lecture 21 chapter 14 protection chapter 15 security l.
Skip this Video
Download Presentation
Lecture 21 Chapter 14: Protection Chapter 15: Security

Loading in 2 Seconds...

play fullscreen
1 / 47

Lecture 21 Chapter 14: Protection Chapter 15: Security - PowerPoint PPT Presentation

  • Uploaded on

Lecture 21 Chapter 14: Protection Chapter 15: Security. Chapter 14: Protection. Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access Control Revocation of Access Rights Capability-Based Systems

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Lecture 21 Chapter 14: Protection Chapter 15: Security' - eithne

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 14 protection
Chapter 14: Protection
  • Goals of Protection
  • Principles of Protection
  • Domain of Protection
  • Access Matrix
  • Implementation of Access Matrix
  • Access Control
  • Revocation of Access Rights
  • Capability-Based Systems
  • Language-Based Protection
  • Discuss the goals and principles of protection in a modern computer system
  • Explain how protection domains combined with an access matrix are used to specify the resources a process may access
  • Examine capability and language-based protection systems
  • Operating system consists of a collection of objects, hardware or software
  • Each object has a unique name and can be accessed through a well-defined set of operations.
  • Protection problem
    • Ensure that each object is accessed correctly and only by those processes that are allowed to do so.
  • Guiding principle
    • principle of least privilege
    • Programs, users and systems should be given just enough privileges to perform their tasks
domain structure
Domain Structure
  • Access-right = <object-name, rights-set>
    • where rights-set is a subset of all valid operations that can be performed on the object.
  • Domain = set of access-rights
domain implementation unix
Domain Implementation (UNIX)
  • System consists of 2 domains:
    • User
    • Supervisor
  • UNIX
    • Domain = user-id
    • Domain switch accomplished via file system.
      • Each file has associated with it a domain bit (setuid bit).
      • When file is executed and setuid = on,
        • then user-id is set to owner of the file being executed.
      • When execution completes user-id is reset.
domain implementation multics
Domain Implementation (MULTICS)
  • Let Di and Djbe any two domain rings.
  • If j < I Di  Dj
access matrix
Access Matrix
  • View protection as a matrix (access matrix)
    • Rows represent domains
    • Columns represent objects
    • Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj
use of access matrix
Use of Access Matrix
  • If a process in Domain Ditries to do “op” on object Oj,
    • then “op” must be in the access matrix.
  • Can be expanded to dynamic protection.
    • Operations to add, delete access rights.
    • Special access rights:
      • owner of Oi
      • copy op from Oi to Oj
      • control – Di can modify Dj access rights
      • transfer – switch from domain Di to Dj
use of access matrix cont
Use of Access Matrix (Cont.)
  • Access matrix design separates mechanism from policy
    • Mechanism
      • Operating system provides access-matrix + rules
      • It ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced
    • Policy
      • User dictates policy
      • Who can access what object and in what mode
implementation of access matrix
Implementation of Access Matrix
  • Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read
  • Each Row = Capability List (like a key)Fore each domain, what operations allowed on what objects.

Object 1 – Read

Object 4 – Read, Write, Execute

Object 5 – Read, Write, Delete, Copy

access control
Access Control
  • Protection can be applied to non-file resources
  • Solaris 10 provides role-based access control to implement least privilege
    • Privilege is right to execute system call or use an option within a system call
    • Can be assigned to processes
    • Users assigned roles granting access

to privileges and programs

revocation of access rights
Revocation of Access Rights
  • Access List – Delete access rights from access list.
    • Simple
    • Immediate
  • Capability List – Scheme required to locate capability in the system before capability can be revoked.
    • Reacquisition
    • Back-pointers
    • Indirection
    • Keys
language based protection
Language-Based Protection
  • Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources.
  • Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable.
  • Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system.
protection in java
Protection in Java
  • Protection is handled by the Java Virtual Machine (JVM)
  • A class is assigned a protection domain when it is loaded by the JVM.
  • The protection domain indicates what operations the class can (and cannot) perform.
  • If a library method is invoked that performs a privileged operation,
    • the stack is inspected to ensure the operation can be performed by the library.
chapter 15 security
Chapter 15: Security
  • The Security Problem
  • Program Threats
  • System and Network Threats
  • Cryptography as a Security Tool
  • User Authentication
  • Implementing Security Defenses
  • Firewalling to Protect Systems and Networks
  • Computer-Security Classifications
  • An Example: Windows XP
  • To discuss security threats and attacks
  • To explain the fundamentals of encryption, authentication, and hashing
  • To examine the uses of cryptography in computing
  • To describe the various countermeasures to security attacks
the security problem
The Security Problem
  • Security must consider external environment of the system, and protect the system resources
  • Intruders (crackers) attempt to breach security
  • Threat is potential security violation
  • Attack is attempt to breach security
  • Attack can be accidental or malicious
  • Easier to protect against accidental than malicious misuse
concern for security
Concern for Security
  • Explosive growth of desktops started in ‘80s
    • No emphasis on security
      • Who wants military security, I just want to run my spreadsheet!
  • Internet was originally designed for a group of mutually trusting users
    • By definition, no need for security
    • Users can send a packet to any other user
    • Identity (source IP address) taken by default to be true
  • Explosive growth of Internet in mid ’90s
    • Security was not a priority until recently
      • Only a research network, who will attack it?
security violations
Security Violations
  • Categories
    • Breach of confidentiality
    • Breach of integrity
    • Breach of availability
    • Theft of service
    • Denial of service
  • Methods
    • Masquerading (breach authentication)
    • Replay attack
      • Message modification
    • Man-in-the-middle attack
    • Session hijacking
security measure levels
Security Measure Levels
  • Security must occur at four levels to be effective:
    • Physical
    • Human
      • Avoid social engineering, phishing, dumpster diving
    • Operating System
    • Network
  • Security is as week as the weakest chain
program threats
Program Threats
  • Trojan Horse
    • Code segment that misuses its environment
    • Exploits mechanisms for allowing programs written by users to be executed by other users
    • Spyware, pop-up browser windows, covert channels
  • Trap Door
    • Specific user identifier or password that circumvents normal security procedures
    • Could be included in a compiler
  • Logic Bomb
    • Program that initiates a security incident under certain circumstances
  • Stack and Buffer Overflow
    • Exploits a bug in a program
      • overflow either the stack or memory buffers
c program with buffer overflow condition
C Program with Buffer-overflow Condition

#include <stdio.h>

#define BUFFER SIZE 256

int main(int argc, char *argv[])


char buffer[BUFFER SIZE];

if (argc < 2)

return -1;

else {


return 0;



modified shell code
Modified Shell Code

#include <stdio.h>

int main(int argc, char *argv[])


execvp(‘‘\bin\sh’’,‘‘\bin \sh’’, NULL);

return 0;


hypothetical stack frame
Hypothetical Stack Frame

After attack

Before attack

program threats cont
Program Threats (Cont.)
  • Viruses
    • Code fragment embedded in legitimate program
    • Very specific to CPU architecture, operating system, applications
    • Usually borne via email or as a macro
  • Visual Basic Macro to reformat hard drive

Sub AutoOpen()

Dim oFS

Set oFS = CreateObject(’’Scripting.FileSystemObject’’)

vs = Shell(’’c:command.com /k format c:’’,vbHide)

End Sub

program threats cont33
Program Threats (Cont.)
  • Virus dropper inserts virus onto the system
  • Many categories of viruses, literally many thousands of viruses
    • File
    • Boot
    • Macro
    • Source code
    • Polymorphic
    • Encrypted
    • Stealth
    • Tunneling
    • Multipartite
    • Armored
system and network threats
System and Network Threats
  • Worms
    • use spawn mechanism; standalone program
  • Internet worm
    • Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs
    • Grappling hook program uploaded main worm program
  • Port scanning
    • Automated attempt to connect to a range of ports on one or a range of IP addresses
  • Denial of Service
    • Overload the targeted computer preventing it from doing any useful work
    • Distributed denial-of-service (DDOS) come from multiple sites at once
code red worm
Code-Red Worm
  • On July 19, 2001, more than 359,000 computers connected to the Internet were infected in less than 14 hours
  • Spread
sapphire worm
Sapphire Worm
  • was the fastest computer worm in history
    • doubled in size every 8.5 seconds
    • infected more than 90 percent of vulnerable hosts within 10 minutes.
dos attack on sco
DoS attack on SCO
  • On Dec 11, 2003
    • Attack on web and FTP servers of SCO
      • a software company focusing on UNIX systems
    • SYN flood of 50K packet-per-second
    • SCO responded to more than 700 million attack packets over 32 hours
witty worm
Witty Worm
  • 25 March 2004
    • reached its peak activity after approximately 45 minutes
    • at which point the majority of vulnerable hosts had been infected
  • World
  • USA
nyxem email virus
Nyxem Email Virus
    • Jan 15, 2006: infected about 1M computers within two weeks
    • At least 45K of the infected computers were also compromised by other forms of spyware or botware
  • Spread
security trends
Security Trends

www.cert.org (Computer Emergency Readiness Team)

the cast of characters
The Cast of Characters
  • Alice and Bob are the good guys
  • Trudy is the bad guy
  • Trudy is our generic “intruder”
  • Who might Alice, Bob be?
    • … well, real-life Alices and Bobs
    • Web browser/server for electronic transactions
    • on-line banking client/server
    • DNS servers
    • routers exchanging routing table updates
alice s online bank
Alice’s Online Bank
  • Alice opens Alice’s Online Bank (AOB)
  • What are Alice’s security concerns?
  • If Bob is a customer of AOB, what are his security concerns?
  • How are Alice and Bob concerns similar? How are they different?
  • How does Trudy view the situation?
alice s online bank45
Alice’s Online Bank
  • AOB must prevent Trudy from learning Bob’s balance
    • Confidentiality (prevent unauthorized reading of information)
  • Trudy must not be able to change Bob’s balance
  • Bob must not be able to improperly change his own account balance
    • Integrity (prevent unauthorized writing of information)
alice s online bank46
Alice’s Online Bank
  • AOB’s information must be available when needed
    • Availability (data is available in a timely manner when needed)
  • How does Bob’s computer know that “Bob” is really Bob and not Trudy?
  • When Bob logs into AOB, how does AOB know that “Bob” is really Bob?
    • Authentication (assurance that other party is the claimed one)
  • Bob can’t view someone else’s account info
  • Bob can’t install new software, etc.
    • Authorization (allowing access only to permitted resources)
think like trudy
Think Like Trudy
  • Good guys must think like bad guys!
  • A police detective
    • Must study and understand criminals
  • In security
    • We must try to think like Trudy
    • We must study Trudy’s methods
    • We can admire Trudy’s cleverness
    • Often, we can’t help but laugh at Alice and Bob’s carelessness
    • But, we cannot act like Trudy