Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Chapter 14a: Security I

14.2 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Chapter 14: Security The Security Problem Program Threats System and Network Threats

14.3 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Objectives Discuss security threats and attacks Explain fundamentals of encryption, authentication, and hashing Examine uses of cryptography in computing Describe various countermeasures to security attacks

14.4 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition The Security Problem Secure : resources used and accessed as intended under all circumstances Unachievable Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious

14.5 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Security Violation Categories Breach of confidentiality Unauthorized reading of data Breach of integrity Unauthorized modification of data Breach of availability Unauthorized destruction of data

14.6 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Security Violation Categories Theft of service Unauthorized use of resources Denial of service (DOS) Prevention of legitimate use

14.7 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Security Violation Methods Masquerading (breach authentication) Pretending to be authorized user to escalate privileges Replay attack Valid network communication repeated e.g., bank transaction

14.8 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Security Violation Methods Man-in-the-middle attack Intruder sits in data flow, masquerading as sender to receiver and vice versa Session hijacking Intercept an already-established session to bypass authentication

14.9 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Standard Security Attacks

14.10 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Standard Security Attacks

14.11 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Security Measure Levels Impossible to have absolute security, make cost to perpetrator sufficiently high to deter most intruders Security is as weak as the weakest link in the chain But can too much security be a problem?

14.12 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Security Measure Levels Security must occur at four levels: Physical  Data centers, servers, connected terminals Human  Avoid social engineering, phishing, dumpster diving Operating System  Protection mechanisms, debugging Network  Intercepted communications, interruption, DOS

14.13 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Chapter 14: Security The Security Problem Program Threats System and Network Threats

14.14 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats Many variations, many names Trojan Horse Code segment that misuses its environment Exploits mechanisms that allow programs written by users to be executed by other users  E.g., Spyware, pop-up browser windows ~80% of spam delivered by spyware-infected systems

14.15 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats Trap Door Specific user identifier or password that circumvents normal security procedures Could be included in compiler Logic Bomb Program initiates security incident under certain circumstances

14.16 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats (Cont.) Stack and Buffer Overflow Exploits a bug in program  E.g., overflow stack or memory buffers Failure to check bounds on inputs, arguments Write past arguments on stack... into the return address on stack Routine returns from call, returns to hacked address  Points to malicious code loaded onto stack

14.17 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Layout of Typical Stack Frame

14.18 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Modified Shell Code #include int main(int argc, char *argv[]) { execvp(‘‘\bin\sh’’,‘‘\bin \sh’’, NULL); return 0; }

14.19 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Hypothetical Stack Frame Before attack After attack

14.20 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Great Programming Required? Buffer overflow can be disabled by Disabling stack execution Adding bit to page table to indicate “non-executable” Available in SPARC and x86 Still have security exploits

14.21 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats (Cont.) Viruses Code fragment embedded in legitimate program Self-replicating, infects other computers Specific to CPU architecture, OS, applications Usually borne via or as macro  E.g., Visual Basic Macro to reformat hard drive Sub AutoOpen() Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide) End Sub

14.22 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats (Cont.) Virus dropper inserts virus onto system Many categories of viruses: File / parasitic Boot / memory Macro Source code Polymorphic to avoid having a virus signature Encrypted Stealth Tunneling Multipartite Armored

14.23 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats (Cont.) File / parasitic Appends itself to end of program file (parasite) After execution, returns control to original program  Difficult to detect! Boot / memory Infects boot sector on disk Runs on boot (before OS loaded) Macro Written in high-level language E.g., Visual Basic Macro in MS Word, Excel

14.24 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats (Cont.) Source code Looks for source code files on system Modifies source code to execute virus Polymorphic Changes virus signature each time it’s installed Difficult to detect Encrypted Decrypted before executed Difficult to detect

14.25 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats (Cont.) Stealth Modify parts of system used to detect it E.g., modify system calls Tunneling Virus installs itself in interrupt-handler chain Also device drivers Bypasses detection

14.26 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Program Threats (Cont.) Multipartite Infects multiple parts of the system Armored Difficult to unravel / understand

14.27 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition The Threat Continues Attacks still common, still occurring Moved from science experiments to cyber-terrorism Target specific companies, governments Botnets as tool for spam and DDOS delivery Keystroke logger grab passwords, credit card numbers

14.28 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Chapter 14: Security The Security Problem Program Threats System and Network Threats

14.29 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition System and Network Threats Some systems “open” rather than secure by default Reduce attack surface Harder to use, more knowledge needed to administer

14.30 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition System and Network Threats Network threats harder to detect, prevent Protection systems weaker More difficult to have shared secret to base access No physical limits once system attached to Internet  Or on network with system attached to Internet Determining location of connecting system difficult  IP address is only knowledge

14.31 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition System and Network Threats (Cont.) Worms – use spawn mechanism; standalone program Internet worm Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs Exploited trust-relationship mechanism used by rsh to access friendly systems without use of password

14.32 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition System and Network Threats (Cont.) Internet worm (cont.) Grappling hook program uploaded main worm  99 lines of C Hooked system then uploaded main code  Tried to attack connected systems  Tried to break into other users accounts on local system via password guessing

14.33 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition The Morris Internet Worm

14.34 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition System and Network Threats (Cont.) Port scanning Automated attempt to connect to range of ports  On one or range of IP addresses Detect OS and version running on system Detect answering service protocol  Attacks known services + vulnerabilities Frequently launched from zombie systems  Decreases traceability nmap program scans all ports in given IP range

14.35 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition System and Network Threats (Cont.) Denial of Service Overload targeted computer  Prevent it from doing any useful work Distributed denial-of-service (DDOS) come from multiple sites at once Consider web site traffic  Popular vs. target? Accidental – CS students writing bad fork() code Purposeful – extortion, punishment

14.36 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition Sobig.F Worm Disguised as photo uploaded to adult newsgroup Via account created with stolen credit card Targeted Windows systems Had own SMTP engine to mail itself as attachment to everyone in infected system’s address book Disguised with innocuous subject lines, looking like it came from someone known Attachment was executable program that created WINPPR23.EXE in default Windows system directory Also modified Windows registry

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 2 nd Edition End of Chapter 14a