CHAPTER 24

OPERATING SYSTEM SECURITY

William Stallings

24.1 INFORMATION PROTECTION AND SECURITY

24.2 REQUIREMENTS FOR OPERATING SYSTEM SECURITY

24.2.1 Requirements

24.2.2 Computer System Assets

24.2.3 Design Principles

24.3 PROTECTION MECHANISMS

24.3.1 Protection of Memory

24.3.2 User-Oriented Access Control

24.3.3 Data-Oriented Access Control

24.3.4 Protection Based on an Operating System Mode

24.4 FILE SHARING

24.4.1 Access Rights

24.4.2 Simultaneous Access

24.5 TRUSTED SYSTEMS

24.5.1 Trojan Horse Defense

24.6 WINDOWS 2000 SECURITY

24.6.1 Access-Control Scheme

24.6.2 Access Token

24.6.3 Security Descriptors

24.7 FURTHER READING

24.8 NOTES

24.1 INFORMATION PROTECTION AND SECURITY.

This chapter reviews the principles of security in operating systems. Some general-purpose tools can be built into computers and operating systems (OSs) that support a variety of protection and security mechanisms. In general, the concern is with the problem of controlling access to computer systems and the information stored in them. Four types of overall protection policies, of increasing order of difficulty, have been identified:

1. No sharing. In this case, processes are completely isolated from each other, and each process has exclusive control over the resources statically or dynamically assigned to it. With this policy, processes often “share” a program or data file by making a copy of it and transferring the copy into their own virtual memory.
2. Sharing originals of program or data files. With the ...