Professional Documents
Culture Documents
Week 10 OS Protection and Security
Week 10 OS Protection and Security
CSC314: OS Security
Week 10
Chapter 14 and 15 in Operating system concepts 9th edition (Silberschatz)
Dr Nyamsi 5/5/2022
2
Outline
Protection
Protection definition
Protection mechanisms
Security
Security issues
Dr Nyamsi 5/5/2022
3
Concepts
Protection definition:
Mechanisms and policy to keep programs and users from
accessing or changing stuff they should not do
Is Internal to OS
Security:
Issues are external to OS
Dr Nyamsi 5/5/2022
4
Goal of protection
Dr Nyamsi 5/5/2022
5
Protection mechanism: guideline
Guiding principle – principle of least privilege
Dr Nyamsi 5/5/2022
6
Protection mechanism
Principle of least privilege
Dr Nyamsi 5/5/2022
7
Protection mechanism
Dr Nyamsi 5/5/2022
8
Protection mechanism
Dr Nyamsi 5/5/2022
Protection mechanism: domain structure
9
Dr Nyamsi 5/5/2022
Protection mechanism: domain structure
10
Domain = user-id
When file is executed and setuid = on, then user-id is set to owner of
the file being executed
Dr Nyamsi 5/5/2022
Protection mechanism: domain structure
11
Dr Nyamsi 5/5/2022
12
Protection mechanism
Dr Nyamsi 5/5/2022
13
Protection mechanism
Columns are access control lists (ACLs): Associated with each object
Dr Nyamsi 5/5/2022
Protection mechanism: use of access matrix
14
User who creates object can define access column for that object
Dr Nyamsi 5/11/2022
Protection mechanism: use of access matrix
15
owner of Oi
If ensures that the matrix is only manipulated by authorized agents and that rules
are strictly enforced
Dr Nyamsi 5/11/2022
Protection mechanism: use of access matrix
18
Dr Nyamsi
Access Matrix with Copy Rights 5/11/2022
Protection mechanism: use of access matrix
19
Dr Nyamsi
Access Matrix with Owner Rights 5/11/2022
20
Access matrix: Implementation
Access matrix is generally, a sparse matrix
Option 1 – Global table
Store ordered triples <domain, object, rights-set> in table
A requested operation M on object Oj within domain Di imply
search table for < Di, Oj, Rk > ; with M ∈ Rk
But table could be large, consequence: it won’t fit in main
memory
Difficult to group objects (consider an object that all domains
can read)
Dr Nyamsi 5/11/2022
21
Access matrix: Implementation
Access matrix is generally, a sparse matrix
Option 2 – Access lists for objects
Each column implemented as an access list for one object
Resulting per-object list consists of ordered pairs <domain,
rights-set> defining all domains with non-empty set of access
rights for the object.
Easily extended to contain default set
If M ∈ default set, also allow access
Dr Nyamsi 5/11/2022
22
Access matrix: Implementation
Each column = Access-control list for one object
Defines who can perform what operation
Domain 1 = Read, Write
Domain 2 = Read
Domain 3 = Read
Dr Nyamsi 5/11/2022
23
Access matrix: Implementation
Option 3 – Capability list for domains
Instead of object-based, list is domain based
Capability list for domain is list of objects together with operations allows
on them
Object represented by its name or address, called a capability
Execute operation M on object Oj, process requests operation and
specifies capability as parameter
Possession of capability means access is allowed
Capability list associated with domain but never directly accessible by
domain
Rather, protected object, maintained by OS and accessed indirectly
Like a “secure pointer”
Idea can be extended up to applications
Dr Nyamsi 5/11/2022
24
Access matrix: Implementation
Option 4 – Lock-key
Dr Nyamsi 5/11/2022
25
Access matrix: Implementation
Comparison of implementations:
Dr Nyamsi 5/11/2022
26
Access matrix: Implementation
Comparison of implementations:
Dr Nyamsi 5/11/2022
27
Access matrix: Implementation
Most systems use combination of access lists and capabilities
Dr Nyamsi 5/11/2022
28
Access control
To access a file, a resource, you need a privilege.
Dr Nyamsi 5/11/2022
29
Access control
To access a file, a resource, you need a privilege.
Dr Nyamsi 5/11/2022
30
Revocation of Access Rights
As you grant access, you can do remove the access right to a file or resource
Back-pointers – set of pointers from each object to all capabilities of that object
(Multics)
Indirection – capability points to global table entry which points to object – delete entry
from global table, not selective (CAL)
Keys – unique bits associated with capability, generated when capability created
Master key associated with object, key matches master key for access
Policy decision of who can create and modify keys – object owner or others?
Dr Nyamsi 5/11/2022
32
Language-Based Protection
Specification of protection in a programming language allows the
high-level description of policies for the allocation and use of resources
Dr Nyamsi 5/11/2022
33
Language-Based Protection
With Java for example,
Protection is handled by the Java Virtual Machine (JVM)
The protection domain indicates what operations the class can (and cannot)
perform
Classes effectively encapsulate and protect data and methods from other
classes
Dr Nyamsi 5/11/2022
34
Outline
Protection
Protection definition
Protection mechanisms
Security
Security issues
Dr Nyamsi 5/11/2022
35
Security
The security problem
System is secured if resources used and accessed as intended
under all circumstances
Dr Nyamsi 5/11/2022
36
Security: Violation Categories
Dr Nyamsi 5/11/2022
37
Security: Violation Methods
Dr Nyamsi 5/11/2022
39
Security: Program Threats
Trojan Horse
Code segment that misuses its environment
Dr Nyamsi 5/11/2022
40
Security: Program Threats
Trap Door
Logic Bomb
Dr Nyamsi 5/11/2022
41
Security: Program Threats
Write past arguments on the stack into the return address on stack
Dr Nyamsi 5/11/2022
42
Security: Program Threats
Viruses
Dr Nyamsi 5/11/2022
43
Security: Program Threats
File / parasitic
Boot / memory
Macro
Source code
… etc.
Dr Nyamsi 5/11/2022
44
Security: Systems and network Threats
Dr Nyamsi 5/11/2022
45
Security: Systems and network Threats
Dr Nyamsi 5/11/2022
46
Security: Systems and network Threats
Port scanning
Dr Nyamsi 5/11/2022
47
Security: Systems and network Threats
Port scanning
Dr Nyamsi 5/11/2022
48
Security: Systems and network Threats
Denial of Service
Dr Nyamsi 5/11/2022
49
Security: Systems and network Threats
Denial of Service
How can you tell the difference between being a target and being
popular?
Dr Nyamsi 5/11/2022
Security: Cryptography as a Security Tool
50
Dr Nyamsi 5/11/2022
Security: Cryptography as a Security Tool
51
Enables
Confirmation of source
Dr Nyamsi 5/11/2022
52
Security: Encryption
Constrains the set of possible receivers of a message
Set K of keys
Set M of Messages
Dr Nyamsi 5/11/2022
53
Security: Encryption
Encryption algorithm consists of
Dr Nyamsi 5/11/2022
54
Security: Encryption
An encryption algorithm must provide this essential property: Given a
ciphertext c C, a computer can compute m such that Ek(m) = c
only if it possesses k
Dr Nyamsi 5/11/2022
56
Security: Symmetric Encryption
2001 NIST adopted new block cipher - Advanced Encryption Standard
(AES)
Dr Nyamsi 5/11/2022
57
Security: Symmetric Encryption
Dr Nyamsi 5/11/2022
58
Security: Asymmetric Encryption
Public-key encryption based on each user having two keys:
public key – published key used to encrypt data
private key – key known only to individual user used to decrypt
data
Must be an encryption scheme that can be made public
without making it easy to figure out the decryption scheme
Most common is RSA (Rivest–Shamir–Adleman) block cipher
Efficient algorithm for testing whether a number is prime or not
No efficient algorithm is known for finding the prime factors of a
number
Dr Nyamsi 5/12/2022
59
Security: Asymmetric Encryption
Formally, it is computationally infeasible to derive kd,N from ke,N,
and so ke need not be kept secret and can be widely
disseminated
ke is the public key
kd is the private key
N is the product of two large, randomly chosen prime numbers p
and q (for example, p and q are 512 bits each)
Encryption algorithm is Eke,N(m) = mke mod N, where ke satisfies
kekd mod (p−1)(q −1) = 1
The decryption algorithm is then Dkd,N(c) = ckd mod N
Dr Nyamsi 5/11/2022
60
Security: Asymmetric Encryption
For example. Make p = 7 and q = 13
We then calculate N = 7∗13 = 91 and (p−1)(q−1) = 72
Dr Nyamsi 5/11/2022
61
Security: Asymmetric Encryption
For example. Make p = 7 and q = 13
Encrypting the message 69 with the public key results in the
cyphertext 62
Dr Nyamsi 5/11/2022
Security: Asymmetric Encryption
62
Dr Nyamsi 5/11/2022
Security: Asymmetric Encryption
63
Note
Dr Nyamsi 5/11/2022
Authentication
64
Complementary to encryption
Algorithm components
A set K of keys
A set M of messages
A set A of authenticators
Dr Nyamsi 5/12/2022
Authentication
65
Algorithm components
A function S : K → (M→ A)
Dr Nyamsi 5/12/2022
Authentication
66
Dr Nyamsi 5/12/2022
Authentication
67
Dr Nyamsi 5/12/2022
Authentication – Hash function
68
Dr Nyamsi 5/12/2022
Authentication – Hash function
69
Dr Nyamsi 5/12/2022
Authentication – Digital Signature
70
V is a one-way function
Dr Nyamsi 5/12/2022
Authentication – Digital Signature
71
Like the RSA encryption algorithm, but the key use is reversed
The key ks again is a pair (d, N), where N is the product of two
large, randomly chosen prime numbers p and q
Dr Nyamsi 5/12/2022
Authentication – Digital Signature
72
Dr Nyamsi 5/12/2022
Security : Key distribution
73
Dr Nyamsi 5/12/2022
Security : key and digital certification
74
Certificate authority are trusted party – their public keys included with
web browser distributions
They vouch for other authorities via digitally signing their keys, and so on
Dr Nyamsi 5/12/2022
75
Security: Example of Encryption
Insertion of cryptography at one layer of the ISO network model (the
transport layer)
SSL – Secure Socket Layer (also called TLS)
Cryptographic protocol that limits two computers to only exchange
messages with each other
Very complicated, with many variations
Used between web servers and browsers for secure communication
(credit card numbers for example)
The server is verified with a certificate assuring client is talking to correct
server
Asymmetric cryptography used to establish a secure session key
(symmetric encryption) for bulk of communication during session
Communication between each computer then uses symmetric key
cryptography
Dr Nyamsi 5/11/2022
Security: Example of user authentication
76
Dr Nyamsi 5/12/2022
78
Security: Password
Encrypt to avoid having to keep secret
But keep secret anyway (i.e. Unix uses superuser-only readably file
/etc/shadow)
Use algorithm easy to compute but difficult to invert
Only encrypted password stored, never decrypted
Add “salt” to avoid the same password being encrypted to the
same value
One-time passwords
Use a function based on a seed to compute a password, both
user and computer
Hardware device / calculator / key fob to generate the password
Dr Nyamsi 5/12/2022
79
Security: Password
Biometrics
Multi-factor authentication
Dr Nyamsi 5/12/2022
80
Security: Password
Questions ?
Dr Nyamsi 5/12/2022