Download ch 5 - sm.luth.se

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Cyber-security regulation wikipedia , lookup

Address space layout randomization wikipedia , lookup

Trusted Computing wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Hacker wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript
Computer System Security and Management
Reference Monitors
Three fundamental concepts in computer security:
•Reference Monitors: An access control concept that refers to an abstract machine
that mediates all accesses to objects by subjects.
•Security Kernel: The hardware, firmware, and software elements of a trusted
computing base that implement the Reference Monitor concept.
•Trusted Computing Base (TCB): The totality of protection mechanisms within a
computer system – including hardware, firmware – the combination of which is
responsible for enforcing a security policy.
Applications
Services
Operating system
OS kernel
Hardware
Different layers in a computer system
Computer System Security and Management
Reference Monitors
Placing the Reference Monitor
The reference monitor can be placed:
• In hardware: Access control to mechanisms in microprocessors.
• In the operating system: Access control in Linux.
• In the services layer: Access control in databases.
• In the application: In the application code.
Operating system integrity
The goal of an attacker is to disable the security control by modifying the operating
system.
When securing an operating system two requirements have to be addressed:
• Users should be able to use the operating system.
• Users should not be able to misuse the operating system.
In Linux there is 2 modes:
• user mode: protected mode.
• supervisor mode: root mode.
To execute a command in supervisor mode sudo can be used in Linux.
Computer System Security and Management
Reference Monitors
Hardware security features
Hardware is the lowest layer in an IT architecture:
Applications
Services
Operating system
OS kernel
Hardware
Protection in
the Security
Kernel
• It may be possible to evaluate security to a higher level of assurance
• Putting security mechanisms into the core of the system increase the
performance. No overheads caused by security checks.
• Access control decisions are removed from applications.
Computer System Security and Management
Reference Monitors
A brief overview of Computer Architecture
Input devices: Keyboards
Output devices: Monitor
I/O
CPU
Bus
CPU components:
Registers:
• General purpose registers.
• Dedicated register.
Program counter: Points to memory location that
contains the next instruction to be executed.
Stack pointe: Points to the top of the system stack.
Status register: Allows the CPU to keep essential
state information.
Arithmetic Logic Unit (ALU): Executes instructions
given in a machine level language or sets bits in the
status register.
To switch between different programs, the CPU
perform a context switch and saves the state of the
current process.
Memory
RAM (Random Access Memory):
stores data temporarily.
ROM (Read Only Memory): Store data
permanently.
EPROM (Erasable & Programmable
Read Only Memory): The data can be
erased or kept permanently.
WROM (Write Once memory): Freeze
the data once for all.
Keep the OS or cryptographic keys on
ROM or EPROM.
RAM: volatile memory.
ROM, EPROM, WROM: non-volatile
memory.
Computer System Security and Management
Reference Monitors
Processes and Threads
A process is a program in execution.
A process is an important unit of control for the OS and for the security.
A process consists of:
• Executable code.
• Data.
• The execution context.
Processes communicate with each other through primitives provided by the OS, IPC.
Less secure because of the context switch between processes.
Expensive operation in the OS
Treads are execute within a process.
Share the process address space.
More secure.
Less expensive operation in the OS.
Computer System Security and Management
Reference Monitors
Interrupts (traps, exceptions)
Interrupts are created by processes when:
• There is error in the program.
• User sends a request.
• Hardware failure.
A trap is a special input to the CPU which includes an ad
Interrupt vector table
contains addresses
Memory
TRAP #n
n
Interrupt table has to be protected.
Viruses can change an entry in the
table so that it points to attack
code.
Redirecting pointer is a very
efficient attack method.
Interrupt vector
Interrupt
handler
1
0
Process of an interrupt