Operating systems security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Operating Systems Security PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on
  • Presentation posted in: General

Operating Systems Security. Design Objectives Protection by separation Memory and address protection Access control for general objects Directory Access control lists, matrix Capability File protection mechanisms User authentication, passwords Trusted OS. Design Objectives.

Download Presentation

Operating Systems Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Operating systems security

Operating Systems Security

Design Objectives

Protection by separation

Memory and address protection

Access control for general objects

Directory

Access control lists, matrix

Capability

File protection mechanisms

User authentication, passwords

Trusted OS

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Design objectives

Design Objectives

  • Access to resources

  • Controlling unintentional and intentional corruption of data

  • Protection of one user’s computation from interference from other users

    • Memory protection

    • File protection

    • General control of access to objects

    • User authentication

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Protection by separation

Protection by separation

  • Physical separation: use of different objects

  • Temporal separation: use of different times

  • Logical separation: limiting program access to domains

  • Cryptographic separation: concealment of data and computations

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Memory and address protection

Memory and address protection

  • Fence, Fence register

    • Can protect operating system from one user, but not users from each other

  • Relocation (relocation factor)

  • Base/Bounds register (variable fence register/upper address limit register)

    • For instructions code and for data space

  • Tagged architecture: every word of machine memory has extra bits identifying access rights. Only OS instructions can set them.

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Memory and address protection ii

Memory and address protection II

  • Segmentation: program divided into segments represented as pair <name, offset>. OS maintains a table of segment names and true addresses in memory. Segments can be non-contiguous, and stored on auxiliary devices. Protection can be checked each time it is referenced. Fragmentation can be a problem

  • Paging: programs divided into equal sized page frames represented as pair <page, offset>

  • Paging and segmentation

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Access control for general objects

Access control for general objects

  • Objects: memory, files, executing program in memory, directory, hardware device, data structures, table of the OS, instructions, passwords/user authentication mechanism, protection mechanism itself.

  • Goals:

    • Check every access

    • Enforce least privilege

    • Verify acceptable usage

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Directory

Directory

  • File directory (problems) (Fig 4-10 and 4-11)

    • Shared objects (list becomes too long)

    • Revocation of access

    • Pseudonyms (two different files with the same name)

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Access control list matrix

Access control list, matrix

  • One list for each object (Fig 4-12)

  • Access Control Matrix(Table 4-1)

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Capability

Capability

  • A ticket giving permission to a subject to have certain type of access to an object

    • Server holds tickets on behalf of users

    • Encrypt capabilities under a key available only to the access control mechanism

  • Domain or name space: each process/procedure operates in a domain

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


File protection mechanisms

File Protection Mechanisms

  • All-or-none protection

  • Group protection

  • Single permissions (password protection for files)

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


User authentication

User Authentication

  • Passwords

    • Brute force

    • Probable passwords

    • Dictionary

    • Social engineering

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Passwords

Passwords

  • Password selection criteria

    • Non-alphabetic (mixed)

    • Long

    • Avoid actual names

    • Change regularly

    • Don’t write it down

    • Don’t tell any one

    • One-time passwords

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Designing trusted operating systems

Designing Trusted Operating Systems

  • An OS is trusted if we have confidence that it provides the four services in a consistent and effective way

    • Memory protection

    • File protection

    • General object access control

    • User authentication

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Trusted vs secure systems

Trusted vs. Secure Systems

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Security policies i

Security Policies I

  • Military security policy

    • Top secret, Secret, Confidential, Restricted, Un classified

  • Compartment: contains information associated with a project

  • Combination <rank, compartments> is called a class or classification of information

  • A person seeking access to information must be cleared

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Security policies ii

Security Policies II

  • Dominance:

    For subject s and object o,

    s 0 if and only if

    rank s  rank o and

    compartments s  compartments o

    We say, o dominates s.

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


Security policies iii

Security Policies III

  • A subject can read an object only if:

    • The clearance level of the subject is at least as high as the clearance level of the information

    • The subject has a need to know about all compartments for which the information is classified

Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)


  • Login