Operating System - Security Models in Operating Systems

Security models in an Operating System define how users, programs, and processes are allowed to access system resources. The main goal of these models is to protect data, maintain privacy, and prevent unauthorized actions inside the computer system.

An operating system controls access to files, memory, devices, and applications by applying predefined security rules. These rules decide who can read, write, execute, or modify resources.

Why Security Models Are Important

Operating systems are used by multiple users and applications at the same time. Without proper security control:

  • Sensitive data may be stolen or modified.

  • Unauthorized users may gain system control.

  • Malware can damage system files.

  • System stability and reliability may be affected.

Security models provide structured mechanisms to avoid these problems.

Main Types of Security Models

1. Discretionary Access Control (DAC)

In this model, the owner of a resource decides who can access it.

The user who creates a file or folder can grant or remove permissions for other users. Access decisions are flexible and controlled by individuals rather than the system.

Example:
A file owner allows only selected users to open or edit a document.

Advantages:

  • Easy to manage.

  • Flexible permission control.

Disadvantages:

  • Less secure because users may accidentally grant access to unauthorized persons.

2. Mandatory Access Control (MAC)

Mandatory Access Control is a stricter security model where the operating system enforces access rules. Users cannot change permissions on their own.

Every user and resource is assigned a security label such as confidential, secret, or public. Access is allowed only when the security level matches predefined policies.

Example:
Used in military or government systems where classified information must remain protected.

Advantages:

  • Very high security.

  • Prevents unauthorized data sharing.

Disadvantages:

  • Less flexibility for users.

3. Role-Based Access Control (RBAC)

RBAC assigns permissions based on user roles instead of individual users.

Users are grouped according to job responsibilities, and each role has predefined permissions.

Example:

  • Administrator role has full access.

  • Teacher role can manage student records.

  • Student role can only view information.

Advantages:

  • Easy administration in large organizations.

  • Reduces management complexity.

Disadvantages:

  • Requires proper role design.

Components of OS Security Models

Authentication
Verifies the identity of a user through passwords, biometrics, or tokens.

Authorization
Determines what resources an authenticated user can access.

Auditing
Records system activities to track security events and detect misuse.

Real-World Usage

Modern operating systems such as Windows, Linux, and macOS combine multiple security models. Enterprise systems often use RBAC along with MAC policies for stronger protection.

Conclusion

Security models form the foundation of operating system protection mechanisms. By controlling access through structured policies, they ensure confidentiality, integrity, and availability of system resources while supporting safe multi-user computing environments.