Input and output device security

In a computer system, all security mechanisms must complement each other.

between themselves, in such a way that if a person manages to bypass any of the protections, they
find others that make the road difficult.

All the mechanisms aimed at securing the computer system without the system itself.
intervene in the same is encompassed in what we can call external security.

External security can be divided into two main groups:

Physical security. It encompasses those mechanisms that prevent physical agents from
destruction of the existing information in the system; among them we can mention fire,
smoke, flooding, electrical discharges, magnetic fields, physical access of people
with not very good intention, etc.

Administration security. It encompasses the most common mechanisms to prevent access.

logical of individuals to the system.

Physical security
As we have already mentioned, it is about eliminating the possible dangers that originate from the
physical agents or the physical presence of unauthorized persons. To achieve this, we can
consider the following aspects:

Disaster protection. It consists of elements of prevention, detection, and elimination.

that act against fires, smoke, surges, power supply failures, etc.
It is also necessary to control the temperature and cleanliness of the environment in which
they find the teams, installing air conditioning, false floor, ventilation, and, ultimately,
taking into consideration anything that could cause any problems to the installation.

Protection against intruders. From a physical standpoint, it is necessary to establish

mechanisms that prevent unauthorized access of individuals to the facilities.
It is usually carried out through security doors that open with a code or keys.
special, identification of individuals through access cards or by recognition of the
voice, fingerprints, etc.

Administration Security
Understand those mechanisms whose mission is to provide logical access to the system. This access
it can be done through a system terminal or from another system via
a communication network to which both systems are connected.
Access protection
It is a mechanism for controlling the attempts to enter or access the system,
in a way that allows the connection when a user requests it and hands over control
corresponding and reject the attempt in those cases where the identification of the supposed
user is not satisfactory.

Access word or user identifier (password).

To identify the user, the most common formula is to ask for their name.
user (username) followed by the password so that the mechanism accesses the file
corresponding to compare the received data and accept or reject the attempt. The
failed access attempts are recorded by the system so that the administrator of
the system can periodically study whether or not there is an attempt to breach security
of the system.
The operating system equips the system administrator so that at any time they can
can register or unregister a user, assigning in the first case, in addition to a
username, the corresponding initial password. While the name of
The username is public, the password is not, and it is advisable to change it every now and then.
just as not having it written anywhere else but in the user's own mind.

The password, when typed in a terminal, both to access the system and for its
change does not appear on the screen as it does with the rest of the data that is entered, in order to
keep the secret of it. Furthermore, this word is recorded in the files of
system administration encoded or encrypted so that it is not easily recognizable by
the people.

To the process of requesting entry to a system, answering the identification questions,

The verification of the received data and granting the corresponding access is called login.
Similarly, the process of logging out of the system is called logout.

· Cryptography.

It is a transformation process applied to data to hide its content. The

the process that information must undergo to become secret is known as
the name of encryption or encoding, referring to the information before the process as
clear text and after the same text encrypted.

· Data transmission security. In the data transmission lines there are

various security issues due to how easily those lines can be violated.
this reason, to send data through communication lines between computers is
there are various techniques, such as:
· a) Data compression. It consists of compressing the data so that it takes up the least space.
possible space and thus achieve initially that the duration of the transmission is shorter, and
that to understand it you have to unpack it; therefore, the information goes relatively
encrypted. There are many data compression methods, of which the most used
son

· 1. Reduction of white spaces. A file of information can have many

blank spaces that can be replaced by a number indicating how many of them
They are consecutively at a certain point.

· 2. Difference coding. Only the differences are transmitted.

existing between the information that is intended to be sent and the same information already sent
previously, in such a way that at the destination the information can be reconstructed without major difficulties
difficulties. It is a case similar to incremental backups.
where each new copy only records the differences that exist between the current state of the
information and the original, achieving a significant memory savings.

· b) Cryptography. Similar to the process already mentioned to conceal information in a

transmission.

· c) Reliability. In addition to the previous measures, other measures are usually taken to ensure the
Correct state of the information upon arrival at its destination. Problems may arise.
due to accidental causes, such as the influence of strong magnetic fields,
electrical disturbances, etc., as well as for reasons of intrusion in communications with
the end of destroying them or modifying them. Errors can also occur due to collisions between
messages on local networks and a countless number of other causes of diverse nature.

· To avoid all types of incidents, a small part is usually added to the information.
that will allow us to know whether the received data matches the sent data or not. The methods
The most commonly used to ensure reliability in data transmission are hardware mechanisms.
software that allows detecting errors occurring in a communication and even recovering
some of them. We will mention the following methods:

· Parity bit. It consists of adding a bit to each octet or word that is transmitted.
to achieve that the sum of ones is even (even parity) or odd (odd parity). With
this method detects errors by varying one bit or an odd number of them without causing
detect variations of an even number of bits. It is known that most errors that occur
They produce under normal conditions only affect one bit.

· 2. Hamming Codes. They add several control bits to the byte or word to be transmitted,
in such a way that they detect errors of one or more bits and correct them.
· 3. Cyclic Redundancy Check (CRC). If it is expected that the expected damages in a
transmission should not be of a single bit in an octet or word, but in a sequence of them, you
you can use an algorithm that allows performing a sum called a checksum
(Checksum) and apply the method called cyclic redundancy during transmission, of
so that when this ends, the same addition algorithm is repeated at the destination,
checking if the final value of the sum is the same.

INTERNAL SECURITY
All the mechanisms aimed at securing the computer system, with the system itself being the
what controls these mechanisms falls under what we can call security
internal.

· Processor security

The processor protection mechanisms are several and have been studied, and we will now proceed to
list:

· Protected states (Kernel) or unprotected (User).

· Hardware clock to prevent processor lock.

Memory security

These are mechanisms to prevent a user from accessing another's information without
authorization. Among them, we will mention two:

· Limit or boundary records.

· Protected and unprotected states of the processor.

In addition, methods such as using a parity bit or the are employed for memory.
checksum already mentioned.

· File Security

The main purpose of computers is the processing of information that is

permanently stores in the files. The unwanted loss or alteration of such
information could cause disturbances that could be irreparable in some cases. That is why it is
It is necessary to take the corresponding security measures, which should be focused from two
different aspects: the availability and the privacy of the files.
· Availability of the files

A file must have the required information and be available at the moment a user
I needed it. One must keep in mind the need to ensure such a circumstance and for that, it is necessary to
they usually carry out the following actions:

· Backups.

It consists of making a copy of the content every once in a while (hour, day, week...)
from the files, so that if they are destroyed, it is possible to recover the data.
starting from the last of the copies. The operation of making backups, as well as the
data recovery from them is usually done through programs for
utility of the operating system.

The reliability of backups will fundamentally depend on the frequency with which
that are carried out and of the activity index of the files, that is, of the pace at which they
update.

Backups are usually made on magnetic tape, being stored in

dependencies far from the system and in cabinets protected even against fires.

Aside from backups, in many cases it is advisable to keep the

duplicate files on the same or different disk, so that in case of local problems in the
the original file can be quickly retrieved. In large systems, there tends to be
automate the backup processes through software that
Periodically check the date of the last backup of each file, as well as its last process.
of updating, and through some predefined parameters decides which files should be
processed your copies.

· LOG files.

In timesharing systems where many users work simultaneously,

among other operations, numerous updates and modifications are carried out
files, periodic backups are not enough to cope with the loss of the
information. If the computer fails for any reason during a session where there is
a large number of users working, the information from the files can be recovered
since the last backup; but this may not be enough, which is why it is resorted to
in these systems to auxiliary files where all the operations carried out are recorded
a user about their files, the new information or that which differs being stored
the already existing. These files are called LOG files and are handled by
utilities of the operating system along with backups for processes
of recovery.
· File Privacy

The contents of the files must be protected from possible unauthorized access. Among the
danger of allowing all users access to any file, and the rigidity that each
users can only access their own, the protection system must allow access from
controlled manner, according to predefined rules and with the corresponding authorizations.

Each user, upon starting the session in a system after their identification, is assigned by the
protection system of a domain composed of a series of resources and operations
allowed, for example, a series of files to access, not having permission to
access to the rest of the files. In general, operating systems store the information
relative to the domains in what is called the domain matrix, whose rows indicate the
existing domains and the columns the resources. Each element of the matrix indicates the right
to use the corresponding resource in the domain.

If the previous matrix has little information, another type of storage is resorted to.
information about domains, consisting of associating each resource with a list of domains that
they can use it, being called this access list vector. Another one can also be obtained.
vector where each domain is assigned a list of resources it can access,
called in this case list of capabilities.

In all these cases, the management of checklists is done through user commands.
restricted, being these available only to the system administrator.

Protection of input and output devices

Operating systems provide protection mechanisms to be able to

implement protection policies. The policies define what needs to be done (what data and
resources must be protected from whom; it is a management problem), and the mechanisms
determine how it should be done. This separation is important in terms of flexibility,
given that policies can vary over time and from one organization to another. The same
mechanisms, if they are flexible, can be used to implement different policies.

Protection domains
A protection domain is a set of pairs (object, operations); each pair identifies
an object and the operations permitted on it.

At every moment, each process runs within a protection domain. The processes
they can change from one domain to another over time; how this happens depends a lot on the system. In
UNIX associates a domain with each user+group; given a user and the group to which
belongs, one can build a list of all the objects that can be accessed and with what
operations. When a user runs a program stored in a file of
property of another user B, the process can execute within the protection domain of A
or B, depending on the domain bit or SETUSERID bit of the file. This mechanism is used
with some utilities. For example, the passwd program must have privileges that a user
common does not have the ability to modify the file where the keys are stored. What is done
the file /bin/passwd that contains the program is owned by the superuser, and has
the SETUSERID is enabled. This scheme is dangerous: a process can transition from one state
in which one has little power to another in which one has absolute power (there are no middle terms).
Any error in a program like passwd can mean a big hole in security
of the system. When a call is made to the system, a change also occurs
domain, since the call is executed in protected mode.

Access matrix
Now, how does the system manage to keep track of who can access what?
objects and with what operations? Conceptually at least, we can see this model of
protection as a large access matrix.

For most users, the file system is the most visible aspect.

The domain changes that a process can make can also be integrated into
the matrix, treating domains as other objects, with an operation: enter.

A protection policy involves deciding how this matrix will be filled.

Normally, the user who creates an object is the one who decides how it will be filled.
column of the matrix corresponding to that object. The access matrix is
sufficiently general to support various policies. For example:
 The ability to copy or transfer a right from one object to another
domain.
Capacity of a domain to modify rights in others
domains (all, or for a specific resource).

The problem is how to store this matrix. Since it is a sparse matrix (many
of the elements are empty), it is not practical to represent it as a matrix
properly. We could use a table with triples (domain, object, rights). If a
a process within a domain D attempts to perform an operation M on an object O,
We are looking for (D, O, C), and we verify if M belongs to C. In any case, the table is
large, and the scheme is not very efficient. Additionally, if an object can be, by
example, read by everyone, must have entries for each domain.

Access lists
Alternatively, we can store the matrix by columns (discarding, by the way, the
empty entries). That is, each object is associated with a list of pairs (domain, rights).
It is what is known as an access list or ACL. If we think about Unix files, we can
store this list in the node-i of each file, and it would be something like

((Juan, *, RW), (Pedro, Profes, RW), (*, Profes, R))

In practice, a simpler (and less powerful) scheme is used, but it can

still consider it an access list, reduced to 9 bits. 3 for the owner (RWX), 3 for the
group, and 3 for the rest of the world.

Windows NT uses access lists with as much detail as you want: for any
user or group, any subset of rights for a file can be specified, of
between {RWXDPO}. .

AFS also uses ACL, but the granularity is at the directory level, not the file level. The
Permissions that can be assigned to a directory are: Lookup, Insert, Delete, Administer, Read.
Write, Lock. The last three are valid for the files in the directory.

Unix permissions on a directory are completely ignored by AFS. In the case of

files, only the Unix rights for the owner are used by AFS in a special way: they
you can restrict access to users that the ACL grants access to. For example, if
according to the ACL of a directory, a user can write files, but in fact they will only be able to
write those with the owner's W bit turned on.
 List of capabilities
The other possibility is to store the matrix by rows. In this case, each process is associated with
a list of capabilities. Each capability corresponds to an object plus the operations
allowed.

When capabilities are used, it is usual that, in order to carry out an operation
objectO, the process executes the operation specifying a pointer to the capacity
corresponding to the object, instead of a pointer to the object. The overlapping possession of the capacity
on behalf of the process means that it has the rights indicated therein. Therefore,
Obviously, it must be avoided that processes can "forge" capabilities.

One possibility is to keep the capability lists within the operating system, and that the
processes only handle pointers to the capabilities, not the capabilities themselves. Another
possibility is to encrypt the capabilities with a key known by the system, but not by the
user. This approach is particularly suitable for distributed systems, and is used in
Amoeba.

One problem with capacities is that it can be difficult to revoke granted rights.
Amoeba, each object is associated with a large random number, which is also present in
capacity. When a capacity is presented, both numbers must match. In this
In order to revoke the rights already granted, the number associated with the object is changed.
Problem: selective revocation is not possible. Revocations with ACLs are simpler and
more flexible.