System Security

1. Protection and Security

• Protection
• any mechanism for controlling accesses of processes or users to resources defined by the OS
• Security
• defense of the system against internal and external attacks
• huge range, including denial-of-service, worms, viruses, identity theft, theft of services
• System generally first distinguish among users, to determine who can do what
• user identities (user IDs, security IDs) include name, and associated number, one per user
• user ID then associated with all files, processes of that user to determine access control 
• group identifier (group id) allows set of users to be defined and controls managed, then also associated with each process, file 
• privilege escalation allows user to change to effective ID with more rights