opereting system protrction and security.explain and recognize security policy and mechanish,authentic basic also protection concept and access control.
Explain protection and security concept.
- Sharing of program and data among us a computer system necssitataes strong emphis on protection ang security measures in an os.Both protection and security imply guarding again -intrusion in an os. However,in keeping with the convention followed in os literature,a distinction is made between two types of intrusion.
Security policy and mechanism
- The term security and protection are often used interchangeable.Nevertheless, it is frequently useful to make a distinction between the general problems involved in making sure that files are not read or modified by unauthorized persons, which include technical, managerial, legal and political issues on the one hand, and the specific operating system mechanism used to provide security on the other to avoid confusion, we will use the term security to refer to the overall problem, and the term protection mechanisms to refer to the specific operating system mechanisms used to safeguard information in the computer. The boundary between them is not well defined, however.
- A more interesting problem is what to do about intruders. These come in two varieties.
- Passive intruders just want to read files they are not authorized oread. Active intruders are more malicious; they want to make unauthorized changes to data.
Explain and recognize security policy and mechanish
- The separation of mechanism and policy is a design principle in computer science. It states that mechanisms (those parts of a system implementation that control the authorization of operations and the allocation of resources) should not dictate (or overly restrict) the policies according to which decisions are made about which operations to authorize, and which resources to allocate.
- This is most commonly discussed in the context of security mechanisms (authentication and authorization), but is actually applicable to a much wider range of resource allocation problems (e.g. CPU scheduling, memory allocation, Quality of Service), and the general question of good object abstraction.Per Brinch Hansen presented arguments in favor of separation of mechanism and policy.
- Artsy, in a 1987 paper, discussed an approach for an operating system design having an "extreme separation of mechanism and policy".In a 2000 article, Chervenak et al. described the principles of mechanism neutrality and policy neutrality authentic basic also protection concept and access control.
- Effective security starts with understanding the principles involved. Simply going through the motions of applying some memory set of procedures isn’t sufficient in a world where today’s “best practices” are tomorrow’s security failures. IT security is a fast-moving field, and knowing how to perform the actions necessary for accepted practices isn’t enough to ensure the effective security starts with understanding the principles involved.
- Simply going through the motions of applying some memory set of procedures isn’t sufficient in a world where today’s “best practices” are tomorrow’s security failures.
- IT security is a fast-moving field, and knowing how to perform the actions necessary for accepted practices isn’t enough to ensure the best security possible for your systems.
- Among the most basic of security concepts is access control. It’s so fundamental that it applies to security of any type — not just IT security. Everything from getting into your car to launching nuclear missiles is protected, at least in theory, by some form of access control.
- Because of its universal applicability to security, access control is one of the most important security concepts to understand.
- The key to understanding access control security is to break it down. There are three core elements to access control. Of course, we’re talking in terms of IT security here, but the same concepts apply to other forms of access control.
Identification: For access control to be effective, it must provide some way to identify an individual. The weakest identification capabilities will simply identify someone as part of a vague, poorly defined group of users who should have access to the system. Your TechRepublic username, a PGP e-mail signature, or even the key to the server closet provides some form of identification.
Authentication: Identification requires authentication. This is the process of ensuring that the identity in use is authentic — that it’s being used by the right person. In its most common form in IT security, authentication involves validating a password linked to a username. Other forms of authentication also exist, such as fingerprints, smartcards, and encryption keys.
Authorization: The set of actions allowed to a particular identity makes up the meat of authorization. On a computer, authorization typically takes the form of read, write, and execution permissions tied to a username.
- These three elements of access control combine to provide the protection you need — or at least they do when implemented so they cannot be circumvented.
- For the example of simple access to basic system utilities on a workstation or server, identification is necessary for accounting (i.e., tracking user behavior) and providing something to authenticate.
- Authentication is necessary to ensure the identity isn’t being used by the wrong person, and authorization limits an identified, authenticated user from engaging in prohibited behavior (such as deleting all your backups).
- Depending on the type of security you need, various levels of protection may be more or less important in a given case. Access to a meeting room may need only a key kept in an easily broken lockbox in the receptionist’s area, but access to the servers probably requires a bit more care
No comments:
Post a Comment