Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE331: Introduction to Networks and Security Lecture 28 Fall 2002."— Presentation transcript:

1 CSE331: Introduction to Networks and Security Lecture 28 Fall 2002

2 CSE331 Fall 20022 Announcements Project 3 is due on Monday Nov. 18 th 4 th individual homework assignment –Security general concepts –Cryptography –Authentication protocols –Handed out next week; Due at end of the semester

3 CSE331 Fall 20023 Recall: The “Gold” Standard Authentication –Identify which principals take which actions Audit –Recording the security relevant actions Authorization –Determine what actions are permissible –This lecture

4 CSE331 Fall 20024 Authorization Authorization is the process of determining whether a principal is permitted to perform a particular action. Access control –Example: Read/Write/Execute permissions for a file system. –Example: Java applets have restricted authorization to perform network & disk I/O.

5 CSE331 Fall 20025 Policy vs. Mechanism Access control policy is a specification –Given in terms of a model of the system –Subjects: do things (i.e. a process writes to files) –Objects: are passive (i.e. the file itself) –Actions: what the subjects do (i.e. read a string from a file) –Rights: describe authority (i.e. read or write permission) Mechanisms are used to implement a policy –Example: access control bits in Unix file system & OS checks –Mechanism should be general; ideally should not constrain the possible policies. –Complete mediation: every access must be checked

6 CSE331 Fall 20026 Reference Monitors Subject Monitor (Action, Object) Request Granted Denied?

7 CSE331 Fall 20027 Example Reference Monitors Operating Systems –File system –Memory (virtual memory, separate address spaces) Firewalls –Regulate network access Java Virtual Machine –Regulates Java programs’ resource usage Operate at different levels of abstraction –Interface (Subjects, Objects, Actions) varies

8 CSE331 Fall 20028 Access Control Matrices A[s][o]Obj 1 Obj 2 …Obj N Subj 1 {r,w,x}{r,w}…{} Subj 2 {w,x}{}…… …………… Subj M {x}{r,w,x}… Each entry contains a set of rights.

9 CSE331 Fall 20029 Access Control Checks Suppose subject s wants to perform action that requires right r on object o: If (r  A[s][o]) then perform action else access is denied

10 CSE331 Fall 200210 Rights and Actions Besides read, write, execute actions there are many others: Ownership Creation –New subjects (i.e. in Unix add a user) –New objects (i.e. create a new file) –New rights: Grant right r to subject s with respect to object o (sometimes called delegation) Deletion of –Subjects –Objects –Rights (sometimes called revocation)

11 CSE331 Fall 200211 Example Assume OS is a subject with all rights To create a file f owned by Alice: –Create object f –Grant own to Alice with respect to f –Grant read to Alice with respect to f –Grant write to Alice with respect to f

12 CSE331 Fall 200212 Implementing Reference Monitors Criteria –Correctness –Complete mediation –Expressiveness (what policies are admitted) –How large/complex is the mechanism? Trusted Computing Base (TCB) –The set of components that must be trusted to enforce a given security policy –Would like to simplify/minimize the TCB to improve assurance of correctness

13 CSE331 Fall 200213 Software Mechanisms Interpreters –Check the execution of every instruction –Hard to mediate high-level abstractions Wrappers –Only “interpret” some of the instructions –What do you wrap? –Where do you wrap? (link-time?) Program Interpreter Hardware A[s][o]

14 CSE331 Fall 200214 Hardware Mechanisms Multiple modes of operation –User mode (problem state) –Kernel mode (supervisor state) Specialized hardware –Virtual memory support (TLB’s, etc.) –Interrupts

15 CSE331 Fall 200215 Protecting the Reference Monitor It must not be possible to circumvent the reference monitor by corrupting it Mechanisms –Type checking –Sandboxing: run processes in isolation –Software fault isolation: rewrite memory access instructions to perform bounds checking –User/Kernel modes –Segmentation of memory (OS resources aren’t part of virtual memory system)

16 CSE331 Fall 200216 Storing the Access Control Matrix Subjects >> # users –Processes Objects >> # files –Potentially could have permissions on any resource The matrix is typically sparse –Store only non-empty entries

17 CSE331 Fall 200217 Access Control Lists A[s][o]Obj 1 Obj 2 …Obj N Subj 1 {r,w,x}{r,w}…{} Subj 2 {w,x}{}…{r} …………… Subj M {x}{r,w,x}… For each object, store a list of (Subject x Rights) pairs.

18 CSE331 Fall 200218 Access Control Lists Resolving queries is linear in length of the list Revocation w.r.t. a single object is easy “Who can access this object?” is easy –Useful for auditing Lists could be long –Factor into groups (lists of subjects) –Give permissions based on group –Introduces consistency question w.r.t. groups Authentication critical –When does it take place? Every access would be expensive.

19 CSE331 Fall 200219 Capabilities Lists A[s][o]Obj 1 Obj 2 …Obj N Subj 1 {r,w,x}{r,w}…{} Subj 2 {w,x}{}…{r} …………… Subj M {x}{r,w,x}… For each subject, store a list of (Object x Rights) pairs.

20 CSE331 Fall 200220 Capabilities A capability is a (Object, Rights) pair –Used like a movie ticket (“Star Wars II”, {view}) Should be unforgeable –Otherwise, subjects could get illegal access Authentication takes place when the capabilities are granted (not needed at use) Harder to do revocation (must find all tickets) Easy to audit a subject, hard to audit an object

21 CSE331 Fall 200221 Implementing Capabilities Must be able to name objects Unique identifiers –Must keep map of UIDs to objects –Must protect integrity of the map –Extra level of indirection to use the object –Generating UIDs can be difficult Pointers –Name changes when the object moves –Remote pointers in distributed setting –Aliasing possible

22 CSE331 Fall 200222 Unforgeability of Capabilities Special hardware: tagged words in memory –Can’t copy/modify tagged words Store the capabilities in protected address space Could use static scoping mechanism of safe programming languages. –Java’s “private” fields Could use cryptographic techniques –OS kernel could sign (Object, Rights) pairs using a private key –Any process can verify the capability

Download ppt "CSE331: Introduction to Networks and Security Lecture 28 Fall 2002."

Similar presentations

Operating System Security

Operating System Security
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS426Fall 2010/Lecture 71 Computer Security CS 426 Lecture 7 Operating System Security Basics.

CS426Fall 2010/Lecture 71 Computer Security CS 426 Lecture 7 Operating System Security Basics.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.

Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
CSE331: Introduction to Networks and Security Lecture 29 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 29 Fall 2002.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Chapter 14: Protection.

Chapter 14: Protection.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Similar presentations

Ads by Google