Operating System Security & Smartphones Md Shahrear Iqbal PhD student QRST Lab, School of computing queen’s university, Kingston, Ontario, Canada.

CISC 324: Security & Protection

Concepts Protection: Security: Mechanisms and policy to keep programs and users from accessing or changing stuff they should not do Internal to OS Chapter 14 in Silbershatz Security: Issues external to OS Authentication of user, validation of messages, malicious or accidental introduction of flaws, etc. Chapter 15 of Silbershatz

Goals of Protection In one protection model, computer consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well- defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks Limits damage if entity has a bug, gets abused Can be static (during life of system, during life of process) Or dynamic (changed by process as needed) – domain switching, privilege escalation “Need to know” a similar concept regarding access to data Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

Principles of Protection (Cont.) Must consider “grain” aspect Rough-grained privilege management easier, simpler, but least privilege now done in large chunks For example, traditional Unix processes either have abilities of the associated user, or of root Fine-grained management more complex, more overhead, but more protective File ACL lists, RBAC Domain can be user, process, procedure Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

The Security Problem System secure if resources used and accessed as intended under all circumstances Unachievable Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious misuse Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

Security Violation Categories Breach of confidentiality Unauthorized reading of data Breach of integrity Unauthorized modification of data Breach of availability Unauthorized destruction of data Theft of service Unauthorized use of resources Denial of service (DOS) Prevention of legitimate use Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

Security Measure Levels Impossible to have absolute security, but make cost to perpetrator sufficiently high to deter most intruders Security must occur at four levels to be effective: Physical Data centers, servers, connected terminals Human Avoid social engineering, phishing, dumpster diving Operating System Protection mechanisms, debugging Network Intercepted communications, interruption, DOS Security is as weak as the weakest link in the chain But can too much security be a problem? Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

Program Threats Many variations, many names Trojan Horse Trap Door Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Spyware, pop-up browser windows, covert channels Up to 80% of spam delivered by spyware-infected systems Trap Door Specific user identifier or password that circumvents normal security procedures Could be included in a compiler How to detect them? Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

Program Threats (Cont.) Logic Bomb Program that initiates a security incident under certain circumstances Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers) Failure to check bounds on inputs, arguments Write past arguments on the stack into the return address on stack When routine returns from call, returns to hacked address Pointed to code loaded onto stack that executes malicious code Unauthorized user or privilege escalation Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

Smartphone Security

Security Risks Asset

Security Risks Asset Threat Hacker Malware

Security Risks Vulnerable Operating Systems Vulnerable Apps New Technologies Asset Threat Vulnerability Risk malware

Existing Security for fighting Malware

Smart City Smart City Smart People Smart Econ. Smart Env. Smart Gov. Smart Living Smart Mobility Embrace creativity Inclusive society 21st century education Entrepreneurship & innovation Productivity Local & global interconnectedness Green buildings Green energy Green urban planning Enabling supply & demand side policy Transportation & open data Healthy ICT & eGov Safe Culturally vibrant & happy Clean & non-motorized options Integrated ICT Mixed-modal access Government: exercise control over the actions of the members, citizens, or inhabitants of communities, societies, and states a native or naturalized member of a state or nation who owes allegiance to its government and is entitled to its protection(distinguished from alien ). 2.an inhabitant of a city or town, especially one entitled to its privileges or franchises. A smart city (also smarter city) uses digital technologies to enhance performance and well being, to reduce costs and resource consumption, and to engage more effectively and actively with its citizens Key enabling technologies for Smart Cities include the Internet of Things (IoT), public Wi-Fi, ubiquitous cellular coverage and smartphone apps.   Smartphone and smartphone apps, will be the face of the Smart City and bridge the users to the Internet of Things (IoT) devices, information, services and the community.    Smart City mobile applications are cornerstones of a Smart City.  

Smartphone Smart Country Smart Security Framework Smart communication API for apps Prevention Monitor and Control Framework management API for anti-virus Provide custom monitors Maintaining separate execution profiles Reporting suspicious activity Execution zones Service providers Security modes Smart communication Data safety Surveillance Behavioral analysis and detection Controlling malware Offload computation Maintain a list of trusted devices Maintain application status Smart Phone Report malware Maintain device context Maintain relationship between apps Fine-grained access control Smart Country Smart Security Framework

Implementation View Applications Application framework Restricted Zone New App Zone Trusted App Zone Untrusted App Zone High Privilege App Zone App 6 App 8 App 1 App 2 App 3 App 5 App 4 App 7 Zone and Policy Manager App Market Application framework Secure Communication K Application Status and Relationship Management Context Management Package Installer Policy Management Permission Checker Trusted Device Management Computation Offloading Management Security Mode Management High Privilege App Service Provider Zone Management Data Safety Management API Management Hardware OS Sensors App Behavior Surveillance Custom Telephony/SMS Communication Channels K

Job & Grad Life

Questions