protection
play

Protection CSE473 - Spring 2008 Professor Jaeger - PowerPoint PPT Presentation

Jun 02, 2023 •234 likes •526 views

Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ CSE473 Operating Systems - Spring 2008 - Professor Jaeger Protection Protect yourself from untrustworthy users in a common space They may try to

  1. Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ CSE473 Operating Systems - Spring 2008 - Professor Jaeger

  2. Protection • Protect yourself from untrustworthy users in a common space – They may try to access your resources – Or modify your resources – Or they may just make a mistake • Protect yourself from their errors CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 2

  3. Shared Platforms Process 1 Process 2 Process n Program Program Program ... Data Data Data Operating System Security Scheduling Resource Mechanisms Display ... Memory Disk Network Memory Disk Network Display ... Device Device Device Device CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 3

  4. Access Control/Authorization • An access control system determines what rights a particular entity has for a set of objects • It answers the question – E.g., do you have the right to read /etc/passwd – Does Alice have the right to view the EECS website? – Do students have the right to share project data? – Does Dr. Jaeger have the right to change your grades? • An Access Control Policy answers these questions CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page

  5. Basic Access Control • Subjects are the active entities that do things – E.g., you, Alice, students, Dr. Jaeger • Objects are passive things that things are done to – E.g., /etc/passwd, CSE website, project data, grades • Operations are actions that are taken – E.g., read, view, share, change CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page

  6. Protection System • Any “system” that provides resources to multiple subjects needs to control access among them – Operating system – Servers • Consists of: – Protection State • Description of permission assignments (i.e., policy) • Determines protection from others – Protection State Operations • Modify that state CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 6

  7. Access Matrix • Subjects • Objects • Operations O 1 O 2 O 3 • Can determine – Who can access an object S 1 Y Y N – What objects can be accessed by a subject – What operations a subject can S 2 N Y N perform on an object S 3 N Y Y CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 7

  8. Access Control • Suppose the private key file for J is object O 1 – Only J can read • Suppose the public key file for J is object O 2 O 1 O 2 O 3 – All can read, only J can modify • Suppose all can read and write from J ? ? ? object O 3 • What ’ s the access matrix? S 2 ? ? ? S 3 ? ? ? CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 8

  9. Least Privilege • Limit permissions to those required and no more • Consider three processes for user J – Restrict privilege of the process J 1 to prevent leaks O 1 O 2 O 3 J 1 R R N? W W J 2 N R R W J 3 N R R W CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 9

  10. Protection Domains • The protection domain Protection domain restricts access of external parties to our computing system’s Memory resources • How is this done today? Program A • Memory protection • E.g., UNIX protected Files memory, file-system permissions (rwx…) • A protection state describes access of all programs CSE473 Operating Systems - Spring 2008 - Professor Jaeger 10

  11. Protection State Transitions • Transition – From one access matrix state to another – Add/delete subject, object, operation assignment • Transition semantics – Owner-driven – Delegation – Administrator-driven – Administrative permissions • Attenuation of Rights Principle – Can ’ t grant a right that you do not possess CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 11

  12. UNIX System • Originated in the late 60 ’ s, early 70 ’ s – Bell Labs: Ken Thompson, Dennis Ritchie, Douglas McIlroy • Multiuser Operating System – Enables protection from other users – Enables protection of system services from users CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 12

  13. UNIX Protection State • Subjects – Users -- UIDs: real, effective, file system, saved – Groups -- GIDs – Processes make accesses on behalf of users belonging to particular groups • Objects – Files – Directories • Operations – Read – Write – Execute CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 13

  14. UNIX UIDs • UIDs: real, effective, file system, saved • UID transitions – For login process: UIDs are root – After authentication, the shell ’ s UIDs are: tjaeger – Exec su: real is tjaeger; effective is root • Transitions among UIDs are complex R=1,E=1,S=0 setresuid(1, 1, 0) setresuid(1, 1, 0) setresuid(0, 0, 0) R=0,E=0,S=0 setresuid(0, 0, 0) setresuid(1, 0, 1) setresuid(1, 1, 0) setresuid(1, 0, 1) setresuid(0, 0, 0) setresuid(1, 0, 0) setresuid(1, 1, 0) setresuid(1, 0, 0) setresuid(0, 0, 0) R=1,E=0,S=1 setresuid(1, 0, 1) setresuid(0, 1, 1) setresuid(1, 1, 0) setresuid(0, 1, 0) setresuid(1, 1, 0) setresuid(0, 1, 1) setresuid(0, 0, 0) setresuid(1, 0, 1) setresuid(1, 0, 0) setresuid(0, 0, 0) setresuid(0, 1, 0) setresuid(1, 0, 1) setresuid(0, 1, 1) R=1,E=0,S=0 setresuid(1, 0, 0) setresuid(0, 0, 1) setresuid(1, 1, 0) setresuid(1, 1, 1) setresuid(0, 0, 1) setresuid(0, 0, 0) setresuid(0, 1, 0) setresuid(1, 0, 1) setresuid(0, 1, 1) setresuid(1, 0, 0) setresuid(1, 1, 1) setresuid(0, 1, 0) setresuid(1, 0, 0) R=0,E=1,S=1 setresuid(0, 1, 1) setresuid(0, 0, 1) setresuid(1, 0, 1) setresuid(0, 1, 0) setresuid(0, 1, 1) setresuid(0, 0, 1) setresuid(1, 0, 0) setresuid(1, 1, 1) R=0,E=1,S=0 setresuid(0, 1, 0) setresuid(0, 0, 1) setresuid(0, 1, 1) setresuid(1, 1, 1) setresuid(0, 1, 0) setresuid(0, 0, 1) setresuid(1, 1, 1) setresuid(1, 1, 1) R=0,E=0,S=1 setresuid(0, 0, 1) setresuid(1, 1, 1) R=1,E=1,S=1 setresuid(0, 0, 0) setresuid(0, 0, 1) setresuid(0, 1, 0) setresuid(0, 1, 1) setresuid(1, 0, 0) setresuid(1, 0, 1) setresuid(1, 1, 0) setresuid(1, 1, 1) (c) An FSA describing setresuid in Linux CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 14

  15. UNIX Access Control • Write the access matrix (access type x object) mcdaniel, fcse, and world for the following files: drwxr-xr-x 26 mcdaniel fcse 884 Feb 21 11:56 slides/ -rw-r--r-- 1 mcdaniel fcse 7098 Feb 20 16:01 www/index.html • Assume “slides” is an O 1 and index.html is O 2 jaeger R W X O 1 Y N Y O 2 Y N N CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 15

  16. Changing permissions • Change permissions of a file – chmod • chmod 644 file -- owner can read/write, group, others can read only • chmod u+x file -- adds execute permission for owner • Change owner of a file – chown • chown new_owner file • Change group of a file – chgrp • chgrp new_group file CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 16

  17. UID Transition: Setuid • A special bit in the mode bits • Execute file – Resulting process has the effective (and fs) UID/GID of file owner • Enables a user to escalate privilege – For executing a trusted service • User defines execution environment – e.g., Environment variables • Service must protect itself or user can gain root access CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 17

  18. Setuid Execution • Process A running as – UID=X • Fork process A to create process B – Both running with UID=X • The exec file C in process B with setuid bit set and owner of root – process A has UID=X – process B has UID=root CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 18

  19. Confused Deputy Problem • Situation – A program has authority (setuid root file) – Is confused into using that authority incorrectly • Example – Call httpd and supply libexecdir argument – Add your own libraries to overwrite passwd (if httpd runs as root) • Also a concern for network daemons – Why? • A motivation for capability systems – Discuss later CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 19

  20. Windows Security • 0 to full speed – No protection system in early versions • Advantage – Know the limits of the UNIX security model • What are these? • Disadvantage – Legacy approaches from insecure environment • Will they conflict with new protection system? CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 20

  21. Windows Subjects (Access Tokens) • User SID (subject identifier) – Authenticated SID • Group and Alias SIDs – Groups and Aliases that apply to this user • Privileges – Ad hoc rights • E.g., Take ownership of files • Like POSIX capabilities in UNIX • Defaults for New Objects – Access rights for new objects created (like umask) • Miscellaneous – login session ID – token ID CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 21

  22. Access Checking with ACEs • Example CSE473 Operating Systems - Spring 2008 - Professor Jaeger Page 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tier 1 Water Budget CTC SPC Meeting # 2/09 Agenda Item # 6.1 February 17, 2009 Gayle

Tier 1 Water Budget CTC SPC Meeting # 2/09 Agenda Item # 6.1 February 17, 2009 Gayle

CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region www.ctcswp.ca CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection

645 views • 48 slides
Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from performing illegal I/Os Memory protection Otto J. Anshus Prevent users from modifying kernel code and data (including slides from Kai Li,

350 views • 6 slides
The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is

The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is

The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is available for download through the Google Play and iTunes App Stores. The Protection Mainstreaming App is based on the Global Protection Cluster Guidance

260 views • 3 slides
I. Asset Protection Trusts Foreign Asset Protection Trusts Offshore Asset Protection

I. Asset Protection Trusts Foreign Asset Protection Trusts Offshore Asset Protection

I. Asset Protection Trusts Foreign Asset Protection Trusts Offshore Asset Protection Structure STRONGEST asset protection because its not under US law Hurdles FAPTs create for Creditors: o They dont recognize US judgments.

219 views • 9 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System Concepts 18.1

355 views • 19 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Silberschatz, Galvin, and Gagne

314 views • 16 slides
Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents

Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents

Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents Presented By: Robin Hylton Session on International Protection: Patents Patent Protection Outside the United States Paris Convention Basics

584 views • 54 slides
Groundwater Quality Vulnerability Analysis - WHPA delineation & vulnerability CTC SWP

Groundwater Quality Vulnerability Analysis - WHPA delineation & vulnerability CTC SWP

CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region www.ctcswp.ca CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection

486 views • 30 slides
Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly internal problem Protection: mechanism for controlling the access of programs, processes, or users to the resources defined by a computer

499 views • 16 slides
Protection & Advocacy Kentucky Protection & Advocacy Camille Collins What is P&A?

Protection & Advocacy Kentucky Protection & Advocacy Camille Collins What is P&A?

Protection & Advocacy Kentucky Protection & Advocacy Camille Collins What is P&A? Federal law requires that each state and U.S. Territory establish a protection and advocacy system. KY P&A is the established agency in

339 views • 20 slides
5 TOP TIPS TO SELL MORE PROTECTION! 5 TOP PROTECTION TIPS! AGENDA Turning water into wine!

5 TOP TIPS TO SELL MORE PROTECTION! 5 TOP PROTECTION TIPS! AGENDA Turning water into wine!

5 TOP TIPS TO SELL MORE PROTECTION! 5 TOP PROTECTION TIPS! AGENDA Turning water into wine! Multi claims - limited benefit plans Pay rise on claims Sick pay for self employed Marketing Protection 5 TOP TIPS FOR PROTECTION

1.02k views • 63 slides
Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses

Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses

Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses Protection domains Class hierarchy: root can to everything a normal user can do + alpha Access control matrix Domains (Users)

575 views • 24 slides
E L Consumer Consumer P Protection Protection M Project Project A S Nicole Gordillo,

E L Consumer Consumer P Protection Protection M Project Project A S Nicole Gordillo,

E L Consumer Consumer P Protection Protection M Project Project A S Nicole Gordillo, Tyler Ballesteros, Simone Singh, & Jackson McDonough E 47 U.S. Code 227 The Telephone Consumer Protection Act (TCPA) is a federal

431 views • 21 slides
Implementation of Source Protection Plan Policies Halton-Hamilton Source Protection Committee

Implementation of Source Protection Plan Policies Halton-Hamilton Source Protection Committee

Implementation of Source Protection Plan Policies Halton-Hamilton Source Protection Committee Meeting December 8, 2015 The Ministry of the Environment and Climate Change 2 Source Protection Plan Policy Approaches Source Protection

656 views • 46 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection

Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection

Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection Goals of protection schemes Domain of protection Mechanisms access matrix implementation of access matrix revocation of access

437 views • 14 slides
Computational Approaches for Efficient Scheduling of Steel Plants as Demand Response Resource Xiao

Computational Approaches for Efficient Scheduling of Steel Plants as Demand Response Resource Xiao

Computational Approaches for Efficient Scheduling of Steel Plants as Demand Response Resource Xiao Zhang 1 Gabriela Hug 2 J. Zico Kolter 1 Iiro Harjunkoski 3 1 Carnegie Mellon University 2 ETH Zurich 3 ABB Corporate Research PSCC 2016, Geona,

359 views • 18 slides
ICT for Energy Balanced Living Gerd Kortuem, Janet van der Linden, Blaine Price, Jacky Bourgeois

ICT for Energy Balanced Living Gerd Kortuem, Janet van der Linden, Blaine Price, Jacky Bourgeois

ICT for Energy Balanced Living Gerd Kortuem, Janet van der Linden, Blaine Price, Jacky Bourgeois The Open University gerd.kortuem@open.ac.uk We will all be ENERGY FARMERS soon ...? By September 2012 there were over 360,000 domestic

365 views • 21 slides
MINGLE UPDATE OCTOBER 2017 Community Sports Day Communal Composting Halloween Wright Book Box

MINGLE UPDATE OCTOBER 2017 Community Sports Day Communal Composting Halloween Wright Book Box

MINGLE UPDATE OCTOBER 2017 Community Sports Day Communal Composting Halloween Wright Book Box Mingle Activities to look forward to 2 December Christmas Carols February Molonglo Markets February Sips and Sounds March

863 views • 55 slides
Hounslow Local Economic Assessment Meeting with the Hounslow Local Strategic Partnership 16 th May

Hounslow Local Economic Assessment Meeting with the Hounslow Local Strategic Partnership 16 th May

Hounslow Local Economic Assessment Meeting with the Hounslow Local Strategic Partnership 16 th May 2011 0 1 The scope and purpose of the LEA: A reminder Upper Tier local authorities Preparation of the LDF, recognising have a statutory

377 views • 16 slides
Experience Reg Kontz Green Leagues 2 Green Leagues 3 Meet and Greet! Name Community League

Experience Reg Kontz Green Leagues 2 Green Leagues 3 Meet and Greet! Name Community League

1. Introduction Ronak Patel 1. Energy Efficiency Basics Brandon Sandmaier, Generate Energy 2. Energy Efficiency Upgrades: Community Cloverdales Workshop # 2 Outline Experience Reg Kontz Green Leagues 2 Green Leagues 3 Meet and

1.03k views • 80 slides
and nd Pr Prod oduct ctivity EU H2020 Centre of of Excellenc nce (CoE)

and nd Pr Prod oduct ctivity EU H2020 Centre of of Excellenc nce (CoE)

Perf erfor ormance e Opti Optimisa sation on and nd Pr Prod oduct ctivity EU H2020 Centre of of Excellenc nce (CoE) 1 Oc Octob ober 2015 31 March h

678 views • 32 slides
Straw Proposal Business Programs Follow-up Business Program Follow-up Topic Follow-up

Straw Proposal Business Programs Follow-up Business Program Follow-up Topic Follow-up

Triennial Plan II: Straw Proposal Business Programs Follow-up Business Program Follow-up Topic Follow-up How does EMs list of measures compare with other programs? What are the costs that make custom more expensive than

523 views • 13 slides
On Auditing Elections When Precincts Have Different Sizes Javed A. Aslam Raluca A. Popa and

On Auditing Elections When Precincts Have Different Sizes Javed A. Aslam Raluca A. Popa and

On Auditing Elections When Precincts Have Different Sizes Javed A. Aslam Raluca A. Popa and Ronald L. Rivest College of Computer and Computer Science and Artificial Information Science Intelligence Laboratory Northeastern University M.I.T.

706 views • 21 slides

More recommend