Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional...
-
Upload
katherine-peters -
Category
Documents
-
view
213 -
download
0
Transcript of Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional...
![Page 1: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/1.jpg)
Protection and Security
![Page 2: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/2.jpg)
Definitions
Security: policy of authorizing accesses Prevents intentional misuses of a system
Protection: the actual mechanisms implemented to enforce the specialized policy Prevents either accidental or intentional
misuses
![Page 3: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/3.jpg)
Security Goals
Data confidentiality: secret data remains secret
Data integrity: unauthorized users should not be able to modify data
System availability: nobody can make a system unusable
![Page 4: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/4.jpg)
Security Components
Authentication determines who the user is
Authorization determines who is allowed to do what
Enforcement makes it so people can do only what they are allowed to do
![Page 5: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/5.jpg)
Authentication
The most common approach: passwords If I know the secret, the machine can
assume that I’m the user Problems:
1. Password storage
2. Poor passwords
![Page 6: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/6.jpg)
Password Storage
Encryption Uses a key to transform the data Difficult to reverse without the key
UNIX stores encrypted passwords in /etc/passwd Uses one-way transformations Encrypts a typed password and
compares encrypted passwords
![Page 7: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/7.jpg)
Poor Passwords
Short passwords Easy to crack
Long passwords Tend to be written down somewhere
![Page 8: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/8.jpg)
Original UNIX
Required only lower-case, 5-lettered passwords
265 or 1 million combinations In 1975, it would take one day to crack
one password Today, we can go through all those
combinations < 1 second
![Page 9: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/9.jpg)
Partial Solutions
Extend password with a unique number
Require more complex passwords 6 letters of upper, lower cases,
numbers, and special characters 706 or 100 billion combinations Unfortunately, people still pick common
words
![Page 10: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/10.jpg)
Partial Solutions
Delay every login by 1 second Assign very long passwords
Give everyone a calculator (ATM card) Requires a physical theft to steal the
password
![Page 11: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/11.jpg)
Authentication in Distributed Systems
Private key encryption of data Encrypt(Key, Plaintext) = Cipher text Decrypt(Key, Cipher text) = Plaintext
Hard to reverse without the key With the plaintext and the cipher text,
one cannot derive the key Provides secrecy and authentication,
as long as the key stays secret
![Page 12: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/12.jpg)
How to distribute the keys?
Authentication server Keeps a list of keys
![Page 13: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/13.jpg)
Kerberos Protocol
Keyxy is needed to talk between x and y
Server S
Client BClient A
KeyASKeyBS
Encrypt(KeyAS, “I want KeyAB”)
![Page 14: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/14.jpg)
Kerberos Protocol
Keyxy is needed to talk between x and y
Server S
Client BClient A
KeyASKeyBS
Encrypt(KeyAS,“Here is KeyAB and a message to B”)
![Page 15: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/15.jpg)
Kerberos Protocol
Keyxy is needed to talk between x and y
Server S
Client BClient A
KeyASKeyBS
messageEncrypt(KeyBS, “use KeyAB to talk to A”)
![Page 16: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/16.jpg)
Additional Details
Expiration timestamp for a key Prevents a machine from replaying
messages (e.g., “deposit $100”) Checksum for an encrypted message
Prevents modifications to a message (e.g., “deposit $1000”)
KeyAS and KeyBS are renewed periodically to reduce their exposures
![Page 17: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/17.jpg)
Public Key Encryption
Separates authentication from secrecy Involves a public key and private key
Encrypt(Keypublic, plaintext) = cipher text
Decrypt(Keyprivate, cipher text) = plaintext
Encrypt(Keyprivate, plaintext) = cipher text
Decrypt(Keypublic, cipher text) = plaintext
![Page 18: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/18.jpg)
Public Key Encryption
Idea: Private key is kept secret Public key is advertised
![Page 19: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/19.jpg)
Public Key Encryption
Encrypt(Keymy_public, “Hi, Andy”) Anyone can create it, but only I can read
it (secrecy)
Encrypt(Keymy_private, “I’m Andy”) Everyone can read it, but only I can
create it (authentication)
![Page 20: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/20.jpg)
Public Key Encryption
Encrypt(Keyyour_public, Encrypt(Keymy_private,
“I know your secret”)) Only I can create it, and only you can
read it
![Page 21: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/21.jpg)
Authorization
Access matrix describes who can do what
-The matrix tends to be sparse
File 1 Lisa’s diary File3
Bart read,write read
Lisa read, write
Maggie
![Page 22: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/22.jpg)
Access Control List
Stores all permissions for all users with each object
Analogy: a guard in front of a door Checks for a list of people allowed to
enter UNIX: permission of each file is
specified according to its owner, group, and the world
![Page 23: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/23.jpg)
Capability List
Stores all objects a process can touch Analogy: Keys
A key owner has the right of entry
![Page 24: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/24.jpg)
Access Control List vs. Capability List
Access control list (commonly used) Easy to know who can access the object Hard to know which objects a user can
access Capability list
A user knows the list of objects to access Hard to know who can access an object
More difficult to revoke capabilities
![Page 25: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/25.jpg)
Enforcement
Enforcer programs check passwords, access control lists, and so on…
In UNIX, enforcers are run as superuser
If there is a bug, you are hosed!
![Page 26: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/26.jpg)
The State of the World in Security
Authentication Poor passwords Nobody encrypts emails
Authorization Coarse-grained access control list Often turned off for sharing
Enforcement Buggy operating systems
![Page 27: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/27.jpg)
Classes of Security Problems
Eavesdropping is the listener approach Tap into the Ethernet and see everything Countermeasure: pressurized cabled
Abuse of privilege If the superuser is evil, there is nothing
you can do
![Page 28: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/28.jpg)
Classes of Security Problems
Imposter breaks into the system by pretending to be someone else Recorded voice and facial image Countermeasure: behavioral
monitoring to look for suspicious activities Overwriting the boot block
![Page 29: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/29.jpg)
Classes of Security Problems
A Trojan horse is a seemingly innocent program that performs an unexpected function Countermeasure: integrity checking
Periodically, check binaries against their checksums
![Page 30: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/30.jpg)
Classes of Security Problems
Salami attack builds up an attack, one-bit at a time Example: send partial pennies to a bank
account Countermeasure: code reviews
![Page 31: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/31.jpg)
Classes of Security Problems
Logic bombs: a programmer may secretly insert a piece of code into the production system A programmer feeds the system
password periodically If the programmer is fired, the logic bomb
goes off Countermeasure: code reviews
![Page 32: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/32.jpg)
Classes of Security Problems
Denial-of-service attacks aim to reduce system availability A handful of machines can flood a victim
machine to disrupt its normal use Countermeasure: open
![Page 33: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/33.jpg)
Tenex
Used to be the most popular system at universities before UNIX
Thought to be very secure
![Page 34: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/34.jpg)
Tenex
Source code for the password check:
for (j = 0; j < 8; j++) {
if (input[j] != pw[j]) {
// go to error;
}
} Need to go through 2568 combinations
![Page 35: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/35.jpg)
Tenex
Unfortunately, Tenex used virtual memory
A fast password check means that the first character is wrong (error)
A slow check means that the first character is correct (page fault)
password
in memory on disk
![Page 36: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/36.jpg)
Tenex
2568 checks to crack a password is reduced down to 256 * 8 checks
![Page 37: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/37.jpg)
The Internet Worm
In 1988, a Cornell graduate student, RTM, released a worm into the Internet (Robert Tappan Morris).
The worm used three attacks rsh fingerd sendmail
![Page 38: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/38.jpg)
The Internet Worm
Some machines trust other machines, the use of rsh was sufficient to get into a remote machine without authentication
![Page 39: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/39.jpg)
The Internet Worm
finger command did not check the input buffer size finger name@location Overflow the buffer Overwrite the return address of a
procedure Jump and execute a shell (under root
privilege)
![Page 40: Protection and Security. Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms.](https://reader034.fdocuments.in/reader034/viewer/2022051622/5697bf831a28abf838c8668e/html5/thumbnails/40.jpg)
The Internet Worm
sendmail allowed the worm to mail a copy of the code and get it executed
The worm was caught due to multiple infections People noticed the high CPU load