1 / 43

Outline - PowerPoint PPT Presentation

  • Updated On :

Outline. Announcements Protection and security . Announcements. Lab 3 is due today in class You can turn it in by 5:00pm today without late penalty The last time and date you can turn the lab 3 in with 10 % penalty is 5:00pm, Dec. 5, 2001 Homework #5

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Outline' - esma

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Outline l.jpg

  • Announcements

  • Protection and security

Announcements l.jpg

  • Lab 3 is due today in class

    • You can turn it in by 5:00pm today without late penalty

    • The last time and date you can turn the lab 3 in with 10 % penalty is 5:00pm, Dec. 5, 2001

  • Homework #5

    • You need to turn in your Homework #5 at the beginning of class this Friday, Dec. 7, 2001

    • I will distribute and discuss the solutions in that class


Announcements cont l.jpg
Announcements – cont.

  • Final exam will be on 10:00am - 12:00 noon, Dec. 14, 2001

  • We will have recitations this Wednesday

    • I will answer questions

    • I will then talk about case studies in operating systems

      • UNIX

      • WindowsNT

      • Linux


Protection and security l.jpg
Protection and Security

  • Operating system consists of a collection of objects, hardware or software

  • Each object has a unique name and can be accessed through a well-defined set of operations

  • Protection and security problem - ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so


Protection and security cont l.jpg
Protection and Security – cont.

  • Internal authentication

    • Protection

  • External authentication

    • Security


Policy vs mechanism l.jpg
Policy vs. Mechanism

  • An organization’s security policy defines the rules for authorizing access to its computers and information resources

    • A particular strategy that dictates the way a mechanism is used to achieve specific goals

  • Protection mechanisms are tools for implementing the organization’s security policy


Internal access authorization l.jpg
Internal Access Authorization

  • Internal authorization is part of the task of managing resource sharing

    • The goal is to protect one process’s resources from the actions of other processes


Hardware protection mechanisms l.jpg
Hardware protection mechanisms

  • Processor modes and privileged instructions only valid in system mode

  • Memory protection

  • Devices, and in particular disks, are protected with processor modes and/or memory protection


Software protection mechanisms l.jpg
Software protection mechanisms

  • Hardware resources are protected by hardware protection mechanisms

  • Logical resources are only accessed through system calls

  • All system calls must be authorized by a protection monitor

    • The protection monitor accesses the protection database to make decisions


Access matrix l.jpg
Access Matrix

  • The protection state can be represented using an access matrix

    • An access matrix A has one row for each subject and one column for each object

    • Each entry A[S, X] is a set that describes the access rights held by subject S to object X

  • Access authentication

    • If subject S initiates type a access to X then

      if aA[S,X], the access is valid. If a  A[S, X], the access is invalid.


Use of access matrix l.jpg
Use of Access Matrix

  • If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix.

  • Can be expanded to dynamic protection.

    • Operations to add, delete access rights.

    • Special access rights:

      • owner of Oi

      • copy op from Oi to Oj

      • control – Di can modify Djs access rights

      • transfer – switch from domain Di to Dj


Use of access matrix cont l.jpg
Use of Access Matrix - cont.

  • Access matrix design separates mechanism from policy

    • Mechanism

      • Operating system provides Access-matrix + rules

      • If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced

    • Policy

      • User dictates policy

      • Who can access what object and in what mode


Domain structure l.jpg
Domain Structure

  • Access-right = <object-name, rights-set>Rights-set is a subset of all valid operations that can be performed on the object.

  • Domain = set of access-rights that a subject has at any given time


Protection domains l.jpg
Protection domains

  • A capability is a unique, global name for an access right to an object in the system

  • A protection domain is a set of capabilities to perform certain actions on certain objects

  • A process can move from protection domain to protection domain so, at any point, it has exactly the capabilities it needs for the current job (the principle of least privilege)

  • This is more flexible than associating capabilities directly with a process


Domain implementation l.jpg
Domain Implementation

  • UNIX

    • Domain = user-id

    • Domain switch accomplished via file system.

      • Each file has associated with it a domain bit (setuid bit).

      • When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.


Implementation of access matrix l.jpg
Implementation of Access Matrix

  • Each column = Access-control list for one object Defines who can perform what operation.Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read

  • Each Row = Capability List (like a key)Fore each domain, what operations allowed on what objects.

    • Object 1 – Read

    • Object 4 – Read, Write, Execute

    • Object 5 – Read, Write, Delete, Copy


Revocation of access rights l.jpg
Revocation of Access Rights

  • Access List – Delete access rights from access list.

    • Simple

    • Immediate

  • Capability List – Scheme required to locate capability in the system before capability can be revoked.

    • Reacquisition

    • Back-pointers

    • Indirection

    • Keys


Unix protection scheme l.jpg
Unix Protection Scheme

  • Mode of access: read, write, execute

  • Three classes of users


    a) owner access 7  1 1 1 RWX

    b) groups access 6  1 1 0


    c) public access 1  0 0 1


Capability based systems l.jpg
Capability-Based Systems

  • Hydra

    • Fixed set of access rights known to and interpreted by the system

    • Interpretation of user-defined rights performed solely by user's program; system provides access protection for use of these rights.

  • Cambridge CAP System

    • Data capability - provides standard read, write, execute of individual storage segments associated with object.

    • Software capability -interpretation left to the subsystem, through its protected procedures.


The security problem l.jpg
The Security Problem

  • Security must consider external environment of the system, and protect it from

    • unauthorized access.

    • malicious modification or destruction

    • accidental introduction of inconsistency.

  • Easier to protect against accidental than malicious misuse


User authentication l.jpg
User authentication

  • Three types of authentication:

    • Something a user knows

      • e.g. a password, a combination, answers to personal questions

    • Something a user has

      • e.g. a badge, a smart card, a key

    • Something a user is

      • e.g. fingerprint, signature, voice print, hand geometry, retinal blood vessel pattern


Authentication l.jpg

  • User identity most often established through passwords, can be considered a special case of either keys or capabilities.

  • Passwords must be kept secret.

    • Frequent change of passwords.

    • Use of “non-guessable” passwords.

    • Log all invalid access attempts.

  • Encryption


Authentication31 l.jpg

  • User authentication

  • Authentication in networks


Program threats l.jpg
Program Threats

  • Trojan Horse

    • Code segment that misuses its environment.

    • Exploits mechanisms for allowing programs written by users to be executed by other users.

  • Trap Door

    • Specific user identifier or password that circumvents normal security procedures.

    • Could be included in a compiler.


System threats l.jpg
System Threats

  • Worms – use spawn mechanism; standalone program

  • Internet worm

    • Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs.

    • Grappling hook program uploaded main worm program.

  • Viruses – fragment of code embedded in a legitimate program.

    • Mainly effect microcomputer systems.

    • Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection.

    • Safe computing.


The confinement problem l.jpg
The confinement problem

  • How do we prevent a program from leaking information to others?

  • It is not as simple as preventing IPC and I/O

  • A covert channel is a hidden means of communication information

    • e.g. sending bits by manipulating the CPU load


Threat monitoring l.jpg
Threat Monitoring

  • Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing.

  • Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.

  • Scan the system periodically for security holes; done when the computer is relatively unused.


Threat monitoring cont l.jpg
Threat Monitoring – cont.

  • Check for:

    • Short or easy-to-guess passwords

    • Unauthorized set-uid programs

    • Unauthorized programs in system directories

    • Unexpected long-running processes

    • Improper directory protections

    • Improper protections on system data files

    • Dangerous entries in the program search path (Trojan horse)

    • Changes to system programs: monitor checksum values


Encryption l.jpg

  • Encrypt clear text into cipher text.

  • Properties of good encryption technique:

    • Relatively simple for authorized users to encrypt and decrypt data.

    • Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key

    • Extremely difficult for an intruder to determine the encryption key

  • Data Encryption Standard substitutes characters and rearranges their order on the basis of an encryption key provided to authorized users via a secure mechanism. Scheme only as secure as the mechanism.


Encryption cont l.jpg
Encryption - cont.

  • Public-key encryption based on each user having two keys:

    • public key – published key used to encrypt data.

    • private key – key known only to individual user used to decrypt data.

  • Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme.

    • Efficient algorithm for testing whether or not a number is prime.

    • No efficient algorithm is know for finding the prime factors of a number.


Summary l.jpg

  • “None of the protection systems that exist today ... are completely fail-safe. The best we can do is to make it as difficult as possible for somebody to break a security device or get inside

  • Internal authentication and external authentication

  • Access matrix and implementation of access matrix