Systems Security & Audit Operating Systems security

Contents Review on objective of operating system Things to protect and protection methods Trusted Operating System Protection of memory Protection of other objects

Function of Operation System Control the use of resources of the computer CPU time Memory I/O File storage

CPU time Fair use No hogging by single process (multi- processing) Managed by a scheduler

Memory Assign sufficient memory to run the program Return memory to OS after use Managed by programmer and later the memory manager (part of OS)

Objects that are protected Memory Sharable I/O devices, e.g. disks Serially reusable I/O devices, e.g. printers Sharable programs and procedures Sharable data

Process A program in execution Requires CPU time and memory (address space) to run Address space contains program code, program’s data, and stack System calls are required to run the program

Memory protection Fence Relocation Base/Bounds Register Tagged architecture Segmentation Paging

Segregation of memory: Fence Memory System Memory User memory

Example: DOS Memory System Memory User memory FFFFF AFFFF Interrupt Vectors

COM files have fixed starting address Memory COM file 1 I normally start here COM file 2 I am OK. This is my starting point

COM files have fixed starting address Memory COM file 3 COM file 2 Oops! I cannot run

EXE files are RELOCATABLE Memory COM file 3 EXE file 1 I can start anywhere

Base and Bound Register User Memory Application 1 Base Address Bound Address I cannot go over this address Application 2 I am safe here

Data Tagged architecture Tag Machine Word I have the data address I know who can access this address

Segmentation Memory Segment 1 Segment 2 Segment 3 We have Different Segment no. Our address Start from zero The CPU has A no. of segment registers

Segment of a process Text (code) Stack Data Room for growth Memory assigned

Paging We are fixed size We are virtual memory

Paging Technique used in virtual memory system to give a linear addressing space Pages are of fixed size The actual storage location may be in physical memory or in the hard disk MMU maps virtual memory to physical memory using page tables

Paging Can run program that is too big to fit into the physical memory Make programming easier as memory is assigned by MMU The programmer (instructions he wrote) cannot access the physical memory directly So MORE SAFE

Operation System Layered system Instructions have different privilege Operating system structured in layers More structure means better management and better protection, but less efficient

Layer system Layer 0: Processor allocation Layer 1: Memory management Layer 2: Process communication Layer 3: Input/output management Layer 4: User programs

Ring system: Pentium Ring O: Kernel Ring 1: System calls Ring 2: Shared library Ring 3: User program

Kernel The core of the OS that manage the CPU, memory and I/O service

Security kernel The place where the security mechanism and policies are applied It prevents unauthorized access to system resources It implements the Reference Monitor concept

Kernel Part of the OS that performs the lowest level functions such as Synchronization Interprocess communication Message parsing Interrupt handling

Separate Security Kernel Level 1.Hardware 2.Security Kernel Access control Authentication 3. Operating System Resource allocation Sharing Hardware interactions 4. User tasks

Intel Premium Chip Ring Structure

Protection of shared objects No protection Isolation Share via access limitation (ACL) Refer Bell La Padula model Share by capabilities Limited use of an object (permissions) Process execution domain Namespace Share all or share nothing (declared public or private)

File protection Each file has a name and its data, the attributes. The attribute can be a protection field or a password File system such as NTFS can provide DACL to each individual file Encryption can also be applied to files

Access Control Matrix Operation System Accounts Program Accounting Data Audit Trail Sam (Sysop) rwx rwr Alice (Mgr) rxx - Bob (Auditor) rxrrr

Access Control List Operation System Accounts Program Accounting Data Audit Trail Sam (Sysop) rwx rwr Alice (Mgr) rxx - Bob (Auditor) rxrrr

Capacity Operation System Accounts Program Accounting Data Audit Trail Sam (Sysop) rwx rwr Alice (Mgr) rxx - Bob (Auditor) rxrrr

ACL of Unix Owner, Group, World Read, Write, Execute Example drwxrwxrwx Alice Accounts -rw-r----- Alice Accounts

ACL of Windows Many defined groups including everyone Finer division of privilege: Take ownership List folder content Delete etc. Use of domains and trust Groups policy to associate with sites, domains, and operating units in Active Directory

Well-formed Transaction Operation System Accounts Program Accounting Data Audit Trail Sam (Sysop) rwx rr Alice (Mgr) rxx-- Accounts Program rxrrww Bob (Auditor) rxrrr

Well-formed Transaction Access Triple of User Program File Refer the Clark Wilson model

Access Control Model Reference Monitor Subject Principal Request Object

Access Control Model Principals The user or machine that has a name and a SID The local user is Machine\principal The domain user is Domain\Principal Subject A program with a user identity Request Set of operations: read/write/execute/append/erase Object Resources, memory, files, registry, printer

Windows authorization model

Access Token Security credentials of subjects

Virtualization A virtual machine is a collection of real or simulated hardware facilities: a CPU that runs an instructor set, an amount of addressable memory space, and some I/O devices. This enables programs designed for that CPU be executed on the host computer.

Virtualization It provides another layer of control between the OS and the application programs in the computer system. Thus fault in one virtual machine does not affect the operation of another virtual machine, and the whole system. It is a sandbox for insecure operation

Reading Security in Computing Chapter 6