CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

Slides:



Advertisements
Similar presentations
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Advertisements

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
8.2 Discretionary Access Control Models Weiling Li.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
Protection.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Chapter 14 Protection Bernard Chen Spring Goal of Protection Protection was originally conceived as an adjunct to multiprogramming operation.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 AE4B33OSS Chapter 14: Protection Goals of Protection Principles of Protection Domain.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
Cosc 4740 Chapter 13: Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique.
Protection Nadeem Majeed Choudhary
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Modul ke: Fakultas Program Studi Proteksi SISTEM OPERASI Misbahul Fajri, ST., MTI. 14 FASILKOM Teknik Informatika.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 10 & 11: File-System Interface and Implementation.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Chapter 14: Protection Goals.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Goals of Protection Operating.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Goals of Protection Operating system consists of a collection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
CSE Operating System Principles Protection.
ACCESS MATRIX IMPLEMENTATION AND COMPARISON By: Rushabh Dharwadkar Roll no: TE COMP.
18.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 18: Protection Goals of Protection Domain of Protection Access Matrix.
Chapter 17: System Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 17: Protection Goals of Protection Principles.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
PROTECTION.
Protection and Security
Operating Systems Protection Alok Kumar Jagadev.
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Chapter 14: System Protection
Operating System Concepts
Chapter 14: Protection.
Chapter 14: Protection Source & Copyright: Operating System Concepts, Silberschatz, Galvin and Gagne.
Chapter 14: Protection.
Chapter 14: Protection.
CE Operating Systems Lecture 21
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Access Control.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 14: Protection.
Operating System Concepts
Chapter 14: Protection.
Presentation transcript:

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 2 Computer Security 1. External Security: Physical access to computer facility 2. Interface Security: Authentication of user 3. Internal Security: u Protection: control of access within computer systems u Communication security: control of information on communication lines between computer systems u File security: control of stored information

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 3 Potential Security Violations Unauthorized information release: Unauthorized person can read information or use computer program Unauthorized information modification: Unauthorized person can change information Unauthorized denial of service: Unauthorized person prevents authorized users from accessing system (including overload, change in scheduling algorithms, etc.)

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 4 Policies and mechanisms; Protection domain Policies and mechanisms - Policies: what should be done Security policies: which user can have access to what resources - Mechanisms: how it should be done Protection: mechanisms that control user access to system resources Protection vs. security: Protection is a mechanism and security is a policy. Protection domain of a process - Process domain: Resources that can access Operations it can use on these resources - Protection domain changes when control moves to another process - Policy: process should access only resources it needs for its task

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 5 Design Principles for Secure Systems (Saltzer and Schroeder) Economy: Protection mechanism should be economical, i.e. low development cost and low system overhead Complete mediation: every request to access an object should be validated Open design: protection mechanism should work even if its design is well known Separation of privileges: protection mechanism should require two conditions to allow access Least privilege: a process should receive only minimum access rights required to complete its task Least common mechanism: minimum shared mechanism between users. Shared mechanisms (variables) can become information path Acceptability: Protection mechanism should be easy to use Fail-safe defaults: Default case should be denial of access.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 6 The Access Matrix Model Model components – Current objects: set of entities, ‘O’, to which access is to be controlled Examples: files, memory pages, devices – Current subjects: set of entities, ‘s’, that access current objects (s  o) Example: (process, domain) pair – Generic rights/rules: access rights that subjects can have to objects: R={r 1, r 2,…,r m } Examples: read, write, execute, own, block

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 7 The access matrix model (cont.) Protection state of a system Triplet (S, O, P) Where P is the access matrix

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 8 Enforcing a Security Policy A security policy is enforced by validating every user access for appropriate access rights Subject Object Object S Monitor O 1. Subject ‘S’ requests access ‘  ’ to object ‘O’ 2. Protection system gives (S, , O) to monitor for ‘ O’ 3. Monitor validates access rights of ‘S’ to ‘O if   P [s,o] then access permitted else access denied Example:

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 9 Implementations of the Access Matrix (1) Capability-based method: - Decompose the access control matrix by rows and delete null entries - A row has access rights of a subject to objects (2) Access control list method: - Decompose the access control matrix by columns and delete null entries - A column has access rights of all subjects to an object (3) Lock-key method: - Combination of capability-based and access control list methods

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 10 (1) Capability-Based Method Capability: Tuple (O, P[S,O]) Each subject assigned a list of capabilities, one for each object it is allowed to access Capability structure: - Object descriptor: points of object - Access rights: list of all access rights the subject is allowed on the object Object Descriptor Access Rights (read, write, execute)

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 11 (1) Capabilities-Based Method (cont.) Principles: – Each subject has a collection of capabilities, one for each object, to which has access – Each object is protected by a guard (monitor), which holds object identifier – When a subject presents a capability that matches identifier, access is allowed Model of a descriptor-based capability system with authentication mechanism 1. User presents id and password 2. System authenticates user 3. System creates a process S and assigns it capabilities in respective catalog 4. Process S can access all segments for which has capabilities

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 12

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 13 (1) Capabilities-Based Method (cont.) Capability-based addressing

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 14 (1) Capabilities-Based Method (cont.) - Concepts: Integrate capabilities with main memory addressing mechanisms Keep separate capability information from object location info. (to allow simultaneous access to shared objects) - Effective address: capability id of object + offset within object - Operation: Search capability list vs. id Validate access Search object table w. object descriptor Physical location = base + offset - Advantages: relocatability and sharing - Example: IBM system/38

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 15 Implementation considerations Protection of capabilities - Issues: capabilities should be protected against unauthorized changes - Solutions: (a) tagged approach, (b) partitioned approach (a) Tagged approach: · Additional bits (flag) to each memory Location and processor register On - capability Off - ordinary data (user data or instruction) Separate instructions can modify locations if ‘On’; not available to users · Examples: Burroughs B6700, Rice Research Computer (b) Partitioned approach: · Separate partitions within object (segments), for capabilities and ordinary data · Separate processor registers also · Users cannot access segments and registers with capabilities · Examples: Plessey system and Chicago Magic Number Machine

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 16 Advantages of Capabilities - Efficiency: easy test of access rights - Simplicity: simple implementation of addressing - Flexibility: ease of defining access rights

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 17 Issues With Capabilities Control of propagation: - Issue: how to control propagation of capabilities once the object owner has given a capability to another subject - Options: · Add a ‘copy bit’ to each capability · Provide a depth counter incremented/decremented w. each copy Review: - Issue: difficult to implement review of access, i.e. identification of all subjects which can access an object - Option: partitioned approach makes it easier Revocation of access rights: - Issue: once a capability is given to a subject, it is difficult to revoke - Options: destroy copy of object or indirect addressing Garbage collection: - Issue: when all capabilities for an object disappear, object has to be removed - Options: keep count of copies of capabilities & detect zero Domain switching - Issue: how does the set of capabilities change when subject changes domains - Option: ‘enter’ capability

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 18 Revocation of Capabilities Capabilities are granted to subject A subject who has a capability may want to give a copy to another subject Problem: after giving a capability to another subject the initial subject may want to revoke it (take it back) Solution: - Owner of object X creates C – capability that points indirectly to descriptor for X - Owner of object X gives C to other subjects - To revoke it, X is removed

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 19

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 20 Domain Switching Processes may need to switch from one set of capabilities (domain) to another set (domain) to perform a task. Domain switching with ‘enter’ capabilities (Dennis & Van Horn) - Enter capability points to capability list for procedure to be called (entry point in a protected subsystem) - When entry point is called, domain is switched to that of called procedure; domain restored at procedure return

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 21

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.