Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline Announcements Protection and security.

Published byMarcell Balla Modified over 5 years ago

Similar presentations

Presentation on theme: "Outline Announcements Protection and security."— Presentation transcript:

1 Outline Announcements Protection and security

2 Announcements Lab 3 is due tomorrow at your demonstration time
You have three minutes for preparation and three minutes to give a demonstration which needs to convince others and myself that: You have implemented the APIs correctly Note the penalty for missing an API is 15 points Because of the time limit, you better use a script file of some kind to do your demonstration 4/8/2019 COP4610

3 Announcements – cont. Final exam will be on 5:30 - 7:30 pm, Dec. 11, 2003 Here in LOV 101 I will have office hours on Sunday, Dec. 7, 2003 From 10:00am – 5:30 pm except a lunch break Unfortunately, I need to attend a conference from Dec. 8 to Dec. 11 in Canada I will be back on Dec. 11 late that night I will have another professor to proctor the final exam 4/8/2019 COP4610

4 Protection and Security
Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection and security problem - ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so 4/8/2019 COP4610

5 Allowing Only Authorized Access
Authentication Authorization Subject Unauthorized Access Secure Entity Subject 4/8/2019 COP4610

6 Protection and Security – cont.
Authentication Internal External Authorization Network security Secure entity is not copied or accessed during its transit Cryptography 4/8/2019 COP4610

7 Policy vs. Mechanism An organization’s security policy defines the rules for authorizing access to its computers and information resources A particular strategy that dictates the way a mechanism is used to achieve specific goals Protection mechanisms are tools for implementing the organization’s security policy 4/8/2019 COP4610

8 Internal Access Authorization
Internal authorization is part of the task of managing resource sharing The goal is to protect one process’s resources from the actions of other processes 4/8/2019 COP4610

9 Hardware protection mechanisms
Processor modes and privileged instructions only valid in system mode Memory protection Devices, and in particular disks, are protected with processor modes and/or memory protection 4/8/2019 COP4610

10 Software protection mechanisms
Hardware resources are protected by hardware protection mechanisms Logical resources are only accessed through system calls All system calls must be authorized by a protection monitor The protection monitor accesses the protection database to make decisions 4/8/2019 COP4610

11 Protection monitors for file access
4/8/2019 COP4610

12 Protection monitors in an OS
4/8/2019 COP4610

13 A Protection System 4/8/2019 COP4610

14 A Protection System Subjects Objects a S desires a access to X S X
4/8/2019 COP4610

15 A Protection System Subjects Objects Protection State
X S desires a access to X Protection state reflects current ability to access X 4/8/2019 COP4610

16 A Protection System Subjects Objects Protection State State Transition
X State Transition S desires a access to X Protection state reflects current ability to access X Authorities can change 4/8/2019 COP4610

17 A Protection System Subjects Objects Protection State State Transition
X State Transition S desires a access to X Protection state reflects current ability to access X Authorities can change What are rules for changing authority? Rules 4/8/2019 COP4610

18 A Protection System Subjects Objects Protection State State Transition
X State Transition S desires a access to X Protection state reflects current ability to access X Authorities can change What are rules for changing authority? How are the rules chosen? Rules Policy 4/8/2019 COP4610

19 Protection System Example
S desires a access to X 4/8/2019 COP4610

20 Protection System Example
S desires a access to X Captures the protection state S a Access matrix 4/8/2019 COP4610

21 Protection System Example
(S, a, X) Access authentication S X X S desires a access to X Captures the protection state Generates an unforgeable ID S a Access matrix 4/8/2019 COP4610

22 Protection System Example
(S, a, x) Access authentication Monitor S X X S desires a access to X Captures the protection state Generates an unforgeable ID Checks the access against the protection state S a 4/8/2019 COP4610

23 Access Matrix The protection state can be represented using an access matrix An access matrix A has one row for each subject and one column for each object Each entry A[S, X] is a set that describes the access rights held by subject S to object X Access authentication If subject S initiates type a access to X then if a A[S,X], the access is valid. If a  A[S, X], the access is invalid. 4/8/2019 COP4610

24 An Access Matrix Example
4/8/2019 COP4610

25 Use of Access Matrix If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix. Can be expanded to dynamic protection. Operations to add, delete access rights. Special access rights: owner of Oi copy op from Oi to Oj control – Di can modify Djs access rights transfer – switch from domain Di to Dj 4/8/2019 COP4610

26 Use of Access Matrix - cont.
Access matrix design separates mechanism from policy Mechanism Operating system provides Access-matrix + rules If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced Policy User dictates policy Who can access what object and in what mode 4/8/2019 COP4610

27 Domain Structure Access-right = <object-name, rights-set> Rights-set is a subset of all valid operations that can be performed on the object. Domain = set of access-rights that a subject has at any given time 4/8/2019 COP4610

28 Changing Protection State
4/8/2019 COP4610

29 Protection domains A capability is a unique, global name for an access right to an object in the system A protection domain is a set of capabilities to perform certain actions on certain objects A process can move from protection domain to protection domain so, at any point, it has exactly the capabilities it needs for the current job (the principle of least privilege) This is more flexible than associating capabilities directly with a process 4/8/2019 COP4610

30 Ring Architecture for Protection Domains
4/8/2019 COP4610

31 Domain Implementation
UNIX Domain = user-id Domain switch accomplished via file system. Each file has associated with it a domain bit (setuid bit). When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id is reset. 4/8/2019 COP4610

32 Implementing the Access Matrix
Usually a sparse matrix Too expensive to implement as a table Implement as a list of table entries Column oriented list is called an access control list (ACL) List kept at the object UNIX file protection bits are one example Row oriented list is a called a capability list List kept with the subject (i.e., process) Kerberos ticket is a capability Mach mailboxes protected with capabilities 4/8/2019 COP4610

33 Access Control Lists Derived from an Access Matrix
Store the Access Matrix by columns Each ACL is kept at the object UNIX file protection bits are one example Windows resource managers also use ACLs for protection X X X S a a a X a X a X a Resource Descriptor Resource Descriptor Resource Descriptor 4/8/2019 COP4610

34 Access Control Example
F1 F2 D1 D2 S1 control block wakeup owner control owner read* write* seek owner S2 control stop owner update owner seek* S3 control delete execute owner Access List of F2 {S2, {update}} {S3,{execute, owner}} 4/8/2019 COP4610

35 Capability Lists Derived from an Access Matrix
Store the Access Matrix by rows List kept with the subject (i.e., process) Examples Ticket to a concert Kerberos ticket Mach mailboxes S a S a S a S a Process Descriptor S a Process Descriptor a S Process Descriptor 4/8/2019 COP4610

36 Capability List Example
F1 F2 D1 D2 S1 control block wakeup owner control owner read* write* seek owner S2 control stop owner update owner seek* S3 control delete execute owner Capability list of S2 {S2, {control}} {S3, {stop}} {F1, {owner}} {F2, {update}} {D1, {owner}} {D2, seek*}} 4/8/2019 COP4610

37 More on Capabilities Provides an address to object from a very large address space Possession of a capability represents authorization for access Implied properties: Capabilities must be very difficult to guess Capabilities must be unique and not reused Capabilities must be distinguishable from randomly generated bit patterns 4/8/2019 COP4610

38 Revocation of Access Rights
Access List – Delete access rights from access list. Simple Immediate Capability List – Scheme required to locate capability in the system before capability can be revoked. Reacquisition Back-pointers Indirection Keys 4/8/2019 COP4610

39 Unix Protection Scheme
Mode of access: read, write, execute Three classes of users RWX a) owner access 7  RWX b) groups access 6  1 1 0 c) public access 1  0 0 1 4/8/2019 COP4610

40 The Security Problem Security must consider external environment of the system, and protect it from unauthorized access. malicious modification or destruction accidental introduction of inconsistency. Easier to protect against accidental than malicious misuse 4/8/2019 COP4610

41 User authentication Three types of authentication:
Something a user knows e.g. a password, a combination, answers to personal questions Something a user has e.g. a badge, a smart card, a key Something a user is e.g. fingerprint, signature, voice print, hand geometry, retinal blood vessel pattern 4/8/2019 COP4610

42 Authentication User identity most often established through passwords, can be considered a special case of either keys or capabilities. Passwords must be kept secret. Frequent change of passwords. Use of “non-guessable” passwords. Log all invalid access attempts. Encryption 4/8/2019 COP4610

43 Program Threats Trojan Horse Trap Door
Code segment that misuses its environment. Exploits mechanisms for allowing programs written by users to be executed by other users. Trap Door Specific user identifier or password that circumvents normal security procedures. Could be included in a compiler. 4/8/2019 COP4610

44 System Threats Worms – use spawn mechanism; standalone program
Internet worm Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs. Grappling hook program uploaded main worm program. Viruses – fragment of code embedded in a legitimate program. Mainly effect microcomputer systems. Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection. 4/8/2019 COP4610

45 The confinement problem
How do we prevent a program from leaking information to others? It is not as simple as preventing IPC and I/O A covert channel is a hidden means of communication information e.g. sending bits by manipulating the CPU load 4/8/2019 COP4610

46 The Morris Internet Worm
4/8/2019 COP4610

47 Threat Monitoring Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing. Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures. Scan the system periodically for security holes; done when the computer is relatively unused. 4/8/2019 COP4610

48 Threat Monitoring – cont.
Check for: Short or easy-to-guess passwords Unauthorized set-uid programs Unauthorized programs in system directories Unexpected long-running processes Improper directory protections Improper protections on system data files Dangerous entries in the program search path (Trojan horse) Changes to system programs: monitor checksum values 4/8/2019 COP4610

49 Encryption 4/8/2019 COP4610

50 Encryption – cont. Encrypt clear text into cipher text.
Properties of good encryption technique: Relatively simple for authorized users to encrypt and decrypt data. Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key Extremely difficult for an intruder to determine the encryption key 4/8/2019 COP4610

51 Cryptography Information can be encoded using a key when it is written (or transferred) -- encryption It is then decoded using a key when it is read (or received) -- decryption Very widely used for secure network transmission 4/8/2019 COP4610

52 More on Cryptography encryption plaintext ciphertext decryption
4/8/2019 COP4610

53 More on Cryptography Ke Kd C = EKe(plaintext) Encrypt Decrypt
4/8/2019 COP4610

54 More on Cryptography Ke Kd C = EKe(plaintext) Encrypt Decrypt
Invader Side information plaintext 4/8/2019 COP4610

55 Cryptographic Systems
Modern Systems Conventional Systems Ke and Kd are essentially the same Private Key Public Key Ke and Kd are private Ke is public Kd is private 4/8/2019 COP4610

56 Private Key Cryptography
Data encryption standard (DES) It is a block cipher that crypts 64-bit data blocks using a 56-bit key Two basic operations Permutation Substitution Three stages Initial permutation stage Complex transformation stage Final permutation stage 4/8/2019 COP4610

57 Private Key Cryptography – cont.
4/8/2019 COP4610

58 Private Key Cryptography – cont.
4/8/2019 COP4610

59 Private Key Cryptography – cont.
4/8/2019 COP4610

60 Public Key Cryptography
Private key cryptography and conventional cryptographic techniques require the distribution of secret keys Known as the key distribution problem Public key cryptography solves the key distribution problem by making the encryption procedure and the associated key available in the public domain 4/8/2019 COP4610

61 Public Key Cryptography – cont.
Now it is possible for two users to have a secure communication even they have not communicated before Implementation issues One-way functions 4/8/2019 COP4610

62 RSA Method The encryption key is a pair (e, n)
The decryption key is a pair (d, n) 4/8/2019 COP4610

63 RSA Method – cont. Generating the private and public key requires four steps Choose two very large prime numbers, p and q Compute n = p x q and z = (p – 1) x (q – 1) Choose a number d that is relatively prime to z Compute the number e such that e x d = 1 mod z 4/8/2019 COP4610

64 Authentication In distributed systems, authentication means verifying the identity of communicating entities to each other The assumption is that the communication network is not secure in that an intruder can copy and play back a message on the network The textbook called it “interactive secure connections” 4/8/2019 COP4610

65 Authentication – cont. Authentication based on a shared secret key.
4/8/2019 COP4610

66 Authentication – cont. Authentication based on a shared secret key, but using three instead of five messages. 4/8/2019 COP4610

67 Authentication – cont. The reflection attack. 4/8/2019 COP4610

68 Authentication Using Public-Key Cryptography
Mutual authentication in a public-key cryptosystem. 4/8/2019 COP4610

69 Message Integrity and Confidentiality
Message integrity means that messages are protected against modification Confidentiality ensures that messages cannot be intercepted and read by eavesdroppers Digital signatures A user cannot forge the signature of other users A sender of a signed message cannot deny the validity of his signature on the message A recipient of a signed message cannot modify the signature in the message 4/8/2019 COP4610

70 Digital Signatures Digital signing a message using public-key cryptography. 4/8/2019 COP4610

71 Digital Signatures – cont.
4/8/2019 COP4610

72 Digital Signatures – cont.
Digitally signing a message using a message digest. 4/8/2019 COP4610

73 Kerberos Authentication Server Client Server 4/8/2019 COP4610

74 Kerberos Authentication Encrypted for client Server
Encrypted for server Ticket Client Client ID Session Key Session Key Server 4/8/2019 COP4610

75 Kerberos Authentication Encrypted for client Server
Encrypted for server Ticket Session Key Client Client ID Session Key Session Key Server 4/8/2019 COP4610

76 Kerberos Authentication Encrypted for client Server
Encrypted for server Ticket Session Key Client Client ID Session Key Session Key Ticket Server Client ID Session Key Client ID Session Key 4/8/2019 COP4610

77 A Digital Rights Management System
Publisher Distributor, etc Style Editor Rights Editor Other parties may contribute to rights spec Raw Style Rights Translate Client API Content Repository Query Consumer Admin API Distribute Serve InTransit Server Playback 4/8/2019 COP4610 Consumable

78 Electronic Payment Systems
Payment systems based on direct payment between customer and merchant. Paying in cash. Using a check. Using a credit card. 4/8/2019 COP4610

79 Electronic Payment Systems – cont.
Payment systems based on money transfer between banks. Payment by money order. Payment through debit order. 4/8/2019 COP4610

80 E-cash 4/8/2019 COP4610

81 Windows NT/2000/XP Logon Local Security Authority Subsystem (Lsass)
Winlogon process LSA* Server Netlogon Network Authentic. LSA Policy Active Directory SAM Active Directory SAM** Server User Space Supervisor Space Security Reference Monitor (SRM) * Local Security Authority ** Security Accounts Manager (SAM) 4/8/2019 COP4610

82 Summary “None of the protection systems that exist today ... are completely fail-safe. The best we can do is to make it as difficult as possible for somebody to break a security device or get inside Authentication Authorization Access matrix and implementations of access matrix 4/8/2019 COP4610

Download ppt "Outline Announcements Protection and security."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.

Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.

Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Chapter 14: Protection.

Chapter 14: Protection.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Similar presentations

Ads by Google