OS Security and Reliability

12TH WEEK PROJECT NEW TRENDS IN BIS (BIS426E) – SUPERVISED BY

DR ASHRAF ABDELALEEM AND TA SALMA SALAH ELDIN

Sarah Essam Erian 19104881 | Ahmed Khaled Mamdouh 19106697

Table of Contents
Introduction .............................................................................................................. 3

OS Features .......................................................................................................... 5

OS Functionalities ................................................................................................ 5

OS Design Process ............................................................................................... 8

OS Security ............................................................................................................ 10

Computer Security Classifications ......................................................................... 12

Classifications of Threats ....................................................................................... 13

System Threats ................................................................................................... 13

Program Threats ................................................................................................. 14

OS Threats.............................................................................................................. 15

Malware .............................................................................................................. 15

Network Intrusion............................................................................................... 15

Buffer Overflow ................................................................................................. 15

Methods to ensure OS Security.............................................................................. 16

Authentication .................................................................................................... 16

One Time Passwords .......................................................................................... 16

Firewalls ............................................................................................................. 17

Physical Security ................................................................................................ 17

PAGE 1
OS Security Policies and Procedures ..................................................................... 18

OS Reliability......................................................................................................... 19

Reliability Metrics.................................................................................................. 20

Conclusion ............................................................................................................. 22

References .............................................................................................................. 24

PAGE 2
Introduction
The operating system (OS), in simple terms, is the brain of the computer and is
responsible for regulating all interactions between hardware and end-users. The OS
is necessary in any smart environment nowadays and without it, a computer would
be useless metal scraps. The operating system is known as the communication link
between a computer's hardware and its user by textbook definition. The hardware is
given a number of programming instructions that make up the operating system,
which are used to run and operate the entirety of the computer. The kernel is the
fundamental operating system programming instruction. Central processing units,
circuit boards, monitors, keyboards, mice, and other disc drivers are some examples
of computer hardware that are programmed to be run using said OS. There are many
different types of operating systems, including desktop, mobile, server-based, and
embedded operating systems. Some of the most commonly used operating systems
and well known in the market are: Windows OS, Linux/UNIX OS, Mac OS,
Windows Server OS and Linux Server OS. (Marufuzzaman, 2019)

The process operating system as User Interface:

1. User
2. System and application programs
3. Operating system
4. Hardware

PAGE 3
Every general-purpose computer consists of hardware, an operating system(s),
system programs, and application programs. The hardware consists of memory,
CPU, ALU, I/O devices, peripheral devices, and storage devices. The system
program consists of compilers, loaders, editors, OS, etc. The application program
consists of business programs and database programs.

The figure above is a conceptual model of any computer system. To run other
programs, every computer has to have an operating system. The operating system
organizes how the many system programs and application programs for different
users utilize the hardware. It merely offers a setting for other programs to function
well.

An operating system is a group of specialized applications that run on a computer

system to enable appropriate operation. It carries out fundamental functions such
identifying keyboard input, monitoring disc files and directories, providing output
to the display screen, and managing peripheral devices.

PAGE 4
OS is made to accomplish two primary goals:

1. It controls the allocation and use of the computing System’s resources among
the various user and tasks.
2. It provides an interface between the computer hardware and the programmer
that simplifies and makes it feasible for coding and debugging of application
programs.

OS FEATURES

 Convenience: An OS improves the usability of a machine.

 Efficiency: An OS enables the effective use of computer system resources.
 Capability to Evolve: An OS should be designed in a way that makes it
possible to create, test, and introduce new system functions simultaneously
without disrupting existing ones.
 Throughput: The efficiency (number of tasks completed in a given amount
of time) of an operating system should be maximized

OS FUNCTIONALITIES

Resource Management: When parallel accessing happens in the OS means when

multiple users are accessing the system the OS works as Resource Manager, its
responsibility is to provide hardware to the user. It decreases the load in the
system.

Process Management: It includes various tasks like scheduling and

termination of the process. It is done with the help of CPU
Scheduling algorithms.

PAGE 5
Storage Management: The file system mechanism used for the management of
the storage. NIFS, CFS, CIFS, NFS, etc. are some file systems. All the data is
stored in various tracks of Hard disks that are all managed by the storage manager.
It included Hard Disk.

Memory Management: Refers to the management of primary memory. The

operating system has to keep track of how much memory has been used and by
whom. It has to decide which process needs memory space and how much. OS
also has to allocate and deallocate the memory space.

Security/Privacy Management: Privacy is also provided by the Operating system

by means of passwords so that unauthorized applications can’t access programs or
data. For example, Windows uses Kerberos authentication to prevent
unauthorized access to data.

Operating systems must support the following tasks:

1. Provides the facilities to create and modify of programs and data files using
an editor.
2. Access to the compiler for translating the user program from high-level
language to machine language.
3. Provide a loader program to move the compiled program code to the
computer’s memory for execution.
4. Provide routines that handle the details of I/O programming.

I/O System Management: The module that keeps track of the status of devices is
called the I/O traffic controller. Each I/O device has a device handler that resides
in a separate process associated with that device.

PAGE 6
The I/O subsystem consists of:

 A memory Management component that includes buffering caching and

spooling.
 A general device driver interface.
 Drivers for specific hardware devices.

Assembler: The input to an assembler is an assembly language program. The

output is an object program plus information that enables the loader to prepare the
object program for execution. At one time, the computer programmer had at his
disposal a basic machine that interpreted, through hardware, certain fundamental
instructions. He would program this computer by writing a series of ones and
Zeros (Machine language), and place them into the memory of the machine.
Examples of assembly languages include

Compiler and Interpreter: The High-level languages- examples are C, C++, Java,
Python etc. (around 300+ famous high level languages) are processed by
compilers and interpreters. A compiler is a program that accepts a source program
in a “high-level language “and produces machine code in one go. Some of the
compiled languages are FORTRAN, COBOL, C, C++, Rust and Go.

An interpreter is a program that does the same thing but converts high-level code
to machine code line-by-line and not all at once. Example of interpreted languages
are Python, Perl and Ruby.

PAGE 7
Loader: A Loader is a routine that loads an object program and prepares it for
execution. There are various loading schemes: absolute, relocating, and direct-
linking. In general, the loader must load, relocate and link the object program. The
loader is a program that places programs into memory and prepares them for
execution. In a simple loading scheme, the assembler outputs the machine
language translation of a program on a secondary device and a loader places it in
the core. The loader places into memory the machine language version of the
user’s program and transfers control to it. Since the loader program is much
smaller than the assembler, those make more core available to the user’s program.

(Introduction to OS, 2023)

OS DESIGN PROCESS

When designing an operating system, numerous design considerations must be

made before attempting to build such sophisticated software. A few of the elements
that are key to the design process include:

 Openness: It refers to how easily an OS can adapt to additions and new

features being embedded onto it regularly. It is an extension of the system
where it can accommodate the addition of additional resources.
 Scalability: Similar to openness, scalability focuses more on tolerating the
system's expanding workload or number of processes than it does on
managing more resources. It is key to scale the OS accordingly to the
environment it will be implemented into.

PAGE 8
  Performance and Reliability: How well and smoothly a system performs
and how reliable it is in critical circumstances are a must when designing any
OS. They are often degraded and have an inverse relationship with
maintaining a decent operating system design. For example, to ensure
performance and reliability, it can often degrade how clean looking a GUI is
made and vice versa. The more futuristic and sleek it looks, the slower it
could perform and not be as reliable since maintenance could be trickier.
Nevertheless, an OS should have both strong performance and great
reliability/dependability at whatever cost.
 Security: One of the most essential operating system design considerations
that can never be compromised is security. The need to protect data from
outside interference has increased along with workloads and data flow across
devices. The operating system must guarantee this security. In addition, a
number of operating systems have been developed in response to the
development of the internet of things (IoT). Energy efficiency and memory
management are two of these operating systems' top priorities.

(Marufuzzaman, 2019)

PAGE 9
OS Security
Operating system security is the manner of guaranteeing OS accessibility,
confidentiality, integrity and authenticity. This entails the actions or precautions
used to safeguard the operating system from threats including viruses, worms,
malware, and remote hacker intrusions are referred to as OS security. Operating
system security refers to all preventive measures taken to safeguard any system
assets that might be taken, altered, or deleted if OS security were to be
compromised. Two infractions can put system security at danger, and they are as
follows:

 Threat: A piece of software with the potential to substantially damage the

system.
 Attack: an unauthorized entry to a resource due to a security lapse.

Security lapses and breaches normally classify under two main umbrellas:
Malicious and Accidental. Malicious and unintentional security breaches both
have the potential to cause harm to the system. A damaging computer program or
web script known as a malicious threat is intended to make system vulnerabilities
that open back doors and security gaps. Accidental Threats, on the other hand, are
considerably simpler to defend against.

PAGE 10
Some of the most common examples of security breaches that pose threads include
but are not limited to:

1. Breach of Integrity: involves unauthorized modification of data

2. Theft of Service: access to services in any illegal manner
3. Breach of Confidentiality: violation of privacy measures and providing
access of information to unapproved personnel
4. Breach of Availability: unapproved destruction of data making it
unavailable
5. Denial of Service: it is when a user is prevented from legitimate use of the
system with disregard that some attacks may be accidental

(OS Security, 2020)

PAGE 11
Computer Security Classifications

There are four security classes for computer systems, according to the U.S.
Department of Defense's Trusted Computer System's Evaluation Criteria: A, B, C,
and D. These requirements are frequently used to assess and simulate the security
of systems and security measures. The succinct summary of each classification is
provided below:

S.N Classification Type and Description

Type A
1
Highest Level. Uses formal design specifications and verification
techniques. Grants a high degree of assurance of process security.
Type B

Provides mandatory protection system. Have all the properties of a class

C2 system. Attaches a sensitivity label to each object. It is of three types:
B1 − Maintains the security label of each object in the system. Label is
2
used for making decisions to access control.
B2 − Extends the sensitivity labels to each system resource, such as
storage objects, supports covert channels and auditing of events.
B3 − Allows creating lists or user groups for access-control to grant access
or revoke access to a given named object.
Type C

Provides protection and user accountability using audit capabilities. It is

of two types:
3 C1 − Incorporates controls so that users can protect their private
information and keep other users from accidentally reading / deleting their
data. UNIX versions are mostly Cl class.
C2 − Adds an individual-level access control to the capabilities of a Cl
level system.
Type D

4 Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this

category.

(DoD, 1985)

PAGE 12
Classifications of Threats

SYSTEM THREATS

System threats are actions that employ network connections and system functions
improperly to harm users. Software attacks, often referred to as system attacks, can
be used to launch program threats over the entire network. System threats foster an
atmosphere where user files and operating system resources are misused. Some
common system threats include but are not limited to:

 Worm – is a process that can drastically reduce a system's performance by

using system resources. A worm process creates numerous clones of itself,
each of which consumes system resources and prevents all other processes
from obtaining the resources they need. Even a whole network can be
brought to a halt by worm processes.
 Port scanning – is a technique or method through which a hacker can find
weaknesses in the system and launch an attack.

PAGE 13
PROGRAM THREATS

Operating system's processes and kernel do the designated task as instructed. If a

user program made these process do malicious tasks, then it is known as Program
Threats. Some common program threats include but are not limited to:

 Trojan Horse − Such program traps user login credentials and stores them to
send to malicious users.
 Trap Door – It find a security hole in a program’s code and performs illegal
action without knowledge of user.
 Logic Bomb − it is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program making it harder to
detect.
 Virus − Virus as name suggest can replicate themselves on computer system.
They are highly dangerous and can modify/delete user files, crash systems.
(Operating Systems Security Basics , n.d.)

PAGE 14
OS Threats

MALWARE

It contains viruses, worms, Trojan horses, and other dangerous software. These are
generally short code snippets that may corrupt files, delete the data, replicate to
propagate further, and even crash a system. The malware frequently goes unnoticed
by the victim user while criminals silently extract important data.

NETWORK INTRUSION

Network intruders are classified as masqueraders, misfeasors, and unauthorized

users. A masquerader is an unauthorized person who gains access to a system and
uses an authorized person's account. A misfeasor is a legitimate user who gains
unauthorized access to and misuses programs, data, or resources. A rogue user takes
supervisory authority and tries to evade access constraints and audit collection.

BUFFER OVERFLOW

It is also known as buffer overrun. It is the most common and dangerous security
issue of the operating system. It is defined as a condition at an interface under which
more input may be placed into a buffer and a data holding area than the allotted
capacity, and it may overwrite other information. Attackers use such a situation to
crash a system or insert specially created malware that allows them to take control
of the system.

(OS Security, 2020)

PAGE 15
Methods to ensure OS Security

AUTHENTICATION

The process of identifying every system user and associating the programs
executing with those users is known as authentication. The operating system is
responsible for implementing a security system that ensures the authenticity of a
user who is executing a specific program. In general, operating systems identify and
authenticate users in three ways:

1. Username/Password: Every user contains a unique username and password that

should be input correctly before accessing a system.

2. User Attribution: These techniques usually include biometric verification, such

as fingerprints, retina scans, etc. This authentication is based on user uniqueness and
is compared to database samples already in the system. Users can only allow access
if there is a match.

3. User card and Key: To login into the system, the user must punch a card into a
card slot or enter a key produced by a key generator into an option provided by the
operating system.

ONE TIME PASSWORDS

Along with standard authentication, one-time passwords give an extra layer of

security. Every time a user attempts to log into the One-Time Password system, a
unique password is needed. Once a one-time password has been used, it cannot be
reused.

PAGE 16
One-time passwords may be implemented in several ways:

1. Secret Key: The user is given a hardware device that can generate a secret id that
is linked to the user's id. The system prompts for such a secret id, which must be
generated each time you log in.

2. Random numbers: Users are given cards that have alphabets and numbers printed
on them. The system requests numbers that correspond to a few alphabets chosen at
random.

3. Network password: Some commercial applications issue one-time passwords to

registered mobile/email addresses, which must be input before logging in.

FIREWALLS

Firewalls are essential for monitoring all incoming and outgoing traffic. It imposes
local security, defining the traffic that may travel through it. Firewalls are an
efficient way of protecting network systems or local systems from any network-
based security threat.

PHYSICAL SECURITY

The most important method of maintaining operating system security is physical

security. An attacker with physical access to a system may edit, remove, or steal
important files since operating system code and configuration files are stored on the
hard drive.

(OS Security, 2020)

PAGE 17
OS Security Policies and Procedures
Various operating system security policies may be implemented based on the
organization that you are working in. In general, an OS security policy is a document
that specifies the procedures for ensuring that the operating system maintains a
specific level of integrity, confidentiality, and availability.

OS Security protects systems and data from worms, malware, threats, ransomware,
backdoor intrusions, viruses, etc. Security policies handle all preventative activities
and procedures to ensure an operating system's protection, including steal, edited,
and deleted data.

As OS security policies and procedures cover a large area, there are various
techniques to addressing them. Some of them are as follows:

 Installing and updating anti-virus software

 Ensure the systems are patched or updated regularly
 Implementing user management policies to protect user accounts and
privileges.
 Installing a firewall and ensuring that it is properly set to monitor all
incoming and outgoing traffic.

OS security policies and procedures are developed and implemented to ensure that
you must first determine which assets, systems, hardware, and date are the most
vital to your organization. Once that is completed, a policy can be developed to
secure and safeguard them properly.

(OS Security, 2020)

PAGE 18
OS Reliability
Reliability as a whole refers to the capability of computer hardware or software to
perform as user expectancy in a consistent manner throughout a specified system
lifetime, without the occurrence of errors or erratic behavior. Reliability can be
jeopardized by a failure (the system no longer satisfies its design criteria), an error
(an intrinsic weakness in the system that causes inaccurate results), a fault (erratic
or mistaken behavior produced by a system state that designers failed to anticipate),
or human error. Safety and reliability must be distinguished from one another; a
system that is safe to use but has a risk associated with it (a situation where an
accident could happen) and for which no backup plans, no matter how unlikely, are
in place, is still unsafe. Additionally, availability should be distinguished from
reliability. Chemical plant engineers in Bhopal, India, turned off plant safety
mechanisms to improve the availability of processing systems, which resulted to a
tragic death toll. (Spencer, 2019)

PAGE 19
Reliability Metrics
The reliability of a software product is expressed quantitatively using reliability
metrics. Depending on the system type to which it pertains & the demands of the
application domain, one can choose which metric to utilize.

 MTTF: it is as the time interval between the two successive failures. It’s
suitable for computer-aided design systems where work will proceed for
several hours.
 MTTR: Once failure occurs, some-time is required to fix the error. MTTR
measures the average time it takes to track the errors causing the failure and
to fix them.
 MTBF: We can merge MTTF & MTTR metrics to get the MTBF metric.
Therefore, it could be calculated as follows: MTBF = MTTF + MTTR

PAGE 20
  ROCOF: it is the frequency of occurrence with which unexpected role is
likely to appear. It is also referred to as the failure intensity metric.
 POFOD: it is described as the probability that the system will fail when a
service is requested and is relevant where services are demanded
occasionally.
 AVAIL: Availability is the probability that the system is applicable for use
at a given time. It takes into account the repair time & the restart time for the
system.

(Reliability Metrics, 2020)

PAGE 21
Conclusion
To conclude, after finalizing the aforementioned documentation one would be able
to attain the following added value:

 The OS is the heart and soul of any computer device and therefore its security
and reliability are key factors to ensure it is up and running successfully
without any interruptions, intrusions or malfunctions.
 Reliability of the OS varies according to how powerful the hardware is, how
responsive the system is and what exactly is the OS needed for in order to
run the desired programs.
 OS Security measures are highly important in order to ensure safety of
information and prevent the misuse of it no matter how sensitive the
information may be; security should guarantee that even the most basic of
facts is kept safe and sound.

The document initially describes in a brief manner what is the OS and what are the
main types, features, specifications, etc. Then it dives into what is Security,
Reliability, what OS Security and Reliability are in full depth.

Regarding Security, the research paper covers what is meant by security, what are
threats and attacks an OS can face and what measures a user can take to prevent
them.

Normally, computer security is classified into four main categories: A, B, C and D

according to the Department of Defense of the United States’ classification. These
categories differ based on the level of security of computers and they are thoroughly
represented in a tabular manner.

PAGE 22
Operating system security is the manner of guaranteeing OS accessibility,
confidentiality, integrity and authenticity. Security measures are meant to cover two
main divisions: threats and attacks.

 Threats: a piece of software with the potential to substantially damage the

system. Threats are classified into two main types which are system threats
and program threats and both can be an issue and fall under the main umbrella
of OS threats.
 Attacks: an unauthorized entry to a resource due to a security lapse which
could be malicious or accidental.

To avoid such security issues there are some methods to ensure OS security is top
notch and they are summarized as:

 Authentication
 OTP
 Firewalls
 Physical Security
 Policies and Procedures

Reliability refers to the computer’s capability to meet user expectancy in a

consistent manner. There are certain metrics that quantitatively measure reliability
which can be summarized as:

 MTTF
 MTTR
 MTBF
 ROCOF
 POFOD
 AVAIL

PAGE 23
References
DoD, D. C. (1985, December 26). The Orange Book. Bedford, United States of
America. Retrieved from
https://csrc.nist.gov/csrc/media/publications/conference-
paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-
papers/dod85.pdf

Introduction to OS. (2023, March 23). Retrieved from Geeks for Geeks:
https://www.geeksforgeeks.org/introduction-of-operating-system-set-1/

Marufuzzaman, M. (2019, September). A review on Reliability, Security and

Memory Management of Numerous Operating Systems. Retrieved from
Research Gate:
https://www.researchgate.net/publication/351391506_A_review_on_Reliab
ility_Security_and_Memory_Management_of_Numerous_Operating_Syste
ms

Operating Systems Security Basics . (n.d.). Retrieved from Tutorials Point:

https://www.tutorialspoint.com/operating_system/os_security.htm#

OS Security. (2020, October). Retrieved from Java T Point:

https://www.javatpoint.com/operating-system-security

Reliability Metrics. (2020, October). Retrieved from Java T Point:

https://www.javatpoint.com/software-engineering-software-reliability-
metrics

Spencer, J. (2019, September 16). Defining Reliability. Retrieved from

TechniPages: https://www.technipages.com/definition/reliability/

PAGE 24