What we will cover PowerPoint PPT Presentation

presentation player overlay
About This Presentation
Transcript and Presenter's Notes

Title: What we will cover


1
What we will cover
  • Protection and Security in OS

2
Difference between Protection Security
  • Protection Mostly, mechanism for controlling
    access to system resources by processes. This
    includes a means of specifying controls and a
    means of enforcing the controls. This is an
    internal problem.
  • Security Mostly, assuring the integrity of
    system resources and data. Protection is the
    enforcement aspect of security. Security must
    also consider the external environment in which
    the system operates.

3
Domain of Protection
  • Who needs protection?
  • System resources need protection
  • resources include both hardware and software
  • examples of software resources files, programs,
    buffers, semaphores etc.
  • examples of hardware resources CPU, memory
    segments, printers, disks etc.
  • think of each resource as an object accessible
    only through associated operations
  • Protection From whom?
  • Other users (user domain)
  • Other processes (process domain)

4
Principle of Protection
  • Guiding principle principle of least privilege
  • Programs, users and systems should be given just
    enough privileges to perform their tasks
  • Also known as need-to-know principle

5
Domain Structure
  • Implement protection domain
  • a process has an associated protection domain and
    operates within this domain
  • a protection domain is a set of ordered pairs
  • each ordered pair consists of an object and a set
    of access rights (permitted operations)
  • Access-right ltobject-name, rights-setgtwhere
    rights-set is a subset of all valid operations
    that can be performed on the object.
  • Domain set of access-rights

6
Protection Domain Structure
  • The association between a process and a domain
    can be
  • fixed (static) or
  • can change as process executed (dynamic)
  • Static association is easier to implement while
    dynamic association is more complex
  • Which one is better?
  • Static association may violate need-to-know
    principle
  • Dynamic association
  • change association dynamically by either (1)
    modifying the domain, or (2) switching to a
    different domain

7
Domain Implementation (MULTICS)
  • Let Di and Dj be any two domain rings.
  • If j lt i ? Di ? Dj
  • Disadvantages
  • Too complicated
  • Violating need-to-know principle

8
Domain Implementation (UNIX)
  • System consists of 2 domains
  • User mode
  • Kernel mode
  • UNIX
  • Domain user-id
  • Domain switch accomplished via file system.
  • Each file has associated with it a domain bit
    (setuid bit).
  • When file is executed and setuid on, then
    user-id is set to owner of the file being
    executed. When execution completes user-id is
    reset.

9
Domain Implementation (UNIX)
  • Is it safe?

10
Domain Example
  • Processes move back and forth between user mode,
    (i.e., user domain) and kernel mode, (i.e.,
    kernel domain).
  • Unix setuid

real user id 201 effective user id
201 exec(shell)
load
shell owner100 setuid bit0
real user id 201 effective user id
201 exec(a.out)
a.out owner100 setuid bit1
100
load
11
Access Matrix
  • View protection as a matrix (access matrix)
  • Rows represent domains
  • Columns represent objects
  • Access(i, j) is the set of operations that a
    process executing in Domaini can invoke on Objectj

12
Access Matrix
13
Visualizing access matrix for UNIX
-rwxr-xr-x 1 John students 14839 May 14 0715
chatter -rw-r----- 1 John students 998 May
14 0827 guru.c -rwxr-xr-- 2 John students
4096 May 17 1159 data
Domain/object chatter guru.c data
Owner Read, write, execute Read, write Read, write, execute
group Read, execute Read Read, execute
world Read, execute Read
14
Use of Access Matrix
  • If a process in Domain Di tries to do op on
    object Oj, then op must be in the access
    matrix.
  • Can be expanded to dynamic protection.
  • Special operations to change content of access
    matrix
  • Change access rights
  • copy an access right from one domain to another
  • owner rights

15
Access Matrix with Copy Rights
16
Access Matrix With Owner Rights
17
Use of Access Matrix (Cont.)
  • Access matrix design separates mechanism from
    policy.
  • Policy
  • User dictates policy.
  • Who can access what object and in what mode.
  • Mechanism
  • Operating system provides access-matrix rules.
  • It ensures that the matrix is only manipulated by
    authorized agents and that rules are strictly
    enforced.

18
Security
19
The Security Problem
  • Security must consider external environment of
    the system, and protect the system resources
  • Intruders (crackers) attempt to breach security
    (malicious access)
  • Unauthorized reading of data
  • Unauthorized modifications of data
  • Unauthorized destruction of data
  • Preventing legitimate use of the systems (denial
    of service)

20
User Authentication
  • Protection (earlier discussed) majorly dependent
    on user authentication
  • Based on use of Passwords
  • Biometrics is another option but
  • Still not implemented
  • Not cost-effective yet

21
Use of Passwords
  • Passwords are mutually agreed-upon code words,
    assumed to be known only to the user and the
    system.
  • The use of passwords is fairly straightforward.
    A user enters some piece of identification, such
    as a name or an assigned user ID, if the
    identification matches that on file for the user,
    the user is authenticated to the system.
  • If the identification match fails, the user is
    rejected by the system.

22
Attacks on Passwords
  • Try all possible passwords
  • exhaustive or brute force attack
  • Is this impossible to create?
  • Try many probable passwords
  • Users do not likely select a password uncommon,
    hard to spell or pronounce, very long
  • Try passwords likely for the user
  • Password generally is meaningful to the user

23
Attacks on Passwords (cont)
  • Encrypted password (used in UNIX)
  • Flaw was user tends to select a meaningful
    password (a word in the dictionary)
  • System encrypts the word and stores the encrypted
    version
  • The process is irreversible, so apparently secure
  • Dictionary attack
  • Off-line cluster attack

24
Many Password Selection Criteria
  • Use characters other than just A-Z
  • Choose long passwords
  • Avoid actual names or words
  • Choose an unlikely password
  • Change the password regularly
  • Dont write it down
  • Dont tell anyone else

25
The Authentication Process
  • Intentionally slow
  • This makes exhaustive attack infeasible
  • Identify intruder from the normal user
  • Some who continuously fails to login may not be
    an authorized user.
  • System disconnect a user after three to five
    failed logins
  • What is the flaw?

26
Program Threats
  • Trojan Horse
  • Code segment that misuses its environment
  • Exploits mechanisms for allowing programs written
    by users to be executed by other users
  • Spyware, pop-up browser windows, covert channels
  • PWSteal.Tarno.Q - registers itself as a browser
    helper (key logger)
  • Trap Door
  • Specific user identifier or password that
    circumvents normal security procedures
  • Could be included in a program
  • Combination of trojan horse and trap door even
    fatal
  • Trojan.Lodeight.A opens a Back-door on TCP port
    1084

27
How to defend against such program threats
  • Analyze the execution patterns of the Trojan
    Horses Trapdoors
  • The malicious code is executed without user
    intervention.
  • The malicious code may be directed by a remote
    attacker once a connection is made.
  • Resources used by the malicious code, such as
    file names and network addresses, are hard-coded
    in the binary.
  • OS resources (processes, memory) used by the
    malicious code may be consumed for the purpose of
    degrading performance.
  • A key characteristic of Trojan Horses and
    Trapdoors is that they cannot be invoked by the
    attacker and are autonomous at least until a
    connection is made.

28
Program Threats (contd.)
  • Stack and Buffer Overflow
  • Exploits a bug in a program (overflow either the
    stack or memory buffers)

29
Simple example code
  • include ltstring.hgt
  • void foo (char bar)
  • char c12
  • strcpy(c, bar) // no bounds checking...
  • int main (int argc, char argv)
  • foo(argv1)

30
Stack Buffer Overflow
Before data is copied. "hello" is the first command line argument. "A?A?A?A?A?A?A?A?A?A?A?A?A?A?A?A?A?A?A?A?\x08?\x35?\xC0?\x80" is the first command line argument.
31
System and Network Threats
  • Worms use spawn mechanism standalone program
  • Morris worm
  • Exploited UNIX networking features (remote
    access) and bugs in finger and sendmail programs
  • Grappling hook program uploaded main worm program

32
System and Network Threats
  • Denial of Service
  • Easier than penetration attacks
  • Overload the targeted computer preventing it from
    doing any useful work
  • Distributed denial-of-service (DDOS) come from
    multiple sites at once
  • Open tcp connection (never closing one)

33
Security Through Domain Separation Via Firewall
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "What we will cover" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!