Download powerpoint slides for the guest lecture give by Shahrear Iqbal

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

CP/M wikipedia , lookup

VS/9 wikipedia , lookup

Distributed operating system wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
Operating System Security
&
Smartphones
MD SHAHREAR IQBAL
PHD STUDENT
QRST LAB, SCHOOL OF COMPUTING
QUEEN’S UNIVERSITY, KINGSTON, ONTARIO, CANADA.
2
CISC 324: Security & Protection
Concepts


Protection:

Mechanisms and policy to keep programs and users from accessing or
changing stuff they should not do

Internal to OS

Chapter 14 in Silbershatz
Security:

Issues external to OS

Authentication of user, validation of messages, malicious or accidental
introduction of flaws, etc.

Chapter 15 of Silbershatz
3
Goals of Protection

In one protection model, computer consists of a collection of objects,
hardware or software

Each object has a unique name and can be accessed through a welldefined set of operations

Protection problem - ensure that each object is accessed correctly
and only by those processes that are allowed to do so
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
4
Principles of Protection

5
Guiding principle – principle of least privilege

Programs, users and systems should be given just enough privileges to perform their
tasks

Limits damage if entity has a bug, gets abused

Can be static (during life of system, during life of process)

Or dynamic (changed by process as needed) – domain switching, privilege
escalation

“Need to know” a similar concept regarding access to data
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
Principles of Protection (Cont.)

Must consider “grain” aspect

Rough-grained privilege management easier, simpler, but least privilege now done in
large chunks


For example, traditional Unix processes either have abilities of the associated user, or of root
Fine-grained management more complex, more overhead, but more protective


6
File ACL lists, RBAC
Domain can be user, process, procedure
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
The Security Problem

7
System secure if resources used and accessed as intended under all circumstances

Unachievable

Intruders (crackers) attempt to breach security

Threat is potential security violation

Attack is attempt to breach security

Attack can be accidental or malicious

Easier to protect against accidental than malicious misuse
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
Security Violation Categories

Breach of confidentiality


Breach of integrity


Unauthorized destruction of data
Theft of service


Unauthorized modification of data
Breach of availability


Unauthorized reading of data
Unauthorized use of resources
Denial of service (DOS)

Prevention of legitimate use
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
8
Security Measure Levels

Impossible to have absolute security, but make cost to
perpetrator sufficiently high to deter most intruders

Security must occur at four levels to be effective:

Physical


Human


Avoid social engineering, phishing, dumpster diving
Operating System


Data centers, servers, connected terminals
Protection mechanisms, debugging
Network

Intercepted communications, interruption, DOS

Security is as weak as the weakest link in the chain

But can too much security be a problem?
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
9
Program Threats

Many variations, many names

Trojan Horse


Code segment that misuses its environment

Exploits mechanisms for allowing programs written by users to be
executed by other users

Spyware, pop-up browser windows, covert channels

Up to 80% of spam delivered by spyware-infected systems
Trap Door

Specific user identifier or password that circumvents normal security
procedures

Could be included in a compiler

How to detect them?
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
10
Program Threats (Cont.)

Logic Bomb


Program that initiates a security incident under certain circumstances
Stack and Buffer Overflow

Exploits a bug in a program (overflow either the stack or memory buffers)

Failure to check bounds on inputs, arguments

Write past arguments on the stack into the return address on stack

When routine returns from call, returns to hacked address


Pointed to code loaded onto stack that executes malicious code
Unauthorized user or privilege escalation
Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne
11
12
Smartphone Security
Security Risks
Asset
13
Security Risks
Asset
14
Threat
Malware
Hacker
Security Risks
Asset
Threat
Vulnerability
Risk
malware
15
Vulnerable Operating Systems
Vulnerable Apps
New Technologies
Existing Security for fighting Malware
16
Smart City
17
Clean & nonmotorized options
Smart
City
Smartphone
18
Smart
Phone
Maintaining
separate execution
profiles
Smart Country
Smart Security Framework
Implementation View
19
Applications
Restricted Zone
App 6
App 8
New App Zone
App 1
Trusted App Zone
App 2
Untrusted App Zone
App 5
App 3
App 7
App 4
High Privilege App Zone
Zone and Policy Manager
App
Market
Application framework
K
Secure
Communication
Application Status and
Relationship
Management
Context
Management
Trusted Device
Management
Computation Offloading
Management
Security Mode
Management
Data Safety
Management
Hardware
OS
Package Installer
Permission Checker
High Privilege App
Service Provider
Sensors
API Management
Custom
Telephony/SMS
App
Behavior
Communication
Channels
Policy
Management
Zone
Management
Surveillance
K
20
Job & Grad Life
Questions
21
Related documents
CS323 - Operating Systems
CS323 - Operating Systems
Figure 19.01 - University of Miami Computer Science
Figure 19.01 - University of Miami Computer Science
Operating Systems EDA092, DIT400 Why study Operating Systems
Operating Systems EDA092, DIT400 Why study Operating Systems
Chapter 2: System Structures
Chapter 2: System Structures
Chapter 1b
Chapter 1b
PDF
PDF
MemoryAllocation
MemoryAllocation
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts
Chapter 14
Chapter 14
I/O Systems - McMaster Computing and Software
I/O Systems - McMaster Computing and Software
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts
ch13 - anuradhasrinivas
ch13 - anuradhasrinivas