Information Technology Reference
In-Depth Information
or data. An example computer virus is a keylogger: a program that modifies
the operating system to record every keystroke entered by the user and send
those keystrokes back to the attacker's machine. In this way, the attacker could
gain access to the user's passwords, bank account numbers, and other private
information. Likewise, a malicious screen saver might surreptiously scan the
disk for files containing personal information or turn the system into an email
spam server.
Even with strong fault isolation, a system can be insecure if its applications
are not designed for security. For example, the Internet email standard provides
no strong assurance of the sender's identity; it is possible to form an email mes-
sage with anyone's email address in the \from" eld, not necessarily the actual
sender. Thus, an email message can appear to be from someone (perhaps some-
one you trust), when in reality it is from someone else (and contains a malicious
virus that takes over the computer when the attachment is opened). By now,
you are hopefully suspicious of clicking on any attachment in an email. If we
step back, though, the issue could instead be cast as a limitation of the inter-
action between the email system and the operating system | if the operating
system provided a cheap and easy way to process an attachment in an isolated
execution environment with limited capabilities, then even if the attachment
contained a virus, it would be guaranteed not to cause a problem.
Complicating matters is that the operating system must not only prevent
unwanted access to shared data, it must also allow access in many cases. We
want users and programs to interact with each other, to be able to cut and paste
text between different applications, and to read or write data to disk or over
the network. If each program was completely standalone, and never needed to
interact with any other program, then fault isolation by itself would be enough.
However, we not only want to be able to isolate programs from one another, we
also want to be able to easily share data between programs and between users.
Thus, an operating system needs both an enforcement mechanism and a
security policy.
Enforcement is how the operating system ensures that only
Denition: enforcement
permitted actions are allowed.
The security policy defines what is permitted
Denition: security policy
| who is allowed to access what data and who can perform what operations.
Malicious attackers can target vulnerabilities in either enforcement mechanisms
or security policy.
1.2.3
Portability
All operating systems provide applications an abstraction of the underlying
computer hardware; a portable abstraction is one that does not change as the
Denition: portable
hardware changes. A program written for Microsoft's Windows 7 should run
correctly regardless of whether a specific graphics card is being used, whether
persistent storage is provided via flash memory or rotating magnetic disk, or
whether the network is Bluetooth, WiFi, or gigabit Ethernet.
