Operating Systems Lecture 12 - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Operating Systems Lecture 12

Description:

protection domains (users and groups) protection matrix. access ... Casual prying by nontechnical users. leaving your computer on when you're out of the room ... – PowerPoint PPT presentation

Number of Views:91
Avg rating:3.0/5.0
Slides: 25
Provided by: jongar
Category:

less

Transcript and Presenter's Notes

Title: Operating Systems Lecture 12


1
Operating SystemsLecture 12
  • File Access Control
  • Security and Protection

phones off (please)
2
Overview
  • Security
  • the security environment
  • famous security flaws
  • user authentication
  • passwords
  • Protection
  • protection domains (users and groups)
  • protection matrix
  • access control lists
  • file permissions
  • capabilities
  • Locking Mechanisms

3
Basic Definitions
  • The term security is used in a broad sense to
    refer to the overall problem of ensuring that the
    information in the computer (code and/or data)
    are not (mis-)used by unauthorised personnel
  • system management problems rather than operating
    system problems
  • technical, managerial, legal and political issues
  • The term protection is used in a narrow sense to
    refer to the specific operating system mechanisms
    used to safeguard information in the computer
  • an internal technical problem for the operating
    system

4
Security
5
The Security Environment
  • Security has many facets
  • two of the most important are
  • data loss
  • intruders
  • Some common causes of data loss
  • acts of god
  • floods, earthquakes, riots, wars
  • hardware / software errors
  • processor faults, disk crashes, telecomms breaks,
    bugs
  • human error
  • incorrect data entry, e.g. rm -r as root in
    UNIX, lost media
  • Always maintain adequate backups (offsite)

6
Intruder Types
  • Casual prying by nontechnical users
  • leaving your computer on when youre out of the
    room
  • forgetting to log out a UNIX terminal
  • Snooping by technical experts
  • students, hobbyists, operators, etc., consider it
    a personal challenge to break into a system
  • Money making
  • deliberately breaking into e.g. banks for
    financial gain
  • rounding fractions, siphoning old accounts,
    blackmail
  • Commercial / political espionage
  • serious and well-funded attempt to gain access

7
Famous Security Flaws
  • UNIX
  • the command mkdir foo ran with root permissions
  • the inode was created and then the owner changed
  • the inode could be removed and a new foo quickly
    linked to /etc/passwd before the chown
  • result the user owned the password file!
  • TENEX
  • the login password verifier checked one character
    at a time in sequence and stopped on a mismatch
  • a password could be positioned with only the
    first character on a page boundary
  • if a page fault occurred the 1st char was
    correct, etc!

8
The Internet Worm
  • In Nov. 1988, an American graduate student,
    Robert Tappan Morris, released a worm program
  • Morris had discovered two bugs in BSD UNIX
  • one was in finger, a command to provide personal
    user details over the network
  • it could be overloaded by submitting a lengthy
    user name
  • the other was in sendmail
  • allowed a bootstrap program to be mailed and run
    remotely
  • the worm then cracked (guessed) user passwords
  • Unfortunately a bug caused his program to
    multiply wildly out of control and crash the
    whole internet
  • he got a 10,000 fine, 3 yrs probation, 400 hrs
    C.S.!

9
The Melissa Virus
  • March 26th, 1999, David L. Smith released a
    Microsoft Word 97 macro virus onto the internet
  • it was christened Melissa by antivirus software
    sellers
  • It ran when a Word email attachment was opened
    and it used MS Outlook to email copies to others
  • by March 29th ? 100,000 systems were infected!
  • David Smith was arrested on April 1st
  • traced through his ISP (AOL) and phone lines
  • caused gt 80m damage (mainly sys admin time)
  • He had pleaded guilty by Dec 9th, 1999
  • sentence was predicted to be 10 years and
    150,000
  • actually received 20 months and 10,000 fine

10
Generic Types
  • Trojan Horse
  • modifying a normal program to perform a security
    breach in addition to its usual functions
  • Trapdoor Attack
  • a system programmer leaves a secret security
    hole in a piece of privileged software when its
    written
  • Worms
  • a self-contained self-replicating program
  • designed to cause automatic damage?
  • Viruses
  • a self-replicating program that attaches itself
    to other programs (in order to do damage)

11
User Authentication
  • User authentication is the process of identifying
    users and allowing authorised ones to log in
  • The most widely used form of authentication is
    the combination of a username and password pair
  • the username is publicly known id code
  • the password is private to the individual
  • the password entered at login is not displayed!
  • The user passwords must be held on the system
  • the common method is to use a one-way encryption
    algorithm, storing the encrypted versions is a
    file
  • entered word is encrypted and compared to file
    entry

12
Password Guessing
  • If the password file is publicly readable and the
    encryption algorithm is known, then guesses can
    be made and compared to the password file
  • Morris Thompson 1979 (RTMs dad!) studied
    this and found 86 of password could be easily
    guessed
  • e.g. username (!), username reversed, initials,
    common words
  • this can be prevented by concatenating a random
    number (known to passwd checker) to each password
  • or by not allowing the password file to be
    readable
  • only a special system program (slow!) can access
    passwords
  • Difficult passwds can be generated by the system
  • easy to check passwds can be detected internally

13
Protection
14
Protection Domains
  • First, have to distinguish policy from mechanism
  • policy is what will be done
  • whose data are to be protected from whom
  • mechanism is how it will be done
  • how the system enforces the protection policy
  • A computer system is a collection of objects
  • hardware objects (processor, disks, memory)
  • software objects (files, processes)
  • every object has a unique name in the system
  • An access right is the ability or permission to
    perform an operation on an object
  • A protection domain is a set of objects rights

15
UNIX Domains (Users and Groups)
  • In UNIX a domain is associated with a user
  • every user has a unique identifier, the user id
    (uid)
  • Users may be grouped together in a many to many
    relationship
  • every group has a unique identifier, the group id
    (gid)
  • multiple users may be members of the same group
  • a user may be a member of multiple groups
  • Every object has a user and group owner
  • When a process runs it acquires the uid and gid
    of the user that starts it
  • A process may change these to its owner ids
  • setuid set uid to owner setgid set gid to owner

16
MULTICS Domains (Rings)
  • When a UNIX process does a system call it
    automatically acquires kernel (root) permissions
  • this (and setuid / setgid) is called a domain
    switch
  • These domain switches are remnants of a more
    powerful domain mechanism found in MULTICS
  • MULTICS domains are organised as rings (64)
  • the innermost ring (0) was the kernel with most
    power
  • moving outward, the rings had successively less
    power

0
17
Protection Matrix
  • Protection domains can be implemented through a
    matrix (2D-array) of access rights
  • an access matrix
  • in practice, an access matrix will be large and
    sparse
  • most domains only access a few objects
  • most objects wiill only be accessed by a few
    domains

18
Access Control Lists
  • There are two approaches that may be used to
    efficiently store such a (sparse) matrix
  • store only the non-empty elements of the matrix
    as lists of either columns or rows
  • Listing by column associates a list of all
    domains that may access with the object
  • this is called an access control list (ACL)
  • For example, for each file there is a list of
  • each user that is allowed to access the file
  • with a set of access permissions
  • e.g. LEC06-2.DOC (jong, rw), (cfi, r)

19
UNIX File Permissions
  • Uses a reduced form of the access list concept
  • rather than list every user that is allowed to
    access a file, the access rights are split into
    just three groups
  • recall that each object (? file) has a uid and
    gid owner
  • user (owner) permissions apply to file owner only
  • r grants permission to read the file
  • w grants permission to write to the file
  • x grants permission to execute the file
  • group (owner) permissions apply to any user who
    is a member of the files group owner
  • other permissions apply to all other users
  • For directories, x flag indicates search
    permission
  • to allow a user to traverse (change into) the
    directory

20
Capabilities
  • The other approach to implementing the protection
    matrix is to store information by rows
  • for each domain a list is held of the objects
    that may be accessed by a process running in that
    domain
  • this is called a capability list (C-list)
  • The capability list is not directly accessible to
    the process, but rather is a protected object
  • this implies that capability lists must be
    distinguished from other types of data to prevent
    tampering
  • capability data may be tagged at a hardware level
  • or, maintained exclusively within OS space (may
    be large)
  • or, encrypted in user space (as in passwords)

21
Locking Mechanisms
22
File Locking
  • A further aspect of data protection is locking
  • one process has read/write permissions on a file
  • another process has read permissions on the same
    file
  • The file protection mechanisms do not prevent the
    file being written by the 1st and read by the 2nd
  • this may cause significant problems and data loss
  • even worse if both are writing a file at the same
    time!
  • Some operating systems, e.g. UNIX, provide file
    locking mechanisms
  • the information is held within the operating
    system open file tables

23
Example Record Locking
  • Two kinds of lock are provided
  • shared lock
  • multiple shared locks are allowed on a single
    file, but an exclusive lock is not allowed if a
    shared lock exists
  • exclusive lock
  • any attempt to add a shared or another exclusive
    lock will fail
  • The locks may be of any size
  • the locking call has parameters filename, start,
    size
  • When placing a lock, a process may block or not
  • block system call doesnt return until the lock
    is placed
  • no block system call returns with failure error

24
Summary
  • Security
  • the security environment
  • famous security flaws
  • user authentication
  • passwords
  • Protection
  • protection domains (users and groups)
  • protection matrix
  • access control lists
  • file permissions
  • capabilities
  • Locking Mechanisms
Write a Comment
User Comments (0)
About PowerShow.com