We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAdrienne Norrie
Modified over 2 years ago
Chapter 15 Security and Protection Copyright © 2008
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.2Operating Systems, by Dhananjay Dhamdhere2 Introduction Overview of Security and Protection Security Attacks Formal Aspects of Security Encryption Authentication and Password Security Protection Structures Protection Domain Capabilities Classifications of Computer Security Case Studies in Security and Protection
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.3Operating Systems, by Dhananjay Dhamdhere3 Overview of Security and Protection A threat is a possible form of interference –Security: threats to resources from nonusers –Protection: threats from users
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.4Operating Systems, by Dhananjay Dhamdhere4 Overview of Security and Protection (continued)
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.5Operating Systems, by Dhananjay Dhamdhere5 Overview of Security and Protection (continued)
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.6Operating Systems, by Dhananjay Dhamdhere6 Goals of Security and Protection Only privacy is exclusively a protection concern –Controlled sharing based on need-to-know principle
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.7Operating Systems, by Dhananjay Dhamdhere7 Security and Protection Threats Examples of security threats: –Threats raised by data and programs downloaded from the Internet Examples of protection threats: –Illegal access to a resource or a service by a process –An attempt to tamper with messages Security threats can arise more easily in a distributed OS
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.8Operating Systems, by Dhananjay Dhamdhere8 Security Attacks Security attack: attempt to breach security of a system Terminology: security attacks, adversary, intruder Two common forms of security attacks are: –Masquerading: assume identity of a registered user through illegitimate means –Denial of service (DoS) Prevent users from accessing resources for which they possess access privileges –Network DoS attack, distributed DoS attack Other types of attacks: –Message eavesdropping –Tampering with messages
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.9Operating Systems, by Dhananjay Dhamdhere9 Trojan Horses, Viruses, and Worms Trojan horses, viruses, and worms contain code that can launch a security attack when activated
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.10Operating Systems, by Dhananjay Dhamdhere10 Trojan Horses, Viruses, and Worms (continued) A virus typically sets up a back door that can be exploited for a destructive purpose at a later date –E.g., executable virus, boot-sector virus, e-mail virus Worms may spread using buffer overflow technique Measures to foil security attacks: –Using caution while loading new programs into a computer –Using antivirus programs –Plugging security holes
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.11Operating Systems, by Dhananjay Dhamdhere11 The Buffer Overflow Technique
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.12Operating Systems, by Dhananjay Dhamdhere12 Formal Aspects of Security To formally prove a system is secure, we need: –A security model comprising security policies and mechanisms –A list of threats –A list of fundamental attacks –A proof methodology Manual procedures can discover security flaws –But procedures become less reliable as systems grow Formal approach constructs feasible sequences of operations and deduces their consequences –But hard to develop specification of a system and threats
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.13Operating Systems, by Dhananjay Dhamdhere13 Encryption Encryption: application of an algorithmic transformation to data –Cryptography deals with encryption techniques –Plaintext is transformed to encrypted/ciphertext form –Confidentiality provided through encryption also helps to verify integrity of data –Two types: symmetric and asymmetric
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.14Operating Systems, by Dhananjay Dhamdhere14
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.15Operating Systems, by Dhananjay Dhamdhere15
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.16Operating Systems, by Dhananjay Dhamdhere16 Attacks on Cryptographic Systems An attack on a cryptographic system consists of a series of attempts to find the decryption function D k Quality of encryption: ability to withstand attacks –Aim: perform high-quality encryption at a low cost –Encryption quality is best if E k is a one-way function Attacks: –Exhaustive attack –Ciphertext only attack –Known plaintext attack –Chosen plaintext attack
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.17Operating Systems, by Dhananjay Dhamdhere17 Encryption Techniques Simplest encryption technique: substitution cipher –Can be broken using a frequency analysis How to mask features of plaintext during encryption? –Use Shannon’s principles of Confusion Diffusion
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.18 Block cipher: –A block of plaintext replaced by a block of ciphertext –Extension of the classical substitution cipher –Simple to implement –Vulnerable to: Frequency analysis Known plaintext Chosen plaintext attacks Operating Systems, by Dhananjay Dhamdhere18 Encryption Techniques (continued)
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.19Operating Systems, by Dhananjay Dhamdhere19 Encryption Techniques (continued) Stream cipher: –Transformation involves a few bits of the plaintext and an equal number of bits of the encryption key –Faster than a block cipher –Examples: vernam cipher, one-time pad, ciphertext autokey, self-synchronizing cipher, RC4
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.20Operating Systems, by Dhananjay Dhamdhere20 Encryption Techniques (continued) Data Encryption Standard (DES) –56-bit key to encrypt 64-bit data blocks –Cipher block chaining (CBC) mode used to overcome problem of poor diffusion –Steps: permutation, transformation, permutation –Triple DES contains three applications of DES
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.21Operating Systems, by Dhananjay Dhamdhere21 Encryption Techniques (continued) Advanced Encryption Standard (AES) –Variant of Rijndael –Uses only substitutions and permutations –Block size of 128 bits –Keys of 128, 192, or 256 bits –Each round consists of: Byte substitution Shifting of rows Mixing of columns Key addition
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.22Operating Systems, by Dhananjay Dhamdhere22 Authentication and Password Security Authentication typically performed using passwords
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.23Operating Systems, by Dhananjay Dhamdhere23 Protection Structures Protection structure: classical name for the authorization database Access privilege (for a file): right to make a specific form of access to the file Access descriptor: representation of a collection of access privileges for a file –Access control information (for a file): collection of access descriptors
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.24Operating Systems, by Dhananjay Dhamdhere24 Granularity of Protection Users desire medium- or fine-grained protection –Lead to a large size of the protection structure OSs resort to coarse-grained protection to reduce size of the protection structure
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.25Operating Systems, by Dhananjay Dhamdhere25 Access Control Matrix An access control matrix is a protection structure that provides efficient access to: –Access privileges of users to various files –Access control information for files
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.26Operating Systems, by Dhananjay Dhamdhere26 Access Control Lists (ACLs) ACL of a file is a representation of its access control information –Contains the non-null entries that the file’s column would have contained in the ACM
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.27Operating Systems, by Dhananjay Dhamdhere27 Capability Lists (C-lists) A C-list represents access privileges of a user to various files in the system –Contains the non-null entries that the user’s row in the ACM would have contained
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.28Operating Systems, by Dhananjay Dhamdhere28 Protection Domain Use of access control matrix, ACL, or C-list used to confer access privileges on users achieves secrecy Privacy goal requires that information should be used only for intended purposes –Access privileges granted to a protection domain –A process operates “within” a protection domain –It can switch domains during operation
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.29Operating Systems, by Dhananjay Dhamdhere29 Capabilities A capability is a token representing some access privileges for an object –An object is any HW or SW entity in the system
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.30Operating Systems, by Dhananjay Dhamdhere30 Capability-Based Computer Systems Capability-based computer systems implement capability-based addressing and protection for all objects in system –Many capability-based systems built for research –Intel iapx-432 was a capability-based commercial system
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.31Operating Systems, by Dhananjay Dhamdhere31 Capability-Based Computer Systems (continued)
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.32Operating Systems, by Dhananjay Dhamdhere32 Software Capabilities The OS for a non-capability-based computer can implement capabilities in software –Manipulation and protection of objects performed by part of kernel called object manager (OM) –Two problems: Process may be able to bypass the capability-based protection arrangement while accessing objects It may be able to tamper with or fabricate capabilities –Problems solves through encryption of object table and capabilities
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.33Operating Systems, by Dhananjay Dhamdhere33 Problem Areas in the Use of Capabilities Use of capabilities has three practical problems: –Need for garbage collection –Confinement of capabilities –Revocation of capabilities
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.34Operating Systems, by Dhananjay Dhamdhere34 Classifications of Computer Security
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.35Operating Systems, by Dhananjay Dhamdhere35 Case Studies in Security and Protection MULTICS Unix Linux Security and Protection in Windows
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.36Operating Systems, by Dhananjay Dhamdhere36 MULTICS 64 protection domains organized as concentric rings Complex protection structure –Incurs substantial execution overhead due to checks made at a procedure call
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.37Operating Systems, by Dhananjay Dhamdhere37 Unix Employs encryption for password security Can use shadow passwords file accessible only to root Three user classes: owner, group, and other users –3-bit bit-encoded access descriptor for each user class Setuid permits change of protection domain
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.38Operating Systems, by Dhananjay Dhamdhere38 Linux Authenticates user at login time by adding a “salt” value to password and encrypting result with MD5 May use a shadow passwords file only to the root Provides pluggable authentication modules (PAMs) File access protection based on user id and group id of a process System calls fsuid and fsgid can be used by server to temporarily assume identity of its client Supports Linux security modules (LSM) Security Enhanced Linux (SELinux)
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.39Operating Systems, by Dhananjay Dhamdhere39 Security and Protection in Windows Several elements of C2- and B2-class systems –Discretionary access control –Object reuse protection –Auditing of security-related events –Security reference monitor (SRM) that enforces access control –Trusted path for authentication Defeats masquerading attacks through a Trojan horse An object file has a security descriptor –ID, DACL, and SACL
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.40Operating Systems, by Dhananjay Dhamdhere40 Security and Protection in Windows (continued) DACL, SACL are lists of access control entries (ACEs) –An ACE allows or disallows certain kinds of accesses –SACL is used to generate an audit log Client–server security through access tokens –Impersonation feature using impersonation tokens Security features added in Vista: –Defeats buffer overflow attacks in X-86 architectures –Detecting heap corruption –Preventing access to system code –Preventing misuse of privileges –Network access protection
Operating Systems, by Dhananjay Dhamdhere Copyright © 200815.41Operating Systems, by Dhananjay Dhamdhere41 Summary Security and protection measures are used to counter interference threats –Use authentication and authorization techniques Threats launched using Trojan horses, viruses, worms, and exploitation of buffer overflows Encryption is an algorithmic transformation of data –Block ciphers and stream ciphers –Widely used encryption standards: DES and AES Access control lists, capability lists, and protection domains are protection structures TCSEC is a security classification
Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Silberschatz, Galvin and Gagne Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 21 Distributed System Security Copyright © 2008.
Operating Systems Protection & Security.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Chapter 1 Introduction Copyright © Operating Systems, by Dhananjay Dhamdhere Copyright © Introduction Abstract Views of an Operating System.
Lecture 23 Symmetric Encryption
Block Ciphers and the Data Encryption Standard
Chapter 20 Symmetric Encryption and Message Confidentiality.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Chapter 8. Cryptography is the science of keeping information secure in terms of confidentiality and integrity. Cryptography is also referred to as.
Operating Systems 1 K. Salah Module 6.0: Security and Protection Types of misuse: –1. Accidental –2. Intentional –Protection is to prevent either accidental.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1 CPCS425: Information Security (Topic 5) Topic 5 Symmetrical Cryptography Understand the principles of modern symmetric (conventional) cryptography.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Silberschatz and Galvin Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Network Security Chapter
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Security.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Protection & Security Introduction to Operating Systems: Module 16.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptography, Authentication and Digital Signatures
Module :MA3036NI Symmetric Encryption -3 Lecture Week 4.
Introduction (Pendahuluan) Information Security Criptography.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
Focus on various part of the operating system can achieve the security and protection according to the organization’s requirement. External and internal.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Cryptography and Network Security
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
© 2017 SlidePlayer.com Inc. All rights reserved.