Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Computing Protection in General-Purpose Operating Systems.

Published byMoses Skinner Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in Computing Protection in General-Purpose Operating Systems."— Presentation transcript:

1 Security in Computing Protection in General-Purpose Operating Systems

2 I.Object protection A. Memory protection 1.Methods: a)Fence – in single-user OS prevent faulty user program destroying resident OS; confine user program to one side of the boundary;  Fence implementation (1) – Fixed fence; OS resides in predefined memory space and user on another  Fence implementation (2) – Variable fence register (base register); contains address of the end of OS; cannot protect one user against another

3 Figure 4-1 Fixed Fence.

4 Figure 4-2 Variable Fence Register.

5 I.Object protection b)Relocation – OS size change overtime; programs relocated to starting address by relocation factor  Fence register used as a hardware device; fence register contents added to program address c)Base/Bounds Registers – needed for multiuser environment  Base register provides only lower bound (starting address)  Bound register provide upper address limit; each user program reside within base and bound addresses; OS employs context switching

6 Figure 4-3 Pair of Base/Bounds Registers.

7 I.Object protection d)Tags – needed because base/bounds registers create an all or nothing for sharing data  A tagged architecture provides for one or more extra bits in each word of memory to identify access rights – R-W-RW-X e)Segmentation – simply dividing a program into separate pieces with logical memory addressing f)Paging – alternative to segmentation – program divided into equal pieces called pages and memory into equal sized units called page frames

8 Figure 4-5 Example of Tagged Architecture.

9 I.Object protection A. General control of access to objects 1.Methods: a)File Directory – mechanism for protecting objects (files) from users (subjects);  Every file has a unique owner who possesses controls access and revocation rights, including who else has what access  Each user has a file directory, which lists all the files which that user has access  Implemented by using one list per user, naming all the objects the user is allowed to access

10 Figure 4-10 Directory Access.

11 I.Object protection b)Alternative is Access Control List (ACL) – differs from directory list – one access control list per object i.e. no need for an entry for the object in the individual directory of each user c)Capability – OS hands some protection burden to user; ticketing system; lead to Kerberos system

12 Figure 4-12 Access Control List.

13 I.Object protection 2.Kerberos: – implements authentication and access authorisation by means of ticketing capabilities; MS OS NT+  Secure with symmetric cryptography  Uses authentication server (AS) and ticket- granting server (TGS), both part of KDC  User presents authentication credentials (e.g. password) to AS and receives authentication ticket showing that he/she has passed  To access a resource (e.g. Printer) user sends ticket to TGS; TGS returns authorised ticket and another ticket to present to Printer for access

14 II.Authentication A. Based on 1.something you know  Passwords, PIN numbers, mother’s name etc. 2.something you have  Identify badges, physical keys, driver’s licence etc 3.something you are  Biometrics – physical characteristics of users, such as fingerprint, pattern of person’s voice or face (picture

15 II.Authentication B. Attacks on Passwords 1.Try all possible passwords (exhaustive or brute force attack) 2.Try frequently used passwords (probable passwords? Think of a work!) 3.Try passwords likely for the user 4.Search for the system list of passwords (plaintext or encrypted?) 5.Ask the user!

16 Figure 4-15 Users’ Password Choices.

17 II.Authentication C. Authentication techniques (discussed later) 1.challenge-response (e.g. one-time password) 2.Impersonation of login – one sided D. Biometrics (authentication without passwords) 1.Identification (“this is Captain Cook”) Vs Authentication (“ I am Captain Cook, present my hand to prove it” 2.Acceptance – people find them intrusive

18 II.Authentication 3.processing speed – speed at which recognition is done impacts on accuracy 4.“false positive or “false accept” (a reading that is accepted when it should be rejected) Vs “false negatives” or “false reject” (one that rejects when it should accept)

Download ppt "Security in Computing Protection in General-Purpose Operating Systems."

Similar presentations

1 Identification Who are you? How do I know you are who you say you are?

1 Identification Who are you? How do I know you are who you say you are?
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
CHAPTER 4 Protection in General-Purpose Operating Systems (c) by Syed Ardi Syed Yahya Kamal, UTM 2004 1.

CHAPTER 4 Protection in General-Purpose Operating Systems (c) by Syed Ardi Syed Yahya Kamal, UTM
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
CSC 405 Introduction to Computer Security

CSC 405 Introduction to Computer Security
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Network Security Philadelphia UniversitylAhmad Al-Ghoul 2010-20111 Module 6 Module 6 Security in Operating Systems  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 6 Module 6 Security in Operating Systems  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.

Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
SE571 Security in Computing

SE571 Security in Computing
NS-H0503-02/11041 System Security. NS-H0503-02/11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.

NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.

Similar presentations

Ads by Google