Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.

Similar presentations


Presentation on theme: "Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security."— Presentation transcript:

1 Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security

2 Slide 14-2 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Allowing Only Authorized Access Unauthorized Access Authorized Access Authentication Authorization Secure Entity Subject

3 Slide 14-3 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography A security policy reflects an organizations strategy for authorizing access to the computers resources only to authenticated parties –Accountants have access to payroll files –OS processes have access to the page table –Client process has access to information provided by a server

4 Slide 14-4 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Cryptographically Protected Information Secure Element Secure Element Secure Environment Secure Container

5 Slide 14-5 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Windows 2000 Logon Security Reference Monitor (SRM) Security Reference Monitor (SRM) Netlogon Active Directory Active Directory LSA* Server LSA* Server SAM** Server SAM** Server Local Security Authority Subsystem (Lsass) * Local Security Authority ** Security Accounts Manager (SAM) SAM Active Directory Active Directory LSA Policy LSA Policy Winlogon process Winlogon process User Space Supervisor Space Authentic. Network

6 Slide 14-6 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Security Goals Resource X Resource W Resource Y Resource Z Process A Process BProcess C Authentication Authorization read read/write read read/write Machine X Machine Y

7 Slide 14-7 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Authentication User/process authentication –Is this user/process who it claims to be? Passwords More sophisticated mechanisms Authentication in networks –Is this computer who it claims to be? File downloading Obtaining network services The Java promise

8 Slide 14-8 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Authorization Is this user/process allowed to access the resource under the current policy? What type of access is allowable? –Read –Write –Execute –Append

9 Slide 14-9 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects Protection State Transition Rules Policy S desires access to X Protection state reflects current ability to access X Authorities can change What are rules for changing authority? How are the rules chosen?

10 Slide 14-10 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection System Example S X S Access authentication Monitor (S,, x) X S desires access to X Captures the protection state Generates an unforgeable ID Checks the access against the protection state

11 Slide 14-11 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection State Example S1S1 S2S2 S3S3 S1S1 S2S2 S3S3 F1F1 F2F2 D1D1 D2D2 control block wakeup owner control owner stop deleteexecute owner updateownerseek* read* write* seekowner

12 Slide 14-12 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects Protection State Transition Rules Policy Handling state changes

13 Slide 14-13 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Policy Rules Example S1S1 S2S2 S3S3 S1S1 S2S2 S3S3 F1F1 F2F2 D1D1 D2D2 control block wakeup owner control owner stop deleteexecute owner updateownerseek* read* write* seekowner RuleCommand by S 0 AuthorizationEffect 1transfer( | *) to (S, X) * A[S 0, X]A[S, X] = A[S, X] { | *} 2grant( | *) to (S, X)owner A[S 0, X]A[S, X] = A[S, X] { | *} 3delete from (S, X)control A[S 0, S]A[S, X] = A[S, X]-{ } or owner A[S 0, X] Rules for a Particular Policy

14 Slide 14-14 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection Domains Lampson model uses processes and domains -- how is a domain implemented? –Supervisor/user hardware mode bit –Software extensions -- rings Inner rings have higher authority –Ring 0 corresponds to supervisor mode –Rings 1 to S have decreasing protection, and are used to implement the OS –Rings S+1 to N-1 have decreasing protection, and are used to implement applications

15 Slide 14-15 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection Domains (cont) Ring crossing is a domain change Inner ring crossing rights amplification –Specific gates for crossing –Protected by an authentication mechanism Outer ring crossing uses less-protected objects –No authentication –Need a return path –Used in Multics and Intel 80386 (& above) hardware

16 Slide 14-16 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Two-level Domain Architecture Supv User

17 Slide 14-17 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 The General Ring Architecture R0R0 R1R1 R2R2 … RiRi …

18 Slide 14-18 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Implementing the Access Matrix Usually a sparse matrix –Too expensive to implement as a table –Implement as a list of table entries Column oriented list is called an access control list (ACL) –List kept at the object –UNIX file protection bits are one example Row oriented list is a called a capability list –List kept with the subject (i.e., process) –Kerberos ticket is a capability –Mach mailboxes protected with capabilities

19 Slide 14-19 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Access Control Lists Derived from an Access Matrix Resource Descriptor S X X X X X X Store the Access Matrix by columns Each ACL is kept at the object UNIX file protection bits are one example Windows resource managers also use ACLs for protection Resource Descriptor

20 Slide 14-20 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Capability Lists Derived from an Access Matrix Store the Access Matrix by rows List kept with the subject (i.e., process) Examples –Ticket to a concert –Kerberos ticket –Mach mailboxes S X S S S Process Descriptor S S

21 Slide 14-21 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Capabilities Provides an address to object from a very large address space Possession of a capability represents authorization for access Implied properties: –Capabilities must be very difficult to guess –Capabilities must be unique and not reused –Capabilities must be distinguishable from randomly generated bit patterns

22 Slide 14-22 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Cryptography Information can be encoded using a key when it is written (or transferred) -- encryption It is then decoded using a key when it is read (or received) -- decryption Very widely used for secure network transmission

23 Slide 14-23 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Cryptography plaintextciphertext encryption decryption

24 Slide 14-24 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Cryptography plaintext Encrypt Decrypt KeKe KdKd C = E Ke (plaintext)

25 Slide 14-25 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Cryptography plaintext Encrypt Decrypt KeKe KdKd C = E Ke (plaintext) Invader Side informationplaintext

26 Slide 14-26 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Cryptographic Systems Conventional Systems Modern Systems Private KeyPublic Key K e and K d are essentially the same K e and K d are private K e is public K d is private

27 Slide 14-27 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Kerberos Authentication Server Client Server

28 Slide 14-28 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Kerberos Authentication Server Client Server Client ID Session Key Encrypted for client Encrypted for server Ticket Client ID Session Key Ticket Session Key Client ID Session Key

29 Slide 14-29 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 The DES Algorithm Plain Text Plain Text 64-bit Block L j-1 R j-1 IP f f K j = (K, j) R j-1 64-bit Block IP -1

30 Slide 14-30 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Digital Rights Management System InTransit Raw Consumable Serve Translate Distribute Content Repository Playback Rights Editor Query Rights Publisher Consumer API Admin Distributor, etc Style Editor Style Server Client Other parties may contribute to rights spec


Download ppt "Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security."

Similar presentations


Ads by Google