As the computer industry advanced so
much and it has more complexities, Operating System responsibilities has
increased, and give challenge to the operating system developers to build a
secure operating system One of the fundamental concerns in the security of
cyberspace and e-commerce is the security of operating systems that are the
core piece of software running in all information systems, such as network
devices (routers, firewalls, etc.), Web Servers, customer desktops, windows,
and so on. Many of known vulnerabilities Discovered so far are rooted from the
bugs or deficiency of underneath operating Systems. This paper discusses the
security (or lack of security) of most commercial operating systems like Unix
and Microsoft Windows, and its effect to the overall security of Web based
applications and services.
Every modern computer system such
network servers, desktop computers and personal computers has a core piece of
software, called kernel or operating system which is executed on a machine of
hardware that allocate the basic resources of the system. it has become
necessity of everyone from just a scientific tool so that improving security of
is an issue to the users. For this purpose Operating System plays a vital role
in security of a system. Today we don’t call a system by its manufacturer name
but we call it by it operating system as MAC PC or Windows PC. Building a
secure operating system has been and still is a major issue. Operating system
are becoming more dynamic day by day to utilize the full capacity of
hardware’s, as Operating system is becoming more dynamic Operating System faces
some challenges which are still to be conquered. One of major challenge is
security of Operating System. Informally, security is, keeping unauthorized
entities from doing things you don’t want them.. This will help readers to have
an overview of previous work has been done for Operating System security and
give a direction to start their own study and will provide help for developers
to keep these security issues in mind in development of operating system. We
have a lot of different kind of operating system in the market but we will
analyze most famous operating system because these are used in large number
instance, CPU, memory, device driver communication ports etc. and handle the
execution of all application within the system. Some popular commercial and
Open Source operating systems are Microsoft Windows, different flavors of Unix
(BSD, AIX, HP-UX, Solaris), Mac OS, and Linux. Because of the important role of
the operating system in the operation of any computer systems, the security (or
lack of security) of an operation system will have fundamental impacts to the
overall security of a computer system, including the security of all
applications running within the system. With the ever-growing connectivity and
E-commerce through the Internet.Application security is an ultimate goal for
millions of merchants and consumers who turn their business and service electronic
and to the public world of cyberspace. On the other hand, efforts to achieve
total security of such systems continue to be based on the flawed promise that
adequate security can be achieved in applications with the current security
mechanisms of mainstream operating system. The reality is that secure
applications demand secure operating systems, and tackling application
compromises at the OS level by kernel-enforced controls should probably be
considered as an attractive and effective approach.
Ø SECURITY ISSUES:
Security has been and
still remains a major concern for Operating system developers and users alike.
Informally security is keeping unauthorized entities from doing things you don’t
want them to do. Its operating system job to provide security against
unauthorized users. Computer security is defined by three attributes,
prevention Confidentially, Integrity, Availability.
Confidentiality: (or privacy) the
requirement that information maintained
by a computer system be accessible
only by authorized parties (users and
the processes that run as/represent
Interception occurs when an
unauthorized party gains access to a resource;
Examples include illicit file copying
and the invocation of programs.
Integrity: the requirement
that a computer system’s resources can be modified
only by authorised parties.
Modification occurs when an
unauthorised party not only gains access to
but changes a resource such as data or
the execution of a running process.
Availability: the requirement that
a computer system be accessible at required
times by authorised parties.
Interruption occurs when an
unauthorised party reduces the availability
of or to a resource.
security – a built-in mechanism
or logic within the operating system (often called system security module or
system security administrator) that implements and tightly controls the
definition and assignment of security attributes and their actions (security
policies) for every operation or function provided by the system. Generally, a
mandatory security will require:
A policy independent security labeling
and decision makes logics. The operating system implements the mechanism,
whereas the users or applications are able to define security policies. Enforcement
of access control for all operations. All system operations must have
permission checks based on security labeling of the source and target objects.
The main security controls include
permission or access authorization, authentication usage, cryptographic usage,
and subsystem specific usage, etc.
been improved directly but still there are flaws. Reasons are as follows:
reason of this that most attacks are now a day publicly announced and describes
in detail on internet.
reason is the vendors attempt to offer backward compatibility which leaves open
old weaknesses in the system.
Ø DESKTOP OPERATING SYSTEM:
operating system can be seen in market but here we are going to discuss two
most famous and in most use desktop operating system which are Windows and Mac.
Microsoft windows are the most popular and most used operating system in the
world. It’s a graphical series of operating system of Microsoft. Microsoft
Windows is a closed source operating system.
There are different
versions of operating system are as follows:
a lot versions and every operating
system has some security issues. As the Microsoft windows is the most used
operating system it has more threats than other operating system as well.
Microsoft windows have released user space and kernel space is involved in
operating system issues. The Windows operating system is designed to
support applications by moving more functionality into the operating system,
and by more deeply integrating applications into the Windows kernel.
Microsoft doesn’t want to
spend money on previous versions of windows, they don’t provide windows update
instead they are improving their flaws in upcoming versions.
It only restricted in bound
traffic and did not provide any mechanism for blocking or filtering traffic
outbound from the Windows PC. Hidden
File Extensions with windows continues to hide known file extensions by
default. In other words, rather than displaying a full file name like
‘pcworld.docx’, Windows will only display ‘pcworld’. The idea is to make things
more simple or user-friendly. We don’t want to confuse the end-user with details like ‘docx’, or ‘xls’, or ‘mp3’.
The security flaw allows
attackers to slip malicious code into an website, using a compromised file.
When a victim visits the tainted website using any of the Internet Explorer web
browsers versions 6 through 11, attackers could gain full user rights over the
victim’s computer and potentially all information on it.
Flash Player Gain access to a system and execute arbitrary code user
privileges. The memory problem
was very common in windows 9x family and windows xp, although windows xp has
made a lot improvements over windows 9x, but they both share this memory
problem, when any user program try to access the operating system memory or
other user program it result come in memory dump and gets crashed.
Ø MAC OS
MAC OS is
second most popular and widely used operating system which share 6% of desktop
operating system market shared. It is UNIX based graphical user interface
operating system made only for MAC computers by Apple Inc. MAC is second most
popular operating system, so there are not too many viruses for MAC. But it
doesn’t mean MAC doesn’t need security. Recently a Trojan name variously Mac
Protector, Mac Defender and Mac Guard showed on Apple machines, a window
claiming to be the Apple Security Center pops up and indicate that virus has
been found on this computer, and then it prompts to user to download Mac
Protector and this software intended to steal credit card information.
Ø Linux os
In Linux security system
has two parts:
2. Access control.
Some security issues
regarding Linux operating system are as follows:
Local Security: Local users create a
lot of problems for system. It is bad policy to provide accounts to people you
don’t know or for whom you have no contact information. It is better to follow
some rules of thumb when offering access to your Linux machine: give users
minimum privileges monitor when and where they log in, remove inactive accounts
and prohibit the creation of group user IDs.