Українська   Русский
DonNTU   Masters' portal

Abstract

Content

Introduction

The rapid development of information technology has led to the formation of the information environment, with an impact on all spheres of human activity. However, with the development of information technologies emerge and rapidly rising risks associated with their use, there are a whole new threats, the consequences of the implementation of which mankind had never encountered.

One of the main tools for the implementation of specific information technologies are information systems, the task of ensuring the security of which is a priority, because of the fact that confidentiality, integrity and availability of information resources depend on the result of the activities of information systems. The operating system software is the most important component of any computer, so the level of implementation of security policies in each of the operating system depends largely on the overall security of the information system.

This knowledge of modern methods and means to ensure the security of operating systems are a prerequisite for the formation of a specialist in information security.

1 Relevance of the topic

Currently, one of the most common questions asked by each user himself "What is operating system should to choose, and whether it is reliable?"

For most operating systems either is not fully implemented the basic for this type of applications mandatory mechanism for access to resources is not fully implemented, or its most important requirement "information management must be with labels privacy, the level of confidentiality for a storage should not be below the level of confidentiality of write information is not carried out". In this regard, we will continue to speak only about the possible conplience of remedies for modern operating systems to class protection of confidential information.

2 The purpose and objectives of the study, expected results

The aim of the study is to model the probability of attacks passing on different operating systems. Check whether they correspond to the technical parameters and characteristics, provided by manufacturer.

The main objectives of the study:

 1) Analysis the information security requirements.

 2) Security analysis of modern operating systems.

 3) Simulation of attacks on operating systems and analysis of vulnerabilities.

Research object: Windows operating system.

Research subject: dentification of vulnerabilities in operating systems, protection against unauthorized access.

As a part of the master's work get find the actual scientific results in the following areas is considered:

Unique features of operating systems and their differences.

Statistics of famous hacker attacks on operating system, vulnerabilities analysis.

Simulation of attacks on operating systems using Kali Linux.

3 Review of Research and Development

As an alternative, consider the operating system implementations of Unix and Windows.

First, focus on fundamental or conceptual conflict between implemented in OS security mechanisms and adopted formalized requirements. It is conceptual, in the sense that this contradiction does not characterize any protection mechanism, but the overall approach to building security system.

The contradiction lies in the fundamental difference of approaches to the construction of the administration scheme of protection mechanisms and, as a result, it dramatically affects the formation of the general principles of setting and implementing security policies in the organization, the allocation of responsibility for the protection of information, as well as deciding who to refer as potential intruders .

For an illustration of a set of formal requirements for confidential information protection system, consider the following two requirements:

 1) the right to change the rules of access control (PRD) should be provided to the selected subjects (administration, security services, etc.);

 2) must be provided for the controls, limiting the spread of rights of access.

These requirements are strictly regulated by the scheme (or model) administrative protection mechanisms.

Conclusions

Summing up, we can draw an important conclusion about the fact that the requirements of the protection are not fully implemented by the most modern universal OS. This means that, given the regulatory requirements, they even cannot be used to protect confidential information without additional protection. It should be noted that the main security problems are not caused by the inability of OS requirements for individual protection mechanisms, but by principled reasons, caused by the protection concept implemented in the operating system.

References

  1.  Безбогов А.А., Яковлев А.В., Мартемьянов Ю.Ф. «Безопасность операционных систем : учебное пособие » – М. : "Издательство Машиностроение–1", 2007. – 220 с.
  2.  Дейтел Х.М. Операционные системы. Ч. 1: Основы и принципы  /  Х.М. Дейтел, П.Дж. Дейтел, Д.Р. Чофнес. – М. : Бином, 2006.
  3.  Дейтел Х.М. Операционные системы. Ч. 2: Распределенные системы, сети, безопасность  /  Х.М. Дейтел, П.Дж. Дейтел, Д.Р. Чофнес. – М. : Бином, 2006.
  4.  Гордеев А.В. Операционные системы : учебник для вузов  /  А.В. Гордеев. – СПб. : Питер, 2004. – 416 с.
  5.  Олифер В.Г. Сетевые операционные системы  /  В.Г. Олифер Н.А. Олифер. – СПб. : Питер, 2001. – 544 с.
  6.  Танненбаум Э. Современные операционные системы. 2-е изд.  /  Э. Танненбаум. – СПб. : Питер, 2002. – 1040 с.
  7.  Кастер Х. Основы Windows NT и NTFS. Русская редакция  /  Х. Кастер. – М., 1996.
  8.  Проскурин В.Г. Защита в операционных системах  /  В.Г. Проскурин, С.В. Крутов, И.В. Мацкевич. – М. : Радио и связь, 2000.
  9.  Белкин П.Ю. Защита программ и данных  /  П.Ю. Белкин О.О. Михальский А.С. Першаков [и др.]. – М. : Радио и связь, 1999.
  10.  Дунаев С.Б. UNIX System V Release 4.2. Общее руководство / С.Б. Дунаев. – М. : Диалог–МИФИ, 1996.