Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection...
-
Upload
delilah-horton -
Category
Documents
-
view
230 -
download
3
Transcript of Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection...
![Page 1: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/1.jpg)
Operating SystemsOperating Systems
Protection & SecurityProtection & Security
![Page 2: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/2.jpg)
Protection & SecurityProtection & Security
Topics– Goals of Protection– Domain of Protection– Access Matrix– Implementation of Access Matrix– Revocation of Access Rights– Capability-Based Systems– Language-Based Protection
Topics– Goals of Protection– Domain of Protection– Access Matrix– Implementation of Access Matrix– Revocation of Access Rights– Capability-Based Systems– Language-Based Protection
![Page 3: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/3.jpg)
• Topics (continued)
– The Security Problem– Authentication– Program Threats– System Threats– Threat Monitoring– Encryption
• Topics (continued)
– The Security Problem– Authentication– Program Threats– System Threats– Threat Monitoring– Encryption
![Page 4: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/4.jpg)
ProtectionProtection
• Operating system consists of a collection of objects, hardware or software.
• Each object has a unique name and can be accessed through a well-defined set of operations.
• Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.
• Operating system consists of a collection of objects, hardware or software.
• Each object has a unique name and can be accessed through a well-defined set of operations.
• Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.
![Page 5: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/5.jpg)
Domain StructureDomain Structure
• Access-right = <object-name, rights-set> Right-set is a subject of all valid operations that can be performed on the object.
• Domain = set of access-rights.
• Access-right = <object-name, rights-set> Right-set is a subject of all valid operations that can be performed on the object.
• Domain = set of access-rights.
![Page 6: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/6.jpg)
Domain ImplementationDomain Implementation
• System consists of 2 domains:– User– Supervisor
• System consists of 2 domains:– User– Supervisor
![Page 7: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/7.jpg)
Domain Implementation (continued)Domain Implementation (continued)
• UNIX– Domain = user-id– Domain switch accomplished via file system.
• Each file has associated with it a domain bit (setuid bit)
• When file is executed and setuid=on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.
• UNIX– Domain = user-id– Domain switch accomplished via file system.
• Each file has associated with it a domain bit (setuid bit)
• When file is executed and setuid=on, then user-id is set to owner of the file being executed. When execution completes user-id is reset.
![Page 8: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/8.jpg)
Access MatrixAccess Matrix
• Rows - domains• Columns - domains + objects• Each entry - Access rights
• Rows - domains• Columns - domains + objects• Each entry - Access rights
![Page 9: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/9.jpg)
Access Matrix (continued)Access Matrix (continued)
domain
D1
D2
D3
D4
F1
read
read
write
F2
read
F3
read
execute
read
write
printer
object
Operator names
![Page 10: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/10.jpg)
Use of Access MatrixUse of Access Matrix
• If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix
• Can be expanded to dynamic protection– Operations to add, delete access rights.– Special access rights:
• Owner of Oi
• copy op from Oi to Oj
• control - Di can modify Djs access rights• transfer - switch from domain Di to Dj
• If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix
• Can be expanded to dynamic protection– Operations to add, delete access rights.– Special access rights:
• Owner of Oi
• copy op from Oi to Oj
• control - Di can modify Djs access rights• transfer - switch from domain Di to Dj
![Page 11: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/11.jpg)
Use of Access Matrix (continued)Use of Access Matrix (continued)
• Access matrix design separates mechanism from policy.– Mechanism
• Operating system provides Access-matrix + rules.
• It ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced.
• Access matrix design separates mechanism from policy.– Mechanism
• Operating system provides Access-matrix + rules.
• It ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced.
![Page 12: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/12.jpg)
Use of Access Matrix (continued)Use of Access Matrix (continued)
– Policy• User dictates policy.• Who can access what object and in what mode.
– Policy• User dictates policy.• Who can access what object and in what mode.
![Page 13: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/13.jpg)
Implementation of Access MatrixImplementation of Access Matrix
• Each column = Access-control list for one object
Defines who can perform what operation.
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read...
• Each column = Access-control list for one object
Defines who can perform what operation.
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read...
![Page 14: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/14.jpg)
Implementation of Access Matrix (continued)
Implementation of Access Matrix (continued)
• Each row = Capability List (like a key)
For each domain, what operations allowed on what objects.
Object 1 - Read
Object 4 - Read, Write Execute
Object 5 - Read, Write, Delete, Copy
• Each row = Capability List (like a key)
For each domain, what operations allowed on what objects.
Object 1 - Read
Object 4 - Read, Write Execute
Object 5 - Read, Write, Delete, Copy
![Page 15: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/15.jpg)
Revocation of Access RightsRevocation of Access Rights
• Access List - Delete access rights from access rights list.– Simple– Immediate
• Access List - Delete access rights from access rights list.– Simple– Immediate
![Page 16: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/16.jpg)
Revocation of Access Rights (continued)Revocation of Access Rights (continued)
• Capability List - Scheme required to locate capability in the system before capability can be revoked.– Reacquisition– Back-pointers– Indirection– Keys
• Capability List - Scheme required to locate capability in the system before capability can be revoked.– Reacquisition– Back-pointers– Indirection– Keys
![Page 17: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/17.jpg)
Capability - Based SystemsCapability - Based Systems
• Hydra– Fixed set of access rights known to and
interpreted by the system.– Interpretation of user-defined rights performed
solely by user’s program; system provides access protection for the use of these rights.
• Hydra– Fixed set of access rights known to and
interpreted by the system.– Interpretation of user-defined rights performed
solely by user’s program; system provides access protection for the use of these rights.
![Page 18: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/18.jpg)
Capability - Based Systems (continued)
Capability - Based Systems (continued)
• Cambridge CAP Systems– Data capability - provides standard read, write,
execute of individual storage segments associated with object.
– Software capability - interpretation left to the subsystem, through its protected procedures.
• Cambridge CAP Systems– Data capability - provides standard read, write,
execute of individual storage segments associated with object.
– Software capability - interpretation left to the subsystem, through its protected procedures.
![Page 19: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/19.jpg)
Language-Based ProtectionLanguage-Based Protection
• Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources.
• Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable.
• Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources.
• Language implementation can provide software for protection enforcement when automatic hardware-supported checking is unavailable.
![Page 20: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/20.jpg)
Language-Based Protection (continued)
Language-Based Protection (continued)
• Interpret protection specifications generate calls on whatever protection system is provided by the hardware and the operating system.
• Interpret protection specifications generate calls on whatever protection system is provided by the hardware and the operating system.
![Page 21: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/21.jpg)
The Security ProblemThe Security Problem
• Security must consider external environment of the system, and protect it from:– unauthorized access.– Malicious modification or destruction– accidental introduction of inconsistency.
• Easier to protect against accidental than malicious misuse.
• Security must consider external environment of the system, and protect it from:– unauthorized access.– Malicious modification or destruction– accidental introduction of inconsistency.
• Easier to protect against accidental than malicious misuse.
![Page 22: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/22.jpg)
AuthenticationAuthentication
• User identity most often established through passwords, can be considered a special case of either keys or capabilities.
• Passwords must be kept secret.– Frequent change of passwords.– Use of “non-guessable” passwords.– Log all invalid access attempts.
• User identity most often established through passwords, can be considered a special case of either keys or capabilities.
• Passwords must be kept secret.– Frequent change of passwords.– Use of “non-guessable” passwords.– Log all invalid access attempts.
![Page 23: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/23.jpg)
Program ThreatsProgram Threats
• Trojan Horse– Code segment that misuses its environment.– Exploits mechanisms for allowing programs written
by users to be executed by other users.
• Trojan Horse– Code segment that misuses its environment.– Exploits mechanisms for allowing programs written
by users to be executed by other users.
![Page 24: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/24.jpg)
Program Threats (continued)Program Threats (continued)
• Trap Door– Specific user identifier or password that
circumvents normal security procedures.– Could be included in a compiler.
• Trap Door– Specific user identifier or password that
circumvents normal security procedures.– Could be included in a compiler.
![Page 25: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/25.jpg)
System ThreatsSystem Threats
• Worms - use spawn mechanism; standalone program.
• Internet Worm– Exploited UNIX networking features (remote
access) and bugs in finger and sendmail programs.
– Grappling hook program uploaded main worm program.
• Worms - use spawn mechanism; standalone program.
• Internet Worm– Exploited UNIX networking features (remote
access) and bugs in finger and sendmail programs.
– Grappling hook program uploaded main worm program.
![Page 26: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/26.jpg)
System Threats (continued)System Threats (continued)
• Viruses - fragment of code embedded in a legitimate program.– Mainly effect microcomputer systems.– Downloading viral programs from public bulletin
boards or exchanging floppy disks containing an infection.
– Safe computing.
• Viruses - fragment of code embedded in a legitimate program.– Mainly effect microcomputer systems.– Downloading viral programs from public bulletin
boards or exchanging floppy disks containing an infection.
– Safe computing.
![Page 27: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/27.jpg)
Threat MonitoringThreat Monitoring
• Check for suspicious patterns of activity - i.e., several incorrect passwords attempts may signal password guessing.
• Audit log - records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.
• Scan the system periodically for security holes; done when the computer is relatively unused.
• Check for suspicious patterns of activity - i.e., several incorrect passwords attempts may signal password guessing.
• Audit log - records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.
• Scan the system periodically for security holes; done when the computer is relatively unused.
![Page 28: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/28.jpg)
Threat Monitoring (continued)Threat Monitoring (continued)
• Check for:– Short or easy-to-guess passwords– Unauthorized set-uid programs– Unauthorized programs in system directories– Unexpected long-running processes– Improper directory protections– Improper protections on system data files
• Check for:– Short or easy-to-guess passwords– Unauthorized set-uid programs– Unauthorized programs in system directories– Unexpected long-running processes– Improper directory protections– Improper protections on system data files
![Page 29: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/29.jpg)
Threat Monitoring (continued)Threat Monitoring (continued)
• Check for (continued):– Dangerous entries in the program search path
(Trojan horse)– Changes to system programs; monitor checksum
values
• Check for (continued):– Dangerous entries in the program search path
(Trojan horse)– Changes to system programs; monitor checksum
values
![Page 30: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/30.jpg)
EncryptionEncryption
• Encrypt clear text into cipher text.• Properties of good encryption technique:
– Relatively simple for authorized users to encrypt and decrypt data.
– Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key.
• Encrypt clear text into cipher text.• Properties of good encryption technique:
– Relatively simple for authorized users to encrypt and decrypt data.
– Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key.
![Page 31: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/31.jpg)
Encryption (continued)Encryption (continued)
– Extremely difficult for an intruder to determine the encryption key.
• Data Encryption Standard substitutes characters and rearranges their order on the basis of an encryption key provided to authorized users via a secure mechanism. Scheme only as secure as the mechanism.
– Extremely difficult for an intruder to determine the encryption key.
• Data Encryption Standard substitutes characters and rearranges their order on the basis of an encryption key provided to authorized users via a secure mechanism. Scheme only as secure as the mechanism.
![Page 32: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/32.jpg)
Encryption (continued)Encryption (continued)
• Public-key encryption based on each user having two keys:– public key - published key used to encrypt data.– private key - key known only to individual user
used to decrypt data.
• Public-key encryption based on each user having two keys:– public key - published key used to encrypt data.– private key - key known only to individual user
used to decrypt data.
![Page 33: Operating Systems Protection & Security. Topics –Goals of Protection –Domain of Protection –Access Matrix –Implementation of Access Matrix –Revocation.](https://reader035.fdocuments.in/reader035/viewer/2022062217/56649e1c5503460f94b0a285/html5/thumbnails/33.jpg)
Encryption (continued)Encryption (continued)
• Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme.– Efficient algorithm for testing whether or not a
number is prime.– No efficient algorithm is known for finding the
prime factors of a number.
• Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme.– Efficient algorithm for testing whether or not a
number is prime.– No efficient algorithm is known for finding the
prime factors of a number.