Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Operating system
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Security=== {{Main|Computer security}} Security means protecting users from other users of the same computer, as well as from those who seeking remote access to it over a network.{{sfn|Tanenbaum|Bos|2023|pp=605-606}} <!-- A [[Vulnerability (computing)|vulnerability]] is when a bug can be exploited to compromise the system or its data; an [[Exploit (computer security)|exploit]] is the signal needed to trigger the bug causing the vulnerability.{{sfn|Tanenbaum|Bos|2023|p=606}} Often the goal of the attacker is to install [[malware]], whether in the form of a [[computer virus|virus]], [[computer worm|worm]], or [[Trojan (malware)|Trojan]].{{sfn|Tanenbaum|Bos|2023|p=607}} --> Operating systems security rests on achieving the [[CIA triad]]: confidentiality (unauthorized users cannot access data), integrity (unauthorized users cannot modify data), and availability (ensuring that the system remains available to authorized users, even in the event of a [[denial of service attack]]).{{sfn|Tanenbaum|Bos|2023|p=608}} As with other computer systems, isolating [[security domain]]s—in the case of operating systems, the kernel, processes, and [[virtual machine]]s—is key to achieving security.{{sfn|Tanenbaum|Bos|2023|p=609}} Other ways to increase security include simplicity to minimize the [[attack surface]], locking access to resources by default, checking all requests for authorization, [[principle of least authority]] (granting the minimum privilege essential for performing a task), [[privilege separation]], and reducing shared data.{{sfn|Tanenbaum|Bos|2023|pp=609–610}} Some operating system designs are more secure than others. Those with no isolation between the kernel and applications are least secure, while those with a [[monolithic kernel]] like most general-purpose operating systems are still vulnerable if any part of the kernel is compromised. A more secure design features [[microkernel]]s that separate the kernel's privileges into many separate security domains and reduce the consequences of a single kernel breach.{{sfn|Tanenbaum|Bos|2023|p=612}} [[Unikernel]]s are another approach that improves security by minimizing the kernel and separating out other operating systems functionality by application.{{sfn|Tanenbaum|Bos|2023|p=612}} Most operating systems are written in [[C (programming language)|C]] or [[C++]], which create potential vulnerabilities for exploitation. Despite attempts to protect against them, vulnerabilities are caused by [[buffer overflow]] attacks, which are enabled by the lack of [[bounds checking]].{{sfn|Tanenbaum|Bos|2023|pp=648, 657}} <!-- Other types of vulnerability in operating systems written in C and C++ include [[format string attack]]s, which exploit lack of [[type checking]] to [[code injection|inject malicious code]],{{sfn|Tanenbaum|Bos|2023|pp=658, 661}} [[use-after-free attack]]s that rely on [[C dynamic memory allocation|dynamically allocated memory]],{{sfn|Tanenbaum|Bos|2023|p=661}} and [[null pointer dereference attack]]s that an attacker can exploit to crash a computer.{{sfn|Tanenbaum|Bos|2023|p=664}} --> Hardware vulnerabilities, some of them [[Speculative execution CPU vulnerabilities|caused by CPU optimizations]], can also be used to compromise the operating system.{{sfn|Tanenbaum|Bos|2023|pp=668–669, 674}} There are known instances of operating system programmers deliberately implanting vulnerabilities, such as [[Backdoor (computing)|back door]]s.{{sfn|Tanenbaum|Bos|2023|pp=679–680}} Operating systems security is hampered by their increasing complexity and the resulting inevitability of bugs.{{sfn|Tanenbaum|Bos|2023|pp=605, 617–618}} Because [[formal verification]] of operating systems may not be feasible, developers use operating system [[Hardening (computing)|hardening]] to reduce vulnerabilities,{{sfn|Tanenbaum|Bos|2023|pp=681–682}} e.g. [[address space layout randomization]], [[control-flow integrity]],{{sfn|Tanenbaum|Bos|2023|p=683}} [[Access-control list|access restriction]]s,{{sfn|Tanenbaum|Bos|2023|p=685}} and other techniques.{{sfn|Tanenbaum|Bos|2023|p=689}} There are no restrictions on who can contribute code to open source operating systems; such operating systems have transparent change histories and distributed governance structures.{{sfn|Richet|Bouaynaya|2023|p=92}} Open source developers strive to work collaboratively to find and eliminate security vulnerabilities, using [[code review]] and [[type checking]] to expunge malicious code.{{sfn|Richet|Bouaynaya|2023|pp=92–93}}{{sfn|Berntsso|Strandén|Warg|2017|pp=130–131}} [[Andrew S. Tanenbaum]] advises releasing the [[source code]] of all operating systems, arguing that it prevents developers from placing trust in secrecy and thus relying on the unreliable practice of [[security by obscurity]].{{sfn|Tanenbaum|Bos|2023|p=611}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)