Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,

Slides:



Advertisements
Similar presentations
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Advertisements

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 17 Page 1 CS 111 Spring 2015 Operating System Security CS 111 Operating Systems Peter Reiher.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
G53SEC 1 Access Control principals, objects and their operations.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Operating Systems Security
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Secure Operating Systems Lesson F: Capability Based Systems.
Lecture 3 Page 1 CS 136, Fall 2010 Security Mechanisms CS 136 Computer Security Peter Reiher September 30, 2010.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture 3 Page 1 CS 136, Winter 2010 Security Mechanisms CS 136 Computer Security Peter Reiher January 12, 2010.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 12 Page 1 CS 111 Summer 2014 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
Lecture 2 Page 1 CS 136, Spring 2016 Security Principles, Policies, and Tools CS 136 Computer Security Peter Reiher March 31, 2016.
Lecture 2 Page 1 CS 136, Fall 2011 Security Principles, Policies, and Tools CS 136 Computer Security Peter Reiher September 27, 2011.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Lecture 5 Page 1 CS 111 Online Process Creation Processes get created (and destroyed) all the time in a typical computer Some by explicit user command.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Outline Security design principles Security policies Basic concepts
Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.
Capabilities Each subject keeps a set of data items that specify his allowable accesses Essentially, a set of tickets Possession of the capability for.
Outline Basic concepts in computer security
Protecting Memory What is there to protect in memory?
Chapter 14: System Protection
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Outline What does the OS protect? Authentication for operating systems
Outline Security design principles Security policies Basic concepts
Introduction To Networking
Outline What does the OS protect? Authentication for operating systems
CE Operating Systems Lecture 21
Outline Security tools Access control. Security Mechanisms CS 136 Computer Security Peter Reiher April 7, 2009.
Chapter 14: Protection.
PLANNING A SECURE BASELINE INSTALLATION
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Access Control Dr. X Parenthesis: before we dive deeper into crypto, we will explore and old but still valid security principle, access controls.
CS703 - Advanced Operating Systems
Presentation transcript:

Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g., Unix/Linux uses ACLs for file opens That creates a file descriptor with a particular set of access rights – E.g., read-only The descriptor is essentially a capability

Lecture 18 Page 2 CS 111 Online Enforcing Access in an OS Protected resources must be inaccessible – Hardware protection must be used to ensure this – So only the OS can make them accessible to a process To get access, issue request to resource manager – Resource manager consults access control policy data Access may be granted directly – Resource manager maps resource into process Access may be granted indirectly – Resource manager returns a “capability” to process

Lecture 18 Page 3 CS 111 Online Direct Access To Resources OS checks access control on initial request If OK, OS maps it into a process’ address space – The process manipulates resource with normal instructions – Examples: shared data segment or video frame buffer Advantages: – Access check is performed only once, at grant time – Very efficient, process can access resource directly Disadvantages: – Process may be able to corrupt the resource – Access revocation may be awkward You’ve pulled part of a process’ address space out from under it

Lecture 18 Page 4 CS 111 Online Indirect Access To Resources Resource is not directly mapped into process – Process must issue service requests to use resource – Access control can be checked on each request – Examples: network and IPC connections Advantages: – Only resource manager actually touches resource – Resource manager can ensure integrity of resource – Access can be checked, blocked, revoked at any time If revoked, system call can just return error code Disadvantages: – Overhead of system call every time resource is used

Lecture 18 Page 5 CS 111 Online Access Control and Complete Mediation Ideally, every data access should have access control independently applied Practicality of doing so depends on the performance costs What does it cost to use ACLs? Capabilities? There are particular problems when access rights aren’t static

Lecture 18 Page 6 CS 111 Online Complete Mediation When Things Change We can use tricks like checking with ACL first time, then using a capability for performance But what if the access policy changed between when last checked and current access? Common case is that nothing changes Different approaches possible – Actually check core access data structure on each access – Give process something cheap and revocable that allows access

Lecture 18 Page 7 CS 111 Online Role Based Access Control RBAC Not really an alternative to ACLs and capabilities Rather, a more complex way of looking at access control subjects Commonly used in systems that care about security

Lecture 18 Page 8 CS 111 Online The Role Based Access Control Concept Each user has certain roles he can take while using the system At any given time, the user is performing a certain role – Usually only one role at a time Give the user access to only those things that are required to fulfill that role – Meeting the desirable principles of least privilege and separation of privileges

Lecture 18 Page 9 CS 111 Online A Simple Example Fred is a system administrator But Fred is a also a normal user To:Fred From: Dick Subject: Fun URL Hi, Fred. I found this neat URL... Fred should operate under one role while doing system administration And another role while doing normal stuff

Lecture 18 Page 10 CS 111 Online Continuing With Our Example Fred logs on as “fred” To:Fred From: Dick Subject: Fun URL Hi, Fred. I found this neat URL... He reads his To:Fred From: Dick Subject: Fun URL Hi, Fred. I found this neat URL... To:Fred From: Dick Subject: Fun URL Hi, Fred. I found this neat URL... To:Fred From: Dick Subject: Fun URL Hi, Fred. I found this neat URL... He decides to upgrade the C++ compiler So he changes his role to “sysadmin” Then he has the privileges to upgrade the compiler

Lecture 18 Page 11 CS 111 Online What Has Been Gained? While reading mail and surfing the web, Fred can’t upgrade the C++ compiler – He doesn’t have the access rights So if he accidentally downloads malicious code, – It can’t “upgrade” the compiler We have applied time division separation of privilege to Fred’s operations

Lecture 18 Page 12 CS 111 Online Changing Roles Role based access control only helps if changing roles isn’t trivial – Otherwise, the malicious code merely changes roles before doing anything else Typically requires providing some secure form of authentication – Which proves you have the right to change roles – Usually passwords, but other methods possible

Lecture 18 Page 13 CS 111 Online Practical Limitations on Role Based Access Control Number of roles per user Problems of disjoint role privileges System administration overheads

Lecture 18 Page 14 CS 111 Online Number of Roles Per User Each new role requires new authentication Less secure if the authentication is the same for each role – E.g., Unix sudo, which only requires your basic password But how many passwords will people remember? – And how often will they be happy to type them?

Lecture 18 Page 15 CS 111 Online Problems of Disjoint Roles The least privilege benefit is only achieved if each role has different privileges – More secure if roles aren’t supersets of other roles But that may cause difficulties Users must remember which role allows which operations Especially difficult if certain operations require privileges from different roles

Lecture 18 Page 16 CS 111 Online Problems of System Administration Access control is only useful if permissions are set correctly – For all subjects and objects The more subjects there are, the more work system administrators must do – Since each subject needs to get only the proper privileges More chances something will be set up wrong – Or will not be properly updated when conditions change

Lecture 18 Page 17 CS 111 Online RBAC In Real Systems Windows has provided an RBAC API since Windows Server 2003 – Authorization Manager Most Linux systems have RBAC add-ons – SELinux includes RBAC – Some other Linux distributions do, too Also lots of special tools to build RBAC systems under Windows

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.