Introduction to Security Technology Topic Two

1
Introduction to Security Technology(Topic Two)

• Pirooz Saeidi
• Main Source Security in Computing by
• C.P. Pfleeger and S.L. Pfleeger
• ISBN 0-13-035548-8

2
Protection in General Purpose Operating
Systems(Part Two)

• Agenda
• Control of Access to General Objects
• File and Directory Protection Mechanisms
• User Authentication
• Summary.

3
Control of Access to General Objects

• As multiprogramming has developed, the numbers
  and types of objects shared have also increased.
  For example protection of the following objects
  became desirable
• memory
• a file or data set on an secondary memory (e.g.
  disk)
• an executing program in memory
• a directory of files (or folders)
• a hardware device (e.g. printer)
• a data structure, such as a stack (e.g. when used
  in context switching)
• operating system tables (e.g. a process table)
• privileged instructions
• passwords and the user authentication mechanism
• the protection mechanism itself

4
Control of Access to General Objects

• There are several complementary objectives in
  protecting objects
• Check every access
• we may not want a user to have indefinite access
  to an object.
• Enforce least privilege
• A subject should have access to the minimum
  number of objects necessary to perform some task.
  
• Verify acceptable usage
• E.g. stacks have acceptable operations, such as
  push, pop, clear.
• We may want not only to control who or what has
  access to a stack but also to be assured that the
  accesses performed are legitimate stack accesses.

5
Protection MechanismsDirectory List

• The common file access rights are read, write,
  and execute
• Another right, owner, is also possessed by the
  owner, allowing that user to grant and revoke
  access rights.
• Diagram (source Pfleeger Pfleeger) shows an
  example of a file directory.

6
Protection Mechanisms Directory List

• This approach is easy to implement
• it uses one list per user (subject), naming all
  the objects that user is allowed to access.
• But, several difficulties can arise
• list becomes too large if many shared objects
  are accessible to all users.
• Revocation of access can get very complicated for
  the operating system (networked/time sharing)
  when dealing with thousands of accounts
• Pseudonym can also be a problem.
• Owners A and B may have two different files named
  F, and they may both want to allow access by S.
• Clearly, the directory for S cannot contain two
  entries under the same name for different files.

7
Protection MechanismsAccess Control List

• An alternative solution is the access control
  list (ACL).
• One list per object.
• ACL shows all subjects who should have access to
  the object and what their access is.
• This approach is different from the directory
  list
• There is one access control list per object
• A directory is created for each subject.

8
Protection MechanismsAccess Control List

• See example diagram
• (source Pfleeger Pfleeger)

9
Protection MechanismsAccess Control Matrix

• The directory lists objects that are accessible
  by a single subject,
• and the access list is a table that identifies
  subjects that can access a single object.
• The data in both representations are the same.
• The main difference is the ease of use in given
  circumstances.

10
Protection MechanismsAccess Control Matrix

• As an alternative, we can use an access control
  matrix
• A table in which each row represents a subject,
• each column represents an object,
• and each entry is the set of access rights for
  that subject to that object.
• See example Diagram in next slide.

11
Protection MechanismsAccess Control Matrix

• Example of an access control matrix
• (source Pfleeger Pfleeger)

12
Protection MechanismsCapability

• In the methods discussed so far the operating
  system is responsible to keep track of all the
  protection objects and rights.
• But there are other approaches that put some of
  the burden on the user.
• E.g. a user may be required to have a ticket or
  pass that enables access, and this ticket cannot
  be duplicated.
• Formally put, a capability can be defined as an
  un-forgeable token that gives the possessor
  specific rights to an object.

13
Protection MechanismsCapability

• A capability is a ticket giving permission to a
  subject to have a certain type of access to an
  object.
• The operating system holds all tickets on behalf
  of the users.
• So that the tickets can not be forged
• Alternatively, capabilities can be encrypted
  under a key available only to the access control
  mechanism.

14
File Protection Mechanisms

• Earlier operating systems used to follow the
  all-or-none protection rule.
• But this has so many drawbacks in modern
  operating systems.
• Instead They focused on identifying groups of
  users who had some common relationship.
• Typical in operating systems such as Unix, the
  world is divided into three classes
• the user, a trusted working group associated with
  the user, and the rest of the users.
• More precisely they are called user, group, and
  world.

15
File Protection Mechanisms

• When a file is created, the user defines access
  rights to the file for the user, for other
  members of the same group, and for all other
  users.
• The choices for access rights are a limited set,
  such as
• read, write, execute, delete.

16
File Protection Mechanisms

• Unix examples
• myFile -rwx r-x r - -
• The owner of myFile has full access, the group
  can read and execute and the rest of the world
  can only read
• The file permissions can be changed using the
  chmod command.
• chmod ox myFile
• Gives execute access to others
• chmod g-x myFile
• Restricts the group to read-only access.

17
User Authentication

• Among real life means of authentication we can
  use documents, voice recognition, fingerprint and
  retina matching, and other trusted means of
  identification.
• For operating systems the choices are rather
  restricted and less secure.
• Authentication mechanisms use any of three
  qualities to confirm a user's identity
• Something the user knows. Passwords, PIN numbers,
  
• Something the user is. These authenticators,
  called biometrics, are based on a physical
  characteristic of the user, such as a
  fingerprint, the pattern of a person's voice, or
  a face (picture).
• Something the user has. Identity badges, physical
  keys, a driver's license,

18
User AuthenticationUse of Passwords

• Passwords are mutually agreed-upon code words
• known only to the user and the system.
• A user chooses passwords or they may be assigned
  by the system.
• The length and format of the password also vary
  from one system to another.

19
User Authentication Attacks on Passwords

• Passwords are rather restricted to the number of
  bits of information they can hold. So an attacker
  might
• Try all possible passwords.
• Try many probable passwords.
• Try passwords likely for the user.
• Search for the system list of passwords.
• Ask the user.
• These attacks are arranged in decreasing order of
  difficulty.

20
User Authentication Types of Attacks on Passwords

• Exhaustive or brute force attack, the attacker
  tries all possible passwords, usually in some
  automated fashion.
• As a tutorial exercise you will calculate the
  time it takes for a computer to try all
  possibilities of a given example.
• Probable Passwords
• Think of a word!
• Passwords likely for a user

21
User Authentication Types of Attacks on Passwords

• Plaintext System Password List
• Instead of guessing a user's password, an
  attacker may target the system password file.
• Encrypted Password File
• Even with encryption, there is still a slight
  exposure.
• because for an instant the user's password is
  available in plaintext in main memory.
• Indiscreet Users
• Get it directly from the user!
• Tempting to write the passwords down when users
  have several accounts.

22
Password Selection Criteria

• Passwords should be hard to guess and difficult
  to resolve exhaustively.
• Some guidelines
• Use characters other than just AZ.
• Choose long passwords
• Avoid actual names or words
• Choose an unlikely password
• Change the password regularly
• Don't write it down.
• Don't tell anyone else.

23
One-Time Passwords(challengeresponse systems)

• A password that changes every time it is used.
• Instead of assigning a static phrase to a user,
  the system assigns a static mathematical
  function.
• The system provides an argument to the function,
  and the user computes and returns the function
  value.

24
One-Time Passwords(challengeresponse systems)

• Example1
• f(x) x 1.
• the system prompts with a value for x, and
• the user enters the value x 1.
• The types of mathematical functions are limited
  by the ability of the user to compute the
  response quickly and easily.

25
One-Time Passwords(challengeresponse systems)

• Example 2
• f(E(x)) E( D(E(x)) 1)
• The computer sends an encrypted value, E(x).
• The user must decrypt the value, perform some
  mathematical function, and encrypt the result to
  return it to the system.

26
Summary

• These lectures addressed the following areas of
  protection
• Memory protection,
• File protection,
• General object access control
• and covered the basics of user authentication.