, all the users are authenticated.
- One Time Password: For authentication purposes, these passwords provide a lot of protection. Any time a user wants to access the system, a one-time password can be created exclusively for a login. It is not possible to use it more than once.
It is possible to interpret a machine as a set of processes and objects. The need to know principle states that only those objects that it requires to accomplish its mission should be available to a process and furthermore only in the modes for which it needs access and only during the time frame when it needs access.