GROUP MEMBERS

Name & Surname Registration Number

Michelle T Viano R213789N

Tambirai Chirombe R2010830Q
Leon Nota R214144W
Mufaro Duri R206279N
Takudzwa Eugine Dube R212511R
Prosper N Maposa R1813175M

Tisha Hildah Tsokota R219244Y

Takunda Nhepera R213328R

Dencel T Murambi R2010632J
Michael T Mwendera R1912513T
Akatendeka F Tsikira R1916838R
 OPERATING SYSTEMS
An operating system (OS) is system software that manages computer hardware and software resources,
and provides common services for computer programs.
Operating system integrity
• Operating system integrity refers to the assurance that an operating system (OS) functions as intended
and remains free from unauthorized modifications or unauthorized access.
• It encompasses various security mechanisms and practices that aim to protect the integrity of the OS
components, data, and processes, thereby ensuring the stability, reliability, and trustworthiness of the
overall system.
• Key elements of operating system integrity include features like Secure Boot, which verifies the
integrity of the OS during the boot process, and File Integrity Monitoring, which detects unauthorized
modifications to critical system files.
• Access controls, patch management, intrusion detection systems, and maintaining the integrity of the
kernel are also crucial aspects. By implementing these measures, an operating system can maintain its
integrity and provide a secure foundation for the overall system environment.
 MECHANISMS THAT PROTECTS OS INTEGRITY
1. Secure Boot: Secure Boot is a feature that ensures the integrity of the OS during the boot
process. It verifies the digital signatures of boot loaders, kernel, and other critical components
to prevent the execution of malicious or tampered code. For example, Secure Boot can
prevent the execution of bootkits or rootkits that attempt to tamper with the bootloader or
kernel to gain unauthorized access or control over the system. By enforcing the use of
digitally signed components, Secure Boot ensures the integrity of the OS and establishes a
trusted foundation for the entire system's operation.
2. File Integrity Monitoring (FIM): FIM tools monitor critical system files and directories for
any unauthorized modifications or alterations. By regularly checking the integrity of these
files through cryptographic hashes, FIM detects changes that may indicate a compromise or
intrusion. For example, suppose a system file that is critical for the OS operation, such as a
configuration file or a system executable, undergoes an unauthorized alteration. The FIM tool
will calculate the new hash of the file and compare it to the baseline hash. If there is a
mismatch, an alert is triggered, and system administrators can investigate the change further
to determine whether it was a legitimate action or a potential security breach.
 Continuation…

3. Access Controls: Operating systems employ access control mechanisms to enforce restrictions on user privileges and
access to system resources. Role-based access control (RBAC) and discretionary access control (DAC) are examples of
access control models used to maintain the integrity of system resources by ensuring that only authorized users can
perform specific actions or access certain data. For instance, a user may have read and write access to their own files but
not to files belonging to other users. DAC provides a flexible approach to access control, allowing resource owners to
control access to their resources and thus ensuring their integrity.
4. Patch Management: Regularly applying security patches and updates is crucial for maintaining the integrity of an
operating system. These updates address known vulnerabilities and fix software bugs, reducing the risk of exploitation and
unauthorized access. For example, let's consider a scenario where a security vulnerability is discovered in the network
stack of an operating system. This vulnerability allows remote attackers to execute arbitrary code on the affected system.
The operating system vendor promptly develops a patch to address this vulnerability. It is then crucial for system
administrators to apply this patch to all affected systems as soon as possible. By doing so, they close the security gap and
prevent potential unauthorized access or system compromise.
 Continuation…

5. Intrusion Detection Systems (IDS): IDS tools monitor system events, network traffic, and log files to detect signs of
unauthorized activities or intrusion attempts. By alerting system administrators to potential security breaches, IDS helps
maintain the integrity of the operating system and the overall system environment. For example, let's consider a scenario
where a security vulnerability is discovered in the network stack of an operating system. This vulnerability allows remote
attackers to execute arbitrary code on the affected system. The operating system vendor promptly develops a patch to
address this vulnerability. It is then crucial for system administrators to apply this patch to all affected systems as soon as
possible. By doing so, they close the security gap and prevent potential unauthorized access or system compromise.
IMPORTANCE OF MAINTAINING INTEGRITY IN AN OS.
• Ensures the trustworthiness of system components and data.
• Prevents unauthorized modifications or tampering with critical system files.
• Guards against the execution of malicious code or unauthorized software.
• Protects against data breaches and unauthorized access to sensitive information.
• Enhances the overall security posture of the operating system.
• Reduces the risk of system compromise and unauthorized control.
• Preserves the stability and reliability of the operating system.
• Supports compliance with security standards and regulations.
• Builds user confidence in the security of the system.
 NATURE OF A SECURE OPERATING SYSTEM

•A secure operating system (OS) is one designed to protect user data, system resources, and overall functionality
from unauthorized access, use, disruption, modification, or destruction. It acts as a strong foundation for information
security on your device.

•Here's why a secure OS is crucial:

 Protects Your Data: Our devices often hold sensitive information like financial records, personal documents,
and communication history. A secure OS safeguards this data through features like encryption and access control.
 Combats Malware and Cyberattacks: The ever-present threat of malware, viruses, and hacking attempts
necessitates a robust defense system. Secure operating systems employ features like firewalls, secure boot, and
vulnerability patching to minimize these risks.
 Maintains System Integrity: A secure OS ensures the operating system itself and its core components remain
unaltered and function as intended. This prevents attackers from exploiting vulnerabilities or manipulating the
system for malicious purposes.
 Ensures Privacy: With the increasing reliance on online activities, protecting user privacy is essential.
Secure operating systems provide mechanisms to control data access and limit unauthorized tracking,
safeguarding your online privacy.
 Promotes Trust and Reliability: A secure OS fosters trust in your computing environment. You can be
confident that your device is less susceptible to security breaches, data loss, or system malfunctions, allowing
you to work and interact online with greater peace of mind.

a secure OS takes a more comprehensive approach with a focus on protecting the system from various threats.
Here's a breakdown of the key differences:
Security Focus:
 Regular OS: Security is "added on" as an afterthought, with varying degrees of effectiveness.
 Secure OS: Security is a core principle woven into the design from the ground up. Every component is built
with security in mind to minimize vulnerabilities.
Features:
 Regular OS: May have basic features like password protection and firewalls. Updates might be optional or
less frequent.
 Secure OS: Employs a wider range of security features like access control (stronger user authentication,
multi-factor authentication), encryption, secure boot, application sandboxing, and rigorous vulnerability
management with timely updates.
 Continuation…

Target Audience:
 Regular OS: Designed for general use, catering to a broad audience with varying levels of security
awareness.
 Secure OS: Often targeted towards specific use cases requiring high security, such as government
agencies, financial institutions, or environments handling sensitive data.
Transparency:
 Regular OS: The inner workings and codebase may not be readily available for public scrutiny.
 Secure OS: Some secure operating systems, particularly open-source ones, benefit from public review of
their code, potentially leading to faster identification and patching of vulnerabilities.
Examples:
 Regular OS: Windows, macOS (although both offer robust security features in their latest versions)
Secure OS: QubeOS (focused on application isolation), Tails OS (privacy-focused), KasperskyOS (evaluated
for high security standards)
 Continuation…

Key Characteristics of a Secure Operating System:

Access control
Secure operating systems utilize a multi-layered approach to control access to system resources and prevent
unauthorized access. Here are some key mechanisms:
1. Authentication and Authorization:
 Authentication: This verifies a user's identity. Common methods include passwords, multi-factor authentication
(MFA) with tokens or biometrics (fingerprint, facial recognition), and smart cards. Only authenticated users can
attempt to access resources.
 Authorization: Even after successful authentication, a user might not have permission to access everything.
Authorization determines what specific actions a user can perform on a resource (read, write, execute) based on
their user privileges or assigned roles.
2. Access Control Lists (ACLs) and Capabilities:
 ACLs: These are lists associated with resources (files, folders, devices) that specify which users or groups have
permission to access them and at what level (read, write, execute).
 Capabilities: These are digital tokens representing a user's permission to perform a specific action on a resource.
Unlike ACLs, capabilities are tied to the user and cannot be easily shared, enhancing security.
 Continuation…
3. User Privileges and Roles:
 User Privileges: These define the level of access a user has on the system. Regular user accounts have limited
privileges, while administrator accounts have broader access for system management tasks (but should be used
sparingly).
 Roles: Organizations can assign roles (e.g., system administrator, application user) with pre-defined access
permissions, simplifying access control for groups of users.

4. Sandboxing:
This creates isolated environments for applications. Sandboxed applications have limited access to system
resources and cannot directly interact with other applications or the core system, preventing potential malware from
spreading or unauthorized programs from compromising the system.

5. Network Access Control (NAC):

 This is relevant for network-connected systems. NAC enforces security policies on network devices, restricting
unauthorized access to the system from external sources.

6. Auditing and Logging:

 Secure operating systems continuously monitor and log system activity. This allows administrators to identify
suspicious behavior or attempted unauthorized access and take appropriate action.
 DATA PROTECTION

•The concept of CIA (Confidentiality, Integrity, and Availability) plays a vital role in data protection, and a
secure operating system (OS) implements various mechanisms to address each aspect:
•Confidentiality:
 Access Control: access control lists (ACLs), user privileges, and role-based access restrict who can
view or modify data.
 Encryption: Data at rest (stored on disk) is encrypted using algorithms and keys, making it
unreadable without proper decryption. Secure OSes might also offer encryption for data in transit
(being transferred) over networks.
 Secure Boot: This verifies the integrity of the operating system before it boots up, ensuring no
unauthorized modifications have been made that could compromise confidentiality.
•Integrity:
 File Permissions and Ownership: Permissions define who can modify files, preventing
unauthorized alteration. Ownership allows tracking who created a file, aiding accountability.
 Continuation…

 Digital Signatures: These can be used to verify the authenticity and integrity of data. When a file is signed,
any unauthorized changes will invalidate the signature, alerting users to potential tampering.
 Hashing: Secure OSes can calculate a unique hash (checksum) for files. This value acts like a fingerprint, and
any changes to the file will result in a different hash value, indicating data integrity issues.

Availability:

 User Account Management: Limiting administrator accounts and enforcing strong password policies reduce
the risk of unauthorized access that could disrupt system availability.
 Disk Mirroring and Backups: Mirroring replicates data across multiple storage devices. If one disk fails, the
other remains operational, ensuring data availability. Backups provide a recovery option in case of data loss
due to hardware failure, malware attacks, or accidental deletion.
 Patch Management: Regularly installing security updates and patches addresses vulnerabilities that could be
exploited to disrupt system availability. Update deployment tools can automate this process.
 Redundancy and Failover: Critical system components might be designed with redundancy (having
backups) or failover mechanisms (automatically switching to a secondary system) to maintain availability if a
primary component malfunctions.
 SECURE COMMUNICATION
•Secure operating systems (OS) play a crucial role in facilitating secure communication between users and
systems. Here's how they achieve this:
•1. Encryption Protocols:
 TLS/SSL (Transport Layer Security/Secure Sockets Layer): This is the backbone of secure
communication on the internet. The OS provides libraries and tools for applications to leverage TLS/SSL.
This protocol establishes a secure connection between two parties (user and server) by encrypting data in
transit, protecting it from eavesdropping or tampering during transmission.
•2. Secure Shell (SSH):
 This is a cryptographic network protocol for secure remote login and command-line access to another
computer. The OS provides SSH client and server functionalities. SSH uses public-key cryptography to
authenticate users and encrypts all data exchanged during the session, ensuring secure communication even
over insecure networks.
•3. Virtual Private Networks (VPNs):
 While not directly an OS feature, secure operating systems often integrate well with VPN software. VPNs
create an encrypted tunnel over a public network, allowing users to securely connect to remote resources as
if they were directly connected to a private network.
 Continuation…

4. Digital Signatures:
 These can be used to verify the authenticity and integrity of data exchanged between users and systems. The OS
might provide libraries for applications to sign and verify digital signatures. This helps ensure that the data comes
from a trusted source and hasn't been tampered with during transmission.
5. Secure Boot and Trusted Platform Module (TPM):
 Secure boot verifies the integrity of the operating system before it boots up. This prevents unauthorized
modifications that could compromise system security and potentially lead to insecure communication channels.
 TPM (a hardware security chip) can be used to store encryption keys and perform cryptographic operations,
further strengthening the security foundation for communication.
6. Application Sandboxing:
 This isolates applications from the core system and other applications. If malware or a compromised application
attempts to send sensitive data through an insecure channel, sandboxing can prevent it from accessing the
network or modifying system settings related to communication.
7. Firewalls:
 Firewalls act as gatekeepers, filtering incoming and outgoing network traffic based on predefined security
policies. The OS may provide built-in firewall functionality or integrate with third-party firewall software. This
helps block unauthorized attempts to access systems or exfiltrate data through insecure channels.
 Continuation…

8. User Authentication and Authorization:

 Strong user authentication mechanisms (passwords, MFA) ensure that only authorized users can initiate
communication with systems. Authorization controls what actions users can perform, preventing unauthorized
access to sensitive information or functionalities that could compromise communication security.
9. Secure Coding Practices:
 Secure operating systems are themselves built with security best practices in mind. This reduces the risk of
vulnerabilities within the OS that could be exploited to intercept or manipulate communication channels.
10. Update Management:
 Regularly installing security updates and patches for the OS and applications is crucial. Updates often address
vulnerabilities that could be exploited to compromise secure communication channels.
 SECURITY MECHANISMS AND FEATURES

•Mandatory Access Control (MAC) is a security model that enforces access control policies based on two key
attributes:
1. Data Sensitivity: This refers to a classification level assigned to data, such as "Top Secret," "Secret,"
"Confidential," or "Unclassified." This classification reflects the potential damage caused by unauthorized
access or disclosure of the data.
2. User Clearance: This refers to the security authorization level assigned to a user, such as "Top Secret,"
"Secret," "Confidential," or "Unclassified." This clearance level indicates the kind of sensitive information
a user is trusted to access and handle.
•Here's how MAC enforces access control based on these attributes:
 Labeling: Both data and users are assigned labels that reflect their respective security levels. Data labels
are typically attached to files, folders, or system resources, while user labels are associated with user
accounts.
 Continuation…
 Bell-LaPadula Model: This is a foundational principle in MAC that dictates access permissions. It has three
main rules:

1. Simple Security Property: A user can only access data at their clearance level or lower.
2. *Property of -Property (Star Property): A user can only create data at their clearance level
3. (Optional) Discretionary Security Property: This allows some limited discretionary control by
administrators, but it cannot override the Bell-LaPadula rules.

 Centrally Managed Policy: MAC access control policies are centrally defined and enforced by the operating
system or security software. This ensures consistency and prevents users from modifying access permissions
themselves.

 Access Control Lists (ACLs) are secondary: While MAC uses labels for enforcement, some systems might
also utilize ACLs to specify additional granular permissions within the constraints set by the MAC labels.
Benefits of MAC:
 Rigorous Security: MAC enforces strict access control, minimizing the risk of unauthorized access to
sensitive data, especially human error.
 Consistency: The centralized policy ensures consistent enforcement across the system, reducing
vulnerabilities.
 ROLE BASED ACCESS CONTROL

•Role-Based Access Control (RBAC) is a widely used access control model that simplifies permission management
by associating permissions with roles, and then assigning roles to users. Here's how it works:
1. Identifying Roles: The first step involves defining the various roles within an organization based on
responsibilities and job functions. Examples include System Administrator, Sales Representative, etc. Each
role should have a clear description of its associated tasks and data access requirements.
2. Assigning Permissions: Permissions define the specific actions a user can perform on a system or with data
Permissions are assigned to roles based on the needs of each role.
3. User-Role Assignment: Users are then assigned one or more roles based on their job responsibilities. A single
user can have multiple roles if their work requires access to different resources or functionalities.
• Effective Permissions: A user's effective permissions are the combined permissions of all the roles they are
assigned to. This means a user inherits all the permissions associated with each role they hold. There might be
some conflict resolution logic in place if two assigned roles have conflicting permissions on a specific resource.
 Continuation…

Benefits of Role Based Access Control:

 Simplified Management: Assigning permissions to roles instead of individual users makes access control more
manageable, especially in large organizations.
 Reduced Risk: Granting access based on job functions minimizes the risk of users having more access than they
need, lowering the potential for accidental breaches.
 Improved Efficiency: Adding or removing users becomes easier as you simply modify their role assignments.
Drawbacks of RBAC:
 Granularity: RBAC might not be suitable for environments requiring very granular access control needs.
 Over-privileging: Assigning too many roles to a user can lead to them having more permissions than necessary.
 Scalability: Managing a large number of roles and permissions can become complex in very large organizations.
Use Cases of RBAC:
 Corporate networks
 Cloud applications
 Enterprise software systems
 Continuation…

Functional requirements vary depending on the type of software. Some examples may include the following:
● The system sends a confirmation email when a new user account is created.
● The system sends an approval request after the user enters personal information.
● The user can review items in the cart, change their number, or remove them before checkout.
● The app can send notifications to users for updates, reminders, or promotional content.
● Users should be able to provide feedback or rate services/products within the app.
● The app should allow users to create accounts and log in using credentials like email and password or through social
media integration.
 Design approach
• There are multiple ways to designing operating systems which are typically dependent on the goals,
requirements, and constraints of the system in question.
• The design approaches involve the following:

I. Monolithic design
II. Microkernel design
III. Hybrid design
 MONOLITHIC DESIGN

• This defines a single, large program where all the operating system functionalities are implemented within a
single kernel
• The kernel provides all essential services, such as process management, memory management, device drivers
and file systems.
• It provides efficient and direct access to system resources but can be challenging to maintain or expand.

Advantages of monolithic design

• There is simplicity and efficiency since system calls and data transfers between kernel and user space are
relatively straightforward.
• These designs can provide better performance in certain cases, especially when the application has a high
level of inter-component communication
• Cost effectiveness.
 DISADVANTAGES OF MONOLITHIC DESIGN

• Fault isolation tend to be limited as a failure in one component can potentially affect the stability
and performance of the whole/entire system
• There is lack of modularity as it is challenging to isolate and update individual components.
Microkernel design
• The operating system is divided into smaller, independent modules or servers.
• Core functionalities of the os such as process management and memory management are
implemented in the microkernel whilst file systems and device drivers are implemented as separate
modules
 ADVANTAGES OF MICROKERNEL

• Promotes modularity by separating the essential kernel services from non-essential services
• There is fault isolation and reliability through minimizing the amount of code running in kernel
space
• There is security enhancement through reduction of trusted computing base (TCB), which consists
of the code that needs to be trusted.
 DISADVANTAGES OF MICROKERNEL

• It is complex to design and implement a microkernel-based operating system compared to a

monolithic design
• There may exist limited opportunities for performance optimization compared to monolithic
designs
 HYBRID DESIGN

• It combines elements of both monolithic and microkernel designs and aims to strike a balance
between efficiency and flexibility.
• The core functionality of the operating system is implemented in the kernel, similar to the
monolithic design, but some non-core services are implemented as separate modules, similar to the
microkernel design.
• It thus, allows for better modularity while still maintaining efficient access to system resources.
ADVANTAGES AND DISADVANTAGES OF HYBRID
DESIGNS
• Its merits is that it provides a balance between modularity and performance.
• Moreso, they allow for critical operating system functionality to reside in the kernel, providing
efficient and optimized access to hardware resources.
• Its drawbacks may include an increase in complexity compared to both monolithic and microkernel
designs.
 VIRTUALIZATION

• Virtualization is an approach where multiple virtual machines (VMs) run on top of a hypervisor.
This design focuses on providing virtualization capabilities and managing the resources of the
underlying hardware.
• Each VM typically runs its own operating system, known as a guest operating system.
• Virtualization provides isolation and resource allocation among VMs, allowing multiple operating
systems to run concurrently on the same physical machine.
 DISTRIBUTED SYSTEM DESIGNS

• In a distributed operating system, the focus is on managing a network of interconnected computers

as a single cohesive system.
• The design approach involves coordinating and distributing tasks across multiple machines,
providing transparency and fault tolerance.
• Distributed systems often require specialized algorithms and protocols to handle communication,
synchronization, and resource sharing.
 Operating System Threats
Operating systems encompasses various types of malicious activities, attacks, or vulnerabilities that can impact
the integrity, availability and confidentiality of the system or its data and these attacks are explained below.
1.Insider Attacks
• threats that originate from within the organisation including individuals who have authorized access to
sensitive information/ system.
• This can also involve deliberately causing harm to the organisation by stealing or leaking sensitive
information / system and unintentional inside threats can be caused by lack of awareness or human error
leading to security incidents or data breaches.
Solutions

Background checks
• Conduct thorough background checks on employees and contractors during hiring processes including
criminal record checks and verification of employment history.
Role based access control(RBAC)
• Limit access to sensitive information and resources based on the users role and grant access to those who
need it to perform their job function.
Regular audits and monitoring
• Implement regular audits on user activities especially those with elevated privileges and monitor user behaviour to
identify unusual or suspicious activities.
Segregation of duties
• Dividing critical tasks among privileged individuals so that one person can only access sensitive information
Implement strong authentication measures
• Using multi factor authentication (MFA) for accessing sensitive system and resource s to reduce chances of
unauthorized access.
2.Malware Threats
• Malware is a type of software designed to take over or damage a computer user's operating system, without the
user's knowledge or approval. It can be very difficult to remove and very damaging.
 Types of Malware
a)Trojan Viruses
A Trojan horse is a malicious program that is disguised as legitimate software. Discretionary environments are often more
vulnerable and susceptible to Trojan horse attacks because security is user focused and user directed. Thus the compromise
of a user account could lead to the compromise of the entire environment. A Trojan horse:
• cannot replicate itself .
• Often contains spying functions (such as a packet sniffer) or backdoor functions that allow a computer to be remotely
controlled from the network.
• Often is hidden in useful software such as screen savers or games.
• Example: Back Orifice, Net Bus, Whack-a-Mole.
b). Worm
A worm is a self-replicating program that can be designed to do any number of things, such as delete files or send
documents via e-mail. A worm can negatively impact network traffic just in the process of replicating itself. Red code is an
example of a worm.A worm:
• Can install a backdoor in the infected computer.
• Is usually introduced into the system through a vulnerability.
• Infects one system and spreads to other systems on the network.

c)Ransomware
prevents access to the data of the victim and threatens to delete it or publish it unless they get paid.

Solutions
a)Use antivirus software.
b)Install firewall.
c)Backup data on another separate device.
d)Keep software updated.
e).Avoid clicking unkown websites.

3.Social Engineering threats(attacks)

it works by psychologically manipulating users into performing action desirable to an attacker , or divulging sensitive
information.
Types of Social Engineering Attacks
a)Phishing
Phishing is when an attacker sends a fraudulent correspondent that seem to come from legitimate source
usually via email. The email urge the user to perform a specific action such as clicking a link leading to
downloading malicious software.
b).Scareware security software
It pretends to scan for a virus and give users false warnings. The attacker will ask the user to pay for it to be
removed.
c).Pretexting
Pretexting occurs when the threat actor lies to the target to gain access to access data .
Solutions
a)Educate and awareness
Educate our employees and be able to detect a phishing attack.Not to disclose sensitive information to a
website or a person.
b)Spam Filtering
Implement and configure a spam filter to automatically detect and block phishing emails.
c)Multi –Factor Authentication.
d)Continuously Monitoring of Critical Systems.
e)Penetrate Testing.
f)Check and update your Security Patches.

4.Software Supply Chain threat(attack)

It is a cyber attack against an organisation that targets weak links in its trusted software
updates. A supply chain the chain of all individuals , organisations , resources activities
and technologies involved in the creation and sale of a product.

Software Supply Chain Threats

a)Compromise of software building tools or development/test infrastructure.
b)Compromise of device or accounts owned by privileged third part vendors .
c)Malicious app signed with stolen code signing certificates or developer identification.

Solution
a)Know and be familiar with your vendors
b)Continuous Monitoring
c)Protect developer endpoints
d)Implement zero trust
5.Distributed denial of service(DDoS)
It occurs when multiple system flood the system or resources of a target system usually one or more web servers.An attack
uses one or more IP addresses or machines often drom thousands of hosts infected with malware.
Methods of DDoS attacks includes:
a)Botnets
• systems under hacker control that have been infected with malware
b)Smuff attack
• sends Internet Control Message Protocol(ICMP)echo request to the victim’s IP address .The ICMP request are generated
from spoofed IP addresses.
• The attacker perform it at a large scale.
Solutions
a)Deploy firewalls for sophisticated application attacks
b)Know what is normal and abnormal traffic
c)Reduce attack surface area