1. MIZAN-TEPI UNIVERSITY
SCHOOL OF COMPUTING AND INFORMATICS
DEPARTMENT OF SOFTWARE ENGINEERING
GROUPASSIGNMENT OF OPERATING SYSTEM
GROUP FIVE
Submit to Mr.Melkamu
Submmisison data 10/9017
2. 05/18/2025
Group member
NAME ID
1. TEGENA FIKADU 6115/16
2. ESHETU HENOK 4227/16
3. ABRAHIM YUSUF 4015/16
4. ENTEWACHEW 6134/16
5. HUSNIYA MOHAMMED 4343/16
6. CHRISMAS DENG 4164/16
3. 05/18/2025
SECURITY THREATS
System security can mean several things.
To have system security we need to protect the system from corruption
and we need to protect the data on the system.
There are many reasons why these need not be secure.
Malicious users may try to hack into the system to destroy it.
Power failure might bring the system down.
A badly designed system may allow a user to accidentally destroy
important data.
A system may not be able to function any longer because one user fills up
the entire disk with garbage.
4. 05/18/2025
Cont.….
We can classify the security attacks into two types as mentioned
below:
1) Direct: This is any direct attack on your specific systems, whether
from outside hackers or from disgruntled insiders.
2) Indirect: This is general random attack, most commonly computer
viruses, computer worms, or computer Trojan horses.
These security attacks make the study of security measures very
essential for the following reasons:
To prevent loss of data: You don’t want someone hacking into your
system and destroying the work done by you or your team members.
5. 05/18/2025
Cont…..
To prevent corruption of data: Sometimes, the data may not
completely be lost, but just be partially corrupted.
To prevent compromise of data: Sometimes it can be just as bad (or
even worse) to have data revealed than to have data destroyed.
To prevent theft of data: Some kinds of data are subject to theft. An
obvious example is the list of credit card numbers belonging to your
customers. Just about anything associated with money can be stolen.
To prevent sabotage: A disgruntled employee, a dishonest competitor,
or even a stranger could use any combination of the above activities to
maliciously harm your business.
6. 05/18/2025
SECURITY POLICIES AND MECHANISMS
Computer systems and especially their protection mechanisms must be
penetration resistant.
However, most, or perhaps all, current systems have security holes that
make them vulnerable.
As long as vulnerabilities remain in a system, the security may be
circumvented.
Security evaluations have been performed for quite some time by mainly
two different methods.
The first is to classify systems into a predefined set of categories,
each with different security requirements.
The other method is referred to as penetration testing, which is a form of
stress testing exposing weaknesses in a system.
7. 05/18/2025
Cont….
A security policy establishes accountability for information
protection by defining a set of rules, conditions, and practices that
regulate how an organization manages, protects, and distributes
sensitive information.
perform properly, all efforts fail if the policy itself is flawed or
poorly understood. For this reason, the standards require that “there
must be an explicit and well-defined security policy enforced by the
system”.
A security policy may address confidentiality, integrity, and/or
availability.
8. 05/18/2025
AUTHENTICATION
Authentication is the process of verifying a user’s identity
through one of three methods:
Something you know – A shared secret, such as a password.
Something you have – A physical token, such as a key or
smart card.
Something you are – A biometric measure, such as a
fingerprint.
These methods are designed to ensure that only authorized
users can access a system or network.
The level of security in an authentication system depends
on the sensitivity of the information being protected.
9. 05/18/2025
Cont…..
Highly sensitive data requires stronger authentication
methods, while less sensitive data may use simpler techniques.
The primary goal of authentication is to provide "reasonable
assurance" that a user is legitimate, preventing unauthorized
access by someone impersonating an authorized user.
•the most widely used and basic method of authentication:
passwords.
10. 05/18/2025
Passwords
The most common and least stringent form of authentication
technology demands that users provide only a valid account
name and a password to obtain access to a system or network.
The password-based authentication is one-way and normally
stores the user-id and password combination in a file that may
be stored on the server in an encrypted or plaintext file.
Most people using the public e-mail systems use this form of
authentication.
11. 05/18/2025
Alternative Forms of Authentication
Alternative forms of authentication include the following
technologies:
Biometrics: These systems read some physical characteristic
of the user, such as their fingerprint, facial features,
voiceprints, signature analysis.
• These readings are compared to a database of authorized
users to determine identity.
Security Devices or Artifacts: These systems require use of a
special purpose hardware device that functions like a
customized key to gain system access.
12. 05/18/2025
Cont…..
• The device may be inserted into the system like a key or used to
generate a code that is then entered into the system.
• The best example is the use of an ATM card, which is inserted in
the machine and also requires password to be entered
simultaneously.
Concentric-ring Authentication: These systems require users to
clear additional authentication hurdles as they access increasingly
sensitive information.
• This approach minimizes the authentication burden as users
access less sensitive data while requiring stronger proof of
identity for more sensitive resources.
13. 05/18/2025
System Protection
System protection in an operating system refers to the
mechanisms implemented by the operating system to ensure the
security and integrity of the system.
System protection involves various techniques to prevent
unauthorized access, misuse, or modification of the operating
system and its resources.
There are several ways in which an operating system can provide
system protection:
User authentication: The operating system requires users to
authenticate themselves before accessing the system.
14. 05/18/2025
Cont….
Access control: The operating system uses access control lists
(ACLs) to determine which users or processes have permission to
access specific resources or perform specific actions.
Encryption: The operating system can use encryption to protect
sensitive data and prevent unauthorized access.
Firewall: A firewall is a software program that monitors and
controls incoming and outgoing network traffic based on
predefined security rules.
Antivirus software: Antivirus software is used to protect the
system from viruses, malware, and other malicious software.
15. 05/18/2025
Models of Protection
Protection refers to the mechanisms that ensure only authorized
processes or users can access specific resources. This includes
memory, files, devices, and other processes.
Types of Protection Models
Access Matrix Model-The access matrix model for computer
protection is based on abstraction of operating system
structures.
Because of its simplicity and generality, it allows a variety
of implementation techniques, as has been widely used.
16. 05/18/2025
There are three principal components in the access matrix model:
A set of passive objects,
A set of active subjects, which may manipulate the objects.
A set of rules governing the manipulation of objects by subjects.
• Objects are typically files, terminals, devices, and other entities
implemented by an operating system.
• A subject is a process and a domain (a set of constraints within
which the process may access certain objects).
• The access matrix is a rectangular array with one row per subject
and one column per object.
17. 05/18/2025
Cont.…
The mode of access allowed depends on the type of the object
and on the functionality of the system; typical modes are read,
write, append, and execute.
18. 05/18/2025
Access Control Lists (ACL)
In the ACL model, access rights are associated with each
object, not subject.
Every object maintains a list called an Access Control List
that specifies which subjects can access the object and what
operations they can perform.
An ACL is stored with each object.
Each entry in the list contains:
A subject (user or process).
A set of permissions.
19. 05/18/2025
Capability Lists (C-List)
The Capability List model is the inverse of ACL. Instead of
associating rights with objects, it associates rights with
subjects.
Each subject maintains a list of capabilities, where each
capability specifies:
An object.
The allowed operations on that object.
20. 05/18/2025
Role-Based Access Control (RBAC)
In RBAC, access rights are not directly assigned to users.
Instead, they are assigned to roles, and users are assigned to
one or more roles.
• Roles represent job functions (e.g., Admin, Manager,
Employee).
• Permissions are associated with roles.
• Users gain permissions through the roles they are assigned.
Structure:
• Define roles e.g., Admin, HR, Engineer
→
• Assign permissions to roles e.g., Admin can manage users
→
• Assign users to roles e.g., Alice is an Admin
→
*This model is especially useful in large organizations with
hierarchical responsibilities.
21. 05/18/2025
Mandatory Access Control (MAC)
MAC is a strict access control model often used in high-
security environments like military systems.
Each subject and object is assigned a security label (e.g.,
Top Secret, Confidential, Public).
Access decisions are based on clearance levels and
classification.
Users cannot change permissions; it's controlled by a
central policy.
