Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.

Similar presentations


Presentation on theme: "Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5."— Presentation transcript:

1 Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5

2 Slide 14-2 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security

3 Slide 14-3 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Allowing Only Authorized Access Unauthorized Access Authorized Access Authentication Authorization Secure Entity Subject

4 Slide 14-4 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography A security policy reflects an organization’s strategy for authorizing access to the computer’s resources only to authenticated parties –Accountants have access to payroll files –OS processes have access to the page table –Client process has access to information provided by a server

5 Slide 14-5 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Cryptographically Protected Information Secure Element Secure Element Secure Environment Secure Container

6 Slide 14-6 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Windows 2000 Logon Security Reference Monitor (SRM) Security Reference Monitor (SRM) Netlogon Active Directory Active Directory LSA* Server LSA* Server SAM** Server SAM** Server Local Security Authority Subsystem (Lsass) * Local Security Authority ** Security Accounts Manager (SAM) SAM Active Directory Active Directory LSA Policy LSA Policy Winlogon process Winlogon process User Space Supervisor Space Authentic. Network

7 Slide 14-7 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Security Goals Resource X Resource W Resource Y Resource Z Process A Process BProcess C Authentication Authorization read read/write read read/write Machine X Machine Y

8 Slide 14-8 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Authentication User/process authentication –Is this user/process who it claims to be? Passwords More sophisticated mechanisms Authentication in networks –Is this computer who it claims to be? File downloading Obtaining network services The Java promise

9 Slide 14-9 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Authorization Is this user/process allowed to access the resource under the current policy? What type of access is allowable? –Read –Write –Execute –Append

10 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Lampson’s Protection Model Active parts (e.g., processes) –Operate in different domains –Subject is a process in a domain Passive parts are called objects Want mechanism to implement different security policies for subjects to access objects –Many different policies must be possible –Policy may change over time

11 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects S desires  access to X 

12 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects Protection State S desires  access to X Protection state reflects current ability to access X

13 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects Protection State Transition S desires  access to X Protection state reflects current ability to access X Authorities can change

14 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects Protection State Transition Rules S desires  access to X Protection state reflects current ability to access X Authorities can change What are rules for changing authority?

15 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects Protection State Transition Rules Policy S desires  access to X Protection state reflects current ability to access X Authorities can change What are rules for changing authority? How are the rules chosen?

16 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection System Example S X S desires  access to X 

17 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection System Example S X  Access matrix S X S desires  access to X Captures the protection state

18 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection System Example S X  Access matrix S Access authentication (S, , X) X S desires  access to X Captures the protection state Generates an unforgeable ID

19 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection System Example S X  S Access authentication Monitor (S, , x) X S desires  access to X Captures the protection state Generates an unforgeable ID Checks the access against the protection state

20 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection State Example S1S1 S2S2 S3S3 S1S1 S2S2 S3S3 F1F1 F2F2 D1D1 D2D2 control block wakeup owner control owner stop deleteexecute owner updateownerseek* read* write* seekowner

21 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Protection System Subjects X S Objects Protection State Transition Rules Policy Handling state changes

22 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Policy Rules Example S1S1 S2S2 S3S3 S1S1 S2S2 S3S3 F1F1 F2F2 D1D1 D2D2 control block wakeup owner control owner stop deleteexecute owner updateownerseek* read* write* seekowner RuleCommand by S 0 AuthorizationEffect 1transfer(  |  *) to (S, X)  *  A[S 0, X]A[S, X] = A[S, X]  {  |  *} 2grant(  |  *) to (S, X)owner  A[S 0, X]A[S, X] = A[S, X]  {  |  *} 3delete  from (S, X)control  A[S 0, S]A[S, X] = A[S, X]-{  } or owner  A[S 0, X] Rules for a Particular Policy

23 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection Domains Lampson model uses processes and domains -- how is a domain implemented? –Supervisor/user hardware mode bit –Software extensions -- rings Inner rings have higher authority –Ring 0 corresponds to supervisor mode –Rings 1 to S have decreasing protection, and are used to implement the OS –Rings S+1 to N-1 have decreasing protection, and are used to implement applications

24 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Protection Domains (cont) Ring crossing is a domain change Inner ring crossing  rights amplification –Specific gates for crossing –Protected by an authentication mechanism Outer ring crossing uses less-protected objects –No authentication –Need a return path –Used in Multics and Intel (& above) hardware

25 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Two-level Domain Architecture Supv User

26 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 The General Ring Architecture R0R0 R1R1 R2R2 … RiRi …

27 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Implementing the Access Matrix Usually a sparse matrix –Too expensive to implement as a table –Implement as a list of table entries Column oriented list is called an access control list (ACL) –List kept at the object –UNIX file protection bits are one example Row oriented list is a called a capability list –List kept with the subject (i.e., process) –Kerberos ticket is a capability –Mach mailboxes protected with capabilities

28 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Access Control Lists Derived from an Access Matrix Resource Descriptor S X  X  X  X  X  X  Store the Access Matrix by columns Each ACL is kept at the object UNIX file protection bits are one example Windows resource managers also use ACLs for protection Resource Descriptor

29 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Capability Lists Derived from an Access Matrix Store the Access Matrix by rows List kept with the subject (i.e., process) Examples –Ticket to a concert –Kerberos ticket –Mach mailboxes S X    S S  S Process Descriptor  S S 

30 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Capabilities Provides an address to object from a very large address space Possession of a capability represents authorization for access Implied properties: –Capabilities must be very difficult to guess –Capabilities must be unique and not reused –Capabilities must be distinguishable from randomly generated bit patterns

31 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Cryptography Information can be encoded using a key when it is written (or transferred) -- encryption It is then decoded using a key when it is read (or received) -- decryption Very widely used for secure network transmission

32 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Cryptography plaintextciphertext encryption decryption

33 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Cryptography plaintext Encrypt Decrypt KeKe KdKd C = E Ke (plaintext)

34 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 More on Cryptography plaintext Encrypt Decrypt KeKe KdKd C = E Ke (plaintext) Invader Side informationplaintext

35 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Cryptographic Systems Conventional Systems Modern Systems Private KeyPublic Key K e and K d are essentially the same K e and K d are private K e is public K d is private

36 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Kerberos Authentication Server Client Server

37 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Kerberos Authentication Server Client Server Client ID Session Key Encrypted for client Encrypted for server Ticket

38 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Kerberos Authentication Server Client Server Client ID Session Key Encrypted for client Encrypted for server Ticket Session Key

39 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 Kerberos Authentication Server Client Server Client ID Session Key Encrypted for client Encrypted for server Ticket Client ID Session Key Ticket Session Key Client ID Session Key

40 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 The DES Algorithm Plain Text Plain Text 64-bit Block L j-1 R j-1 IP f f K j =  (K, j)   R j-1 64-bit Block IP -1

41 Slide Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 A Digital Rights Management System InTransit Raw Consumable Serve Translate Distribute Content Repository Playback Rights Editor Query Rights Publisher Consumer API Admin Distributor, etc Style Editor Style Server Client Other parties may contribute to rights spec


Download ppt "Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5."

Similar presentations


Ads by Google