Security Chapter 9 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Slides:



Advertisements
Similar presentations
Chapter 9 Security 9.1 The security environment
Advertisements

Tanenbaum & Woodhull, Operating Systems: Design and Implementation, (c) 2006 Prentice-Hall, Inc. All rights reserved OPERATING SYSTEMS DESIGN.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Principles of Information Security, 2nd edition1 Cryptography.
1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
Chapter 9 Security Authentication Insider Attacks Exploiting Code Bugs.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
File System Implementation
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
Chapter 9 Security Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
Chapter 4 File Systems Files Directories Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
Security Protection Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Security 0 The Secure Environment. Security 1 The Secure Environment Security goals (C.I.A.) and threats.
Operating Systems 1 K. Salah Module 6.0: Security and Protection  Types of misuse: –1. Accidental –2. Intentional –Protection is to prevent either accidental.
1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.
Security. cs431-cotter2 Figure 9-1. Security goals and threats. Threats Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Outline Objective: –Access Control Mechanisms. The Security Environment Threats Security goals and threats.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Chap1: Is there a Security Problem in Computing?.
ICC Module 3 Lesson 5 – IT Security 1 / 4 © 2015 Ph. Janson Information, Computing & Communication Security – Clip 0 – Introduction School of Computer.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Chapter 8: Principles of Security Models, Design, and Capabilities
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Chapter 9 Security 9.1 The security environment
MODERN OPERATING SYSTEMS Third Edition ANDREW S
Chapter 5 : Designing Windows Server-Level Security Processes
Chapter 9 Security 9.1 The security environment
Chapters 14,15 Security.
Microsoft Word 2003 Illustrated Complete
Resource Management Chapter 19 9/20/2018 Crowley OS Chap. 19.
Chapter 9 Security 9.1 The security environment
12: Security The Security Problem Authentication Program Threats
OS Basics Module 1.2 Richard Newman University of Florida.
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Security.
Chapters 14,15 Security.
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Operating System Concepts
PLANNING A SECURE BASELINE INSTALLATION
Operating System Concepts
Computer Security Protection in general purpose Operating Systems
Presentation transcript:

Security Chapter 9 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

The Security Environment Threats Figure 9-1. Security goals and threats. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Can We Build Secure Systems? Two questions concerning security: 1. Is it possible to build a secure computer system? 2. If so, why is it not done? Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Trusted Computing Base Figure 9-2. A reference monitor. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Protection Domains (1) Figure 9-3. Three protection domains. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Protection Domains (2) Figure 9-4. A protection matrix. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Protection Domains (3) Figure 9-5. A protection matrix with domains as objects. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Access Control Lists (1) Figure 9-6. Use of access control lists to manage file access. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Access Control Lists (2) Figure 9-7. Two access control lists. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Capabilities (1) Figure 9-8. When capabilities are used, each process has a capability list. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Capabilities (2) Figure 9-9. A cryptographically protected capability. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Capabilities (3) Examples of generic rights: 1. Copy capability: create new capability for same object. 2. Copy object: create duplicate object with new capability. 3. Remove capability: delete entry from C-list; object unaffected. 4. Destroy object: permanently remove object and capability. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Formal Models of Secure Systems Figure (a) An authorized state. (b) An unauthorized state. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Multilevel Security Bell-LaPadula Model Bell-LaPadula Model rules for information flow: 1. The simple security property –Process running at security level k can read only objects at its level or lower 2. The * property –Process running at security level k can write only objects at its level or higher Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Bell-LaPadula Model Figure The Bell-LaPadula multilevel security model. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

The Biba Model To guarantee the integrity of the data: 1. The simple integrity principle –process running at security level k can write only objects at its level or lower (no write up). 2. The integrity * property –process running at security level k can read only objects at its level or higher (no read down). Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Covert Channels (1) Figure (a) The client, server, and collaborator processes. (b) The encapsulated server can still leak to the collaborator via covert channels. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Covert Channels (2) Figure A covert channel using file locking. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Steganography Figure (a) Three zebras and a tree. (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Basics of Cryptography Figure Relationship between the plaintext and the ciphertext. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Secret-Key Cryptography An encryption algorithm in which each letter is replaced by a different letter. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Digital Signatures Figure (a) Computing a signature block. (b) What the receiver gets. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Authentication (1) Methods of authenticating users when they attempt to log in based on one of three general principles: 1. Something the user knows. 2. Something the user has. 3. Something the user is. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Authentication (2) Figure (a) A successful login. (b) Login rejected after name is entered. (c) Login rejected after name and password are typed. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

UNIX Password Security Figure The use of salt to defeat precomputation of encrypted passwords. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Challenge-Response Authentication Questions should be chosen so that the user does not need to write them down. Examples: 1. Who is Marjolein’s sister? 2. On what street was your elementary school? 3. What did Mrs. Ellis teach? Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Authentication Using a Physical Object Figure Use of a smart card for authentication. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Authentication Using Biometrics Figure A device for measuring finger length. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.