THE UNIVERSITY OF DODOMA

COLLEGE OF INFORMATICS AND VIRTUAL EDUCATION

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

IA 313: OPERATING SYSTEMS SECURITY

Tutorial 2

1. What is operating system security?

Operating System Security: Operating system security refers to the measures

and mechanisms implemented within an operating system to ensure the
confidentiality, integrity, and availability of resources, as well as to protect
against unauthorized access and malicious activities. It involves controlling
user access, securing system files, managing permissions, and implementing
various security features to safeguard the operating system and the data it
processes.

2. What Security Goals Does Operating System Provide?

The security goals provided by operating systems typically include:

 Confidentiality: Ensuring that unauthorized users cannot access sensitive
information.
 Integrity: Preventing unauthorized modifications to data or system resources.
 Availability: Ensuring that the system and its resources are consistently
accessible.
 Authentication: Verifying the identity of users and entities accessing the system.

3. Explain the authentication methods used by the OS.

 Password-based authentication: Users provide a password to verify their
identity.
Biometric authentication: Uses physical or behavioral characteristics (e.g.,
fingerprints, retina scans) to authenticate users.
Multi-factor authentication (MFA): Requires users to provide multiple forms
of identification, such as a password and a token.
Smart cards: Users authenticate using a card with an embedded chip.

4. In the context of OSS, mention the advantage and disadvantages of Sandboxing

Advantages:
a Isolation: Sandboxing restricts the actions of a process, preventing
it from affecting other parts of the system.
b Security: Limits the potential damage caused by malicious code or
vulnerabilities.
c Testing: Useful for testing and running untrusted applications in a
controlled environment.
Disadvantages:
d Performance: Can introduce overhead due to the additional layers
of isolation.
e Complexity: Implementing effective sandboxing can be complex.
f False sense of security: Not foolproof; determined attackers may
find ways to escape the sandbox.

5. Explain the principles of Security Kernel

Least privilege: Assign the minimum necessary permissions to processes and

users.
Economy of mechanism: Keep the security mechanisms as simple as possible
to reduce the likelihood of vulnerabilities.
Fail-safe defaults: Systems should be secure by default, and security
mechanisms should be active unless explicitly disabled.
Complete mediation: Every access to a resource must be checked for
authorization.
Open design: The design should not be secret, as security should not rely on
the secrecy of the design.
6. Briefly explain the Types of Separation

Physical separation: Different components physically isolated from each

other (e.g., separate servers).
Logical separation: Virtual separation within the same physical system (e.g.,
virtualization, containers).
 Temporal separation: Execution of different tasks at different times to
prevent conflicts.
Cryptographic separation: Use of encryption to isolate sensitive information.

7. Describe the techniques used to protect memory

Address space layout randomization (ASLR): Randomly arranges the

positions of key data areas, making it harder for attackers to predict memory
locations.
Data Execution Prevention (DEP): Prevents code from being executed in
certain regions of memory.
Memory protection: Enforces access controls to prevent unauthorized access
or modification of memory areas.

8. Explain the Benefits of Segmentation for the OS

Isolation: Segmentation allows the division of processes into logically separate

address spaces, preventing interference.
Security: Helps in implementing access controls and protecting critical data.
Resource management: Facilitates efficient memory utilization by allocating
and deallocating segments as needed.

9. In the context of OSS, mention the advantage and disadvantages of paging

Advantages:
a Simplifies memory management: Easier to manage memory
allocation and deallocation.
b Allows for more efficient use of memory: Pages can be allocated
as needed.
c Enables better multitasking: Facilitates the execution of multiple
processes simultaneously.
Disadvantages:
d Overhead: Introduces additional overhead due to page table
management.
e Fragmentation: Can lead to internal fragmentation as memory is
allocated in fixed-size pages.
f Potential for thrashing: Excessive page swapping can degrade
performance.

10. List the File Protection Mechanisms in an OS.

Access control lists (ACLs): Define specific permissions for users or groups
on files or directories.
File permissions: Assigns read, write, and execute permissions to owners,
groups, and others.
Encryption: Protects file contents by encoding them, requiring a decryption
key for access.
File integrity checks: Verify the integrity of files to detect unauthorized
modifications.
Auditing: Logs and monitors file access and changes for security analysis.