In modern operating systems, access to resources (such as data stored in the working memory or obtainable through sockets, files on the hard disk, and so on) may occur in parallel or sequentially by one or more clients, where the clients are applications working with the resources. Very often the characteristics of the resources (such as the location of data in memory, accessible information transfer ports, and so on) are merely of an informational nature and have little impact on data operations by these resources, and the clients performing operations on them are not aware of the current condition of the resources or the operations of other clients with the resources.
As a result of such an organization of the working with resources, their security, that is, the confidentiality and veracity of the data stored in them cannot be guaranteed to the necessary extent.
One of the most common examples of illegitimate alterations of data in resources are instances when, due to mistakes in a program or due to malicious actions when writing into one memory sector, data located in adjacent memory sectors is damaged or altered. This may be one way in which malicious software works that exploits vulnerabilities of buffer overflow. In the best case, this results in incorrect working of the vulnerable program; in the worst case, it affects the working of other applications and the operating system as a whole (for example, hackers may obtain administrator rights to perform certain actions on the victim's computer or obtain access to his confidential data).
Yet another frequent example of data damage is the situation where one client writes data into a resource from which a second client is reading data at the same time. In such an unsynchronized working of the two clients, who often do not know about the actions of each other, a reading of damaged information may occur—the first client requested the data prior to the time of its being changed by the second client, but received it only after the changes, thereby not receiving the data that it was expecting.
Modern operating systems in general and software in particular may be protected against the above-described situations by introducing restrictions on working with data, such as security policies, a system of operation transactions, setting clear boundaries on the domains of resources and verifying that the clients do not cross these boundaries, and so on. Unfortunately, the above-described methods are only a partial solution. For example, by limiting access to a single resource, operating systems may ignore calls for their components, i.e., the subresources making up a resource (for example, an array in the working memory is a set of pages of working memory, a file on a hard disk is a set of hard disk clusters, an application is a collection of sections, and so on). As a result, by adding new information to the end of a file it is not possible to damage a file located next to it on the disk, but one may obtain access to the hard disk and write data by clusters, which may result in damaging of information in adjacent files. Or, if reading of a file is forbidden based on security policies, one may still obtain information about it by consulting the clusters of the hard disk in which clusters the necessary information is written. Oftentimes, given a good organization of the system for protection of resources when different applications are working, the operating system affords little protection for the resources when one or more processes of the same application are working, since all of its components have equal rights when accessing the resources. As a result, in the course of the working of a single application there may occur desynchronization during reading and writing to the same resource, accidental writing to adjacent resources, and so on.
To solve the above-described problems, one may make use of so-called object or resource managers—modules of applications or of the operating system that alone may work directly with the resources, ensuring their isolation from each other, while other clients need to contact the resource managers to work with the resources. The benefit of such an organizing of the working with data is the possibility of avoiding the bulk of the aforementioned problems. But the drawback is that, when mistakes occur in the working of the resource manager or if it is cracked by malware, the security of the data (not only that used by a specific application, but in general data with which the given resource manager is working) can in no way be guaranteed.
To ensure a greater security of data storage, on the one hand one must isolate resources from each other and from clients working with them, monitor current operations on resources to disallow the use of “busy” resources, and control the confidentiality of resources so that unverified clients cannot access them, and on the other hand protect as much as possible the system components working directly with the resources (against actions from the outside and mistakes from the inside).