Chapter 29: Program Security

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

Operating System Security
Lectures on File Management
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lecture 7 Access Control
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
The Islamic University of Gaza
Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.
CHAPTER 2: COMPUTER-SYSTEM STRUCTURES Computer system operation Computer system operation I/O structure I/O structure Storage structure Storage structure.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 3: Operating-System Structures System Components Operating System Services.
Software Security and Security Engineering (Part 2)
CE Operating Systems Lecture 3 Overview of OS functions and structure.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Design Principles and Common Security Related Programming Problems
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 23: Vulnerability Analysis Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Vulnerability Analysis
Chapter 2: Computer-System Structures(Hardware)
Chapter 2: Computer-System Structures
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: System Protection
Chapter 2: System Structures
Operating System Structure
Introduction to Operating System (OS)
Chapter 29: Program Security
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
Advanced System Security
Chapter 14: Protection.
Chapter 19: Building Systems with Assurance
Privilege Separation in Condor
Chapter 14: Protection.
Chapter 2: System Structures
Module 2: Computer-System Structures
Chapter 23: Vulnerability Analysis
Chapter 28: User Security
Design Principles and Security related problem
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
Computer Security: Art and Science, 2nd Edition
Chapter 2: Operating-System Structures
Operating Systems Lecture 3.
Security.
Chapter 14: Protection.
Introduction to Operating Systems
Outline Chapter 2 (cont) OS Design OS structure
Module 2: Computer-System Structures
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Chapter 29: Program Security
System calls….. C-program->POSIX call
Operating System Concepts
Security in SDR & cognitive radio
Chapter 2: Computer-System Structures
Chapter 2: Computer-System Structures
Module 2: Computer-System Structures
Chapter 2: Operating-System Structures
Module 2: Computer-System Structures
Access Control What’s New?
Presentation transcript:

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers

Requirements and Policy Access to a role account is based on user, location, and time of request. The settings of the role account’s environment shall replace the corresponding settings of the user’s environment, but the remainder of the user’s environment shall be preserved. Only root can alter the access control information for access to a role account. The mechanism shall allow both restricted access and unrestricted access to a role account. For unrestricted access, the user shall have access to a standard command interpreter. For restricted access, the user shall be able to execute only a specified set of commands. Access to the files, directories, and objects owned by any account administered by use of this mechanism shall be restricted to those authorized to use the role account, to users trusted to install system programs, and to root.

Threats An unauthorized user may obtain access to a role account as though she were an authorized user. An authorized user may use a nonsecure channel to obtain access to a role account, thereby revealing her authentication information to unauthorized individuals. An unauthorized user may alter the access control information to grant access to the role account. An authorized user may execute a Trojan horse ( or other form of malicious logic), giving an unauthorized user access to the role account. An authorized user may obtain access to a role account and perform unauthorized commands. An authorized user may execute a command that performs functions that the user is not authorized to perform. An authorized user may change the restrictions on the user/s ability to obtain access to the account.

Design Framework User Interface High-Level Design Obtain role account, command, user, location, time of day. Check that user is allowed to access role account Obtain user/group information for role account Overlay child process with command interpreter that spawns the named command Overlay child process with command interpreter Requirement 29.3.1: combines requirements 29.2.4 with 29.2.1

Design Access to Roles and Commands Interfaces Internals Minimize amount of information passed to access checking module Boolean accessok(role rname, command cmd); Internals Obtain user ID, Time, entry point, remote host Obtain handle to the access control information Iterate through records until data matched Storage of the Access Control Data

Refinement and Implementation 1rst Level Refinement: Pseudo-code 2nd Level Refinement: map to a language Code Functions Obtaining location The access control record structure Error handling in the Reading and Matching Routines

Common Security-Related Programming Problems Improper Choice of Initial Protection Domain Process Privileges Structure the process so that all sections requiring extra privileges are modules. The modules should be as small as possible and should perform only those tasks that require those privileges Check that process privileges are set properly Access Control File Permissions Protect program that is executed to create the process, and all associated control files, from unauthorized use/modification. [any modification must be detected] Ensure that any assumptions in the program are validated.

Common Security-Related Programming Problems Memory Protection Ensure that program does not share objects in memory with other programs & programs cannot access memory of a privileged process Configure memory to enforce principle of least privilege. Trust in the System Identify all system components on which the program depends. Check for errors whenever possible.

Common Security-Related Programming Problems Improper Isolation of Implementation Detail Check error status of every function Resource Exhaustion and User Identifiers Validating Access Control Entries Restricting Protection Domain of Role Process

Common Security-Related Programming Problems Improper Change Memory Synchronize process interaction with other processes Asynchronous exception handlers should not alter any variables except those that are local to module. Separate trusted data from data from untrusted sources Changes in File Contents Do not use components that may change between the time the program is created and time it is run. Race Conditions in File Access Time-of-check-to-time of use problem

Common Security-Related Programming Problems Improper Naming Unique objects require unique names Process must ensure that the context in which an object is named identifies the correct object Improper Deallocation / Deletion Erase sensitive object when the process finishes using, then deallocate or delete Improper Validation Bounds checking Ensure array references access existing elements of array Type Checking Check types of functions and parameters Ensure compiler reports inconsistencies in types

Common Security-Related Programming Problems Improper Validation Error Checking Check function and procedure executions for errors Checking for Valid, not Invalid, Data Check that variable’s values are valid If trade-off between security and other factors results in a mechanism/procedure that can weaken security, document reasons for decision, possible effects, and situations in which the compromise method should be used.

Common Security-Related Programming Problems Improper Validation Checking Input Check all user input for both form and content Designing for Validation Create data structures and functions that can be validated Improper Indivisibility If two operations must be performed sequentially without an intervening operation, use mechanism to ensure that the two cannot be divided

Common Security-Related Programming Problems Improper Sequencing Describe legal sequences of operations on a resource/object. Improper Choice of Operand / Operation Use software engineering & assurance techniques to ensure that operations and operands are appropriate

Testing, Maintenance, and Operation Testing the Module List all interfaces Test normal data Test boundary data Test exceptions (interrupts & traps) Test random data Testing Composed Modules Test error handling Testing the Program (use non-tester personnel)

Distribution Who can use the program? How can the integrity of the master copy be protected? How can the availability of the program be ensured?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.