Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography."— Presentation transcript:

1 Protection and Security

2 Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography A security policy reflects an organization’s strategy for authorizing access to the computer’s resources only to authenticated parties –Accountants have access to payroll files –OS processes have access to the page table –Client process has access to information provided by a server

3 Security Goals Resource X Resource W Resource Y Resource Z Process A Process BProcess C Authentication Authorization read read/write read read/write Machine X Machine Y

4 Authentication User/process authentication –Is this user/process who it claims to be? Passwords More sophisticated mechanisms Authentication in networks –Is this computer who it claims to be? File downloading Obtaining network services The Java promise

5 Authorization Is this user/process allowed to access the resource under the current policy? What type of access is allowable? –Read –Write –Execute –Append

6 Lampson’s Protection Model Active parts (e.g., processes) –Operate in different domains –Subject is a process in a domain Passive parts are called objects Want mechanism to implement different security policies for subjects to access objects –Many different policies must be possible –Policy may change over time

7 A Protection System Subjects X S Objects S desires  access to X 

8 A Protection System Subjects X S Objects Protection State S desires  access to X Protection state reflects current ability to access X

9 A Protection System Subjects X S Objects Protection State Transition S desires  access to X Protection state reflects current ability to access X Authorities can change

10 A Protection System Subjects X S Objects Protection State Transition Rules S desires  access to X Protection state reflects current ability to access X Authorities can change What are rules for changing authority?

11 A Protection System Subjects X S Objects Protection State Transition Rules Policy S desires  access to X Protection state reflects current ability to access X Authorities can change What are rules for changing authority? How are the rules chosen?

12 Protection System Example S X S desires  access to X 

13 Protection System Example S X  Access matrix S X S desires  access to X Captures the protection state

14 Protection System Example S X  Access matrix S Access authentication (S, , X) X S desires  access to X Captures the protection state Generates an unforgeable ID

15 Protection System Example S X  S Access authentication Monitor (S, , x) X S desires  access to X Captures the protection state Generates an unforgeable ID Checks the access against the protection state

16 Protection State Example S1S1 S2S2 S3S3 S1S1 S2S2 S3S3 F1F1 F2F2 D1D1 D2D2 control block wakeup owner control owner stop deleteexecute owner updateownerseek* read* write* seekowner

17 A Protection System Subjects X S Objects Protection State Transition Rules Policy Handling state changes

18 Policy Rules Example S1S1 S2S2 S3S3 S1S1 S2S2 S3S3 F1F1 F2F2 D1D1 D2D2 control block wakeup owner control owner stop deleteexecute owner updateownerseek* read* write* seekowner RuleCommand by S 0 AuthorizationEffect 1transfer(  |  *) to (S, X)  *  A[S 0, X]A[S, X] = A[S, X]  {  |  *} 2grant(  |  *) to (S, X)owner  A[S 0, X]A[S, X] = A[S, X]  {  |  *} 3delete  from (S, X)control  A[S 0, S]A[S, X] = A[S, X]-{  } or owner  A[S 0, X] Rules for a Particular Policy

19 Protection Domains Lampson model uses processes and domains -- how is a domain implemented? –Supervisor/user hardware mode bit –Software extensions -- rings Inner rings have higher authority –Ring 0 corresponds to supervisor mode –Rings 1 to S have decreasing protection, and are used to implement the OS –Rings S+1 to N-1 have decreasing protection, and are used to implement applications

20 Protection Domains (cont) Ring crossing is a domain change Inner ring crossing  rights amplification –Specific gates for crossing –Protected by an authentication mechanism Outer ring crossing uses less-protected objects –No authentication –Need a return path –Used in Multics and Intel 80386 (& above) hardware

21 Implementing Access Matrix Usually a sparse matrix –Too expensive to implement as a table –Implement as a list of table entries Column oriented list is called an access control list (ACL) –List kept at the object –UNIX file protection bits are one example Row oriented list is a called a capability list –List kept with the subject (i.e., process) –Kerberos ticket is a capability –Mach mailboxes protected with capabilities

22 More on Capabilities Provides an address to object from a very large address space Possession of a capability represents authorization for access Implied properties: –Capabilities must be very difficult to guess –Capabilities must be unique and not reused –Capabilities must be distinguishable from randomly generated bit patterns

23 Cryptography Information can be encoded using a key when it is written (or transferred) -- encryption It is then decoded using a key when it is read (or received) -- decryption Very widely used for secure network transmission

24 More on Cryptography plaintextciphertext encryption decryption

25 More on Cryptography plaintext Encrypt Decrypt KeKe KdKd C = E Ke (plaintext)

26 More on Cryptography plaintext Encrypt Decrypt KeKe KdKd C = E Ke (plaintext) Invader Side informationplaintext

27 Cryptographic Systems Conventional Systems Modern Systems Private KeyPublic Key K e and K d are essentially the same K e and K d are private K e is public K d is private

28 Kerberos Authentication Server Client Server

29 Kerberos Authentication Server Client Server Client ID Session Key Encrypted for client Encrypted for server Ticket

30 Kerberos Authentication Server Client Server Client ID Session Key Encrypted for client Encrypted for server Ticket Session Key

31 Kerberos Authentication Server Client Server Client ID Session Key Encrypted for client Encrypted for server Ticket Client ID Session Key Ticket Session Key Client ID Session Key

Download ppt "Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Chapter 14: Protection.

Chapter 14: Protection.
SE571 Security in Computing

SE571 Security in Computing
OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.

OS Organization. OS Requirements Provide resource abstractions –Process abstraction of CPU/memory use Address space Concurrency Thread abstraction of.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Similar presentations

Ads by Google