Textbook Ch19

1
CSS430 Security Textbook Ch19
Instructor Munehiro Fukuda These slides were
compiled from the Applied OSC textbook slides
(Silberschatz, Galvin, and Gagne) and the
instructors class materials.
2
Security Problem

• Security violation
• Accidental access
• Malicious access protecting against intentional
  access is much harder.
• Malicious access
• Unauthorized reading of data (theft of
  information)
• Unauthorized modification of data
• Unauthorized destruction of data
• Security level
• Physical level Hardware firewall, demilitarized
  zone, etc.
• Human level Security clearance for each user
• Operating systems level Our focus
• OS Security
• Easiest way password
• Hardest way the isolation of concurrent process

3
Authentication

• Passwords
• The most common authentication
• Vulnerabilities
• Shoulder surfing
• Sniffing
• Encrypted passwords
• Authentication succeeds when /etc/passwd matches
  encrypting function f( user_typed_password)
• The /etc/passwd file is readable.
• Unix uses popular encrypting functions.
• One-time passwords
• System and user shares a secret and function f.
• System sends a seed (e.g., a random number or a
  login time)
• User sends f( seed, secret) to the system which
  compare the result with its f(seed, secret).

4
Program Threats

• Trojan Horse
• Code segment that misuses its environment.
• Faked system commands
• Suppose that your friend has a faked ls comand in
  his/her home directory and your path includes
  .. What happens if you type cd myfriend ls ?
• Faked login program
• Suppose that some left running a fake login
  program. What happens if you type your account
  and password?
• Trap Door
• Specific user identifier or password that
  circumvents normal security procedures.

5
System Threats - Worms

• Worms Standalone program that exploits OS
  mechanisms for spawning and remote access

inetd
Fin 2 send a overflowed message to
target
rshd
finger
sendmail
worm
Rsh 1 find .rhosts
Fin 1 finger _at_target
Em 1 cat hook mail foo_at_target
6
System Threats - Viruses

• Viruses fragment of code embedded in a
  legitimate program.
• Infection media downloading viral program from
  public bulletin boards, email, or floppy
  disk
• Targets files or OS of mainly microcomputer
  systems.
• Activating conditions upon an execution, Friday
  13th, one-month incubation
• Symptoms erasing files, reformatting hard disks,
  distributing email, and printing out
  messages
• Safe computing.
• Only believe software provided from commercial
  companies
• Use anti-virus programs
• Do not open attached files if they are unknown
• Do not insert suspicious floppy disks.

7
Firewall
LAN
Good sites
Malicious sites
Internet
Limited ports only (ssh, sftp)
Problematic ports (rsh, finger)
Firewall

• Prohibits intruders to enter the LAN from
  malicious sites.
• How can we distinguish good sites from bad sites?
• Close ports that are frequently used for
  attacking
• How about sendmail and http? They can be
  maliciously used, cant they?

8
Demilitarized Zone
9
Encryption

• Data-encryption standard (Symmetric-key
  cryptography)
• When k a secret key, m plain text
• Encryption E(m, k) c
• Decryption D(c, k) m
• Problem key-distribution problem

Hello! Are you done with your final Project?
????? ??? ??? ???? ???? ???? ????? ????????
Hello! Are you done with your final Project?
Plain text
Cipher text
Plain text
10
Public-Key Encryption

• A public key (e, n) is generated from
• n p q where p and q are a different prime
  number.
• e satisfies e d (p 1) (q - 1) 1
• A private key (d, n) is generated from
• d satisfies GCDd, (p 1) (q 1) 1
• Encryption E(m) me n c
• Decryption D(c) cd n m
• While a public key(e, n) is disclosed, p and q
  are secret and thus a private key(d, n) is
  difficult to solve.

For example, see p607
public key(e,n)
secret key(d,n)
Hello! Are you done with your final Project?
????? ??? ??? ???? ???? ???? ????? ????????
Hello! Are you done with your final Project?
Plain text
Cipher text
Plain text
11
Java Security Model

• Javac
• No pointer
• Strict array/string boundary
• Class loader
• Primordial class loader
• Objects permitted to access all system resource.
• Extended class loader
• Each applet has its own class.
• Each class load forms its own namespace
• Even the same class objects belong to a different
  space if they are loaded by a different class.

12
Class LoaderOverview
network
Java Default system ClassLoader
DiskClassLoader
NetworkClassLoader
Make your own ClassLoader subclass
If you want to compare them, use their superclass
or common interface.
13
Exercises (No Turn-In)

• Which cases are appropriate?
• I received email from a technical staff saying
  our server was down and all user accounts and
  passwords were erased out. Please give your
  account name and password. I immediately
  responded to him/her with my account name and
  password.
• One of the classes I am taking requires two
  students to make a group and to solve a project.
  My partner has not yet had his/her own account,
  and so we share my account until the partner gets
  a new account
• Some day, I found that the access mode of my
  files had been changed from read-only to
  read/write. I thought that I got a senior moment
  and forgot to do that by myself or assumed that a
  technical staff had to do that. Thus, I left
  those files as they were.
• Although a password should not be conceived by
  someone else, it may be troublesome if I forget
  my difficult password. Therefore, I came up with
  a sentence I Want To Graduate In 3 Years.,
  picked up each initial, and made my password
  iwtgi3y.
• A friend of mine told me that he/she was going to
  send me some pictures taken by a digital camera
  on our trip. After several days had passed, I got
  email including attached file from my friend. The
  attached file was picture.exe. Before opening it,
  I asked him/her why it was not picture.jpg.

14
Class Loader - appendixMethods

• protected final class defineClass( String name,
  byte data, int offest, int length )
• read the name file and transform its data into a
  Class object assuming that its size is length
  and the meaningful data starts from offset.
• protected final void resolveClass( Class c )
• Load all classes the class c refers to and
  resolve all reference relationships.
• protected final findSystemClass( String name )
  throws ClassNotFoundException
• Load the class from the name file using the
  system-standard default class loader and
  instantiate a Class object.
• Protected abstract Class loadClass( String name,
  boolean resolve ) throws ClassNotFoundException
• Instantiates a Class object from the name file.
  If inter-classes reference relationship must be
  resolved, the argument resolve must be true.

15
Class Loader - appendixDesigning loadClass( )

• If a given class has been cached in memory,
  simply return this class object.
• If it is not cached in memory, read from a named
  file.
• If finished reading successfully,
• Instanciate a Class object by calling
  defineClass( ).
• Register this object into cache.
• Call resolveClass( ) if references must be
  resolved.
• Return this Class object
• If data cannot be read successfully,
• Call findSystemClass( ) to find the given Class
  from the system.
• In case none of those schemes results in success,
  throw ClassNotFoundException.

16
Class Loader - appendixImplementation
Private byte loadClassData( String name )
throws ClassNotFoundException File f new
File( name .class ) byte data
null try long bc f.length( ) if ( bc gt
0 ) data new byte ( int ) bc //
allocate data with the file size FileInputStrea
m fi new FileInputStream( f ) // open the
file fi.read( data ) // read the
data fi.close( ) // close the file
catch ( IOException e ) throw new
ClassNotFoundException( IO Error name )
return data // return this class
data Public synchronized Class loadClass(
String name, boolean resolve ) throws
ClassNotFoundException Class c ( Class )
cache.get( name ) // return the class object if
found in cache if ( c ! null ) return c byte
data loadClassData( name ) // read the data
from the file if ( data ! null ) cache.put(
name, ( c defineClass( name, data, 0,
data.length ) ) ) // instantiate a Class
object if ( resolve c ! null )
resolveClass( c ) // resolve references
else c findSystemClass( name ) // find the
Class from the system if data cannot be read from
file if ( c null ) throw new
ClassNotFoundException( No Class name
) return c // return the Class object
17
Class Loader - appendixExample Loading a class
from command line
Import java.io. Import java.util. Public
class CmdClassLoader extends ClassLoader
private Hashtable cache new Hashtable( ) //
prepare for cache public static void main(
String args ) if ( args.length lt 0 )
System.exit( 0 ) CmdClassLoader cl new
CmdClassLoader( ) Class c try c
cl.loadClass( args0, true ) // call my
loadClass( ) Object o c.newInstance( ) //
instantiate an object from this Class
c catch( ClassNotFoundException e ) //
error handling System.err.print( Class
args0 not found ) System.exit( 0
) private byte loadClassData( String
name ) throws ClassNotFoundException //
read data from a given file. public
synchronized Class loadClass( String name,
boolean resolve ) throws ClassNotFoundException
// create a Class object from the
data