1 / 17

Protection and Security

Protection and Security. Daniel Fernandez Student Presentation. Outline. Protection Goals Principle of least privilege and protection mechanisms Protection domains Access Matrix and Access Control Formal methods of a Protection system Security components and threats Summary. Protection.

berit
Download Presentation

Protection and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protection and Security Daniel Fernandez Student Presentation CS5204 – Operating Systems

  2. Outline Protection Goals Principle of least privilege and protection mechanisms Protection domains Access Matrix and Access Control Formal methods of a Protection system Security components and threats Summary CS5204 – Operating Systems

  3. Protection • Goals: • Prevent mischievous, intentional violation of an access restriction by a user. • Ensure each active program component uses system resources only in ways consistent with policies. • Improve reliability • Provide a mechanism for enforcement of policies governing resource use. CS5204 – Operating Systems

  4. Principles of Protection • Principle of least privilege • Dictates that programs, users, and even systems be given just enough privileges to perform their tasks. • Failure or compromise of a component does minimum damage and allows recovery from damage. • Ex: security guard with a passkey • Separate user accounts (RBAC). • Provides mechanisms to enable privileges when needed and remove when not needed. • Does not always provide a more secure environment. • Example: Windows 2000 CS5204 – Operating Systems

  5. Protection Mechanisms • Policies and Mechanisms – Different things! • Separation of policies and mechanism CS5204 – Operating Systems

  6. Protection Domain Structure • The set of access rights is the domain. • Access right = <object-name, rights-set> • Rights-set is a set of all valid operations that can be performed on an object. • Need-to-know principle • Static and dynamic associations. CS5204 – Operating Systems

  7. Domain Example: Unix • Domain is associated with the user. • Domain switching requires changing user ID temporarily: • An owner identification and a domain bit (setuid bit) are associated with each file. • When setupid is on, and a user executes that file, the user ID is set to that of the owner of the file; when setupid is off, user ID does not change. • Example: User A executes file owned by user B, whose setuid is off, the userID of the process is set to A. If setuid is on, the userID is set to B. • Userful when an otherwise priveleged facility needs to be made available to general users. CS5204 – Operating Systems

  8. Access Matrix • Consists of sets of objects (O) and subjects (S). • r(s, o) belongs to set of rights (R). From: “Protection in Operating Systems”, Harrison and Ruzzo, 1976. CS5204 – Operating Systems

  9. Implementation of Access Matrix R (Read) W (Write) X (Execute) • Two most used approaches: • Access Control Lists • Capability Lists CS5204 – Operating Systems

  10. Access Control • Role-Based Access Control (RBAC). • Revolves around privileges, where a privilege is the right to execute a system call or use a system option. CS5204 – Operating Systems

  11. Formal Protection System Model command a(X1, X2,…,Xk) if r1 in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ….. rm in (Xsm, Xom) then op1 op2 …. opn end command a(X1, X2,…,Xk) op1 op2 …. opn end or if m is zero,  • Configuration of protection system: (S, O, P) • P = access matrix • P[s,o] = subset of generic rights, R • Consists of 1)R and 2)commands CS5204 – Operating Systems

  12. Formal Protection System Model(cont.) • (S, O, P)  op(S’, O’, P’) • Examples: • 1) Process creates new file: Rule: op = create object o’ o’ not in O, S’ = S, O’ = O U{o’} command CREATE(process, file) create object file enter own into (process, file) end • 2) Owner revokes another subject’s access rights to file: Rule: op = delete r from (s,o) S = S’, O = O’, and P’[s, o] = P[s, o] – {r} command REMOVEr(owner, exfriend, file) if own in (owner, file) and r in (exfriend, file) then delete r from (exfriend, file) end CS5204 – Operating Systems

  13. Language-Based Protection • Protection systems focused also on functional nature of an access to an object. • Polices vary depending on the application. • Applications designers user protection as a tool, as well. • Protection in Java • Java virtual machine (JVM) has many built-in protection mechanisms. • JVM may be from different sources and not be equally trusted. As a result, protection in all areas of the JVM is necessary. • JVM assigns a loaded class to a protection domain. CS5204 – Operating Systems

  14. What is Security in an Operating System • Security in an operating system resolves around 4 elements: • Confidentiality • Integrity • Availability • Authenticity • Security Threats • Interception • Interruption • Modification • Fabrication • Protection is internal problem. Security is external. CS5204 – Operating Systems

  15. Implementing Security Defenses Security Policy Vulnerability Assessment Intrusion Detection Virus Protection Auditing, Accounting, and Logging CS5204 – Operating Systems

  16. Spyware • Description: • Malware that is loaded onto a PC without owner’s knowledge. • Runs in background doing things behind owner’s back. • Gathers info from owner and communicates it back to its distant master. • Actions against Spyware • Anti-spyware programs (Spybot, Ad-aware, Spyware Doctor). • Security practices to prevent infection. • Avoid using Internet Explorer. • Use firewalls to block certain websites. • Surf and download more safely • May require reinstallation of operating system. CS5204 – Operating Systems

  17. Summary • Protection • Internal problem • Role of protection is to provide a mechanism for enforcement of policies. • Protection domain specifies the resources that a process may access. • Access matrix is representation of protection domains model. • Security • External problem • Systems have to protect against threats in the form of interception, interruption, modification, and fabrication. • Security defenses to fight off threats. CS5204 – Operating Systems

More Related