Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Chapter 9 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Published byLoreen Hines Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Chapter 9 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved."— Presentation transcript:

1 Security Chapter 9 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

2 The Security Environment Threats Figure 9-1. Security goals and threats. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

3 Can We Build Secure Systems? Two questions concerning security: 1. Is it possible to build a secure computer system? 2. If so, why is it not done? Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

4 Trusted Computing Base Figure 9-2. A reference monitor. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

5 Protection Domains (1) Figure 9-3. Three protection domains. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

6 Protection Domains (2) Figure 9-4. A protection matrix. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

7 Protection Domains (3) Figure 9-5. A protection matrix with domains as objects. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

8 Access Control Lists (1) Figure 9-6. Use of access control lists to manage file access. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

9 Access Control Lists (2) Figure 9-7. Two access control lists. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

10 Capabilities (1) Figure 9-8. When capabilities are used, each process has a capability list. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

11 Capabilities (2) Figure 9-9. A cryptographically protected capability. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

12 Capabilities (3) Examples of generic rights: 1. Copy capability: create new capability for same object. 2. Copy object: create duplicate object with new capability. 3. Remove capability: delete entry from C-list; object unaffected. 4. Destroy object: permanently remove object and capability. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

13 Formal Models of Secure Systems Figure 9-10. (a) An authorized state. (b) An unauthorized state. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

14 Multilevel Security Bell-LaPadula Model Bell-LaPadula Model rules for information flow: 1. The simple security property –Process running at security level k can read only objects at its level or lower 2. The * property –Process running at security level k can write only objects at its level or higher Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

15 Bell-LaPadula Model Figure 9-11. The Bell-LaPadula multilevel security model. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

16 The Biba Model To guarantee the integrity of the data: 1. The simple integrity principle –process running at security level k can write only objects at its level or lower (no write up). 2. The integrity * property –process running at security level k can read only objects at its level or higher (no read down). Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

17 Covert Channels (1) Figure 9-12. (a) The client, server, and collaborator processes. (b) The encapsulated server can still leak to the collaborator via covert channels. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

18 Covert Channels (2) Figure 9-13. A covert channel using file locking. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

19 Steganography Figure 9-14. (a) Three zebras and a tree. (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

20 Basics of Cryptography Figure 9-15. Relationship between the plaintext and the ciphertext. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

21 Secret-Key Cryptography An encryption algorithm in which each letter is replaced by a different letter. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

22 Digital Signatures Figure 9-16. (a) Computing a signature block. (b) What the receiver gets. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

23 Authentication (1) Methods of authenticating users when they attempt to log in based on one of three general principles: 1. Something the user knows. 2. Something the user has. 3. Something the user is. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

24 Authentication (2) Figure 9-17. (a) A successful login. (b) Login rejected after name is entered. (c) Login rejected after name and password are typed. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

25 UNIX Password Security Figure 9-18. The use of salt to defeat precomputation of encrypted passwords. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

26 Challenge-Response Authentication Questions should be chosen so that the user does not need to write them down. Examples: 1. Who is Marjolein’s sister? 2. On what street was your elementary school? 3. What did Mrs. Ellis teach? Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

27 Authentication Using a Physical Object Figure 9-19. Use of a smart card for authentication. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

28 Authentication Using Biometrics Figure 9-20. A device for measuring finger length. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Download ppt "Security Chapter 9 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved."

Similar presentations

Chapter 9 Security 9.1 The security environment

Chapter 9 Security 9.1 The security environment
Tanenbaum & Woodhull, Operating Systems: Design and Implementation, (c) 2006 Prentice-Hall, Inc. All rights reserved. 0-13-142938-8 OPERATING SYSTEMS DESIGN.

Tanenbaum & Woodhull, Operating Systems: Design and Implementation, (c) 2006 Prentice-Hall, Inc. All rights reserved OPERATING SYSTEMS DESIGN.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.

Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
1 Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.

1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
Chapter 9 Security 9.4 - 9.6 Authentication Insider Attacks Exploiting Code Bugs.

Chapter 9 Security Authentication Insider Attacks Exploiting Code Bugs.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
File System Implementation

File System Implementation
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Buffer Overflow Attacks Figure 9-21. (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.

Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Chapter 9 Security Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Similar presentations

Ads by Google