Download Protection & Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
Document related concepts

Authentication wikipedia , lookup

Copy protection wikipedia , lookup

Information privacy law wikipedia , lookup

Malware wikipedia , lookup

Wireless security wikipedia , lookup

Cross-site scripting wikipedia , lookup

Computer security wikipedia , lookup

Trusted Computing wikipedia , lookup

Buffer overflow protection wikipedia , lookup

Password strength wikipedia , lookup

Access control wikipedia , lookup

Security-focused operating system wikipedia , lookup

Certificate authority wikipedia , lookup

IDN homograph attack wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Unix security wikipedia , lookup

Transcript 
What we will cover…
 Protection and Security in OS
1-1
Difference between Protection & Security
 Protection: Mostly, mechanism for controlling access to
system resources by processes. This includes a means of
specifying controls and a means of enforcing the controls.
This is an internal problem.
 Security: Mostly, assuring the integrity of system resources
and data. Protection is the enforcement aspect of security.
Security must also consider the external environment in
which the system operates.
1-2
Domain of Protection
 Who needs protection?
 System resources need protection
 resources include both hardware and software
 examples of software resources: files, programs,
buffers, semaphores etc.
 examples of hardware resources: CPU, memory segments,
printers, disks etc.
 think of each resource as an object accessible only
through associated operations
 Protection From whom?
 Other users (user domain)
 Other processes (process domain)
Principle of Protection
 Guiding principle – principle of least
privilege

Programs, users and systems should be given
just enough privileges to perform their tasks
 Also known as “need-to-know” principle
Domain Structure
 Implement protection domain
 a process has an associated protection domain and operates
within this domain


a protection domain is a set of ordered pairs
each ordered pair consists of an object and a set of access rights
(permitted operations)
 Access-right = <object-name, rights-set>
where rights-set is a subset of all valid operations that can
be performed on the object.
 Domain = set of access-rights
Protection Domain Structure
 The association between a process and a domain can be


fixed (static) or
can change as process executed (dynamic)
 Static association is easier to implement while dynamic
association is more complex

Which one is better?
• Static association may violate need-to-know principle
 Dynamic association

change association dynamically by either (1) modifying the
domain, or (2) switching to a different domain
Domain Implementation
(MULTICS)
 Let Di and Dj be any two domain rings.
 If j < i  Di  Dj

Disadvantages:
 Too complicated
 Violating need-to-know
principle
Domain Implementation (UNIX)
 System consists of 2 domains:
User mode
 Kernel mode

 UNIX
 Domain = user-id
 Domain switch accomplished via file system.
• Each file has associated with it a domain bit (setuid bit).
• When file is executed and setuid = on, then user-id is
set to owner of the file being executed. When execution
completes user-id is reset.
Domain Implementation (UNIX)
 Is it safe?
Domain Example
 Processes move back and forth between user mode, (i.e.,
user domain) and kernel mode, (i.e., kernel domain).
User mode
Kernel mode
process
 Unix setuid
shell
owner=100
setuid bit=0
a.out
owner=100
setuid bit=1
load
real user id = 201
effective user id = 201
exec(“shell”)
load
real user id = 201
effective user id = 201
exec(“a.out”)
100
10
Access Matrix
 View protection as a matrix (access
matrix)
 Rows represent domains
 Columns represent objects
 Access(i, j) is the set of operations that a
process executing in Domaini can invoke on
Objectj
Access Matrix
Visualizing access matrix for UNIX
-rwxr-xr-x 1 John students 14839 May 14 07:15 chatter
-rw-r----- 1 John students 998 May 14 08:27 guru.c
-rwxr-xr-- 2 John students 4096 May 17 11:59 data
Domain/object
chatter
guru.c
data
Owner
Read, write,
execute
Read, write
Read, write,
execute
group
Read, execute
Read
Read, execute
world
Read, execute
Read
1-13
Use of Access Matrix
 If a process in Domain Di tries to do “op”
on object Oj, then “op” must be in the
access matrix.
 Can be expanded to dynamic protection.
 Special operations to change content of access
matrix
 Change access rights:
• copy an access right from one domain to another
• owner rights
Access Matrix with Copy Rights
Access Matrix With Owner Rights
Use of Access Matrix (Cont.)
 Access matrix design separates mechanism
from policy.

Policy
• User dictates policy.
• Who can access what object and in what mode.

Mechanism
• Operating system provides access-matrix + rules.
• It ensures that the matrix is only manipulated by
authorized agents and that rules are strictly
enforced.
Security
1-18
The Security Problem
 Security must consider external environment of the system, and
protect the system resources
 Intruders (crackers) attempt to breach security (malicious access):




Unauthorized reading of data
Unauthorized modifications of data
Unauthorized destruction of data
Preventing legitimate use of the systems (denial of service)
User Authentication
 Protection (earlier discussed) majorly
dependent on user authentication
 Based on use of Passwords
 Biometrics is another option but
Still not implemented
 Not cost-effective yet

Use of Passwords
Passwords are mutually agreed-upon code words, assumed to
be known only to the user and the system.
The use of passwords is fairly straightforward. A user
enters some piece of identification, such as a name or an
assigned user ID, if the identification matches that on file
for the user, the user is authenticated to the system.
If the identification match fails, the user is rejected by the
system.
Attacks on Passwords
 Try all possible passwords
exhaustive or brute force attack
 Is this impossible to create?

 Try many probable passwords

Users do not likely select a password
uncommon, hard to spell or pronounce, very long
 Try passwords likely for the user
 Password generally is meaningful to the user
Attacks on Passwords (cont’)
 Encrypted password (used in UNIX)
 Flaw was user tends to select a meaningful password (a word
in the dictionary)
 System encrypts the word and stores the encrypted version
 The process is irreversible, so apparently secure
 Dictionary attack
 Off-line cluster attack
Many Password Selection Criteria
 Use characters other than just A-Z
 Choose long passwords
 Avoid actual names or words
 Choose an unlikely password
 Change the password regularly
 Don’t write it down
 Don’t tell anyone else
The Authentication Process
 Intentionally slow

This makes exhaustive attack infeasible
 Identify intruder from the normal user
Some who continuously fails to login may not be
an authorized user.
 System disconnect a user after three to five
failed logins

 What is the flaw?
Program Threats
 Trojan Horse




Code segment that misuses its environment
Exploits mechanisms for allowing programs written by users to be
executed by other users
Spyware, pop-up browser windows, covert channels
PWSteal.Tarno.Q - registers itself as a browser helper (key logger)
 Trap Door



Specific user identifier or password that circumvents normal
security procedures
Could be included in a program
Combination of trojan horse and trap door even fatal
• Trojan.Lodeight.A opens a Back-door on TCP port 1084
How to defend against such program threats
 Analyze the execution patterns of the Trojan Horses & Trapdoors
1.
2.
3.
4.

The malicious code is executed without user intervention.
The malicious code may be directed by a remote attacker once a connection is made.
Resources used by the malicious code, such as file names and network addresses, are hardcoded in the binary.
OS resources (processes, memory) used by the malicious code may be consumed for the
purpose of degrading performance.
A key characteristic of Trojan Horses and Trapdoors is that they cannot be invoked
by the attacker and are autonomous – at least until a connection is made.
Program Threats (contd.)
 Stack and Buffer Overflow

Exploits a bug in a program (overflow either the stack or memory
buffers)
Simple example code
#include <string.h>
void foo (char *bar)
{
char c[12];
strcpy(c, bar); // no bounds checking...
}
int main (int argc, char **argv)
{
foo(argv[1]);
}
Stack Buffer Overflow
Before data is copied.
"hello" is the first
command line argument.
"AAAAAAAAAAAAAAA
AAAAA\x08\x35\xC0\
x80" is the first
command line argument.
System and Network Threats
 Worms – use spawn mechanism; standalone program
 Morris worm


Exploited UNIX networking features (remote access) and bugs
in finger and sendmail programs
Grappling hook program uploaded main worm program
System and Network Threats
 Denial of Service
Easier than penetration attacks
 Overload the targeted computer preventing it
from doing any useful work
 Distributed denial-of-service (DDOS) come
from multiple sites at once


Open tcp connection (never closing one)
Security Through Domain Separation Via Firewall
Related documents
Security
Security
CS 195 Probability Models and Inference Spring 2013 Homework
CS 195 Probability Models and Inference Spring 2013 Homework
L16_Security
L16_Security
User Defined Tag 1 - DA Document Manager
User Defined Tag 1 - DA Document Manager
Blue Asterisk template - Connected Security Expo
Blue Asterisk template - Connected Security Expo
Stat 430 Homework 2 Fall 2008
Stat 430 Homework 2 Fall 2008
NT Security Overview
NT Security Overview
Windows Security
Windows Security
Protection in General-Purpose Operating Systems
Protection in General-Purpose Operating Systems
01-intro
01-intro
Appendix *J* - Credit Plus
Appendix *J* - Credit Plus
Chapter 2: Attackers and Their Attacks
Chapter 2: Attackers and Their Attacks