Security - PowerPoint PPT Presentation

About This Presentation
Title:

Security

Description:

Chapter 9 Security 9.1 The security environment 9.2 User authentication 9.3 Attacks from inside the system 9.4 Attacks from outside the system 9.5 Protection mechanisms – PowerPoint PPT presentation

Number of Views:204
Avg rating:3.0/5.0
Slides: 61
Provided by: Steve1571
Category:

less

Transcript and Presenter's Notes

Title: Security


1
Security
  • Chapter 9

9.1 The security environment 9.2 User
authentication 9.3 Attacks from inside the
system 9.4 Attacks from outside the system 9.5
Protection mechanisms
2
The Security EnvironmentThreats
  • Security goals and threats

3
Intruders
  • Common Categories
  • Casual prying by nontechnical users
  • Snooping by insiders
  • Determined attempt to make money
  • Commercial or military espionage

4
Accidental Data Loss
  • Common Causes
  • Acts of God
  • fires, floods, wars
  • Hardware or software errors
  • CPU malfunction, bad disk, program bugs
  • Human errors
  • data entry, wrong tape mounted

5
User Authentication
  • Basic Principles. Authentication must identify
  • Something the user knows
  • Something the user has
  • Something the user is
  • This is done before user can use the system

6
Authentication Using Passwords
  • (a) A successful login
  • (b) Login rejected after name entered
  • (c) Login rejected after name and password typed

7
Authentication Using Passwords
  • How a cracker broke into LBL
  • a U.S. Dept. of Energy research lab

8
Authentication Using Passwords
,
,
,
,
Password
Salt
  • The use of salt to defeat precomputation of
  • encrypted passwords

9
Authentication Using a Physical Object
  • Magnetic cards
  • magnetic stripe cards
  • chip cards stored value cards, smart cards

10
Authentication Using Biometrics
  • A device for measuring finger length.

11
Countermeasures
  • Limiting times when someone can log in
  • Automatic callback at number prespecified
  • Limited number of login tries
  • A database of all logins
  • Simple login name/password as a trap
  • security personnel notified when attacker bites

12
Operating System SecurityTrojan Horses
  • Free program made available to unsuspecting user
  • Actually contains code to do harm
  • Place altered version of utility program on
    victim's computer
  • trick user into running that program

13
Login Spoofing
  • (a) Correct login screen
  • (b) Phony login screen

14
Logic Bombs
  • Company programmer writes program
  • potential to do harm
  • OK as long as he/she enters password daily
  • ff programmer fired, no password and bomb
    explodes

15
Trap Doors
  • (a) Normal code.
  • (b) Code with a trapdoor inserted

16
Buffer Overflow
  • (a) Situation when main program is running
  • (b) After program A called
  • (c) Buffer overflow shown in gray

17
Generic Security Attacks
  • Typical attacks
  • Request memory, disk space, tapes and just read
  • Try illegal system calls
  • Start a login and hit DEL, RUBOUT, or BREAK
  • Try modifying complex OS structures
  • Try to do specified DO NOTs
  • Convince a system programmer to add a trap door
  • Beg admin's secy to help a poor user who forgot
    password

18
Famous Security Flaws
(a)
(b)
(c)
  • The TENEX password problem

19
Design Principles for Security
  • System design should be public
  • Default should be n access
  • Check for current authority
  • Give each process least privilege possible
  • Protection mechanism should be
  • simple
  • uniform
  • in lowest layers of system
  • Scheme should be psychologically acceptable

And keep it simple
20
Network Security
  • External threat
  • code transmitted to target machine
  • code executed there, doing damage
  • Goals of virus writer
  • quickly spreading virus
  • difficult to detect
  • hard to get rid of
  • Virus program can reproduce itself
  • attach its code to another program
  • additionally, do harm

21
Virus Damage Scenarios
  • Blackmail
  • Denial of service as long as virus runs
  • Permanently damage hardware
  • Target a competitor's computer
  • do harm
  • espionage
  • Intra-corporate dirty tricks
  • sabotage another corporate officer's files

22
How Viruses Work
  • Virus written in assembly language
  • Inserted into another program
  • use tool called a dropper
  • Virus dormant until program executed
  • then infects other programs
  • eventually executes its payload

23
The Internet Worm
  • Consisted of two programs
  • bootstrap to upload worm
  • the worm itself
  • Worm first hid its existence
  • Next replicated itself on new machines

24
Protection Mechanisms Protection Domains (1)
  • Examples of three protection domains

25
Protection Domains (2)
  • A protection matrix

26
Protection Domains (3)
  • A protection matrix with domains as objects

27
Access Control Lists (1)
  • Use of access control lists of manage file access

28
Access Control Lists (2)
  • Two access control lists

29
Capabilities (1)
  • Each process has a capability list

30
Capabilities (2)
  • Cryptographically-protected capability
  • Generic Rights
  • Copy capability
  • Copy object
  • Remove capability
  • Destroy object

Server Object Rights f(Objects, Rights, Check)
31
Input/Output
  • Chapter 5

5.1 Principles of I/O hardware 5.2 Principles of
I/O software 5.3 I/O software layers 5.4
Disks 5.5 Clocks
32
Input/Output
  • One of O.S main functions control I/O
  • Issue commands to devices
  • Catch interrupts
  • Handle errors
  • Provide interface between devices and rest of
    system
  • Electrical Engineers Programmers
  • I/O devices can be block devices and character
    devices
  • Block devices store information in fixed-size
    blocks
  • A character device accepts or delivers a stream
    of characters
  • Classification is not perfect (e.g. tapes, clocks)

33
Principles of I/O Hardware
  • Some typical device, network, and data base rates

34
Device Controllers
  • I/O devices have components
  • mechanical component
  • electronic component
  • The electronic component is the device controller
  • may be able to handle multiple devices
  • Interface between controller and device is a very
    low-level interface
  • E.g. disks preamble serial bit stream
    checksum
  • Controller's tasks
  • convert serial bit stream to block of bytes
  • perform error correction as necessary
  • make available to main memory

35
Memory-Mapped I/O
  • Each controller has a few registers data buffer
    to commu-nicate with CPU. These can be used by OS
    to read/write.
  • Separate I/O and memory space
  • Memory-mapped I/O
  • Hybrid (e.g. Pentium, addresses 640K to 1MB for
    buffers, I/O ports 0 to 64K)

36
Memory-Mapped I/O
  • (a) A single-bus architecture
  • (b) A dual-bus memory architecture

37
Direct Memory Access (DMA)
  • DMA controller is required
  • Disk reads when not DMA is used
  • Disk controller reads serially bit-by-bit the
    block
  • Causes an interrupt
  • Transfer block to memory
  • With DMA the procedure is differrent
  • CPU programs DMA controller by setting addresses
  • Instructs disk controller to read data into its
    buffer
  • When block in buffer, DMA starts.

38
Direct Memory Access (DMA)
  • Operation of a DMA transfer

39
Interrupts Revisited
  • How interrupts happens. Connections between
    devices and interrupt controller actually use
    interrupt lines on the bus rather than dedicated
    wires

40
Principles of I/O SoftwareGoals of I/O Software
  • Device independence
  • programs can access any I/O device
  • without specifying device in advance (floppy,
    hard drive, or CD-ROM)
  • Uniform naming
  • name of a file or device a string or an integer
  • not depending on which machine
  • Error handling
  • handle as close to the hardware as possible

41
Goals of I/O Software
  • Synchronous vs. asynchronous transfers
  • blocking transfers vs. interrupt-driven (in
    programs we use blocking I/O it is up to OS to
    make asynchronous look like synchronous)
  • Buffering
  • data coming off a device cannot be stored in
    final destination (e.g. packets in networks)
  • Sharable vs. dedicated devices
  • disks are sharable
  • tape drives would not be

42
I/O Software Layers
  • Layers of the I/O Software System

43
Interrupt Handlers (1)
  • Interrupt handlers are best hidden
  • have driver starting an I/O operation block until
    interrupt notifies of completion
  • Interrupt procedure does its task
  • then unblocks driver that started it
  • Steps must be performed in software after
    interrupt completed
  • Save regs not already saved by interrupt hardware
  • Set up context for interrupt service procedure

44
Interrupt Handlers (2)
  • Set up stack for interrupt service procedure
  • Ack interrupt controller, reenable interrupts
  • Copy registers from where saved
  • Run service procedure
  • Set up MMU context for process to run next
  • Load new process' registers
  • Start running the new process
  • A lot of work!!!

45
Device Drivers
  • Each I/O device needs some device-specific code
    to control it.
  • Logical position of device drivers is shown here
  • Communications between drivers and device
    controllers goes over the bus

46
Device-Independent I/O Software
  • Some parts of I/O software is not
    device-specific. The exact boundary is system
    specific and depends on other factors.
  • Functions of the device-independent I/O software

Uniform interfacing for device drivers
Buffering
Error reporting
Allocating and releasing dedicate devices
Providing a deice-independent block size
47
User-Space I/O Software
  • Most of the I/O software is within the OS
  • A small portion consists of libraries linked
    together with user programs (e.g. system calls)
  • count write(fd,buffer,nbytes)

48
DisksDisk Hardware
  • Disk parameters for the original IBM PC floppy
    disk and a Western Digital WD 18300 hard disk

49
Disk Hardware
  • Physical geometry of a disk with two zones
  • A possible virtual geometry for this disk

50
Disk Formatting
  • A disk sector

51
Disk Formatting
An illustration of cylinder skew
52
Disk Formatting
  • No interleaving
  • Single interleaving
  • Double interleaving

53
Disk Arm Scheduling Algorithms
  • Time required to read or write a disk block
    determined by 3 factors
  • Seek time
  • Rotational delay
  • Actual transfer time
  • Seek time dominates the other two times
  • Error checking is done by controllers
  • If FCFS, nothing much can be done. If heavily
    loaded, then multiple algorithms

54
Disk Arm Scheduling Algorithms
  • If FCFS, nothing much can be done. If heavily
    loaded, then many pending requests. There are
    algorithms to find a good sequence to minimize
    seek time.
  • Many disk drivers maintain table, indexed by
    cylinder number with all pending requests for
    each cylinder chained together in a linked list.
  • FCFS
  • SSF
  • Elevator

55
Disk Arm Scheduling Algorithms
Pending requests
Initial position
  • Shortest Seek First (SSF) disk scheduling
    algorithm
  • A request for block 11. While seeking, new
    requests for 1, 36, 16, 34, 9 and 12 are coming.
  • Problem?

56
Disk Arm Scheduling Algorithms
  • The elevator algorithm for scheduling disk
    requests. Similar to elevators in tall buildings
    they keep moving toward one direction until no
    more requests toward this.
  • A slight modification always move toward one
    direction

57
Error Handling
  • A disk track with a bad sector
  • Substituting a spare for the bad sector
  • Shifting all the sectors to bypass the bad one

58
ClocksClock Hardware
  • A programmable clock
  • One shot mode
  • Square-wave mode

59
Clock Software (clock driver)
  • Maintaining the time of the day
  • Accounting for processes
  • Accounting for CPU usage
  • Implementing the alarm system call for user
    processes.
  • Three ways to maintain the time of day

60
Clock Software
  • Simulating multiple timers with a single clock
Write a Comment
User Comments (0)
About PowerShow.com