1. Protection and Security
- Protection
- any mechanism for controlling accesses of processes or users to resources defined by the OS
- Security
- defense of the system against internal and external attacks
- huge range, including denial-of-service, worms, viruses, identity theft, theft of services
- System generally first distinguish among users, to determine who can do what
- user identities (user IDs, security IDs) include name, and associated number, one per user
- user ID then associated with all files, processes of that user to determine access control
- group identifier (group id) allows set of users to be defined and controls managed, then also associated with each process, file
- privilege escalation allows user to change to effective ID with more rights