I/O Software Layers (User Level, Device Drivers, Kernel)
Threats andAttacks (Virus, Worms, Trojan, DoS)
Case Study: Modern Operating Systems
1. Discretionary Access Control (DAC)
Owner decides access permissions
Example:File owner gives read/write permission
2. Mandatory Access Control
(MAC)
System enforces strict policies
Used in military or high-security systems
3. Role-Based Access Control
(RBAC)
Access based on user roles
Example:Admin, Manager, Employee
4. Attribute-Based Access
Control (ABAC)
Based on
attributes (user, resource, environment)
Example:Access allowed only during office hours
Authentication vs Access Control
|
Feature |
Authentication |
Access Control |
|
Purpose |
Verify identity |
Grant/deny permissions |
|
Question Answered |
Who are you? |
What can you do? |
|
Comes First? |
Yes |
After authentication |
|
Example |
Login with password |
File read/write
permissions |
How They Work Together
User logs in → Authentication checks identity
System verifies → Access control applies
permissions
User performs actions based on allowed rights
Short Summary (Exam Ready)
Authentication: Process of verifying user
identity using passwords, biometrics, etc.
Access Control: Mechanism that determines user
permissions to access resources.
Authentication happens first, followed by
access control.
Cryptography Basics (Symmetric
& Asymmetric Encryption)
Cryptography is the practice of securing
information by converting it into an unreadable form so that only authorized
parties can access it.
👉
Plain readable data = Plaintext
👉
Encrypted data = Ciphertext
1. Symmetric Encryption
Definition:
Uses a single key for both encryption and
decryption.
Same key is shared between sender and
receiver.
How it works:
Sender encrypts data using a secret key
Receiver uses the same key to decrypt it
Advantages:
Fast and efficient
Suitable for large data transfer
Disadvantages:
Key distribution problem (how to securely
share the key?)
Less secure if the key is exposed
Examples:
AES
DES
2. Asymmetric Encryption
Definition:
Uses a pair of keys:
Public Key (shared openly)
Private Key (kept secret)
How it works:
Sender encrypts using receiver’s public key
Receiver decrypts using their private key
Advantages:
More secure (no need to share private key)
Enables digital signatures
Disadvantages:
Slower than symmetric encryption
Computationally expensive
📌 Examples:
RSA
ECC
Symmetric vs Asymmetric
Encryption
|
Feature |
Symmetric
Encryption |
Asymmetric
Encryption |
|
Keys Used |
One shared key |
Public + Private key
pair |
|
Speed |
Fast |
Slower |
|
Security |
Less secure (key
sharing) |
More secure |
|
Use Case |
Bulk data encryption |
Key exchange,
authentication |
How They Are Used Together
In real systems (like HTTPS):
Asymmetric encryption is used to securely
exchange a key
Symmetric encryption is then used for fast
data transfer
Simple Analogy
Symmetric Encryption 🔑
Like a locker with one key—both people need the same key
Asymmetric Encryption 🔐
Like a mailbox—anyone can drop letters (public key), but only the owner can
open it (private key)
Short Exam Note
Symmetric encryption uses a single key for
encryption and decryption (fast but key sharing is risky).
Asymmetric encryption uses two keys (public
& private), providing higher security but slower performance.
Both are often combined in real-world systems.
No comments:
Post a Comment