Lecture 8 : Operating Systems, File Systems, and Security

1
Lecture 8 Operating Systems, File Systems, and
Security

• Pourya Dehnadi

2

• OS Layers

3

• Middleware and the OS
• Middleware implements abstractions that support
  network-wide programming. Examples
• RPC and RMI (Sun RPC, Corba, Java RMI)
• event distribution and filtering (Corba Event
  Notification, Elvin)
• resource discovery for mobile and ubiquitous
  computing
• support for multimedia streaming
• Traditional OS's (e.g. early Unix, Windows 3.0)
• simplify, protect and optimize the use of local
  resources
• Network OS's (e.g. Mach, modern UNIX, Windows NT)
  
• do the same but they also support a wide range of
  communication standards and enable remote
  processes to access (some) local resources (e.g.
  files).

4

• The support that is required by Middleware and DS
  from the OS
• OS manages the basic resources of computer
  systems
• processing, memory, persistent storage and
  communication.
• It is the task of an operating system to
• raise the programming interface for these
  resources to a more useful level
• By providing abstractions of the basic resources
  such asprocesses, unlimited virtual memory,
  files, communication channels
• Protection of the resources used by applications
• Concurrent processing to enable applications to
  complete their work with minimum interference
  from other applications
• provide the resources needed for (distributed)
  services and applications to complete their task
• Communication - network access provided
• Processing - processors scheduled at the relevant
  computers

5

• Core OS Functionality

6

• The address space of a Process

• Regions can be shared
• kernel code
• libraries
• shared data communication
• copy-on-write
• Files can be mapped
• Mach, some versions of UNIX
• UNIX fork() is expensive
• must copy process's address space

7

• Thread and its implementation

8

• The worker-pool architecture

9

• Security
• object (or resource not to be confused with
  Object instance of a class)
• Mailbox, system file, part of a commercial web
  site
• Principal
• User or process that has authority (rights) to
  perform actions
• Identity of principal is important

10

• Security The Enemy
• Attacks
• On applications that handle financial
  transactions or other information whose secrecy
  or integrity is crucial
• Enemy (or adversary)
• Threats
• To processes, to communication channels, denial
  of service

11

• Secure Channel
• Properties
• Each process is sure of the identity of the other
• Data is private and protected against tampering
• Protection against repetition and reordering of
  data
• Employs cryptography
• Secrecy based on cryptographic concealment
• Authentication based on proof of ownership of
  secrets

12

• Threats and Forms of Attacks
• Eavesdropping
• obtaining private or secret information
• Masquerading
• assuming the identity of another user/principal
• Message tampering
• altering the content of messages in transit
• man in the middle attack (tampers with the secure
  channel mechanism)
• Replaying
• storing secure messages and sending them at a
  later date
• Denial of service
• flooding a channel or other resource, denying
  access to others

13

• Attacks not protected by a secure channel
• Denial of service attacks
• Deliberately excessive use of resources to the
  extent that they are not available to legitimate
  users
• E.g. the Internet 'IP spoofing' attack, February
  2000
• Trojan horses and other viruses
• Viruses can only enter computers when program
  code is imported.
• But users often require new programs, for
  example
• New software installation
• Mobile code downloaded dynamically by existing
  software (e.g. Java applets)
• Accidental execution of programs transmitted
  surreptitiously
• Defences code authentication (signed code), code
  validation (type checking, proof), sandboxing.

14

• Scenario 1 Secret communications with a shared
  key
• Key distribution How can Alice send a shared key
  KAB to Bob securely?
• Freshness of communication How does Bob know
  that any Mi isnt a copy of an earlier
  encrypted message from Alice that was captured by
  Mallory and replayed later?

• Alice and Bob share a secret key KAB.
• Alice uses KAB and an agreed encryption function
  E(KAB, M) to encrypt and send any number of
  messages MiKAB to Bob.
• Bob reads the encrypted messages using the
  corresponding decryption function D(KAB, M).
• Alice and Bob can go on using KAB as long as it
  is safe to assume that KAB has not been
  compromised.

15

• Scenario 2 Authenticated communication with a
  server

• Bob is a file server Sara is an authentication
  service. Sara shares secret key KA with Alice and
  secret key KB with Bob.
• Alice sends an (unencrypted) message to Sara
  stating her identity and requesting a ticket for
  access to Bob.
• Sara sends a response to Alice. TicketKB,
  KABKA. It is encrypted in KA and consists of a
  ticket (to be sent to Bob with each request for
  file access) encrypted in KB and a new secret key
  KAB.
• Alice uses KA to decrypt the response.
• Alice sends Bob a request R to access a file
  TicketKB, Alice, R.
• The ticket is actually KAB, AliceKB. Bob uses
  KB to decrypt it, checks that Alice's name
  matches and then uses KAB to encrypt responses to
  Alice.

16

• Scenario 3 Authenticated communication with
  public keys
• Mallory might intercept Alices initial request
  to a key distribution service for Bobs
  public-key certificate and send a response
  containing his own public key. He can then
  intercept all the subsequent messages.

• Bob has a public/private key pair ltKBpub, KBprivgt
• Alice obtains a certificate that was signed by a
  trusted authority stating Bob's public key KBpub
• Alice creates a new shared key KAB , encrypts it
  using KBpub using a public-key algorithm and
  sends the result to Bob.
• 3. Bob uses the corresponding private key KBpriv
  to decrypt it.
• (If they want to be sure that the message hasn't
  been tampered with, Alice can add an agreed value
  to it and Bob can check it.)

17

• Scenario 4 Digital signatures with a secure
  digest function

• Alice wants to publish a document M in such a way
  that anyone can verify that it is from her.
• Alice computes a fixed-length digest of the
  document Digest(M).
• Alice encrypts the digest in her private key,
  appends it to M and makes the resulting signed
  document (M, Digest(M)KApriv) available to the
  intended users.
• Bob obtains the signed document, extracts M and
  computes Digest(M).
• Bob uses Alice's public key to decrypt
  Digest(M)KApriv and compares it with his
  computed digest. If they match, Alice's
  signature is verified.

18
Figure 7.4 Alices bank account certificate

• Certificates

Figure 7.5 Public-key certificate for Bob's Bank
19

• Certificates can act as credentials
• Evidence for a principal's right to access a
  resource
• The two certificates shown in the last slide
  could act as credentials for Alice to operate on
  her bank account
• She would need to add her public key certificate
• X.509 Certificate Format

20

• Access Control
• Protection domain
• A set of ltresource, rightsgt pairs
• Two main approaches to implementation
• Access control list (ACL) associated with each
  object
• E.g. Unix file access permissions
• For more complex object types and user
  communities, ACLs can become very complex
• Capabilities associated with principals
• Like a key
• Format ltresource id, permitted operations,
  authentication codegt
• Must be unforgeable
• Problems eavesdropping, difficulty of
  cancellation

21

• Credentials
• Requests to access resources must be accompanied
  by credentials
• Evidence for the requesting principal's right to
  access the resource
• Simplest case an identity certificate for the
  principal, signed by the principal.
• Credentials can be used in combination. E.g. to
  send an authenticated email as a member of
  Cambridge University, I would need to present a
  certificate of membership of CU and a certificate
  of my email address.
• The speaks for idea
• We don't want users to have to give their
  password every time their PC accesses a server
  holding protected resources.
• Instead, the notion that a credential speaks for
  a principal is introduced. E.g. a user's PK
  certificate speaks for that user.

22

• Cryptographic Algorithms
• Message M, key K, published encryption functions
  E, D
• Symmetric (secret key)
• E(K, M) MK D(K, E(K, M)) M
• Same key for E and D
• M must be hard (infeasible) to compute if K is
  not known.
• Usual form of attack is brute-force try all
  possible key values for a known pair M, MK.
  Resisted by making K sufficiently large 128
  bits
• Asymmetric (public key)
• Separate encryption and decryption keys Ke, Kd
• D(Kd. E(Ke, M)) M
• depends on the use of a trap-door function to
  make the keys. E has high computational cost.
  Very large keys gt 512 bits
• Hybrid protocols - used in SSL (now called TLS)
• Uses asymmetric crypto to transmit the symmetric
  key that is then used to encrypt a session.

23

• Digital Signatures
• Requirement
• To authenticate stored document files as well as
  messages
• To protect against forgery
• To prevent the signer from repudiating a signed
  document (denying their responsibility)
• Encryption of a document in a secret key
  constitutes a signature
• impossible for others to perform without
  knowledge of the key
• strong authentication of document
• strong protection against forgery
• weak against repudiation (signer could claim key
  was compromised)

24

• Kerberos Architecture