Cybersecurity and Cryptography

5.1 Operating System Security Fundamentals
5.2 User Authentication and Authorization
5.3 Access Control Models and Implementation
5.4 Hardening Operating Systems

🔒Cybersecurity and Cryptography Unit 5 – OS Security and Access Control

Operating system security is crucial for protecting systems from unauthorized access and exploitation. It encompasses authentication, authorization, and access control to regulate who can use system resources and how. These measures form the foundation of a secure computing environment. Access control models like DAC, MAC, and RBAC define rules for granting or restricting access. Authentication methods verify user identities, while authorization techniques determine permissions. File system security, privilege management, and security policies further enhance OS protection against threats and vulnerabilities.

Study Guides for Unit 5

5.1

Operating System Security Fundamentals

3 min read

5.2

User Authentication and Authorization

4 min read

5.3

Access Control Models and Implementation

4 min read

5.4

Hardening Operating Systems

3 min read

Core Concepts

  • Operating system security focuses on protecting the OS from unauthorized access, misuse, and exploitation
  • Access control is a fundamental aspect of OS security that regulates who can access system resources and how they can be used
  • Authentication verifies the identity of users or processes seeking access to the system (username and password, biometric data, smart cards)
  • Authorization determines the permissions and privileges granted to authenticated users or processes
    • Principle of least privilege limits access rights to the minimum necessary for users to perform their tasks
  • Security policies define the rules and guidelines for maintaining the security of an operating system
    • Policies cover areas such as access control, user management, network security, and incident response
  • Threat modeling identifies potential security risks and vulnerabilities in an operating system
    • Helps prioritize security measures and allocate resources effectively
  • Security auditing involves monitoring and logging system activities to detect and investigate security incidents
    • Audit trails provide a record of user actions, system events, and security-related information

OS Security Fundamentals

  • Operating system security aims to protect the confidentiality, integrity, and availability of system resources and data
  • Security features are built into modern operating systems to prevent unauthorized access and misuse
    • Examples include user authentication, access control lists (ACLs), and encryption
  • Kernel-level security mechanisms enforce security policies and protect critical system components
    • The kernel is the core of the operating system and has the highest level of privilege
  • Process isolation techniques prevent unauthorized interaction between processes and limit the impact of security breaches
    • Each process runs in its own memory space and cannot directly access the memory of other processes
  • Address space layout randomization (ASLR) makes it harder for attackers to exploit memory-related vulnerabilities
  • Secure boot ensures that only trusted and verified operating system components are loaded during the boot process
  • Regular software updates and patches are essential to fix security vulnerabilities and protect against emerging threats

Access Control Models

  • Access control models define the rules and policies for granting or restricting access to system resources
  • Discretionary Access Control (DAC) allows resource owners to determine who can access their resources and how they can be accessed
    • Access rights are assigned to users or groups at the discretion of the owner
    • Implemented using access control lists (ACLs) or permission bits (read, write, execute)
  • Mandatory Access Control (MAC) enforces system-wide security policies that cannot be overridden by users
    • Access rights are determined by security labels assigned to subjects (users or processes) and objects (files, directories)
    • Commonly used in high-security environments (military, government)
  • Role-Based Access Control (RBAC) grants access based on the roles and responsibilities of users within an organization
    • Users are assigned to roles, and permissions are associated with each role
    • Simplifies access management and reduces the risk of unauthorized access
  • Attribute-Based Access Control (ABAC) uses attributes of subjects, objects, and the environment to make access decisions
    • Attributes can include user credentials, object metadata, time of day, location, or security clearance
  • Rule-Based Access Control defines specific rules and conditions that must be met for access to be granted
    • Rules can be based on user attributes, system state, or external factors

Authentication Methods

  • Authentication verifies the identity of users or processes before granting access to system resources
  • Password-based authentication is the most common method, where users provide a username and password to log in
    • Passwords should be strong, unique, and regularly updated to maintain security
    • Password policies enforce requirements such as minimum length, complexity, and expiration
  • Multi-factor authentication (MFA) combines two or more authentication factors to enhance security
    • Factors can include something you know (password), something you have (smart card, token), or something you are (biometric data)
  • Biometric authentication uses unique physical characteristics to verify identity (fingerprints, facial recognition, iris scans)
    • Provides a high level of assurance but requires specialized hardware and can raise privacy concerns
  • Certificate-based authentication uses digital certificates to prove the identity of users or devices
    • Certificates are issued by trusted certificate authorities (CAs) and contain information about the owner's identity
  • Single sign-on (SSO) allows users to authenticate once and access multiple systems or applications without re-entering credentials
    • Reduces the burden of managing multiple passwords and improves user experience
  • Risk-based authentication dynamically adjusts authentication requirements based on the assessed risk level of a user or transaction
    • May require additional verification steps for high-risk activities (large financial transactions, access from unfamiliar locations)

Authorization Techniques

  • Authorization determines the permissions and privileges granted to authenticated users or processes
  • Access control lists (ACLs) specify the permissions associated with an object (file, directory) for different users or groups
    • Each entry in an ACL defines the access rights (read, write, execute) for a specific user or group
  • Role-based authorization assigns permissions to roles rather than individual users
    • Users acquire permissions based on the roles they are assigned to
    • Simplifies permission management and ensures consistent access control across an organization
  • Rule-based authorization uses predefined rules to determine access rights based on user attributes, object properties, or contextual factors
    • Rules can be expressed as if-then statements or using a policy language
  • Attribute-based authorization evaluates user attributes, object attributes, and environmental conditions to make access decisions
    • Attributes can include user roles, security clearance, time of day, or location
  • Capability-based authorization associates permissions directly with objects rather than users
    • Users possess capabilities (tokens) that grant them specific access rights to objects
  • Delegated authorization allows users to grant a portion of their permissions to other users or processes
    • Useful for temporary access or when users need to share resources with collaborators

File System Security

  • File system security controls access to files and directories and protects against unauthorized modification or disclosure
  • File permissions determine the actions users can perform on files and directories (read, write, execute)
    • Permissions can be assigned to individual users, groups, or roles
  • Access control lists (ACLs) provide granular control over file access by specifying permissions for each user or group
    • ACLs can be used to grant or deny access to specific files or directories
  • File encryption protects the confidentiality of sensitive data by encoding it with a secret key
    • Encrypted files are unreadable without the corresponding decryption key
  • Secure deletion techniques ensure that deleted files cannot be recovered by unauthorized parties
    • Methods include overwriting file data, using secure deletion tools, or encrypting files before deletion
  • File integrity monitoring detects unauthorized changes to files by comparing their current state to a known baseline
    • Helps identify malicious modifications, accidental changes, or file corruption
  • Auditing and logging track file access and modification activities for security analysis and incident response
    • Log entries include details such as user identity, timestamp, and the action performed (read, write, delete)
  • Regular backups protect against data loss due to hardware failure, file corruption, or ransomware attacks
    • Backups should be stored securely and tested regularly to ensure their reliability

Privilege Management

  • Privilege management involves controlling and monitoring the privileges assigned to users and processes
  • Principle of least privilege (PoLP) ensures that users and processes have only the minimum privileges necessary to perform their tasks
    • Reduces the potential impact of security breaches and limits the scope of unauthorized actions
  • Privilege separation divides a system or application into components with different levels of privilege
    • Critical components run with higher privileges and are isolated from less trusted components
  • Privilege escalation occurs when a user or process gains higher privileges than initially assigned
    • Can be legitimate (sudo command) or malicious (exploiting vulnerabilities to gain unauthorized privileges)
  • Privilege bracketing grants elevated privileges to a process for a limited time or scope
    • Privileges are dropped when no longer needed, reducing the window of vulnerability
  • Privilege auditing monitors and logs the use of privileged accounts and actions
    • Helps detect misuse, abuse, or unauthorized privilege escalation attempts
  • Regular privilege review ensures that user privileges align with their current roles and responsibilities
    • Unused or excessive privileges should be revoked to maintain the principle of least privilege

Security Policies and Best Practices

  • Security policies establish the rules, guidelines, and procedures for maintaining the security of an operating system
  • Access control policies define who can access system resources, under what conditions, and with what permissions
    • Policies should be based on the principle of least privilege and enforce strong authentication and authorization mechanisms
  • Password policies specify requirements for password strength, complexity, expiration, and storage
    • Policies may include minimum length, mandatory use of special characters, and regular password changes
  • Data classification policies categorize data based on its sensitivity and define appropriate handling and protection measures
    • Classifications can include public, internal, confidential, or restricted data
  • Incident response policies outline the procedures for detecting, reporting, and responding to security incidents
    • Policies define roles and responsibilities, communication channels, and escalation procedures
  • Network security policies govern the secure configuration and use of network resources and services
    • Policies may cover firewall rules, VPN access, wireless security, and remote access protocols
  • Backup and disaster recovery policies ensure the regular backup of critical data and define procedures for recovering from disasters or system failures
    • Policies specify backup frequency, storage locations, retention periods, and testing requirements
  • Security awareness and training programs educate users about security best practices, policies, and their responsibilities
    • Regular training helps users identify and report potential security threats and maintain a strong security culture
Fiveable
About Us
About FiveableBlogCareersTestimonialsCode of ConductTerms of UsePrivacy PolicyCCPA Privacy Policy
Resources
Cram ModeAP Score CalculatorsStudy GuidesPractice QuizzesGlossaryCrisis Text LineRequest a Feature
Stay Connected
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
About Us
About FiveableBlogCareersTestimonialsCode of ConductTerms of UsePrivacy PolicyCCPA Privacy Policy
Resources
Cram ModeAP Score CalculatorsStudy GuidesPractice QuizzesGlossaryCrisis Text LineRequest a Feature
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
Back
Glossary
Glossary
5.1 Operating System Security Fundamentals