Home / Topics / OS Security

Operating System Security

Learn Windows and Unix security models, access control, permissions, and OS protection mechanisms.

Introduction to OS Security

Operating System Security involves protecting the operating system from threats, including unauthorized access, malicious software, and data theft. The OS serves as the foundation for all security measures on a computer system.

OS Security Goals:
• Protect system resources from unauthorized access
• Ensure process isolation and memory protection
• Provide authentication and authorization mechanisms
• Maintain system integrity and availability

Protection Rings

Protection rings are a hierarchical security model that separates privileged and non-privileged operations in operating systems.

Ring Model

Ring Privilege Level Description
Ring 0 Kernel mode - full system access
Ring 1 High Some kernel components
Ring 2 Medium Device drivers
Ring 3 Low User applications

Kernel vs User Mode

  • Kernel Mode: Full access to all system resources, runs OS kernel
  • User Mode: Limited access, runs applications with restrictions
  • System calls bridge between user and kernel mode

Access Control Models

Discretionary Access Control (DAC)

Resource owners control access to their resources. The owner decides who can access what.

  • Common in personal computers
  • Flexible but less secure
  • Examples: Unix/Linux permissions, Windows ACLs

Mandatory Access Control (MAC)

System enforces access controls based on security labels. Users cannot override policies.

  • Used in high-security environments
  • More restrictive
  • Examples: SELinux, military systems

Role-Based Access Control (RBAC)

Access is based on roles rather than individual users. Users are assigned to roles.

  • Simplifies administration
  • Common in organizations
  • Easier to manage than individual permissions

Modern Approach: Many systems combine these models. For example, Linux uses DAC by default but can enable MAC with SELinux.

Windows Security

Windows Security Components

Security Identifiers (SID)

Unique identifiers for users and groups:

Format: S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx-xxxx

Access Tokens

Kernel object containing user's security profile:

  • User SID
  • Group SIDs
  • Privileges
  • Created at logon, assigned to all processes

Security Descriptors

Contain security information for objects:

  • Owner SID
  • Primary group SID
  • Discretionary ACL (DACL) - who can access
  • System ACL (SACL) - auditing

Access Control Lists (ACLs)

List of access control entries (ACEs) specifying who can access objects.

Unix/Linux Security

File Permissions

Unix uses a simple but powerful permission system based on three categories:

  • Owner (u): The file's owner
  • Group (g): Members of the file's group
  • Others (o): Everyone else

Permission Types

  • r (4): Read
  • w (2): Write
  • x (1): Execute
Example: -rwxr-x---
Owner: rwx (7)
Group: r-x (5)
Others: --- (0)

Total: 750

Special Permissions

  • SUID: Run as file owner (4)
  • SGID: Run as file group (2)
  • Sticky Bit: Only owner can delete (1)

Root User (Superuser)

The root user (UID 0) has unrestricted access to all system resources:

  • Can access any file
  • Can modify any system setting
  • Should be used sparingly
  • Use sudo for specific privileges

Unix Account Security

  • Passwords stored as salted hashes in /etc/shadow
  • Use strong password policies
  • Disable unnecessary accounts
  • Limit root access
  • Use key-based SSH authentication