Download Protection & Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
Document related concepts

Computer security wikipedia , lookup

Transcript 
Chapter 14: Protection
Operating System Concepts with Java – 8th Edition
14.1
Silberschatz, Galvin and Gagne ©2009
Chapter 14: Protection
 Goals of Protection
 Principles of Protection
 Domain of Protection
 Access Matrix
 Implementation of Access Matrix
 Access Control
Operating System Concepts with Java – 8th Edition
14.2
Silberschatz, Galvin and Gagne ©2009
Goals of Protection
 Operating system consists of a collection of
objects, hardware or software
 Each object has a unique name and can be
accessed through a well-defined set of
operations
 Protection problem - ensure that each object is
accessed correctly and only by those
processes that are allowed to do so
Operating System Concepts with Java – 8th Edition
14.3
Silberschatz, Galvin and Gagne ©2009
Principles of Protection
 Guiding principle – principle of least privilege
 Programs,
users and systems should be
given just enough privileges to perform
their tasks
Operating System Concepts with Java – 8th Edition
14.4
Silberschatz, Galvin and Gagne ©2009
Domain Structure
 Access-right = <object-name, rights-set>
where rights-set is a subset of all valid operations that
can be performed on the object.
 Domain = set of access-rights
Operating System Concepts with Java – 8th Edition
14.5
Silberschatz, Galvin and Gagne ©2009
Domain Implementation (UNIX)
 System consists of 2 domains:

User

Supervisor
 UNIX

Domain = user-id

Domain switch accomplished via file system
Each
file has associated with it a domain bit (setuid
bit)
When
file is executed and setuid = on, then user-id is
set to owner of the file being executed. When
execution completes user-id is reset
Operating System Concepts with Java – 8th Edition
14.6
Silberschatz, Galvin and Gagne ©2009
Access Matrix
 View protection as a matrix (access matrix)
 Rows represent domains
 Columns represent objects
 Access(i, j) is the set of operations that a
process executing in Domaini can invoke on
Objectj
Operating System Concepts with Java – 8th Edition
14.7
Silberschatz, Galvin and Gagne ©2009
Access Matrix
Operating System Concepts with Java – 8th Edition
14.8
Silberschatz, Galvin and Gagne ©2009
Use of Access Matrix
 If a process in Domain Di tries to do “op” on object Oj,
then “op” must be in the access matrix
 Can be expanded to dynamic protection

Operations to add, delete access rights

Special access rights:
owner
copy
of Oi
op from Oi to Oj
control
– Di can modify Dj access rights
transfer
– switch from domain Di to Dj
Operating System Concepts with Java – 8th Edition
14.9
Silberschatz, Galvin and Gagne ©2009
Use of Access Matrix (Cont)
 Access matrix design separates mechanism from policy

Mechanism
Operating
system provides access-matrix + rules
If
ensures that the matrix is only manipulated by
authorized agents and that rules are strictly
enforced

Policy
User
dictates policy
Who
can access what object and in what mode
Operating System Concepts with Java – 8th Edition
14.10
Silberschatz, Galvin and Gagne ©2009
Implementation of Access Matrix
 Each column = Access-control list for one object
Defines who can perform what operation.
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read

 Each Row = Capability List (like a key)
Fore each domain, what operations allowed on what
objects.
Object 1 – Read
Object 4 – Read, Write, Execute
Object 5 – Read, Write, Delete, Copy
Operating System Concepts with Java – 8th Edition
14.11
Silberschatz, Galvin and Gagne ©2009
Access Matrix of Figure A With Domains as Objects
Figure B
Operating System Concepts with Java – 8th Edition
14.12
Silberschatz, Galvin and Gagne ©2009
Access Matrix with Copy Rights
Operating System Concepts with Java – 8th Edition
14.13
Silberschatz, Galvin and Gagne ©2009
Access Matrix With Owner Rights
Operating System Concepts with Java – 8th Edition
14.14
Silberschatz, Galvin and Gagne ©2009
Modified Access Matrix of Figure B
Operating System Concepts with Java – 8th Edition
14.15
Silberschatz, Galvin and Gagne ©2009
Access Control
 Protection can be applied to non-file resources
 Solaris 10 provides role-based access control
(RBAC) to implement least privilege

Privilege is right to execute system call or use an
option within a system call

Can be assigned to processes

Users assigned roles granting access to privileges
and programs
Operating System Concepts with Java – 8th Edition
14.16
Silberschatz, Galvin and Gagne ©2009
Role-based Access Control in Solaris 10
Operating System Concepts with Java – 8th Edition
14.17
Silberschatz, Galvin and Gagne ©2009
Chapter 15: Security
Operating System Concepts with Java – 8th Edition
14.18
Silberschatz, Galvin and Gagne ©2009
Chapter 15: Security
 The Security Problem
 Program Threats
 System and Network Threats
 Cryptography as a Security Tool
 User Authentication
 Implementing Security Defenses
 Firewalling to Protect Systems and Networks
 Computer-Security Classifications
 An Example: Windows XP
Operating System Concepts with Java – 8th Edition
14.19
Silberschatz, Galvin and Gagne ©2009
Objectives
 To discuss security threats and attacks
 To explain the fundamentals of encryption, authentication, and hashing
 To examine the uses of cryptography in computing
 To describe the various countermeasures to security attacks
Operating System Concepts with Java – 8th Edition
14.20
Silberschatz, Galvin and Gagne ©2009
The Security Problem
 Security must consider external environment of the
system, and protect the system resources
 Intruders (crackers) attempt to breach security
 Threat is potential security violation
 Attack is attempt to breach security
 Attack can be accidental or malicious
 Easier to protect against accidental than malicious
misuse
Operating System Concepts with Java – 8th Edition
14.21
Silberschatz, Galvin and Gagne ©2009
Security Violations
 Categories

Breach of confidentiality

Breach of integrity

Breach of availability

Theft of service

Denial of service
 Methods

Masquerading (breach authentication)

Replay attack

Message modification

Man-in-the-middle attack

Session hijacking
Operating System Concepts with Java – 8th Edition
14.22
Silberschatz, Galvin and Gagne ©2009
Standard Security Attacks
Operating System Concepts with Java – 8th Edition
14.23
Silberschatz, Galvin and Gagne ©2009
Security Measure Levels
 Security must occur at four levels to be effective:
 Physical
 Human
Avoid
social engineering, phishing, dumpster
diving
 Operating
System
 Network
 Security is as weak as the weakest link in the
chain
Operating System Concepts with Java – 8th Edition
14.24
Silberschatz, Galvin and Gagne ©2009
Program Threats



Trojan Horse

Code segment that misuses its environment

Exploits mechanisms for allowing programs written by users to be executed by
other users

Spyware, pop-up browser windows, covert channels
Trap Door

Specific user identifier or password that circumvents normal security
procedures

Could be included in a compiler
Logic Bomb


Program that initiates a security incident under certain circumstances
Stack and Buffer Overflow

Exploits a bug in a program (overflow either the stack or memory buffers)
Operating System Concepts with Java – 8th Edition
14.25
Silberschatz, Galvin and Gagne ©2009
C Program with Buffer-overflow Condition
#include <stdio.h>
#define BUFFER SIZE 256
int main(int argc, char *argv[])
{
char buffer[BUFFER SIZE];
if (argc < 2)
return -1;
else {
strcpy(buffer,argv[1]);
return 0;
}
}
Operating System Concepts with Java – 8th Edition
14.26
Silberschatz, Galvin and Gagne ©2009
Layout of Typical Stack Frame
Operating System Concepts with Java – 8th Edition
14.27
Silberschatz, Galvin and Gagne ©2009
Modified Shell Code
#include <stdio.h>
int main(int argc, char *argv[])
{
execvp(‘‘\bin\sh’’,‘‘\bin \sh’’, NULL);
return 0;
}
Operating System Concepts with Java – 8th Edition
14.28
Silberschatz, Galvin and Gagne ©2009
Hypothetical Stack Frame
After attack
Before attack
Operating System Concepts with Java – 8th Edition
14.29
Silberschatz, Galvin and Gagne ©2009
Program Threats (Cont.)
 Many categories of viruses, literally many thousands of viruses

File

Boot

Macro

Source code

Polymorphic

Encrypted

Stealth

Tunneling

Multipartite
Operating System Concepts with Java – 8th Edition
14.30
Silberschatz, Galvin and Gagne ©2009
A Boot-sector Computer Virus
Operating System Concepts with Java – 8th Edition
14.31
Silberschatz, Galvin and Gagne ©2009
System and Network Threats
 Worms – use spawn mechanism; standalone program
 Internet worm

Exploited UNIX networking features (remote access) and bugs
in finger and sendmail programs

Grappling hook program uploaded main worm program
 Port scanning

Automated attempt to connect to a range of ports on one or a
range of IP addresses
 Denial of Service

Overload the targeted computer preventing it from doing any
useful work

Distributed denial-of-service (DDOS) come from multiple sites at
once
Operating System Concepts with Java – 8th Edition
14.32
Silberschatz, Galvin and Gagne ©2009
The Morris Internet Worm
Operating System Concepts with Java – 8th Edition
14.33
Silberschatz, Galvin and Gagne ©2009
End of Chapter 15
Operating System Concepts with Java – 8th Edition
14.34
Silberschatz, Galvin and Gagne ©2009
Related documents
CS323 - Operating Systems
CS323 - Operating Systems
Operating Systems EDA092, DIT400 Why study Operating Systems
Operating Systems EDA092, DIT400 Why study Operating Systems
Figure 19.01 - University of Miami Computer Science
Figure 19.01 - University of Miami Computer Science
3460:426/526 Operating Systems
3460:426/526 Operating Systems
1.01 - University of South Florida
1.01 - University of South Florida
Protection
Protection
File
File
I/O Systems 2.
I/O Systems 2.
Powerpoint () - UCSB Computer Science
Powerpoint () - UCSB Computer Science
MemoryAllocation
MemoryAllocation