Software Types
description
Transcript of Software Types
![Page 1: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/1.jpg)
Software TypesSoftware TypesOperating Systems
◦Also called Systems Software◦Manage the computer resources◦Ex: Linux, Windows, MacOS
Applications Software◦Specific tasks◦Rely on OS◦Ex: MS Office, CAD/CAM, PhotoShop
![Page 2: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/2.jpg)
OS TypesOS TypesMainframesWorkstationsServersPersonal
Computers Mobile DevicesReal TimeEmbedded
04/24/23 2
IBM 370SunOS, VAXWin Server 2008Windows, MacOSWindows CEpSOSEmbedded NT,
embedded Linux
Live Chat 7
![Page 3: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/3.jpg)
Operating System Operating System FunctionsFunctionsAccess Control
◦Who can access resources.Identity and credential
management◦Account management and
verification.Information flow.Audit and Integrity protection.
◦Logs & permissions.
![Page 4: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/4.jpg)
What needs Protection?What needs Protection?Memory.I/O devices: disksRe-useable I/O devices: printers.Programs and sub-processes.Networks.Data.
![Page 5: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/5.jpg)
Security Methods of Operating Security Methods of Operating SystemsSystemsSeparation: basis of protection
◦Physical: different devices for different security levels.
◦Temporal: processes execute at different times.
◦Logical: illusion that a user is operating alone.
◦Cryptographic: conceal data and computations.
Only half the answer ◦must share some objects.
![Page 6: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/6.jpg)
Protection LevelsProtection LevelsDo not protect.Isolate: processes unaware of each
other.Share all or share nothing. Owner
declares.Share via access limitation: OS checks.Share by capabilities: dynamic creation
of sharing rights for objects.Limit use of object: view but not print.
![Page 7: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/7.jpg)
Protection Ring ModelProtection Ring Model
![Page 8: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/8.jpg)
UNIX Operating System UNIX Operating System SecuritySecurityRoot Accounts
◦ Sudo an alternative.Permissions
◦ -rwxr--r-- /etc/passwd◦ Owner, group, world.
SUID◦ -rwSrwxrwx 1 root wheel 3412 Jan 1 2011
program.sh◦ Dangerous, anyone can edit and execute
as root.
![Page 9: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/9.jpg)
UNIX Operating System UNIX Operating System SecuritySecurity Iptables: Host based firewall.OSSEC: Host based intrusion detection.AIDE: log monitoring.Only run required services
◦ Center for Internet Security Instructions to lock down and secure most operating systems.
Extra secure operating systems◦ SELinux: security enhanced Linux with security
modules.◦ OpenBSD: listed #1 in a top ten list.
![Page 10: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/10.jpg)
Windows OS SecurityWindows OS SecurityFirewall: turn it on.Automatic updates: set a time.Anti-Virus: must have.Anti-Spyware: good to have.HIDS: 3rd party products.Event Monitoring: centralize
logging.User Permissions: audit
permissions.
![Page 11: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/11.jpg)
Windows Security ToolsWindows Security ToolsSecunia: monitor for product patches.AVG: free Anti-virus.Malwarebytes: anti-malware.Spybot Search and Destroy: rm
spyware.JavaRA & PureRA: keep java up to
date.Parental/worker controls: block web
sites.Use at your own risk.
![Page 12: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/12.jpg)
Memory ProtectionMemory ProtectionProtect the memory space of data &
programs.◦Fence: confine to one side of a boundary.◦Fence Register: address at the end of the
Operating System. Restrictive, too much memory could be reserved.
Variable fence register: location can change◦Protects in one direction. Users compete for
Memory.
![Page 13: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/13.jpg)
Figure 4-1 Fixed Fence.
![Page 14: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/14.jpg)
Figure 4-2 Variable Fence Register.
![Page 15: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/15.jpg)
Figure 4-3 Pair of Base/Bounds Registers.Variable Register = Base Register
![Page 16: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/16.jpg)
Figure 4-4 Two Pairs of Base/Bounds Registers.
![Page 17: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/17.jpg)
Tagged ArchitectureTagged ArchitectureBase/bounds registers are all or
nothing.Tagged Architecture
◦Every word of memory is tagged with extra bits to identify access rights to the word.
◦Compatibility of code can be a problem.
![Page 18: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/18.jpg)
Figure 4-5 Example of Tagged Architecture.
![Page 19: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/19.jpg)
SegmentationSegmentationDivide a program into separate pieces
◦Code of a procedure, an array, data values.
◦Each piece can have its own access rights.◦A segment has a name and an offset
value.◦Usually one OS segment address table per
executing process.◦Segments can exist at any location, can be
moved and can be checked for protection.
![Page 20: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/20.jpg)
Figure 4-6 Logical and Physical Representation of Segments.
![Page 21: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/21.jpg)
Figure 4-7 Translation of Segment Address.
![Page 22: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/22.jpg)
Paging a Segmentation Paging a Segmentation AlternativeAlternativeDivide program into equal-sized
pieces.Memory divided into equal-sized
page frames so no fragmentation concerns.
Operating System maintains a table of pages to true memory address.
Programmers do not have to worry about page boundaries unlike segmentation.
![Page 23: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/23.jpg)
Figure 4-8 Page Address Translation.
![Page 24: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/24.jpg)
Combine Paging & Combine Paging & SegmentationSegmentationPaging offers implementation
efficiency.Segmentation offers logical
protection.Combine them to form paged
segmentation.◦Program divided into logical segments◦Break each segment into fixed page sizes.◦Hardware improvement improved
efficiency for paged segmentation.
![Page 25: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/25.jpg)
Figure 4-9 Paged Segmentation.
![Page 26: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/26.jpg)
Directory AccessDirectory AccessEach user controls access to their files.Each user has their own directory.
◦ Also has copies of files they can access.Permissions: Read, Write, eXecute.Difficulty if there are many shared
objects.◦ Space consumption.
Revocation of access can be time consuming.◦ Given the number of copies.
![Page 27: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/27.jpg)
Figure 4-10 Directory Access.
![Page 28: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/28.jpg)
Alternative Access PathsAlternative Access PathsDirectory problems with
pseudonyms.◦Owners have files with same name.◦Want to grant access to these files to
another user.◦Multiple permissions may exist to
same object for a single user.◦The directory approach is considered
too simple for most object protection situations.
![Page 29: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/29.jpg)
Figure 4-11 Alternative Access Paths.
![Page 30: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/30.jpg)
Access Control ListsAccess Control ListsOne list maintained for each
object.List shows all subjects with
access.One access control list per
object.Each subject has a directory.ACLs use wild cards “*”.
![Page 31: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/31.jpg)
Figure 4-12 Access Control List.
![Page 32: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/32.jpg)
Domains and Name SpaceDomains and Name SpaceA capability is an unforgettable token
allowing certain rights to an object.Each capability identifies a single
object in a domain.A domain is a collection of objects
which a process has access too.A user may have access to a domain
which includes programs, files, data, I/O devices.
![Page 33: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/33.jpg)
Figure 4-13 Process Execution Domain.
![Page 34: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/34.jpg)
Domain Object PassingDomain Object PassingA collection of capabilities defines a
domain.Calling a sub-procedure can pass
objects.Capabilities are a straight forward way to
track of access rights during execution. capabilities backed up by control matrix
or an access control list.Capabilities must be stored in memory
inaccessible to users.
![Page 35: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/35.jpg)
Figure 4-14 Passing Objects to a Subject.
![Page 36: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/36.jpg)
AAA Authentication Authorization AAA Authentication Authorization and Accountabilityand Accountability
Identity is often left out. Should be IAAAIdentity is a claim. “I am So&So”Authentication is proving an identity
claim.◦Password, 2-factor, credentials.
Authorization defines what you can doAccountability hold users accountable for
their actions.◦Logging, auditing.
![Page 37: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/37.jpg)
Triple A ModelTriple A Model
04/24/23 37
Authentication Authorization
AccountingSource: Jayaswal, K. (2006). Administering data centers: Servers, storage, and voice over IP. Indianapolis, IN: Wiley Publishing, Inc.
Live Chat 10
![Page 38: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/38.jpg)
AAAAAAAuthentication
◦Who you areAuthorization
◦What you are permitted to doAccounting
◦What you actually did
04/24/23 38
Source: Jayaswal, K. (2006). Administering data centers: Servers, storage, and voice over IP. Indianapolis, IN: Wiley Publishing, Inc.
Live Chat 10
![Page 39: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/39.jpg)
AuthenticationAuthenticationAuthentication is the process
used to identify who you are based on:◦User name/password combination◦Certificates◦Biometrics
Fingerprints Retina scan Other?
04/24/23 39
Source: Jayaswal, K. (2006). Administering data centers: Servers, storage, and voice over IP. Indianapolis, IN: Wiley Publishing, Inc.
Live Chat 10
![Page 40: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/40.jpg)
AuthenticationAuthenticationPassword-based authentication
◦ User name/passwordToken-based authentication
◦ One-time password generated by encrypting a time stamp with secret key (SecurID)
Digital Certificate-based authentication◦ Electronic or digital certificate◦ Contains public key, user information,
issuer’s information, and valid period
04/24/23 40
Source: Jayaswal, K. (2006). Administering data centers: Servers, storage, and voice over IP. Indianapolis, IN: Wiley Publishing, Inc.
Live Chat 10
![Page 41: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/41.jpg)
Authorization ProcessAuthorization ProcessAs users attempt to gain access
to network resources, credentials are presented
Request sent to an AAA serverServer authenticates user and
determines authorizationAccounting keeps track of
resource usage
04/24/23 41
Source: Jayaswal, K. (2006). Administering data centers: Servers, storage, and voice over IP. Indianapolis, IN: Wiley Publishing, Inc.
Live Chat 10
![Page 42: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/42.jpg)
Authentication Authentication MechanismsMechanismsSomething the user knows
◦Password, pass phrase, PIN, a secret.Something the user has:
◦Badge, keys, identification, token.Something the user is
◦Biometrics2-Factor: require two of the
above.
![Page 43: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/43.jpg)
Figure 4-15 Users’ Password Choices.
![Page 44: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/44.jpg)
Password AttacksPassword AttacksPassword cracking: John-the-ripperBrute force attacks: take time, effective.Rainbow Table: a database of password hash
values.Hybrid attack: append or pre-pend
characters before hashing. ◦Attack against complex passwords.
Dictionary attacks: use word lists.Salt: a random value used when creating
password hashes.
![Page 45: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/45.jpg)
BiometricsBiometricsEnrollment: registering with the system.Throughput: how long to authenticate. 6-10Accuracy
◦False Rejection Rate(FRR) Authorized subject rejected
◦False Accept Rate Unauthorized person accepted as valid
◦Crossover Error Rate: accuracy Where FRR =FAR
![Page 46: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/46.jpg)
Biometric DevicesBiometric DevicesRetina Scan: laser scan of capillaries.Iris Scan: passive, high accuracy, each iris is
unique, no body fluids exchanged.Hand Geometry: specific points on hand.Keyboard dynamics: measure pressure and rhythm.Dynamic Signature: how a person signs their
name. Voice Print: tone of voice. Vulnerable to a replay
attack.Facial scan: high cost. Used at Super Bowl to
identify criminals.
![Page 47: Software Types](https://reader036.fdocuments.in/reader036/viewer/2022062502/5681558b550346895dc3618e/html5/thumbnails/47.jpg)
Discussion QuestionsDiscussion QuestionsBiometric Objections.
◦What are some reasons people are reluctant to use biometrics?
◦How can you counter these objections?