CSE 542: Operating Systems

Slides:



Advertisements
Similar presentations
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Advertisements

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Page 19/15/2015 CSE 542: Graduate Operating Systems Virtual memory  separation of user logical memory from physical memory  Only part of the program.
Protection & Security Introduction to Operating Systems: Module 16.
Mar 13, 2001CSCI {4,6}900: Ubiquitous Computing1 Announcements HW 4 due Thursday – 11:00 AM If you have any questions regarding HW3, Project Proposal and.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 AE4B33OSS Chapter 14: Protection Goals of Protection Principles of Protection Domain.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
Protection Nadeem Majeed Choudhary
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Chapter 14: Protection Goals.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
11.1 CSE Department MAITSandeep Tayal 11: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
18.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 18: Protection Goals of Protection Domain of Protection Access Matrix.
Chapter 17: System Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 17: Protection Goals of Protection Principles.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
PROTECTION.
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Chapter 14: System Protection
Chapter 14: Protection.
Operating System Concepts
Operating system Security
Chapter 14: Protection.
Chapter 14: Protection Source & Copyright: Operating System Concepts, Silberschatz, Galvin and Gagne.
Chapter 14: Protection.
Chapter 14: Protection.
12: Security The Security Problem Authentication Program Threats
Chapter 14: Protection.
Message Digest Cryptographic checksum One-way function Relevance
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Unit VI part 2: Protection & Security
Operating System Security
Chapter 14: Protection.
Security.
Chapter 14: Protection.
Chapter 14: Protection.
Security Outline Encryption Algorithms Authentication Protocols
Operating System Concepts
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Operating System Concepts
CSE 542: Operating Systems
Chapter 14: Protection.
Operating System Concepts
Chapter 14: Protection.
Presentation transcript:

CSE 542: Operating Systems Outline Chapter 18: Protection Chapter 19: Security 17-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Protection Protect computer resources from being accessed by processes that should not have access Access right: Operations allowed on an object Domain: Set of all access rights UNIX: domain is userid, setuid bit in file switches domains Multics: rings, tasks can get access based on entry points Access Matrix defines protection: rows represent domains & columns represent objects Global table Access list for objects: easier to program Capability list for domains/users: Hybrid: lock-key mechanism Revocation of rights: Immediate vs delayed, selective vs general, partial vs total, temporary vs permanent 17-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Revocation Access List – Delete access rights from access list. Simple Immediate Capability List – Scheme required to locate capability in the system before capability can be revoked. Reacquisition Back-pointers Indirection Keys 17-May-19 CSE 542: Operating Systems

Compiler/language based mechanism Compiler based enforcement Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources Java VM Multiple threads within a single JVM have different access rights A class is assigned a protection domain when it is loaded by the JVM. The protection domain indicates what operations the class can (and cannot) perform Protection enforced using stack inspection 17-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Security Security problem: protection from unauthorized access, malicious modification or destruction User authentication: Passwords Encrypted passwords Encrypted form should be secret because attacker can check offline One-time passwords Biometrics Threats: Trojan horse Trap door/stack and buffer overflow Worms/viruses Denial of service Intrusion and detection 17-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Risk analysis Important to understand threat and perform risk analysis No system is “secure”, systems usually trade security for performance, ease of use etc. If information is worth x and it costs y to break into system and if (x < y), then not worth encryption Wasteful to build a system that is more secure than is necessary Ssh in CSE dept – good Palm pilots may not require powerful encryption systems if they are expected to be physically secure 17-May-19 CSE 542: Operating Systems

Security classification U.S. Department of Defense outlines four divisions of computer security: A, B, C, and D D – Minimal security C – Provides discretionary protection through auditing. Divided into C1 and C2. C1 identifies cooperating users with the same level of protection. C2 allows user-level access control B – All the properties of C, however each object may have unique sensitivity labels. Divided into B1, B2, and B3 A – Uses formal design and verification techniques to ensure security Windows NT: Configurable security from D to C2 SuSE Linux Enterprise Server 8 on IBM eServer xSeries - Evaluation Assurance Level 2+ certification (EAL2) http://www.radium.ncsc.mil/tpep/epl/historical.html 17-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Security Attacks Social engineering attacks Preys on people gullibility (good nature), hardest to defend E.g. I once got an unlisted number from a telephone operator because I sounded desperate (I was, but that was not the point) E.g. Anna kour*va virus, Nigerian email scam, MS update scam E.g. If I walk in with coupla heavy looking boxes into the elevator to go to Fitz 3rd floor (at night) would you let me in? You can get into “secure” companies by looking like you “belong” there Denial of service attacks Network flooding, Distributed DOS, holding resources, viruses 17-May-19 CSE 542: Operating Systems

Common technology - firewalls Firewalls are used to restrict the kinds of network traffic in/out of companies Application level proxies Packet level firewalls Does not prevent end-to-end security violations People sometimes email list of internal computer users outside firewall to scrupulous “researchers” Emails viruses exploit certain vulnerabilities in VBS to get around firewalls 17-May-19 CSE 542: Operating Systems

CSE 542: Operating Systems Intrusion detection Detect attempts to intrude into computer systems. Detection methods: Auditing and logging Tripwire (UNIX software that checks if certain files and directories have been altered – I.e. password files) System call monitoring 17-May-19 CSE 542: Operating Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.