Download L16_Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
Document related concepts

Distributed firewall wikipedia , lookup

Malware wikipedia , lookup

Information security wikipedia , lookup

Trusted Computing wikipedia , lookup

Authentication wikipedia , lookup

Electronic authentication wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Password strength wikipedia , lookup

Wireless security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Computer security wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Mobile security wikipedia , lookup

Access control wikipedia , lookup

Social engineering (security) wikipedia , lookup

Unix security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Protection & Security
Introduction to Operating Systems: Module 16
Protection & Security
• Security policy
 Who
has access to information?
 Access
matrix
• Protection mechanism
 How
is the security policy enforced?
 Authentication
mechanism
• External: maps actual user to logical user
• Internal authentication: maps process to (user) access rights
 Authorization
mechanism
• Determines if logical user has access to computer
– An implementation of an access matrix
Computer Security
• Prevention of unauthorized access to computer
resources
• The collection of tools used impose security
 Became
necessary with the introduction of the computer
 Today automated tools are used
Network Security
• Protect data during transmission
• Includes telephone transmission and local area
networks
Computer Security Requirements
• Secrecy
 information
in a computer system be accessible for
reading by authorized parties only
• Integrity
 assets
can be modified by authorized parties only
• Availability
 assets
should be available to authorized parties
Types of Threats: Interruption
• An asset of the system is destroyed of becomes
unavailable or unusable
• Destruction of hardware
• Cutting of a communication line
• Disabling the file management system
Types of Threats: Interception
• An unauthorized party gains access to an asset
• Wiretapping to capture data in a network
• Illicit copying of files or programs
Types of Threats: Modification
• An unauthorized party not only gains access but
tampers with an asset
• Changing values in a data file
• Altering a program so that it performs differently
• Modifying the content of messages being
transmitted in a network
Types of Threats: Fabrication
• An unauthorized party inserts counterfeit objects
into the system
• Insertion of spurious messages in a network
• Addition of records to a file
Computer System Assets
• Hardware
 threats
include accidental and deliberate damage
• Software
 threats
include deletion, alteration, damage
 backups of the most recent versions can maintain high
availability
Computer System Assets
• Data
 involves
files
 threats include unauthorized reading of data
 statistical analysis can lead to determination of
individual information which threatens privacy
Computer System Assets
• Communication Lines and Networks
 threats
include eavesdropping and monitoring
 a telephone conversion, an electronic mail message, and
a transferred file are subject to these threats
 encryption masks the contents of what is transferred so
even if obtained by someone, they would be unable to
extract information
Computer System Assets
• Communication Lines and Networks
 masquerade
takes place when one entity pretends to be a
different entity
 message stream modification means that some portion of
a legitimate message is altered, delayed, or reordered
 denial of service prevents or inhibits the normal use or
management of communications facilities
 disable
network or overload it with messages
Potential Targets for Security Attacks
• Any communication links
 insert
and capture transmission
 observe transmission
• Hardware
 modifications
 gain
access
 monitor the electromagnetic emanations
Attacks from Intruders
• Real and growing problem
• Globalization
• Move to client/server architecture
 companies
have traditionally key data on mainframes or
stand-alone PCs where it is easy to guard
• Cracker’s steep learning curve
 crackers
share information
Authentication
• External (user) authentication
 Uncover
a malicious masquerade
 Password
 ID
badge
 Retina scan
 Network
authentication
• Internal authorization (resource protection)
 Confinement
 Allocating
rights
Techniques for Learning Passwords
• Try default password used with standard accounts
shipped with computer
• Exhaustively try all short passwords
• Try words in dictionary or a list of likely passwords
• Collect information about users and use these items
as passwords
Techniques for Learning Passwords
• Try user’s phone numbers, social security numbers,
and room numbers
• Try license plate numbers
• Use a Trojan horse to bypass restrictions on access
• Tap the line between a remote user and the host
system
ID Provides Security
• Determines whether the user is authorized to gain
access to a system
• Determines the privileges accorded to the user
 guest
or anonymous accounts have mover limited
privileges than others
• ID is used for discretionary access control
a
user may grant permission to files to others by ID
Password Selection Strategies
• Computer generated passwords
 users
have difficulty remembering them
 need to write it down
 have history of poor acceptance
• Eliminate guessable passwords while allowing the
user to select a password that is memorable
Password Selection Strategies
• Reactive password checking strategy
 system
periodically runs its own password cracker to
find guessable passwords
 system cancels passwords that are guessed and notifies
user
 consumes resources to do this
 hacker can use this on their own machine with a copy of
the password file
Password Selection Strategies
• Proactive password checker
 the
system checks at the time of selection if the
password is allowable
 with guidance from the system users can select
memorable passwords that are difficult to guess
Intrusion Detection
• Assume the behavior of the intruder differs from
the legitimate user
• Statistical anomaly detection
 collect
data related to the behavior of legitimate users
over a period of time
 statistical tests are used to determine if the behavior is
not legitimate behavior
 attempt to define normal, or proper behavior
Intrusion Detection
• Rule-based detection
 rules
are developed to detect deviation form previous
usage pattern
 expert system searches for suspicious behavior
 attempt to define proper behavior
Intrusion Detection
• Audit record
 native
audit records
 all
operating systems include accounting software that collects
information on user activity
 detection-specific
 collection
audit records
facility can be implemented that generates audit
records containing only that information required by the
intrusion detection system
Protection Domain Structure
• Access-right = <object-name, rights-set>
where rights-set is a subset of all valid operations
that can be performed on the object.
• A Protection Domain = a set of access-rights
Domain Implementation (UNIX)
• System consists of 2 domains:
 User
 Supervisor
• UNIX
 Domain
= user-id
 Domain switch accomplished via file system.
 Each
file has associated with it a domain bit (setuid bit).
 When file is executed and setuid = on, then user-id is set to
owner of the file being executed. When execution completes
user-id is reset.
Domain Implementation (Multics)
• Let Di and Dj be any
two domain rings.
• Inner rings have
greater authority than
outer rings
• Calls to inner ring
functions cause an
authorization check
• If j < I  Di  Dj
Multics Rings
Access Matrix
• View protection as a matrix (access matrix)
• Rows represent domains
• Columns represent objects
• Access(i, j) is the set of operations that a process
executing in Domaini can invoke on Objectj
Access Matrix
Use of Access Matrix
• If a process in Domain Di tries to do “op” on object
Oj, then “op” must be in the access matrix.
• Can be expanded to dynamic protection.
 Operations
to add, delete access rights.
 Special access rights:
 owner
of Oi
 copy op from Oi to Oj
 control – Di can modify Dj access rights
 transfer – switch from domain Di to Dj
Use of Access Matrix (Cont.)
• Access matrix design separates mechanism from
policy.
 Mechanism
 Operating
system provides access-matrix + rules.
 If ensures that the matrix is only manipulated by authorized
agents and that rules are strictly enforced.
 Policy
 User
dictates policy.
 Who can access what object and in what mode.
Implementation of Access Matrix
• Each column = Access-control list for one object
• Defines who can perform what operation.
Domain 1 = Read, Write
 Domain 2 = Read
 Domain 3 = Read

• Each Row = Capability List (like a key)
• Fore each domain, what operations allowed on what
objects.
Object 1 – Read
Object 4 – Read, Write, Execute
Object 5 – Read, Write, Delete, Copy
Access Matrix With Domains as Objects
Revocation of Access Rights
• Access List – Delete access rights from access list.
Simple
 Immediate

• Capability List – Scheme required to locate capability in
the system before capability can be revoked.
Reacquisition
 Back-pointers
 Indirection
 Keys

Capabilities
• A capability is an <action, object> pair
• Each process possesses a table of capabilities
• It can only perform an action on an object if it
possesses a capability which allows that action
• This corresponds to an entry in the access matrix,
but each process has its own domain
Capability-Based Systems
• Mach OS (foundation of Macintosh OS X)
Uses ports as capabilities
 One thread can manipulate another if it is able to send a message
to the target threads appropriate port
 Each thread has multiple ports, which accepts messages of a
particular type
 Ports are OS objects, allocated by request

• Windows NT

Handles are associated with access rights
• A process may only access an executive object to which it
has a handle; handles are allocated by the OS
Related documents
Security
Security
PowerPoint Presentation - Lead
PowerPoint Presentation - Lead
ITS_8_Security Vocab Answers
ITS_8_Security Vocab Answers
Protection & Security
Protection & Security
Windows Security
Windows Security
CS 195 Probability Models and Inference Spring 2013 Homework
CS 195 Probability Models and Inference Spring 2013 Homework
Blue Asterisk template - Connected Security Expo
Blue Asterisk template - Connected Security Expo
User Defined Tag 1 - DA Document Manager
User Defined Tag 1 - DA Document Manager
Appendix *J* - Credit Plus
Appendix *J* - Credit Plus
Stat 430 Homework 2 Fall 2008
Stat 430 Homework 2 Fall 2008
Access Security Requirements
Access Security Requirements
Protection in General-Purpose Operating Systems
Protection in General-Purpose Operating Systems