Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline Basic concepts in computer security

Published byBeatrice Ellis Modified over 6 years ago

Similar presentations

Presentation on theme: "Outline Basic concepts in computer security"— Presentation transcript:

1 Security for Operating Systems CS 111 On-Line MS Program Operating Systems Peter Reiher

2 Outline Basic concepts in computer security
Design principles for security Important security tools for operating systems Access control Cryptography and operating systems Authentication and operating systems Protecting operating system resources

3 Security: Basic Concepts
What do we mean by security? What is trust? Why is security a problem? In particular, a problem with a different nature than, say, performance Or even reliability

4 What Is Security? Security is a policy
E.g., “no unauthorized user may access this file” Protection is a mechanism E.g., “the system checks user identity against access permissions” Protection mechanisms implement security policies We need to understand our goals to properly set our policies And threats to achieving our goals These factors drive which mechanisms we must use

5 Security Goals Confidentiality
If it’s supposed to be secret, be careful who hears it Integrity Don’t let someone change something they shouldn’t Availability Don’t let someone stop others from using services Exclusivity Don’t let someone use something he shouldn’t Note that we didn’t mention “computers” here This classification of security goals is very general

6 Trust An extremely important security concept
You do certain things for those you trust You don’t do them for those you don’t Seems simple, but . . .

7 What Do We Trust? Other users? Other computers? Our own computer?
Programs? Pieces of data? Network messages? In each case, how can we determine trust?

8 Problems With Trust How do you express trust?
How, specifically, does trust play into operating systems? Who trusts what? Will changing or situational trust be an issue? How does the answer change if we consider distributed systems? Is it different for different types of distributed systems? How do you express trust? Why do you trust something? How can you be sure who you’re dealing with? Since identity and trust usually linked What if trust is situational? What if trust changes?

9 Why Is Security Different?
OK, so we care about security Isn’t this just another design dimension Like performance, usability, reliability, cost, etc. Yes and no Yes, it’s a separable dimension of design No, it’s not just like the others

10 What Makes Security Unique?
Security is different than most other problems in CS The “universe” we’re working in is much more hostile Human opponents seek to outwit us Fundamentally, we want to share secrets in a controlled way A classically hard problem in human relations

11 What Makes Security Hard?
You have to get everything right Any mistake is an opportunity for your opponent When was the last time you saw a computer system that did everything right? Since the OS underlies everything, security errors there compromise everything

12 Security Is Actually Even Harder
As operating system designers, how much of this human stuff do we need to care about? When do we get to say “it’s not our problem?” The computer itself isn’t the only point of vulnerability If the computer security is good enough, the foe will attack: The users The programmers The system administrators Or something you never thought of

13 A Further Problem With Security
Security costs Computing resources People’s time and attention Security must work 100% effectively With 0% overhead Critically important that fundamental, common OS operations aren’t slowed by security

Download ppt "Outline Basic concepts in computer security"

Similar presentations

Operating System Security

Operating System Security
Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Lecture 1 Page 1 CS 236, Spring 2008 What Are Our Security Goals? Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.

Lecture 1 Page 1 CS 236, Spring 2008 What Are Our Security Goals? Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 17 Page 1 CS 111 Spring 2015 Operating System Security CS 111 Operating Systems Peter Reiher.

Lecture 17 Page 1 CS 111 Spring 2015 Operating System Security CS 111 Operating Systems Peter Reiher.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Cryptography and Network Security (CS435) Part One (Introduction)

Cryptography and Network Security (CS435) Part One (Introduction)
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester 2008-2009.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.

Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,

Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Similar presentations

Ads by Google