bzupages.com

bzupages.com

Operating System: Presented To: Sir. Ahsan Raza

Presented By: Shaista Sumreen (06-04) Aliya Zafar (06-06) Mamoona Sadia (06-08) Javaria Qayyum (06-26) Sana Tareen (06-31) Sadia Riaz (06-33)

bzupages.com

Services of Operating System:

Process ManagementMulti-TaskingInterrupt ProcessingMemory ManagementRegistersRandom Access MemoryDisk StorageDisk & File SystemNetworkingSecurity

bzupages.com

bzupages.com

Outline

Operating System SecurityProtection MechanismH/W SecurityProtection of MemoryAccess Control MechanismAuditingFault ToleranceSummary

bzupages.com

Shaista Sumreen 06-04

TopicProtection Mechanism

H/W Security

bzupages.com

Protection Mechanism:(1)

Operating system security is provided by gates that users must pass through before entering the operating system environment, and permission matrixes that determine what they are able to do once inside.

bzupages.com

Protection Mechanism:(2)

Dialup gate

Login gate

Root gate

Secure RPC gate

File and directory matrix

NIS+ objects matrix

bzupages.com

Protection Mechanism:

O.S provides protection with following Spectrum:

No protection Isolation Share all Or Share nothing Share via access limitation Share via dynamic capabilities Limited use of an object

bzupages.com

Hardware Security:(1)

Problem???

Examples:

Telephone SIM cards

Smart cards (used for access, TV decoders, ID, money...)

Public ATM machines

bzupages.com

Hardware Security:(2)

Install a version of the PROM monitor that either does not provide (or at least password protects) the commands to examine and change memory contents.

Ensure that workstations cannot be taken into single-user mode without providing the "root" (or a PROM monitor "hardware") password.

bzupages.com

Protecting data from hardwarefailures:(3)

Use Backups.

Use Redundant Arrays of Inexpensive Disks (RAID) .

Failure of a single disk should not cause any data loss.

Beware of manufacturers.

bzupages.com

Protection Of Memory:

Memory Encryption Control Unit (MECU) encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token.

User OrientedData Oriented

bzupages.com

User Oriented Access Control:

User access control in distributed environment can be either

centralized or decentralized.

1. In a centralized approach network provides a log on service, determining who is allowed to use the network and to whom the user is allowed to connect.

2. Decentralized user access control treats the network as a transport communication link, and the destination host carries out the usual log on procedure.

bzupages.com

User Oriented Access Control:

Authenticating users Commonly done using id and password Concern about eavesdropping May be centralized (network logon) or distributed (each host handles logon) May also limit who can access the network as a whole

bzupages.com

Data Oriented Access Control:

Each user has permitted actions Anyone in administration can see the list of employees,but only personnel staff can change someone’s salary Access matrix (Subjects x Objects) Subject — Entity that can access objects Object — Anything to which access is controlled Access Right — The way the object is accessed by the subject

bzupages.com

Data Oriented Access Control:

Generally matrix is sparse, so stored in a different fashion:

Access Control List

Who is allowed to do something with this object

Capability List

What can this user do?

bzupages.com

Javeria Qayyum 06-26

Topic

Access Control

bzupages.com

Access Control:

bzupages.com

Strategy:

Try user info variants

Try words from 60,000 entry dictionary

Try permutations of above (0-O, 1-L, etc.)

Try various capitalization of above

bzupages.com

Protecting Password:

bzupages.com

Sadia Riaz 06-33

Topic

Auditing

bzupages.com

Auditing:

Record of ongoing activity Most systems include auditing files Intruder detection system may have additional files Detection-specific audit records Subject — Who is doing the action? Action — What is being done? Object — What is being used? Exception condition — Any problems? Resource usage Timestamp — When did it happen? Each record refers to an elementary action Easier to detect intrusions Simplifies model and implementation

bzupages.com

Sana Tareen 06-31

Topic

Fault Tolerance

Introduction

Requirements

bzupages.com

Introduction:

What is the System???

3 Levels of Fault Tolerance

1. H/W fault tolerance

2. S/W fault tolerance

3. System fault tolerance

bzupages.com

“A system is the entire set of components, both computer related, and non-computer related, that provides a service to a user.”

bzupages.com

Requirements:

Dependable System

Approaches to achieve dependability

1. Fault avoidance

2. Fault Removal

3. Fault Tolerance

Dependability Specification

1. Qualitative

2. Quantitative

bzupages.com

Mamoona Sadia 06-08

TopicClasses of Fault Tolerance

Mechanism

bzupages.com

Fault Classes:

Locality

Effects (Timing & Date)

Cause (Design , Damage)

Duration (Transient , Persistent)

Efforts On the System State

1. Crash

2. Amesia

bzupages.com

Mechanism:

Detection

Diagnose

Containment

bzupages.com

Aliya Zafar 06-06

Summary of Presentation

bzupages.com

Thanks