Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Slides:



Advertisements
Similar presentations
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Advertisements

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
VM: Chapter 5 Guiding Principles for Software Security.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 17 Page 1 CS 111 Spring 2015 Operating System Security CS 111 Operating Systems Peter Reiher.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Software Engineering Experimentation Rules for Reviewing Papers Jeff Offutt See my editorials 17(3) and 17(4) in STVR
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Security CS Introduction to Operating Systems.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Deadlock Detection and Recovery
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
Operating Systems Security
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 5 Page 1 CS 236 Online Key Management Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back.
Lecture 17 Page 1 CS 111 Fall 2015 Operating System Security CS 111 Operating Systems Peter Reiher.
Secure Operating Systems Lesson F: Capability Based Systems.
Presented by: Dr. Munam Ali Shah
Lecture 3 Page 1 CS 136, Fall 2010 Security Mechanisms CS 136 Computer Security Peter Reiher September 30, 2010.
Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.
Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Lecture 7 Page 1 CS 111 Online Process Communications and Concurrency CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture 3 Page 1 CS 136, Winter 2010 Security Mechanisms CS 136 Computer Security Peter Reiher January 12, 2010.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 12 Page 1 CS 111 Summer 2014 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
Lecture 2 Page 1 CS 136, Spring 2016 Security Principles, Policies, and Tools CS 136 Computer Security Peter Reiher March 31, 2016.
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Lecture 2 Page 1 CS 136, Fall 2011 Security Principles, Policies, and Tools CS 136 Computer Security Peter Reiher September 27, 2011.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Outline Security design principles Security policies Basic concepts
Outline Basic concepts in computer security
Protecting Memory What is there to protect in memory?
Security+ All-In-One Edition Chapter 1 – General Security Concepts
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Outline What does the OS protect? Authentication for operating systems
Outline Security design principles Security policies Basic concepts
Outline What does the OS protect? Authentication for operating systems
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.
Presentation transcript:

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least common mechanism Acceptability Fail-safe defaults

Lecture 18 Page 2 CS 111 Online Economy in Security Design Economical to develop – And to use – And to verify Should add little or no overhead Should do only what needs to be done Generally, try to keep it simple and small As OS grows, this gets harder

Lecture 18 Page 3 CS 111 Online Complete Mediation Apply security on every access to a protected object – E.g., each read of a file, not just the open Also involves checking access on everything that could be attacked Hardware can help here – E.g., memory accesses have complete mediation via paging hardware How does this play with the previous principle of economy?

Lecture 18 Page 4 CS 111 Online Open Design Don’t rely on “security through obscurity” Assume all potential attackers know everything about the design – And completely understand it This doesn’t mean publish everything important about your security system – Though sometimes that’s a good idea Obscurity can provide some security, but it’s brittle – When the fog is cleared, the security disappears Windows (closed design) is not more secure than Linux (open design)

Lecture 18 Page 5 CS 111 Online Separation of Privilege Provide mechanisms that separate the privileges used for one purpose from those used for another To allow flexibility in security systems E.g., separate access control on each file

Lecture 18 Page 6 CS 111 Online Least Privilege Give bare minimum access rights required to complete a task Require another request to perform another type of access E.g., don’t give write permission to a file if the program only asked for read

Lecture 18 Page 7 CS 111 Online Least Common Mechanism Avoid sharing parts of the security mechanism – Among different users – Among different parts of the system Coupling leads to possible security breaches E.g., in memory management, having separate page tables for different processes – Makes it hard for one process to touch memory of another

Lecture 18 Page 8 CS 111 Online Acceptability Mechanism must be simple to use Simple enough that people will use it without thinking about it Must rarely or never prevent permissible accesses Windows 7 mechanisms to prevent attacks from downloaded code worked – But users hated them – So now Windows doesn’t use them

Lecture 18 Page 9 CS 111 Online Fail-Safe Design Default to lack of access So if something goes wrong or is forgotten or isn’t done, no security lost If important mistakes are made, you’ll find out about them – Without loss of security – But if it happens too often... In OS context, important to think about what happens with traps, interrupts, etc.

Lecture 18 Page 10 CS 111 Online Tools For Securing Systems Physical security Access control Encryption Authentication Encapsulation Intrusion detection Filtering technologies

Lecture 18 Page 11 CS 111 Online Physical Security Lock up your computer – Usually not sufficient, but... – Necessary (when possible) Networking means that attackers can get to it, anyway But lack of physical security often makes other measures pointless – A challenging issue for mobile computing

Lecture 18 Page 12 CS 111 Online Access Control Only let authorized parties access the system A lot trickier than it sounds Particularly in a network environment Once data is outside your system, how can you continue to control it? – Again, of concern in network environments

Lecture 18 Page 13 CS 111 Online Encryption Algorithms to hide the content of data or communications Only those knowing a secret can decrypt the protection Obvious value in maintaining secrecy But clever use can provide other important security properties One of the most important tools in computer security – But not a panacea

Lecture 18 Page 14 CS 111 Online Authentication Methods of ensuring that someone is who they say they are Vital for access control But also vital for many other purposes Often (but not always) based on encryption Especially difficult in distributed environments

Lecture 18 Page 15 CS 111 Online Encapsulation Methods of allowing outsiders limited access to your resources Let them use or access some things – But not everything Simple, in concept Extremely challenging, in practice Operating system often plays a large role, here

Lecture 18 Page 16 CS 111 Online Intrusion Detection All security methods sometimes fail When they do, notice that something is wrong And take steps to correct the problem Reactive, not preventative – But unrealistic to believe any prevention is certain Must be automatic to be really useful

Lecture 18 Page 17 CS 111 Online Filtering Technologies Detect that there’s something bad: – In a data stream – In a file – Wherever Filter it out and only deliver “safe” stuff The basic idea behind firewalls – And many other approaches Serious issues with detecting the bad stuff and not dropping the good stuff

Lecture 18 Page 18 CS 111 Online Operating Systems and Security Tools Physical security is usually assumed by OS Access control is key to OS technologies Encapsulation in various forms is widely provided by operating systems Some form of authentication required by OS Encryption is increasingly used by OS Intrusion detection and filtering not common parts of the OS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.