Presentation is loading. Please wait.

Presentation is loading. Please wait.

Controlling Files Richard Newman based on Smith “Elementary Information Security”

Published byMarshall Dylan Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Controlling Files Richard Newman based on Smith “Elementary Information Security”"— Presentation transcript:

1 Controlling Files Richard Newman based on Smith “Elementary Information Security”

2 File System File = persistent, logically named storage –Random access files –Sequential files –Indexed files Naming – directory systems –Flat file system –Two-level –Hierarchical –... with multiple links to same file –... with multiple directory links –Mounted systems –Distributed file systems

3 File Name Resolution Names – Absolute – Relative – requires state - CWD Name resolution – Get next path element – Find path element in current directory – If directory, load directory into memory – Check access control permissions – Continue until fail or find file

4 Steps of Access Control I & A – Identification and authentication – Username/password – Biometrics – Key Authorization – Object & operation – Access control structure – Inescapable mediation Perform – Relay authenticated message to service – Provide process with capability – Provide process with key

5 File Ownership & Access Rights Access Types – Create – Delete – Read – Write – Update – Append – Truncate – Rename – Change properties – Execute File Ownership – DAC – owner, group – MAC – label (classification = level, category set)

6 File Ownership & Access Rights 2 Specifying Access – DAC – ACL & variants – CL & variants – Initial permissions Default Inherited – Changing access permissions Specifying Access – MAC – Object labels = classification – Process labels = clearance – Rules for comparing object and process labels Dominance – Rules for generating new labels Default “Label float”

7 Directory Access Rights Directory Rights – Read (list contents) – Seek (use in path if match) – Create directory – Delete directory – Create files in directory – Delete files in directory

8 File Types Ways to distinguish types – Extension – Property in FCB – Header in file (e.g., “magic number”) File types – Data – Executable – Others Executable files – file header – Magic number (avoid running on mismatched system) – Program size – Layout info

9 Executable File Types Application programs – Useful “machines” – Utilities Operating system kernel Device drivers – Access to I/O devices Shared libraries – Common functions that may be shared among many processes – dlls Scripts – Requires interpreter

10 Viruses Virus types – Boot sector – Application program – Macro (infect “data” files) Virus MO – Look for new files to infect – Insert virus code into new file – Do other stuff – Execute host code Virus propagation – Infect files on removable media (disks, USB drives, etc.) – Drive-by download – Email – Worm propagation

11 Sharing and Protecting Files Least Privilege – If process running Trojan or virus can't access files, it can't damage them Objectives – Provide computing facilities to authorized users – Preserve Chain of Control – Permit or prevent general info sharing (default) Virus propagation – Infect files on removable media (disks, USB drives, etc.) – Drive-by download – Email – Worm propagation

12 Risks for Files (example) 1) Denial of service 2) Subversion (malware) 3) Masquerade 4) Disclosure 5) Forgery 6) Unauthorized modification (Bob's suitemates)

13 Policy for User Isolation (example) Policy Statement 1) All users shall be able to use normal apps/services 2) Each user shall have a separate login, optional p/w 3) Programs shall be protected from damage or other mods by regular users 4) Files belonging to one user shall be protected from any access by another user Specific to Bob 1) The system shall have two regular users: Bob and Suitemates 2) Bob shall have a password to protect his login 3) Suitemates shall not need a password to log in Risks 1 4 1,3 1,2,5 4,6 2,4,5,6 1

14 Policy for File Sharing (example) Policy Statement 1) All users shall be able to use normal apps/services 2) Each user shall have a separate login, optional p/w 3) Programs shall be protected from damage or other mods by regular users 4) Files belonging to one user shall be readable by other users 5) Files belonging to one user shall be protected from writing by other users Risks 1 4 1,3 1 1, 3, 5

15 Security Controls for Files Access matrix (logically) – What we are sharing (objects) – With whom we are sharing them (subjects) – How each subject may access each object (rights) Chain of Control Properties – OS protections always invoked when accessing files – There is no way to bypass the OS to access files

16 Basic Security Principles Deny by default – No access allowed unless specifically granted Allow by default – Access allowed unless specifically denied

17 Compacting the ACM Groups – Logical sets of subjects – May associate one with object, or just use as logical subject Object Types – Logical sets of objects with identical access policies – Becomes object attribute – May “personalize” relative to other object attributes (e.g., owner, group owner, etc.) – May be used for logical organization if not supported by system

18 Information States Processing (in use) Storage (at rest) Transmission (in motion) save open Move to transit Remove From transit

19 Software Vulnerability States Hardened Exploit created Flaw patched PatchableUnprotected Flawed Vulnerable Flaw found Patch released Exploit created Patch released Flaw patched

Download ppt "Controlling Files Richard Newman based on Smith “Elementary Information Security”"

Similar presentations

File-System Interface

File-System Interface
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
1 Chapter 11: File-System Interface  File Concept  Access Methods  Directory Structure  File System Mounting  File Sharing  Protection  Chapter.

1 Chapter 11: File-System Interface  File Concept  Access Methods  Directory Structure  File System Mounting  File Sharing  Protection  Chapter.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
6/24/2015B.RamamurthyPage 1 File System B. Ramamurthy.

6/24/2015B.RamamurthyPage 1 File System B. Ramamurthy.
Chapter 12 File Management Systems

Chapter 12 File Management Systems
Sharing Files Richard Newman based on Smith “Elementary Information Security”

Sharing Files Richard Newman based on Smith “Elementary Information Security”
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
7/15/2015B.RamamurthyPage 1 File System B. Ramamurthy.

7/15/2015B.RamamurthyPage 1 File System B. Ramamurthy.
Lecture 7 Access Control

Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Similar presentations

Ads by Google