1 / 50

CS543 – Operating Systems

CS543 – Operating Systems. Class 7 Slides. Professor Mike Kain. Tonight’s Topics. Homework #3 grades in process. Homework #4 due March 10 th , 2014 at 11:59pm Final will be online from Saturday, March 15 th at midnight to Friday, March 21 st at 11:59pm. Review

eydie
Download Presentation

CS543 – Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS543 – Operating Systems Class 7 Slides Professor Mike Kain CS543 - Class #7

  2. Tonight’s Topics • Homework #3 grades in process. • Homework #4 due March 10th, 2014 at 11:59pm • Final will be online from Saturday, March 15th at midnight to Friday, March 21st at 11:59pm. • Review • Files & File Systems (Chapters 10-13) • Major topics tonight: • Chapter 14: Protection • Chapter 15: Security • Chapter 16: Virtual Machines (start if there is time) CS543 - Class #7

  3. Review: Files & File Systems • These four chapters walked you through understanding of storage and storage management. • Chapter 10 started you about taking the raw disk and how we represent data on the disk. • Major concepts: • Different types of media (tape/disk) • Disk formatting / organization • Disk scheduling & algorithms • Disk boot / system startup • Not covered: Swap / RAID CS543 - Class #7

  4. Review: Files & File Systems, slide 2 • Chapter 11 continued to the concepts of files and directories • Major concepts: • Files – attributes and structure • File operations (read/write, delete/truncate/seek) • Access types • Volume types and structure • Directories & types (single/multiple/hierarchy) • Access Control • Permissions / access • POSIX / additional groups • Remote file systems CS543 - Class #7

  5. Review: Files & File Systems, files demo • Different types of files and file systems • Windows • Linux • iOS (iFunBox) • MCP (picture) CS543 - Class #7

  6. Review: Files & File Systems, slide 3 • Chapter 12 continued to the concepts of file systems • Major concepts: • File systems and control blocks • Implementation choices • Allocation approaches • Contiguous, indexed, random • Free space management • Compaction • Performance • Blocking CS543 - Class #7

  7. Review: I/O Systems • Chapter 13 completed the pictures with the concepts of how the kernel is organized to perform I/O. • Major concepts: • Hardware architecture / device drivers • Interrupts and structure • Direct Memory Access (DMA) • Devices and their characteristics • Block • Character • Others (Network) • Synchronous and asynchronous I/O • I/O as part of the Kernel • STREAMS CS543 - Class #7

  8. Chapter 14: Protection • Let’s now answer the questions about: • Who owns what resources? • How do we ensure that the right users access the right resources? • So, let’s answer two big questions: • Who is the entity/person trying to access the resource? • IDENTITY (AUTHENTICATION) • How do we control what they can reference? • ACCESS CONTROL (AUTHORIZATION) • Entire concept is called “Identity and Access Management” (IAM) CS543 - Class #7

  9. Identity • We need to be able to identify each “user” in a computer system • User can be: • Actual person • Process or application running on their behalf • A system process running on behalf of the kernel • The operating system must provide APIs (system calls) for programs/applications for users to validate their identity • This identity can be represented in many ways in the OS • UserID (e.g. 100) • Username (e.g. “mkain” or “root”) • GUID (e.g. S-1-5-1-2888339015-3964262102-579-64843-1000) CS543 - Class #7

  10. Identity: Validation • In order for someone to prove that they have the identity they can present one OR MORE “credentials” • Many methods • Password • Strength (we’ll talk about this more later) • Special Token (given earlier to you) • Biometric • Certificate / SmartCard • Some authentications require more than one credential • “Two-Factor Authentication” • E.g. Driver’s License and Major Credit card • Sometimes it is dependent (buying gas example) CS543 - Class #7

  11. Identity: Scope • Your identity and credentials are valid for a domain • Book uses “protection domain” • You’ll also see a “realm” as the same idea • This domain may be: • A program or application • E.g. Login to Drexel Learn • One computer • Login to your own VM (os is only valid for that) • More than one computer • For example, DrexelConnect or AppleID • Your login is good throughout all applications • Your Drexel student number is also an identity CS543 - Class #7

  12. Identity: Other identities • Most operating systems have the ability to change your identity • Must prove that you have the credentials to do so • Also, must be allowed to do so (e.g. /etc/sudoers) • Concept of “effective” identity • Sometimes it is the real identity • Sometimes it is the assumed identity • Can be done at the command level or assigned by a program • Examples of command level • Su / sudo in UNIX CS543 - Class #7

  13. Identity: Other identities, slide 2 • Ability to change via programmatic methods • Setuid() and setgid() calls/bits in UNIX • If assigned to the program, the effective user/group of when the program is running is the owner/owner’s group rather than the actual user • -rwsr-sr-x mkain users March 2 22:13 test • When would this be good? When would it be bad? • Other OSes have similar functionality • TASKING, PU in MCP CS543 - Class #7

  14. Identity: Federated identity • Domains may trust each other (to some degree) • One identity may be mapped or accepted into another protection domain • Example – Driver’s Licenses / Passports • Validation of credential and method of presentation (physical vs digital) • May require secondary identification • Example – Mapped privileges • Drexel “identity” is accepted at UPenn with “guest” privileges • Can also have “anonymous” access if granted • Example – FTP (just enter your email address) CS543 - Class #7

  15. Identity: Within a domain • May have a central validation server which all computers/applications ask for certification • System call is distributed to central service via network • Authentication is to central server and this process returns a token/cookie which can then be used as a “identity” • Example: Drexel Connect • Example: Kerberos • Token/cookie could have a time limit or restricted domain as well. • What do we have in the physical world? (hint: hotel) CS543 - Class #7

  16. Protection: Principle of Least Privilege • Everyone should only have the privileges that they need in order to do their job • Easy in principle to do, tough in practice • Most access control methods in operating systems are for convenience, not for security • Groups • Roles (more about them later) • Management overhead • No real practical way to determine what privileges are needed over time as application / requirements change. • Theoretical goal! CS543 - Class #7

  17. Access Control: Access Matrix • In a theoretical world, we can document all of the domains and all of the objects of our computer • Domains are the rows • Objects are the columns • Privileges are in the intersection • From the textbook CS543 - Class #7

  18. Access Control: Access Matrix, slide 2 • Can duplicate domains and assign/remove privileges in columns depending on who you are (copy, owner) • Theoretical - • Domains don’t usually share privileges (unique to domain) • Domains don’t usually share resources (ids, etc.) • For example, • Drexel Learn is one application in the Drexel Domain • You have privileges there (submit papers, etc.) which don’t really map to other environments CS543 - Class #7

  19. Access Control: Object control • Usually the object has the privileges attached (easier to administer and share ownership than system-wide list) • ACCESS CONTROL LIST (ACL) • Details what identities can do what access • For example, • Read / write / search / execute • Windows ACL / MCP guardfile • POSIX defines a “owner”/”group”/”world” model for access of all files (all objects are files) • -rwxr-x—x mkain users Feb 27 09:55 /somefile • Commands to change privileges – but limited to those with the permission to do so (usually the owner) CS543 - Class #7

  20. Access Control: Special Privileges • Most operating systems have special privileges which allow all or higher access than the identity • Done as a user attribute or hard coded • Example – Linux systems • “root” EUID 0/EGID 0 on Linux systems • Example - MCP • User attributes which can offer all or some elevated privileges • PU (Privileged User) • SECADMIN • Granulated Privileges (READ, WRITE, CHANGE) • Can also be assigned to a program. CS543 - Class #7

  21. Access Control: Groups • Allow system administrators to group users together into one or more logical groups of users • Example – “users” • Depending on operating system, a user can be in one or more groups simultaneously • Linux – one at a time (can change egid) • Windows – multiple (Administrators, Domain Administrators, Power Users) • MCP – SUPPLEMENTALGROUPS • Access control then is a match of the program’s ACL and the groups of the identity – highest privileges are assumed CS543 - Class #7

  22. Access Control: Role Based Access Control • Groups suffer from a significant management overhead • Adding users to groups • Deleting users from groups • RBAC allows system administrators to define a set of privileges per domain/realm • “WithdrawMoney”, “ApproveMortgage” • Then group them into “roles” • BANKTELLER • MANAGER • VICEPRESIDENT • Assign the identity to the role(think of it as giving a ring of keys) • Example CS543 - Class #7

  23. Access Control: Other topics • Revocation – how do I take away privileges? When? • Can I get them back? • System-based access control • Capability systems • Compiler-based systems • sub-object-based access control • Each object / code segment has a privilege with it • Calling sequence also checks privileges as object is called • Example - Java JVM methods/classes CS543 - Class #7

  24. Chapter 15: Security • This chapter is about the integrity of the system and operating system • Some is dependent on the system architecture and the decisions made by the OS • Android is “open”, not “safe” • But what are we looking for here? CS543 - Class #7

  25. Security: Six Goals of Security (really 7) • Authentication / Verification (we covered this already) • Access Control (this too) • Availability • The ability for the operating system and its services to be able to be always be ready • Confidentiality • Only the people who need to access a resource can • Data Integrity • Data cannot be changed without notice • Non-Repudiation • Transactions can only occur once and either party cannot prove otherwise – think bank transaction or returning something twice to the store CS543 - Class #7

  26. Security: The secret seventh goal • TRUST • In order for the users to use the computer system for anything useful, they must be able to trust its use • This also usually involves logging of all actions into a central repository (log, audit log, etc.) • Trusted timestamp • Cannot be modified by anyone • Only written by programs, not directly by users • Windows Event Logs • Linux logs • MCP Sumlog / Securitylog • ioS? CS543 - Class #7

  27. Security: Attacks • What problems can be done on an operating system? • Any problem that goes against one or more goals of security • One of the major goals – integrity! • Memory integrity • Ensuring that the memory of the system and process is exactly what we expect • Don’t the access methods help us here? CS543 - Class #7

  28. Security: Attacks on integrity, slide 2 • Buffer Overflow • Overwriting outside of assigned memory areas • Stack • Code / Data • Stack “canaries” should help • Logical memory access should protect? • Virus • Attack from network to system service to infect system • Logic bomb • Bad code put in by disgruntled programmer • Are there any “gruntled” programmers? CS543 - Class #7

  29. Security: Attacks on integrity, slide 3 • Network Attacks • Port scanning • Fingerprinting of system • Denial of Service (DoS) • Distributed Denial of Service (DDoS) • Amplification Attacks • These are also against Availability • File System Attacks • MBR viruses • Boot Files CS543 - Class #7

  30. Security: Attacks on identity • Masquerade attacks (I’m really him) • Stolen credentials • Discovered / hacked credentials / weak or no passwords) • Elevated privilege attacks • Getting “root” or other higher privileges on a system CS543 - Class #7

  31. Security: Confidentiality • Most of this involves encryption and key management • In theory, it’s supposed to make it easier to keep things secret • But is tough to get right and must have interaction from the OS to help. CS543 - Class #7

  32. Security: Cryptography • The “hard math” behind security • Only good if done right! • This will be a primer in the building blocks than you can use in networking, not the underlying math. • Three basic parts of cryptography • Keys • Encryption algorithms • Hash / message digest CS543 - Class #7

  33. Security: Keys • Basically “random” bits of information which are shared to parameterize other mechanisms • The longer the better! (car key example) • Since you can try all possible combinations (brute force attack) • But longer keys take longer to process! • A “shared secret” that only the sender and receiver(s) should know. • How do we create a shared secret? CS543 - Class #7

  34. Security: Types of keys • Two major categories of keys • Symmetric • Asymmetric • Symmetric = one key (the same) at sender and receiver • Problem is to send the key from sender to receiver without anyone else finding out • Common algorithms: DES (56-bits – OLD!) 3DES (168 bits), AES (128, 192, or 256 bits) CS543 - Class #7

  35. Security: Asymmetric keys • Two keys – mathematical “inverses” of each other • Public key – distributed freely • Private key – protected by sender • Can be used to talk to others easily or to prove sender’s identity • Slower than symmetric keys, but easier to distribute. • Talk to me = send you my public key • Validate me = decode with my public key and get what I expect CS543 - Class #7

  36. Security: Asymmetric keys, slide 2 • RSA (Rivest, Shamir, Adelman) • Choose two large prime numbers p & q such that the product is n • Find a number e that is relatively prime to (p-1)(q-1) • The public key consists of {e,n}, • The private key consists of {d,n} • Encrypt C = Pemod n, decrypt P = Cd mod n. • Recommend at least 1024 bit keys (or longer) to stop brute force attacks • Other algorithms: • Diffie-Hellman, Elliptic Curves, etc. CS543 - Class #7

  37. Security: How keys are used • Usually asymmetric keys are used to: • Distribute symmetric keys • Validate endpoints, either by: • Encrypting something known to be decrypted by your public key • Or decrypting something encrypted by your public key which is retrieved from somewhere else • For example: SSL/TLS handshake • More about its use later on tonight CS543 - Class #7

  38. Security: Encryption algorithms • Take a “block” of data (called input) and a key and mathematically compute the output. • Block size determines the type of “cipher” • Block size of 1 = “Stream” cipher • Each byte encrypted separately • Examples: RC2, RC4. • Extremely weak because each byte can be decrypted without any other information, but fast. CS543 - Class #7

  39. Security: Block ciphers • Block sizes of more than 1 are called “block” ciphers • Examples: • DES (Digital Encryption Standard) • 3DES (DES three times using different keys) • Block = 8 bytes • AES (Advanced Encryption Standard) • Block = 16 bytes • Others: • Elliptic Curves CS543 - Class #7

  40. Security: Block modes • Control output and input modes • ECB = Electronic Code Book (e.g. simple) • CBC = Cycle Block Chaining • Output of previous encryption is used as IV for next. • GCM (Galois Counter Mode) • For Tape encryption • XTS (CipherText Stealing Mode) • For Disk encryption (P1619) CS543 - Class #7

  41. Security: Hashes / Message Digests • Cryptographic “checksum” • “one-way” function which for each data, a unique constant value is computed • Hashes are broken by showing that two different data inputs hash to the same constant value. • Examples: • MD5 (128 bits output) • SHA-1 (160 bits) • SHA-256, SHA-384, SHA-512 • Can also be combined for strength – MD5() concatenated with SHA1(). • Are these really useful? CS543 - Class #7

  42. Security: HMACs • These are “keyed” hashes, in which in addition to the input data, a key is also input • Stronger than regular hashes • Example: • HMAC-SHA1, etc. CS543 - Class #7

  43. Security: Digital Signatures • Digital signatures • Validates sender • Ensures that the message was not changed in transit. • Where would we use these? CS543 - Class #7

  44. Security: Digital Certificates (X.509 – RFC 5280) • Binds a public key to an identity • Public key is described with identifiers (OIDs) to describe the “Subject” and “Issuer” • CN (Common Name) = http://www.ebay.com • O (Organization) • C (Country) • Etc. • Document is digitally signed by an issuer (Certificate Authority) • Must trust Certificate Authority in order to trust identity. CS543 - Class #7

  45. Security: Digital Certificates, slide 2 • How do we verify? • Do we get the same certificate from different people? • Who do we trust? • A different point of view • Convergencehttp://convergence.io/ CS543 - Class #7

  46. Security: How do we use these? • Operating systems have these built in • Code Signing • Encrypted File Systems • Storage of Passwords • Hashed, not stored in cleartext • Network protection • SSL / TLS • SSH • IPSec • Identity Management • Certificates • Two Factor Authentication • Others! CS543 - Class #7

  47. Security: Getting it right • System Policy / Security Policy • Inbuilds this into the OS to what should be done so that it can be replicated among systems. • Penetration testing (pen test) validate that a system is correct and not vulnerable. • Architecture • Configuration • But what is the “normal” operation of the system and what is the “abnormal” operation? CS543 - Class #7

  48. Security: Big Picture • Links for tonight • HP updates – none for you! • http://www.networkworld.com/news/2014/021214-hp-says-security-updates-not-278681.html • Secure storage for apps • http://www.networkworld.com/news/2014/011614-starbucks-vows-to-beef-up-277803.html • NSA Hacking tools • http://www.networkworld.com/news/2014/011614-nsa-hacking-tools-will-find-277771.html CS543 - Class #7

  49. Start to prepare for final • The final will be the same format as the midterm • A number of essay questions that you have to elaborate as to your mastery of the concepts • Will ask you more than what we go over in class and will ask you to apply your knowledge into different areas • Know the major concepts well! And be able to apply and fill in with examples • You’ll have the same four hours to complete the examination. • Significant points will be deducted for turning it in over that timeframe. CS543 - Class #7

  50. For next week • Homework #4 due March 10th, at 11:59pm Eastern. • One more lecture (March 10th) to go over case studies and review the whole semester. • Final will be online from Saturday, March 15th at midnight until Friday, March 21st at 11:59pm (same times as last time) • Please evaluate the course (and us) at http://cci.drexel.goaefis.net/ • Bring good questions for class next week! CS543 - Class #7

More Related