UNIX System Protection

Slides:



Advertisements
Similar presentations
Protection Goals of Protection Domain of Protection Access Matrix
Advertisements

Operating System Security
Chapter 4 Security in Ordinary Operating Systems
Chapter 6 Security Kernels.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.
Bilkent University Department of Computer Engineering
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Silberschatz, Galvin and Gagne  Operating System Concepts Common OS Components Process Management Memory Management File Management I/O System.
Sharing Files Richard Newman based on Smith “Elementary Information Security”
CS4315A. Berrached:CMS:UHD1 Operating System Structures Chapter 3.
G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Getting Started with Linux Linux System Administration Permissions.
Operating System Security CS460 Cyber Security Spring 2010.
Systems Security & Audit Operating Systems security.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Section 3.1: Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random.
April 2000Dr Milan Simic1 Network Operating Systems Windows NT.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
CS 390 Unix Programming Summer Unix Programming - CS 3902 Course Details Online Information Please check.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
G53SEC 1 Access Control principals, objects and their operations.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969.
Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.
Multics CysecLab Graduate School of Information Security KAIST.
UNIX Unit 1- Architecture of Unix - By Pratima.
Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
CSE Operating System Principles Protection.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
2Operating Systems  Program that runs on a computer  Manages hardware resources  Allows for execution of programs  Acts as an intermediary between.
Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.
Privileges: who can control what
Protection and Security
Protection and Security
Chapter 14: System Protection
Computer Data Security & Privacy
Chapter 8 File Security.
Privileges: who can control what
What is an Operating System?
The UNIX Time-Sharing System
OS Organization.
CE Operating Systems Lecture 21
Unix : Introduction and Commands
CGS 3763 Operating Systems Concepts Spring 2013
Security and File Permission
OS Access Control Mauricio Sifontes.
Copyright ©2008 by Pearson Education, Inc
UNIX Introduction.
Chapter 14: Protection.
Authorization and Identity
Outline Operating System Organization Operating System Examples
Computer Security Access Control
Access Control What’s New?
Preventing Privilege Escalation
Introduction and History
Presentation transcript:

UNIX System Protection

Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969

Design Features Written in C – portable Application program interface (API) – enabled programmers to write applications that are compatible with multiple platforms A small base program called “kernel” with a standard interface to interact

Security Security goal: Common mechanisms A common platform that could be shared by several users Security problem becomes one of “protection” Common mechanisms Password storage Protection ring Access control lists

Kernel and Processes A running Unix system consists of the kernel and the processes each running a program Protection ring boundary isolates the kernel from the processes Each process has its own address space The concept of “file” for representing all persistent system objects

Trusted Computing Base The set of software and data upon which the system depends for correct enforcement of system security goals Consists of the kernel and processes running with root (superuser) privilege

Unix Protection System What does protection mean? An access enforcement mechanism that authorizes requests from subjects to perform operations on objects Requests: read, write, etc. Subjects: users, processes, etc. Objects: files, sockets, etc.

Unix Protection System Protection state: describes the operations that system subjects can perform on system objects UNIX protection state specification Subjects: process identities Process identities: user id (UID), group id (GID), and a set of supplementary groups. Objects: files Access: read, write, execute Protection state is specified by an access control list (ACL) associated with each file

Unix File Each file is associated with: An owner UID and an owner GID Process with the owner UID privilege can modify the protection state “mode bits” describe the ACL of a file {owner bits, group bits, others bits}, where each element consists of a read bit, a write bit, and an execute bit e.g., rwxr--r--

Authorization Mechanism If the process UID corresponds to the owner UID of the file, use the mode bits for the owner to authorize access. Else if the process GID or supplementary groups correspond to the file’s group GID, use the mode bits for the group permissions. Otherwise, use the permissions assigned to all others.

Examples -rw-rw-r-- 1 simon faculty 14 Sep 8 03:59 file1 -rw-rw-r-- 1 user1 faculty 14 Sep 8 04:04 file2 -rw-rw-r-- 1 user2 students 14 Sep 8 04:04 file3 “simon” belongs to group “faculty” “user1”, “user2” belong to group “students” -r-------- 1 simon faculty 14 Sep 8 03:59 file1 ----r----- 1 user1 faculty 14 Sep 8 05:01 file2 -------r-- 1 user2 students 14 Sep 8 05:02 file3

Protection State Modification in Unix Protection state operations: enable a protection state to be modified In Unix, the protection state can be modified by any process that has the owner ID privilege This is called “discretionary access control” Essentially we have to trust all user-level processes to achieve the security goal of protection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.