CS703 - Advanced Operating Systems

Slides:



Advertisements
Similar presentations
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Advertisements

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Access Control Intro, DAC and MAC System Security.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
1 Information Security – Theory vs. Reality , Winter 2011 Lecture 4: Access Control Eran Tromer Slides credit: John Mitchell, Stanford course.
Chapter 7: WORKING WITH GROUPS
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
About Chris Welch Synergy – Global Reach. Local Service. - Cell Online - USA | South.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 5 Network Security
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
G53SEC 1 Access Control principals, objects and their operations.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
Chapter 5 – Designing Trusted Operating Systems
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Access Control: Policies and Mechanisms Vinod Ganapathy.
Computer Security: Principles and Practice
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
CS580 Internet Security Protocols
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Verifiable Security Goals
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Chapter 14: System Protection
Introduction to Information Security , Spring 2016 Lecture 9: Secure Architecture Principles, Access Control Avishai Wool Slides credit: Eran.
Chapter 14: Protection.
Chapter 14: Protection.
Operating Systems Security
Access Control and Operating System Security
Chapter 14: Protection.
CE Operating Systems Lecture 21
Chapter 14: Protection.
Advanced System Security
Chapter 14: Protection.
Protection and Security
Chapter 14: Protection.
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Operating System Concepts
Chapter 29: Program Security
Access Control.
Chapter 14: Protection.
Chapter 14: Protection.
Computer Security Access Control
CS703 - Advanced Operating Systems
Access Control Dr. X Parenthesis: before we dive deeper into crypto, we will explore and old but still valid security principle, access controls.
Advanced System Security
Presentation transcript:

CS703 - Advanced Operating Systems By Mr. Farhan Zaidi

Lecture No. 41

Overview of today’s lecture ACL Vs capabilities Delegation and revocation Operations on capabilities Capabilities and roles Capabilities and groups Confidentiality model Integrity model Other security models

ACL vs Capabilities Access control list Capabilities Associate list with each object Check user/group against list Relies on authentication: need to know user Capabilities Capability is unforgeable ticket Random bit sequence, or managed by OS Can be passed from one process to another Reference monitor checks ticket Does not need to know identity of user/process

ACL vs Capabilities OS knows what data is capability Delegation Cap: Process can pass capability at run time ACL: Try to get owner to add permission to list Revocation ACL: Remove user or group from list Cap: Try to get capability back from process? Possible in some systems if appropriate bookeeping OS knows what data is capability If capability is used for multiple resources, have to revoke all or none …

Operations on Capabilities Copy: create a new capability for the same object Copy object: create a duplicate object with a new capability Remove capability: Delete an entry from the capability list; object remains unaffected Destroy object: Permanently remove an object and a capability

Sandboxing mobile code Foreign program started in a process Process given a set of capabilities: Read and write on the monitor Read and write a scratch directory Principle of least privilege

Capabilities “… of the future (and always will be?) …” Operating system concept “… of the future (and always will be?) …” Examples Dennis and van Horn, MIT PDP-1 Timesharing Hydra, StarOS, Intel iAPX 432, Eros, … Amoeba: distributed, unforgeable tickets References Henry Levy, Capability-based Computer Systems http://www.cs.washington.edu/homes/levy/capabook/ Tanenbaum, Amoeba papers

Roles (also called Groups) Role = set of users Administrator, PowerUser, User, Guest Assign permissions to roles; each user gets permission Role hierarchy Partial order of roles Each role gets permissions of roles below List only new permissions given to each role Administrator PowerUser User Guest

Groups for resources, rights Permission = right, resource Permission hierarchies If user has right r, and r>s, then user has right s If user has read access to directory, user has read access to every file in directory Big problem in access control Complex mechanisms require complex input Difficult to configure and maintain Roles, other organizing ideas try to simplify problem

Multi-Level Security (MLS) Concepts Military security policy Classification involves sensitivity levels, compartments Do not let classified information leak to unclassified files Group individuals and resources Use some form of hierarchy to organize policy Other policy concepts Separation of duty “Chinese Wall” Policy

Confidentiality Model When is it OK to release information? Two Properties Simple security property A subject S may read object O only if C(O)  C(S) *-Property subject S with read access to object O may write object P if C(O)  C(P) In words, You may only read below your classification and only write above your classification

Integrity Model A subject S may write object O only if C(S)  C(O) Rules that preserve integrity of information Two Properties Simple integrity property A subject S may write object O only if C(S)  C(O) (Only trust S to modify O if S has higher rank …) *-Property A subject S with read access to O may write object P only if C(O)  C(P) (Only move info from O to P if O is more trusted than P) In words, You may only write below your classification and only read above your classification

Problem: Models appear contradictory Confidentiality Read down, write up Integrity Read up, write down Want both confidentiality and integrity Contradiction is partly an illusion May use confidentiality for some classification of personnel and data, integrity for another Otherwise, only way to satisfy both models is only allow read and write at same classification In reality: confidentiality used more than integrity model, e.g., Common Criteria

These policies cannot be represented using access matrix Other policy concepts Separation of duty If amount is over $10,000, check is only valid if signed by two authorized people Two people must be different Policy involves role membership and  Chinese Wall Policy Lawyers L1, L2 in Firm F are experts in banking If bank B1 sues bank B2, L1 and L2 can each work for either B1 or B2 No lawyer can work for opposite sides in any case Permission depends on use of other permissions These policies cannot be represented using access matrix

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.