The operating system provides measures to prevent the interference with the utilization of logical and physical resources, which are known as security and protection. The security and protection are sometimes interchangeably used as they do not sound very distinctive. Although, the terms security and protection are majorly different. The main difference between security and protection lies within the fact that the security handles the external information threats in the computer systems whereas the protection deals with the internal threats.
Content: Security Vs Protection
|Basic||Provides the system access to the legitimate users only.||Controls the access to the system resources.|
|Handles||More complex concerns.||Quite simple queries.|
|Policy||Describes which person is allowed to use the system.||Specifies what files can be accessed by a particular user.|
|Type of threat involved||External||Internal|
|Mechanism||Authentication and encryption are performed.||Set or alter the authorization information.|
Definition of Security
The security of a system revolves around the external environment, and it also requires an appropriate protection system. The security systems include the protecting of the computer resources against unauthorized access, malicious alteration and inconsistency. Here in the particular context, the resources can be the stored information in the system, CPU, memory, disks, etc.
The security of the system emphasizes on the authentication process of the system in order to protect the physical resources as well as the integrity of the information stored in the system. Security provides a mechanism to guard the user’s programs and data against the interference caused by an entity or person external to the system. For example, in an organisation the data is accessed by the different employees but, it can not be accessed by a user which does not exist in that particular organisation or a user working in other organisation. It is the crucial task for an organisation to provide some security mechanism so that no external user can access the data of their organisation.
Definition of Protection
Protection is a part of security which controls access to a system by refining the types of file access allowed to the users. The protection of a system must ensure the authorization of the processes or users. As a result, these authorised users or processes can function on the CPU, memory segments, and other resources. The protection mechanism should provide a medium for specifying the controls to be imposed, together with a means of enforcing them.
The protection was perceived as an addition to multiprogramming operating system, to prevent untrustworthy users from sharing a common logical and physical namespaces, for example, a directory of files and memory respectively. Protection is needed to intercept the wicked, intentional violation of an access restraint by a user. Though, it is important to assure that each active program component existing in a system use the system resources only in reliable ways as stated in policies. It involves the prevention of user’s data and programs against interference by other users of the system.
The protection can be interpreted by the similar example as given in the security, any organization can have multiple departments under which several employees work. The different departments can share a common information with each other but not the sensitive information. So, different employees have distinct access rights to the information according to which they can access the particular data.
Key Differences Between Security and Protection
- The Security provides a mechanism to verify the user or process identity to let it use the system. On the other hand, protection controls the access to the system resources.
- Security is a broad term in which more complex queries are handled while protection comes under security and handles less complex issues.
- The security policy describes whether the particular person is permitted to use the system or not. As against, the protection policy specifies that which user can access the specific resource (eg. file).
- The protection involves the internal type of threat whereas in security external threats are also involved.
- Authorization is used in protection mechanism. On the contrary, the security mechanism authenticates and encrypt the user or process to enforce the data integrity.
Security is a more complex mechanism as compared to protection because the protection involves the internal threats and environment while security deals with the external threats.