Operating System Protections

In order to take advantage of the capabilities provided by various computing devices, an operating system must be present to manage their resources and processes. And it is important to protect the functions of the operating system from unauthorized access and use. The operating system not only interacts with the system hardware, but it also communicates with software applications and external devices (Carnaghan, 2015).

Goals of protection not only include preventing malicious/misuse of the system but also minimizing possible damage and implementing effective security policies by both system administrators and users (Silberschatz et al., 2012; Bell, 2013).

In order to protect the operating system, access to the operating system must be controlled. The principle of least privilege is based on the premise that software, users, and systems be granted the minimum level of access required to effectively complete their tasks. This, in conjunction with the "need to know principle," which states that computer processes should have the minimum level of access required to complete tasks over the minimum amount of time required to do so, offer good strategies to mitigate and reduce the possible occurrences of misuse (Silberschatz et al., 2012; Bell, 2013).

Based on the principle of least privilege, role-based access control (RBAC) is used to give permissions, or access privileges, to users and programs. In the RBAC model, access to system resources is based on predefined user roles (Carnaghan, 2015).

Computer processes/programs can be assigned protection domains that specify resources they have been given permissions to access, and each domain defines the type of access rights of that process to perform an operation (Silberschatz et al., 2012; Bell, 2013).

References

Bell, J. T. (2013). Operating systems course notes - protection. From Silberschatz, Gagne, and Galvin: Operating systems concepts (9th ed.).  https://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/14_Protection.html

Carnaghan, I. (2015, October 25). Operating systems security: Protection measures analysis [Blog post]. https://www.carnaghan.com/2015/10/operating-systems-security-protection-measures-analysis/).

Silberschatz, A., Gagne, G., & Galvin, P. B. (2012). Operating systems concepts (9th ed.). John Wiley & Sons.