security in an operating system
play

Security in an Operating System Operating systems need to protect - PowerPoint PPT Presentation

Sep 26, 2023 •5.84k likes •6.18k views

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

  1. H – Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: ● a program accidentally overwrites a file; ● a user issues “rm -rf *”, unaware of the current working directory. Intentional security violations, e.g.: ● a user reads data that he/she is not supposed to read; ● a user tries to gain control of another user's process in order to perform operations for which he/she does not have permission. Accidental security violations are easier to deal with, because they are usually limited to unintentional write operations. CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  2. H – Security Security in UNIX Security permissions in UNIX: R ead, W rite, e X ecute. Every object has a user (the owner ) and a group . Different security permissions may be specified for user , group , and others . Types of objects: ● files; ● directories; ● mounted file systems; ● shared memory segments; ● message queues; ● ... In addition, Access Control Lists (ACLs) allow to grant more specific permissions, e.g., the permission to change permissions. CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  3. H – Security Principle of Least Privilege In UNIX, a process by default has the same rights as its owner. Problem: What if the program contains a bug that corrupts some data completely unrelated to the program itself? Solution: Protection domains. A protection domain is a set of objects (e.g., list of files) with associated access permissions. The objects do not need to be listed explicitly. The protection domain of a process may be different from the pro- tection domain of its user. UNIX does not explicitly support protection domains, but: setuid, setgid, setfsuid, chroot, ... CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  4. H – Security Principle of Least Privilege Violations of the principle of least privilege are ubiquitous. Examples: ● Rights management in UNIX: Almost every user process runs with all of the user's privileges. ● Monolithic kernels: Every part of the kernel has access to the entire system. ● System administrator: Does the admin really need to have access to every process's address space in order install a new software package? ● When machine A mounts a file system on machine B via NFS, should root on A have the same access privileges as root on B ? CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  5. H – Security Authentication How does a user convince the computer that she really is who she is? ● password-based authentication; ● biometrical authentication, e.g., retina scan, fingerprint; ● cryptographical authentication; ● physical tokens. All four types of authentication have advantages and disadvantages. Which one is the best? In addition to the above four, there are some bogus mechanisms, such as my bank asking me for the name of my first pet whenever I do on-line banking from a previously unseen IP address. CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  6. H – Security Biometrical Authentication Biometrical authentication makes it very difficult for a person to impersonate another person. retina scan, voice recognition, fingerprint, ... However: ● Biometrical authentication only works if the computer that performs the authentication is trustworthy. ● If user U establishes her authenticity with computer A , how is A going to convince computer B that U is really U ? ● Biometrical authentication is expensive and inherently error- prone (it is a physical measurement after all). CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  7. H – Security Token-Based Authentication Tokens can be stolen. Therefore, token-based authentication is usually combined with one of the other three authentication types. For example: ● smart card with built-in fingerprint recognition device; ● debit card with PIN (password authentication); ● credit card with physical signature ( really secure! ). CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  8. H – Security Password-Based Authentication Password-based authentication is the oldest type of authentication and is the easiest to realize. Passwords are no physical items and therefore cannot be stolen. Unfortunately, it is possible to guess a password (and to forget it...). Also possible: Rubber-hose attack (or rubber-hose cryptanalysis ). ...the rubber-hose technique of cryptanalysis (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive) (Marcus J. Ranum on sci.crypt, 1990-10-16) CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  9. H – Security Password-Based Authentication (http://ask.yahoo.com/20041022.html) CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  10. H – Security Password-Based Authentication Further shortcomings of password-based authentication: ● If I use a password to convince a computer that I am I, then what prevents the computer (or the computer's administrator) to pretend it is me when communicating with other computers? ● If I login to a computer remotely, how do I make sure the password can only be read by the target machine and not by any other computer on the network packet's way to the target machine? ● How does the computer check that the password is actually correct? Needs to maintain a persistent (on-disk) database of all passwords – but what if the hard drive gets stolen (or thrown away)? CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  11. H – Security Cryptographical Authentication From a mathematical point of view, cryptographical authentication is the strongest form of authentication. General idea: The user proves to the computer that she has knowledge of a certain fact ( referred to as secret key or private key ) , but does not reveal the fact itself. Problem: Cryptographical authentication involves complex calculations that can easily take many hours if performed by a human. Thus, the human needs the help of the computer, but can the computer be trusted? The secret fact must be difficult to guess, which usually makes it rather difficult to remember it. ⇒ Use a passphrase to encrypt the secret. CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  12. H – Security Encrypted Communication Assume we want to transmit a password between two computers A and B . There are known mechanisms (e.g., the Advanced Encryption Standard – AES) to encrypt the communication taking place between A and B . But all such methods require A and B to share a common secret, the session key , that let's them encrypt and decrypt messages. Maybe A and B agreed on a session key ahead of time, but for many applications (e.g., online banking), this is not possible. How to transmit the session key? CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  13. H – Security Diffie-Hellman Key Exchange Invented by Diffie and Hellman in 1976 (and by some British spook a few years earlier). Fix a prime number P and a generator G . Generator means that for every 0 ≤ X < P there is a Y such that G Y mod P = X . A generator always exists. Neither P nor G need to be kept secret. A picks a random number R A , 0 ≤ R A < P , and sends G R A mod P to B . B picks a random number R B , 0 ≤ R B < P , and sends G R B mod P to B . The secret key is ( G R A ) R B mod P = ( G R B ) R A mod P = ( G R A* R B ) mod P . An eavesdropper can hear G R A and G R B , but neither R A nor R B . Finding X , given G X (mod P ) is called the Discrete Logarithm problem (DL). Nobody knows how to solve it. CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

  14. H – Security Man-In-The-Middle Attacks The problem with Diffie-Hellman is that it assumes that G R A (or G R B ) actually originated from A (or B ). However, in an unsecure network we cannot be sure of anything. A third computer might pretend to be A when talking to B and B when talking to A . SSL addresses this problem by introducing key fingerprints: [stu@stu slides]$ ssh sbuettcher@student.cs.uwaterloo.ca The authenticity of host 'student.cs.uwaterloo.ca (129.97.152.10)' can't be established. RSA key fingerprint is a7:56:ce:63:48:f7:6e:73:8d:67:07:3e:1b:5d:4a:d8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'student.cs.uwaterloo.ca,129.97.152.10' (RSA) to the list of known hosts. sbuettcher@student.cs.uwaterloo.ca's password: Problem: It is too convenient to simply type “yes”. CS350 – Operating Systems Stefan Buettcher University of Waterloo, Fall 2006 <sbuettch@uwaterloo.ca>

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Operating System Security It is also important to understand the operations and the

Operating System Security It is also important to understand the operations and the

Security risks exist for all operating systems and are not new. It is important to know the existing threats. Operating System Security It is also important to understand the operations and the vulnerabilities of your OS. Try to

214 views • 8 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 23, 2005 Lecture 11 Lecture 11 Page 1 Page 2

553 views • 8 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 27, 2006 Lecture 12 Lecture 12 Page 1 Page 2

329 views • 9 slides
OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC

704 views • 27 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

981 views • 39 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

588 views • 20 slides
Integrating Flexible Support for Security Policies into the Linux Operating System

Integrating Flexible Support for Security Policies into the Linux Operating System

Integrating Flexible Support for Security Policies into the Linux Operating System http://www.nsa.gov/selinux Stephen D. Smalley sds@tycho.nsa.gov Information Assurance Research Group National Security Agency (Slight modifications by David

542 views • 19 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design Security Properties Confidentiality? Integrity? Availability? Authenticity? CS

437 views • 22 slides
Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection Interprocess communications protection Security for Networks and File protection System Software Authentication May 20, 2002 Lecture 13 Lecture

348 views • 12 slides
Module 3: Operating-System Structures System Components Operating System Services

Module 3: Operating-System Structures System Components Operating System Services

Module 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Silberschatz and

714 views • 35 slides
Module 3: Operating-System Structures System Components Operating-System Services

Module 3: Operating-System Structures System Components Operating-System Services

' $ Module 3: Operating-System Structures System Components Operating-System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation &amp; %

589 views • 13 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Lecture 5a: case Study DAC DAC in UNIX Access control policy by Unix: Authorizing

Lecture 5a: case Study DAC DAC in UNIX Access control policy by Unix: Authorizing

Lecture 5a: case Study DAC DAC in UNIX Access control policy by Unix: Authorizing requests that processes make to perform operations on files. File names are used in Unix to name most other system resources, too. All operations

878 views • 40 slides
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel and Suman Janna Some slides are from

1.03k views • 58 slides
Access Control Information Security Dr Hans Georg Schaathun University of Surrey Autumn 2011

Access Control Information Security Dr Hans Georg Schaathun University of Surrey Autumn 2011

Access Control Information Security Dr Hans Georg Schaathun University of Surrey Autumn 2011 Week 9 Dr Hans Georg Schaathun Access Control Autumn 2011 Week 9 1 / 1 The session Outline Dr Hans Georg Schaathun Access Control

883 views • 67 slides
COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/

COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/

CSE484/CSE584 COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/ ://courses.c .cs.washin ington.e .edu/courses/cse484/14au Course Logistics 3 Office hours: Tuesday after class Office hours: Mon

826 views • 59 slides
Security Overview Different aspects of security User authentication Protection mechanisms

Security Overview Different aspects of security User authentication Protection mechanisms

CS399 New Beginnings Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses, worms, mobile

825 views • 59 slides
From NetAPT to NP-View A Case Study in Transferring

From NetAPT to NP-View A Case Study in Transferring

COORDINATED SCIENCE LABORATORY ENGINEERING AT ILLINOIS From NetAPT to NP-View A Case Study in Transferring Technology from Academia to Industry ITI.ILLINOIS.EDU Robin

750 views • 45 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
Brett Sun @sohkai Building Modular Organizations and the governance structures

Brett Sun @sohkai Building Modular Organizations and the governance structures

Brett Sun @sohkai Building Modular Organizations and the governance structures underlying them Experiment at the speed of software Core Sandboxed app But thats not all Factory:

461 views • 44 slides

More recommend