Protection in OS : Domain of Protection, Association, Authentication

In this, we will cover the overview of Protection in OS, it’s need and Goals of protection. And mainly will focus on Protection in OS like Domain of Protection, Association, Authentication in details. Let’s discuss it one by one.

Need of protection OS :

• To ensure data safety, process and program safety against illegal user access, or even program access, we need protection. 
• It is to ensure that programs, resources and data are accessed only according to the systems’ policies. 
• It is also to ensure that there are no access rights’ breach, no unauthorized access to the existing data, no virus or worms. 
• There can be security threats such as unauthorized reading, writing, modification or preventing the system to work properly for the authorized users themselves. 

Goals of Protection :

• Therefore, protection is a method of safeguarding data and processes against malicious and intentional intrusion. For that purpose, we have protection policies that are either designed by the system itself or specified by the management itself or are imposed by the programmers individually to protect their programs with extra safety. 
• It also gives a multiprogramming OS the sense of safety that is required by its users to share common space like files or directories.
• The policies bind how the processes are to access the resources present in the computer system, resources like CPU, memory, software and even the OS. Both the OS designer and the application programmer are responsible for this. However, these policies always change from time to time.  

Domain of Protection :

• The protection policies limit the access of each process with respect to their resource handling. A process is bound to use only those resources which it requires to complete its task, in the time limit that it requires and also the mode in which it is required. That is the protected domain of a process.  
• A computer system has processes and objects, which are treated as abstract data types, and these objects have operations specific to them. A domain element is described as <object, {set of operations on object}>. 
• Each domain consists of a set of objects and the operations that can be performed on them. A domain can consist of either only a process or a procedure or a user. Then, if a domain corresponds to a procedure, then changing domain would mean changing procedure ID. Objects may share a common operation or two. Then the domains overlap.

Association between process and domain :
Processes switch from one domain to other when they have the access right to do so. It can be of two types as follows.

1. Fixed or static –
   In fixed association, all the access rights can be given to the processes at the very beginning but that give rise to a lot of access rights for domain switching. So, a way of changing the contents of the domain are found dynamically. 
    
2. Changing or dynamic –
   In dynamic association where a process can switch dynamically, creating a new domain in the process, if need be.  

Security Measures :

• Security measures at different levels are taken against malpractices, such as no person should be allowed on the premises or allowed access to the systems. 
• The network that is used for the transfer of files must be secure at all times. No alien software must be able to extract information from the network while the transfer. This is known as Network Sniffing, and it can be prevented by introducing encrypted channels of data transfer. Also, the OS must be able to resist against forceful or even accidental violations.
• The best ways of authentication are using a username password combination, using fingerprint, eye retina scan or even user cards to access the system. 
• Passwords are a good method to authenticate, but it is also one of the most common as well as vulnerable methods. To crack passwords is not too hard. While there are weak passwords, but even hard passwords can be cracked by either sniffing around or giving access to multiple users or even network sniffing as mentioned above. 

Security Authentication :
To make passwords strong and a formidable authentication source, one time passwords, encrypted passwords and Cryptography are used as follows.

1. One Time Passwords –
   It is used in such a way that it is unique at every instance of login by the user. It is a pair of passwords combined to give the user access. The system generates a random number and the user provides a complementary one or the system and the user are provided a random number by an algorithm and through a common function that the two share they match the output and thus get access.
    
2. Encrypted Passwords –
   It is also a very way to authenticate access. Encrypted data is passed over the network which does the transfer and checking of the passwords that helps in the data passage without interruption or interception.
    
3. Cryptography –
   It is another method of ensuring that data transfer over a network is not available to the unauthorized users. This helps in transfer of data with full protection. It protects the data by introducing the concept of a key. The key is very important here. When a user sends the data, he encodes it using a computer possessing the key and the receiver also has to decode the data using the very same key. Thus, even if the data is stolen mid-way, there’s still a big possibility that the unauthorized user cannot access it.