1. March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework collect/returnHomework collect/return OS Security/PolicyOS Security/Policy OS Security/TechniquesOS Security/Techniques Trojan HorseTrojan Horse Encrypting a File/PGPEncrypting a File/PGP

2. March 2005 2R. Smith - University of St Thomas - Minnesota Security Perimeters/Sharing/Policy Pretty good, overallPretty good, overall Important pointsImportant points –Distinguish between known agreements and behaviors, and the rationale behind them “They have their own computers, so…” wasn’t asked“They have their own computers, so…” wasn’t asked “It’s understood (or not) about sharing” - WAS asked“It’s understood (or not) about sharing” - WAS asked –Note the features that make protection stronger, like locks and barriers (doors, walls) –Being in a room with the door closed is better than being left on a bench in a public park - GIVEN THE THREATS What if threats know your machine has valuable stuff?What if threats know your machine has valuable stuff? The Antiques Roadshow dilemma - nobody wants to steal it if it’s priceless but nobody knowsThe Antiques Roadshow dilemma - nobody wants to steal it if it’s priceless but nobody knows If there’s no reason to seek it out, it’s saferIf there’s no reason to seek it out, it’s safer –“Tragedy of the Commons”

3. March 2005 3R. Smith - University of St Thomas - Minnesota What IS an operating system? Could someone point it out to me, please?Could someone point it out to me, please?

4. March 2005 4R. Smith - University of St Thomas - Minnesota Operating Systems: Policy What are we trying to protect?What are we trying to protect? What are the operating goals?What are the operating goals?

5. March 2005 5R. Smith - University of St Thomas - Minnesota Pieces of an OS Bootup software - gets things startedBootup software - gets things started I/O management - controls the hard drives, kb, mouse, monitor, etc.I/O management - controls the hard drives, kb, mouse, monitor, etc. Process management - starts up programs for users, and for the OS itselfProcess management - starts up programs for users, and for the OS itself Memory management - arranges RAM for user programs and for OS activitiesMemory management - arranges RAM for user programs and for OS activities File management - handles storage on the hard drive so you can find and store things thereFile management - handles storage on the hard drive so you can find and store things there Operator interface - control the OS and start up programsOperator interface - control the OS and start up programs

6. March 2005 6R. Smith - University of St Thomas - Minnesota How can an OS protect itself? What are the risks?What are the risks? –User A damaging User B’s files –Program X crashing Program Y –Program X damaging OS data –Program X damaging OS programs on disk File permissions - the tip of the icebergFile permissions - the tip of the iceberg Restrictions on processesRestrictions on processes Restrictions on RAMRestrictions on RAM Protection is layered up through file systemProtection is layered up through file system –“Privileged” programs –Device drivers and kernel mode –Kernel loadable modules

7. March 2005 7R. Smith - University of St Thomas - Minnesota Windows and Privileged Software “Privileges” tied to accounts“Privileges” tied to accounts –Programs/objects inherit them from user’s process –Can be granted to a user ID or a group Example privilegesExample privileges –login interactively or over network or as service –Setting the clock or time zone –Shutdown, undock machine –Load device driver –Create special system files, like page file

8. March 2005 8R. Smith - University of St Thomas - Minnesota The Trojan Horse and file hacking Transitive trustTransitive trust Data leakage and the shared file systemData leakage and the shared file system Diagram!Diagram!

9. March 2005 9R. Smith - University of St Thomas - Minnesota Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by- sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.