Outline the mechanisms necessary to control the access of programs or users to the resources defined by the computer system.

 An OS can have multiple users or a single user that will be executing processes and these must be protected from each other’s processes.  An access matrix is used to control the access of programs and can implement policy decisions concerning protection.  The access matrix also provides an appropriate mechanism for defining and implementing strict control for both static and dynamic association between process and domains.

There is also domain and language-based protection in modern OS.  Domain-based protection only allows processes to access resources it has authorization for using need-to-know principle.  Language-based protection originates in the programming language and pertains heavily on abstract data types and objects.

As you can see from the figure above there are other security mechanisms needed to insure authorized access to a computer system.

•      Authentication/Authorization – System must authenticate user.

•      Can use passwords to authenticate a user.

•      Password vulnerabilities since users may use a common password.

•      Encryption – used to send messages securely across a network and can protect database data, files, and entire disks.

•      Encryption algorithm enables the sender of a message to ensure that only a computer possessing a certain key can read the message.

•      Firewalls – is a computer appliance or router that sits between the trusted and untrusted.

•      Can limit access between the two security domains and monitor all connections.

•      Intrusion Detection Systems – Detects attempted or successful intrusions into computer systems and can initiate a response to that intrusion.

•      Vulnerability Management

•      Uses risk assessment – attempts to value a program, system, team or a facility.

•      Penetration test – scan entity for known vulnerabilities.