Controlling Files Richard Newman based on Smith “Elementary Information Security”

Slides:



Advertisements
Similar presentations
File-System Interface
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
1 Chapter 11: File-System Interface  File Concept  Access Methods  Directory Structure  File System Mounting  File Sharing  Protection  Chapter.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
6/24/2015B.RamamurthyPage 1 File System B. Ramamurthy.
Chapter 12 File Management Systems
Sharing Files Richard Newman based on Smith “Elementary Information Security”
G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
7/15/2015B.RamamurthyPage 1 File System B. Ramamurthy.
Lecture 7 Access Control
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Chapter 10 File System Interface
Computer Studies (AL) File Management File system interface.
Chapter 3 Controlling Files. Chapter 3 Overview The file system and file access rights Executable files Computer viruses and malware Policies for file.
1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 10: File-System Interface.
Silberschatz, Galvin and Gagne  Operating System Concepts File Concept Contiguous logical address space Smallest user allocation Non-volatile.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
CSCE 522 Lecture 12 Program Security Malicious Code.
Chapter 10: File-System Interface 10.1 Silberschatz, Galvin and Gagne ©2011 Operating System Concepts – 8 th Edition 2014.
For more notes and topics visit: eITnotes.com.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
File Systems CSCI What is a file? A file is information that is stored on disks or other external media.
File System Interface. File Concept Access Methods Directory Structure File-System Mounting File Sharing (skip)‏ File Protection.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
File Systems (1). Readings r Reading: Disks, disk scheduling (3.7 of textbook; “How Stuff Works”) r Reading: File System Implementation ( of textbook)
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
1 File Management Chapter File Management n File management system consists of system utility programs that run as privileged applications n Concerned.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
CS 346 – Chapter 11 File system –Files –Access –Directories –Mounting –Sharing –Protection.
Multics CysecLab Graduate School of Information Security KAIST.
 Stealth viruses Use certain techniques to avoid detection.  Macro Viruses Infects the macros within a document or template.  Polymorphic viruses Encrypt.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Computer Security: Principles and Practice
SOCSAMS e-learning Dept. of Computer Applications, MES College Marampally FILE SYSTEM.
VIRUSES AND SECURITY  In an information-driven world, individuals and organization must manage and protect against risks such as viruses, which are spread.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
CSE Operating System Principles File Systems.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Security Models and Designing a Trusted Operating System
Computer Data Security & Privacy
Chapter 2: System Structures
What is an Operating System?
Subject Name: Operating Systems Subject Code:10CS53
Chapter 11: File-System Interface
CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.
O.S Lecture 14 File Management.
Computer Security Access Control
Designing IIS Security (IIS – Internet Information Service)
Department of Computer Science
Lecture 4: File-System Interface
Presentation transcript:

Controlling Files Richard Newman based on Smith “Elementary Information Security”

File System File = persistent, logically named storage –Random access files –Sequential files –Indexed files Naming – directory systems –Flat file system –Two-level –Hierarchical –... with multiple links to same file –... with multiple directory links –Mounted systems –Distributed file systems

File Name Resolution Names – Absolute – Relative – requires state - CWD Name resolution – Get next path element – Find path element in current directory – If directory, load directory into memory – Check access control permissions – Continue until fail or find file

Steps of Access Control I & A – Identification and authentication – Username/password – Biometrics – Key Authorization – Object & operation – Access control structure – Inescapable mediation Perform – Relay authenticated message to service – Provide process with capability – Provide process with key

File Ownership & Access Rights Access Types – Create – Delete – Read – Write – Update – Append – Truncate – Rename – Change properties – Execute File Ownership – DAC – owner, group – MAC – label (classification = level, category set)

File Ownership & Access Rights 2 Specifying Access – DAC – ACL & variants – CL & variants – Initial permissions Default Inherited – Changing access permissions Specifying Access – MAC – Object labels = classification – Process labels = clearance – Rules for comparing object and process labels Dominance – Rules for generating new labels Default “Label float”

Directory Access Rights Directory Rights – Read (list contents) – Seek (use in path if match) – Create directory – Delete directory – Create files in directory – Delete files in directory

File Types Ways to distinguish types – Extension – Property in FCB – Header in file (e.g., “magic number”) File types – Data – Executable – Others Executable files – file header – Magic number (avoid running on mismatched system) – Program size – Layout info

Executable File Types Application programs – Useful “machines” – Utilities Operating system kernel Device drivers – Access to I/O devices Shared libraries – Common functions that may be shared among many processes – dlls Scripts – Requires interpreter

Viruses Virus types – Boot sector – Application program – Macro (infect “data” files) Virus MO – Look for new files to infect – Insert virus code into new file – Do other stuff – Execute host code Virus propagation – Infect files on removable media (disks, USB drives, etc.) – Drive-by download – – Worm propagation

Sharing and Protecting Files Least Privilege – If process running Trojan or virus can't access files, it can't damage them Objectives – Provide computing facilities to authorized users – Preserve Chain of Control – Permit or prevent general info sharing (default) Virus propagation – Infect files on removable media (disks, USB drives, etc.) – Drive-by download – – Worm propagation

Risks for Files (example) 1) Denial of service 2) Subversion (malware) 3) Masquerade 4) Disclosure 5) Forgery 6) Unauthorized modification (Bob's suitemates)

Policy for User Isolation (example) Policy Statement 1) All users shall be able to use normal apps/services 2) Each user shall have a separate login, optional p/w 3) Programs shall be protected from damage or other mods by regular users 4) Files belonging to one user shall be protected from any access by another user Specific to Bob 1) The system shall have two regular users: Bob and Suitemates 2) Bob shall have a password to protect his login 3) Suitemates shall not need a password to log in Risks 1 4 1,3 1,2,5 4,6 2,4,5,6 1

Policy for File Sharing (example) Policy Statement 1) All users shall be able to use normal apps/services 2) Each user shall have a separate login, optional p/w 3) Programs shall be protected from damage or other mods by regular users 4) Files belonging to one user shall be readable by other users 5) Files belonging to one user shall be protected from writing by other users Risks 1 4 1,3 1 1, 3, 5

Security Controls for Files Access matrix (logically) – What we are sharing (objects) – With whom we are sharing them (subjects) – How each subject may access each object (rights) Chain of Control Properties – OS protections always invoked when accessing files – There is no way to bypass the OS to access files

Basic Security Principles Deny by default – No access allowed unless specifically granted Allow by default – Access allowed unless specifically denied

Compacting the ACM Groups – Logical sets of subjects – May associate one with object, or just use as logical subject Object Types – Logical sets of objects with identical access policies – Becomes object attribute – May “personalize” relative to other object attributes (e.g., owner, group owner, etc.) – May be used for logical organization if not supported by system

Information States Processing (in use) Storage (at rest) Transmission (in motion) save open Move to transit Remove From transit

Software Vulnerability States Hardened Exploit created Flaw patched PatchableUnprotected Flawed Vulnerable Flaw found Patch released Exploit created Patch released Flaw patched

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.