WikiGalaxy
Security Goals in Operating Systems
Confidentiality
Ensures that sensitive information is accessed only by authorized individuals. It prevents unauthorized access to data.
Integrity
Maintains the accuracy and consistency of data over its entire lifecycle, ensuring data is not altered by unauthorized users.
Availability
Ensures that information and resources are accessible to authorized users when needed.
Authentication
Verifies the identity of users and systems to ensure that only legitimate entities can access resources.
Non-repudiation
Guarantees that a party in a communication cannot deny the authenticity of their signature on a document or a message they sent.
Common Security Threats
Malware
Malicious software designed to harm or exploit any programmable device, service, or network.
Phishing
Fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity in electronic communication.
Denial of Service (DoS)
Attacks that aim to make a machine or network resource unavailable to its intended users by overwhelming it with requests.
Man-in-the-Middle (MitM)
An attack where the attacker secretly intercepts and relays communications between two parties who believe they are directly communicating with each other.
Insider Threats
Threats originating from individuals within the organization who misuse their access to harm the organization.
Example: Ensuring Confidentiality
Encryption
Encrypting sensitive data ensures that even if data is intercepted, it cannot be read without the decryption key.
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.util.Base64;
public class EncryptionExample {
public static void main(String[] args) throws Exception {
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
SecretKey secretKey = keyGen.generateKey();
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
String originalText = "SensitiveData";
byte[] encryptedText = cipher.doFinal(originalText.getBytes());
System.out.println(Base64.getEncoder().encodeToString(encryptedText));
}
}
Explanation
This example demonstrates how encryption can protect confidentiality. The AES algorithm is used to encrypt the data, ensuring that unauthorized users cannot read it without the correct key.
Example: Maintaining Integrity
Checksums
Using checksums to verify data integrity can detect any unauthorized alterations to data.
import java.security.MessageDigest;
public class ChecksumExample {
public static void main(String[] args) throws Exception {
String data = "ImportantInformation";
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] checksum = md.digest(data.getBytes());
System.out.println(bytesToHex(checksum));
}
private static String bytesToHex(byte[] hash) {
StringBuilder hexString = new StringBuilder();
for (byte b : hash) {
String hex = Integer.toHexString(0xff & b);
if (hex.length() == 1) hexString.append('0');
hexString.append(hex);
}
return hexString.toString();
}
}
Explanation
This example uses SHA-256 to create a checksum of the data. If the data is altered, the checksum will change, indicating a loss of integrity.
Example: Ensuring Availability
Redundancy
Implementing redundancy in systems ensures that resources remain available even if one component fails.
// Pseudo-code for demonstrating redundancy
public class RedundancyExample {
public static void main(String[] args) {
Server primaryServer = new Server("Primary");
Server backupServer = new Server("Backup");
if (!primaryServer.isAvailable()) {
backupServer.handleRequests();
} else {
primaryServer.handleRequests();
}
}
}
class Server {
private String name;
public Server(String name) {
this.name = name;
}
public boolean isAvailable() {
// Simulate server availability
return Math.random() > 0.5;
}
public void handleRequests() {
System.out.println(name + " server is handling requests.");
}
}
Explanation
This example simulates a system with a primary and a backup server. If the primary server is unavailable, the backup server ensures continuity of service, thus maintaining availability.
Example: Authentication
Password Authentication
Using passwords to verify user identity ensures that only authorized users can access the system.
import java.util.Scanner;
public class AuthenticationExample {
public static void main(String[] args) {
String storedPassword = "securePassword123";
Scanner scanner = new Scanner(System.in);
System.out.print("Enter your password: ");
String inputPassword = scanner.nextLine();
if (storedPassword.equals(inputPassword)) {
System.out.println("Authentication successful!");
} else {
System.out.println("Authentication failed.");
}
}
}
Explanation
This example demonstrates a basic password authentication system. The user must enter the correct password to gain access, ensuring that only authorized individuals can access the system.
Example: Non-repudiation
Digital Signatures
Digital signatures provide a way to ensure that a message or document has been signed by the intended sender, preventing denial of sending.
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
public class DigitalSignatureExample {
public static void main(String[] args) throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair pair = keyGen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
Signature sign = Signature.getInstance("SHA256withRSA");
sign.initSign(privateKey);
byte[] data = "ImportantMessage".getBytes();
sign.update(data);
byte[] digitalSignature = sign.sign();
sign.initVerify(publicKey);
sign.update(data);
boolean isVerified = sign.verify(digitalSignature);
System.out.println("Signature verification: " + isVerified);
}
}
Explanation
This example uses RSA to create a digital signature. It ensures that the message is authentic and has not been tampered with, providing non-repudiation.
