Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Published bySuzan Reed Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least."— Presentation transcript:

1 Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least common mechanism Acceptability Fail-safe defaults

2 Lecture 18 Page 2 CS 111 Online Economy in Security Design Economical to develop – And to use – And to verify Should add little or no overhead Should do only what needs to be done Generally, try to keep it simple and small As OS grows, this gets harder

3 Lecture 18 Page 3 CS 111 Online Complete Mediation Apply security on every access to a protected object – E.g., each read of a file, not just the open Also involves checking access on everything that could be attacked Hardware can help here – E.g., memory accesses have complete mediation via paging hardware How does this play with the previous principle of economy?

4 Lecture 18 Page 4 CS 111 Online Open Design Don’t rely on “security through obscurity” Assume all potential attackers know everything about the design – And completely understand it This doesn’t mean publish everything important about your security system – Though sometimes that’s a good idea Obscurity can provide some security, but it’s brittle – When the fog is cleared, the security disappears Windows (closed design) is not more secure than Linux (open design)

5 Lecture 18 Page 5 CS 111 Online Separation of Privilege Provide mechanisms that separate the privileges used for one purpose from those used for another To allow flexibility in security systems E.g., separate access control on each file

6 Lecture 18 Page 6 CS 111 Online Least Privilege Give bare minimum access rights required to complete a task Require another request to perform another type of access E.g., don’t give write permission to a file if the program only asked for read

7 Lecture 18 Page 7 CS 111 Online Least Common Mechanism Avoid sharing parts of the security mechanism – Among different users – Among different parts of the system Coupling leads to possible security breaches E.g., in memory management, having separate page tables for different processes – Makes it hard for one process to touch memory of another

8 Lecture 18 Page 8 CS 111 Online Acceptability Mechanism must be simple to use Simple enough that people will use it without thinking about it Must rarely or never prevent permissible accesses Windows 7 mechanisms to prevent attacks from downloaded code worked – But users hated them – So now Windows doesn’t use them

9 Lecture 18 Page 9 CS 111 Online Fail-Safe Design Default to lack of access So if something goes wrong or is forgotten or isn’t done, no security lost If important mistakes are made, you’ll find out about them – Without loss of security – But if it happens too often... In OS context, important to think about what happens with traps, interrupts, etc.

10 Lecture 18 Page 10 CS 111 Online Tools For Securing Systems Physical security Access control Encryption Authentication Encapsulation Intrusion detection Filtering technologies

11 Lecture 18 Page 11 CS 111 Online Physical Security Lock up your computer – Usually not sufficient, but... – Necessary (when possible) Networking means that attackers can get to it, anyway But lack of physical security often makes other measures pointless – A challenging issue for mobile computing

12 Lecture 18 Page 12 CS 111 Online Access Control Only let authorized parties access the system A lot trickier than it sounds Particularly in a network environment Once data is outside your system, how can you continue to control it? – Again, of concern in network environments

13 Lecture 18 Page 13 CS 111 Online Encryption Algorithms to hide the content of data or communications Only those knowing a secret can decrypt the protection Obvious value in maintaining secrecy But clever use can provide other important security properties One of the most important tools in computer security – But not a panacea

14 Lecture 18 Page 14 CS 111 Online Authentication Methods of ensuring that someone is who they say they are Vital for access control But also vital for many other purposes Often (but not always) based on encryption Especially difficult in distributed environments

15 Lecture 18 Page 15 CS 111 Online Encapsulation Methods of allowing outsiders limited access to your resources Let them use or access some things – But not everything Simple, in concept Extremely challenging, in practice Operating system often plays a large role, here

16 Lecture 18 Page 16 CS 111 Online Intrusion Detection All security methods sometimes fail When they do, notice that something is wrong And take steps to correct the problem Reactive, not preventative – But unrealistic to believe any prevention is certain Must be automatic to be really useful

17 Lecture 18 Page 17 CS 111 Online Filtering Technologies Detect that there’s something bad: – In a data stream – In a file – Wherever Filter it out and only deliver “safe” stuff The basic idea behind firewalls – And many other approaches Serious issues with detecting the bad stuff and not dropping the good stuff

18 Lecture 18 Page 18 CS 111 Online Operating Systems and Security Tools Physical security is usually assumed by OS Access control is key to OS technologies Encapsulation in various forms is widely provided by operating systems Some form of authentication required by OS Encryption is increasingly used by OS Intrusion detection and filtering not common parts of the OS

Download ppt "Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least."

Similar presentations

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 17 Page 1 CS 111 Spring 2015 Operating System Security CS 111 Operating Systems Peter Reiher.

Lecture 17 Page 1 CS 111 Spring 2015 Operating System Security CS 111 Operating Systems Peter Reiher.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.

Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Software Engineering Experimentation Rules for Reviewing Papers Jeff Offutt See my editorials 17(3) and 17(4) in STVR

Software Engineering Experimentation Rules for Reviewing Papers Jeff Offutt See my editorials 17(3) and 17(4) in STVR
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.

Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Security CS 537 - Introduction to Operating Systems.

Security CS Introduction to Operating Systems.

Similar presentations

Ads by Google