os202

A repository for operating systems class fall 2020

View on GitHub

HOME


Top 10 List of Week 02

  1. GNU Privacy Guard
    GnuPG is an application to encrypt, decrypt, and digitally sign a data to be able to access from another devices. It is supported with a security key management such as creating, editing, and deleting security key. It is operated by executing lines of commands on the terminal. GNU/Linux operating systems come with GnuPG installed. I find the article on the above link (click on title) useful and clearly written.

  2. Email encryption
    To obtain a better understanding on how encryption work, try out the basic surveillance self-defence skill in this link https://emailselfdefense.fsf.org/en/ by encrypting your email. Once you have finished, you’ll be able to send and receive emails that are scrambled to make sure a thief intercepting your email can’t read them.

  3. Encryption vs Authentication
    Encryption limits the domain of receivers of data, while authentication limits the domain of senders. Encryption is used to provide confidentiality of data being stored or transferred. Symmetric encryption requires a shared key, while asymmetric encryption provides a public key and a private key. Authentication, when combined with hashing, can prove that data have not been changed.

  4. Hashing
    What is hashing? Is it different with encryption? Yes, they are different. Encryption is a two-way function; what is encrypted can be decrypted with the proper key. Hashing is a one-way function that scrambles plain text to produce a unique message digest. I found this video useful: https://www.youtube.com/watch?v=GI790E1JMgw Encryption and hashing both encode data to maintain its privacy, security, and authenticity.

  5. Types of attack
    Stack- and buffer-overflow techniques allow successful attackers to change their level of system access. Viruses and malware require human interaction, Viruses are generally small snippets of code embedded in a system. They are very dangerous and can corrupt files, destroy data, crash systems. worms are selfperpetuating, sometimes infecting thousands of computers by replicating themselves as required. Denial-ofservice attacks prevent legitimate use of target systems. Access this link to know more types of attack: https://www.tutorialspoint.com/Protection-and-Security-in-Operating-System

  6. Protection vs Security
    Protection is an internal problem. Example of a house, we use lock and key to protect the house. Security must consider both the computer system and the environment—people, buildings, businesses, valuable objects, and threats—within which the system is used.

  7. Principles of least privilege
    Principle of least privilege is a concept in protection which dictates that programs, users, and systems be given just enough privileges to perform their tasks. This ensures that failures do the least amount of harm and allow the least of harm to be done.

  8. Protection domain and access right
    A protection domain specifies the resources that a process may access. Each domain defines a set of objects and the types of operations that may be invoked on each object as written like this of < object, { access right set } >. An access right is the ability to execute an operation on an object. This diagram from OSC book chapter 14 tells it better: https://files.catbox.moe/0ycwoo.png

  9. Access Matrix
    Access matrix is a model of protection with columns which represent different system resources and rows which represent different protection domains. Entries within the matrix indicate what access that domain has to that resource. Geeks for geeks explains it in a concise and clear way (click the link on title)

  10. Firewall
    I hear this term a lot especially when encountering computing problem. Firewalls are devices ( or sometimes software ) that sit on the border between two security domains and monitor/log activity between them, sometimes restricting the traffic that can pass between them based on certain criteria.For example a firewall router may allow HTTP: requests to pass through to a web server inside a company domain while not allowing ssh, or other traffic to pass through.