//
Protection refers to mechanisms for controlling the access of programs, processes, or users to resources defined by the OS. Security refers to defending the system against external and internal attacks.
The principle of Least Privilege states that every process should operate with the minimum set of privileges necessary to complete its task. A web server process should not have permission to modify the kernel or read SSH private keys.
A conceptual matrix where rows represent users/processes (subjects) and columns represent resources (objects). Each cell contains the set of permissions (read, write, execute).
Each resource stores a list of which users/groups can access it and what operations they can perform. This is the column-based view of the access control matrix. Used by NTFS on Windows.
Each user stores a list of resources they can access and the permitted operations. This is the row-based view. Used in some microkernel systems.
Each file has three sets of permissions (Owner, Group, Others), each specifying Read (r), Write (w), Execute (x). Represented as a 9-bit value (e.g., rwxr-xr-- = 754 in octal).
A program writes more data to a buffer than it can hold, overwriting adjacent memory. An attacker crafts the overflow to overwrite the return address on the stack, redirecting execution to malicious code.
An attacker exploits a vulnerability to gain higher privileges than intended (e.g., going from a regular user to root).
Flooding a system with so many requests that it cannot serve legitimate users.
A program that appears legitimate but contains hidden malicious functionality.
How the OS verifies the identity of a user: