Presentation is loading. Please wait.

Presentation is loading. Please wait.

J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 1 Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum Group E.

Published byJonas Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 1 Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum Group E."— Presentation transcript:

1 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 1 Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003 IA 705, Prof. Brown, Spring 2003

2 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 2 Chapter 9, UNIX & Linux Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003

3 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 3 Jose Paloschavez

4 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 4 The Security Environment Threats Security goals and threats

5 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 5 Intruders Common Categories 1.Casual prying by nontechnical users 2.Snooping by insiders 3.Determined attempt to make money 4.Commercial or military espionage

6 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 6 Accidental Data Loss Common Causes 1.Acts of God -fires, floods, wars 2.Hardware or software errors -CPU malfunction, bad disk, MSFT program bugs 3.Human errors -data entry, wrong backup disk

7 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 7 Basics of Cryptography Relationship between the plaintext and the ciphertext

8 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 8 Monoalphabetic substitution –each letter replaced by different letter Plaintext: ABCDEFGHI… Ciphertext: EQHOZGS EGSSTUT CAPITOL COLLEGE Given the encryption key, –easy to find decryption key Secret-key crypto called symmetric-key crypto Secret-Key Cryptography

9 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 9 Public-Key Cryptography All users pick a public key/private key pair –publish the public key –private key not published Public key is the encryption key –private key is the decryption key Mathematically Linked Key Pair Private Key Public Key

10 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 10 One-Way Functions Function such that given formula for f(x) –easy to evaluate y = f(x) But given y –computationally infeasible to find x Many names –Compression function, contraction function, message digest, fingerprint, cryptographic checksum or manipulation detection mode (MDC)

11 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 11 Digital Signatures Signature is authentic Signature is unforgeable Signature is not reusable Signature is unalterable Signature cannot be repudiated

12 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 12 User Authentication Authentication must identify: 1.Something the user knows 2.Something the user has 3.Something the user is NOTE: This is done before user can use the system

13 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 13 Authentication Using Passwords (a) A successful login (b) Login rejected after name entered (c) Login rejected after name and password typed LOGIN: lagas PASSWORD: Iforgot INVALID LOGIN LOGIN: (c) LOGIN: jose PASSWORD: AuthEnt SUCCESSFULL LOGIN (a) LOGIN: bogs INVALID LOGIN NAME LOGIN (b)

14 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 14 Authentication Using Passwords The use of salt to defeat precomputation of encrypted passwords Salt Password,,,, Jose, 2918, b(13%BeTWW2918) Matt, 9282, e(WonderDog9282) James, 9619, e(AxC@Oczw9619) John, 3168, e(MonkeyBusiness,3168) Lewes, 1705, e(ShenTel,1705)

15 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 15 Improving Password Security,,,, 1. Password should be a minimum of seven characters 2. Passwords should contain both UPPER and lower case letters. 3. Passwords should contain at least one digit or spec*al. 4. Passwords should not be dictionary words, names, etc. 5. Passwords should be treated like a toothbrush, not shared.

16 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 16 Authentication Using a Physical Object Magnetic cards –magnetic stripe cards –chip cards: stored value cards, smart cards

17 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 17 Authentication Using Biometrics A device for authenticating using iris

18 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 18 Matt Troxler

19 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 19 Attacks from the Inside Trojan Horses Login Spoofing Logic Bombs Trap Doors Buffer Overflow

20 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 20 Design Principles for Security Public Design - easier to service. Default = Deny Access - easier to trace errors. Check access occasionally, not just a login or file open procedure

21 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 21 Design Principles Cont’d. Minimal permissions for all users/processes Ease of use - difficult interfaces usually result in wide-open environments Keep it simple - tight and efficient code is easy to review and lock down

22 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 22 External Attacks (Viruses) How they function “Dropper” tool is used to deploy a virus Infected file is distributed (preferably publicly) Users go get (or receive unknowingly) and install the infected file Payload of the file runs, does whatever the virus does

23 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 23 Classifications of Viruses Companion virus - runs in place of a legitimate file Executables - virus code imbeds itself in another.exe (overwriting) Parasitic viruses - overwriting, but the original files still work after infection. Cavity virus - virus embeds itself in unused portions of legit. files Memory Resident - Lives in memory, little disk activity Boot Sector - lives at the first sector of the HDD Device Driver - gets loaded as a legit. file in kernel mode Macro - attached to a file that appears innocent Source Code - requires some knowledge of programming

24 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 24 How Viruses Spread Downloads Email Storage Space (fixed or removable disks, memory, etc.)

25 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 25 Antivirus and Anti-Antivirus… and so on… Date hiding – Date disguising – Parent folder… Size hiding – Compression Bitwise hiding – Look for decryption routine/key Polymorphic – Look for morphing routine code Checksums – Delete or overwrite – Encrypt

26 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 26 Securing Mobile Code Sandboxing Interpretation Code Java Security

27 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 27 Protection Mechanisms Protection Domains Access Control Lists Capabilities

28 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 28 Trusted Systems and Multilevel Security Trusted Computing Base Formal Models Bell-La Padula Model Biba Model Orange Book Covert Channels

29 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 29 Chapter 10, UNIX & Linux Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003

30 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 30 Jim Boggs

31 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 31 History UNICS PDP-11 UNIX & Portable UNIX Berkeley UNIX Standard UNIX & POSIX MINIX Linux

32 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 32 Overview of UNIX UNIX Goals & Interfaces Goals –Handle Multiple Processes & Users –Design Principles Interfaces Standard Library Utility Programs Users User Mode Hardware UNIX OS Kernel Mode User Interface Library Interface System Call Interface

33 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 33 Overview of UNIX UNIX Shell & Utility Programs Shell –Ordinary program providing command line interface –Standard input/output –Flexibility (wild cards, standard I/O,flags, pipes) –Shell Scripts Utility Programs –File & Directory Commands –Filters –Development Tools & Text Processing –System Administration

34 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 34 Overview of UNIX Kernel Structure Kernel structure graphic, copyright Prentice-Hall 2001, Modern Operating Systems, p. 688

35 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 35 Processes in UNIX Concepts and Process Management Active Entities are Processes –Foreground & Background –Parent & Child –ID for Each –Single & Multiple Threads Process Management System Calls –Means for Processes to Communicate –Based on POSIX –Examples

36 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 36 Processes in UNIX Implementation Process Table –Scheduling Parameters –Memory Image –Signals –Miscellaneous Use Structure –Machine Registers –System Call State –File Descriptor –Accounting –Kernel Stack

37 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 37 Processes in UNIX Threads UNIX –Supported in Kernel, but Process-oriented –Difficult Thought Process in Using Multiple Threads Fork & other Examples Linux –Kernel-oriented –Clone –Detailed Sharing –Non-portability

38 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 38 Processes in UNIX Scheduling UNIX –Designed for Response to Interactive Processes –Process-oriented Queue Management –Get Processes Rapidly out of the Kernel Linux –Thread-oriented –Classes of Linux Threads Real-time FIFO Real-time Round Robin Timesharing

39 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 39 Processes in UNIX Booting UNIX Get Kernel Running Set Message Buffer Allocate Kernel Data Structure System Configuration (drivers) –Static Links –Dynamic Loads Begin Process 0 Init Login

40 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 40 John Lagas

41 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 41 Unix Memory Management Fundamental Concepts –Text –Data –Stack –Shared Text Segments –Memory-mapped files

42 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 42 Unix Memory Management Memory Management System Calls –brk –mmap –unmap

43 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 43 Unix Memory Management Implementation –Swapping –Paging –Page replacement algorithm Two-handed Clock –Memory Management under Linux Buddy algorithm

44 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 44 Unix I/O Fundamental concepts –Special files –Character special –Block special Major and minor numbers –Networking Sockets TCP/UDP and IP

45 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 45 Unix I/O System Calls

46 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 46 Unix I/O Implementation –Ioctl Device dependant Device drivers –Streams

47 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 47 Unix File Systems Fundamental Concepts –“Standard” directories bin, dev, etc, sbin, lib, usr –path absolute and relative –linking files –locking Prevents overwrites –File descriptor and file handle Descriptor is of type “int” Handle is the “name of the file”

48 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 48 Unix File Systems System Calls

49 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 49 Unix File Systems Implementation –Superblock –Inodes –Inode table –What info to keep for a file? DAC MAC Access/mod/change times UID/GID

50 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 50 Unix File Systems NFS –Architecture –Client-server Makes remote file system appear local Can cause system to “hang” –Implementation Local is of type NFS Remote is not relevant for the client –The server handles those details

51 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 51 Unix Security Fundamental concepts –UID and GID Mentioned above under File systems –DAC and mode bits Extended mode bits –Superuser !!! Got root? UID 0 Only one per system, or game over… –EUID Who are you running as??? SETUID / SETGID

52 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 52 Unix Security System Calls

53 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 53 Unix Security Implementation –The devil is in the details –System files

54 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 54 Questions and Answers

Download ppt "J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 1 Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum Group E."

Similar presentations

J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 1 Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum Group E.

J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum Group E.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
1 UNIX 1 History of UNIX 2 Overview of UNIX 3 Processes in UNIX 4 Memory management in UNIX 5 The UNIX file system 6 Input/output in UNIX.

1 UNIX 1 History of UNIX 2 Overview of UNIX 3 Processes in UNIX 4 Memory management in UNIX 5 The UNIX file system 6 Input/output in UNIX.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
1 Case Study 1: UNIX and LINUX Chapter 10 10.1 History of unix 10.2 Overview of unix 10.3 Processes in unix 10.4 Memory management in unix 10.5 Input/output.

1 Case Study 1: UNIX and LINUX Chapter History of unix 10.2 Overview of unix 10.3 Processes in unix 10.4 Memory management in unix 10.5 Input/output.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.

1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
1 Operating Systems Ch. 14 - An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, 2000 2 Bare Bones Computer.

1 Operating Systems Ch An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, Bare Bones Computer.
Linux Operating System

Linux Operating System
Introduction Operating Systems’ Concepts and Structure Lecture 1 ~ Spring, 2008 ~ Spring, 2008TUCN. Operating Systems. Lecture 1.

Introduction Operating Systems’ Concepts and Structure Lecture 1 ~ Spring, 2008 ~ Spring, 2008TUCN. Operating Systems. Lecture 1.

Similar presentations

Ads by Google