Multics CysecLab Graduate School of Information Security KAIST.

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

Operating System Structures
Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.
Secure Operating Systems Lesson 9: Multics. Where are we?  We now know all the background… so it’s time to figure out why Dr. Ford likes Multics so very.
Chapter 6 Security Kernels.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Virtual Memory Chapter 18 S. Dandamudi To be used with S. Dandamudi, “Fundamentals of Computer Organization and Design,” Springer,  S. Dandamudi.
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
File Management Systems
1/21/2008CSCI 315 Operating Systems Design1 Operating System Structures Notice: The slides for this lecture have been largely based on those accompanying.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Figure 1.1 Interaction between applications and the operating system.
Common System Components
Chapter 12 File Management Systems
Sharing Files Richard Newman based on Smith “Elementary Information Security”
Using Two Queues. Using Multiple Queues Suspended Processes Processor is faster than I/O so all processes could be waiting for I/O Processor is faster.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
1 Access Control Mechanisms CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 20, 2004.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Protection and the Kernel: Mode, Space, and Context.
Systems Security & Audit Operating Systems security.
1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Controlling Files Richard Newman based on Smith “Elementary Information Security”
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
The Structure of Processes (Chap 6 in the book “The Design of the UNIX Operating System”)
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
G53SEC 1 Access Control principals, objects and their operations.
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
G53SEC 1 Reference Monitors Enforcement of Access Control.
SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969.
Operating Systems Structure what is the organizational principle?
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Access Control: Policies and Mechanisms Vinod Ganapathy.
Computer Security: Principles and Practice
2.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition System Programs (p73) System programs provide a convenient environment.
Concepts and Structures. Main difficulties with OS design synchronization ensure a program waiting for an I/O device receives the signal mutual exclusion.
Introduction to Operating System. 1.1 What is Operating System? An operating system is a program that manages the computer hardware. It also provides.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
1.1 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 1: Introduction What Operating Systems Do √ Computer-System Organization.
Access Control Model SAM-5.
Module 3: Operating-System Structures
Protection and Security
Computer Data Security & Privacy
Operating System Structure
Modularity and Memory Clearly, programs must have access to memory
Chapter 14: Protection.
Chapter 15, Exploring the Digital Domain
Chapter 2: System Structures
Chapter 3: Operating-System Structures
UNIX System Protection
Chapter 2: Operating-System Structures
Outline Chapter 2 (cont) OS Design OS structure
Chapter 29: Program Security
Access Control.
OS Components and Structure
System calls….. C-program->POSIX call
Computer Security Access Control
Chapter 2: Operating-System Structures
Access Control What’s New?
Presentation transcript:

Multics CysecLab Graduate School of Information Security KAIST

Background The fundamental concepts in the Multics system are processes and segments. Processes the executable contexts in Multics They run program code. All code, data, I/O devices, etc. that may be accessed by a process are stored as segments. Segments are organized into a hierarchy of directories that may contain directories or segments.

Multics Security Security Fundamentals Supervisor Protection rings Access control List Multilevel Security

Supervisor The supervisor, The core Multics component, is isolated from other processes by protection rings. The supervisor implements the most trusted functionality in the Multics system such as authorization, segmentation, file systems, I/O, scheduling, etc.

Ring architecture The supervisor is isolated from other processes by protection rings. The Multics supervisor is divided into: Ring 0 components including access control, I/O, and memory management Ring 1 components that are less primitive such as accounting, stream management, and file system search.

Ring architecture Protection rings form a hierarchical layering from the most privileged ring, ring 0 where the most- privilege code in the supervisor runs, to the least privileged ring, ring 7. 8 rings, with kernel at 0 and users at 4 Modern processors also protect their operating systems using protection rings, although only two levels, supervisor and user, are typically utilized.

Access Control List Each object (i.e., segment or directory) is associated with its own access control list (ACL). Each ACL entry specifies a user identity of processes and the operations that processes with that identity can perform on this object. Note that a user may be specified using wildcards to represent groups of users. Segments and directories have different operation sets.

Access Control List Segments may be read (r), written (w), or executed (e) Directories may be accessed to obtain the status of the entry (s), modify an entry, i.e., delete or modify ACLs (m), or append an entry to the directory (a). Note that the ACLs for a segment are stored in its parent directory, so access is checked at the parent. Also, any modification of an ACL for a segment requires the modification permission on the parent directory.

Access Control List Examples of ACLs on a segment include: rewJaeger.SysAdmin.* rBackup.SysDaemon.* rw*.SysAdmin.* Examples of directory ACLs include: smaJaeger.SysAdmin.* sBackup.SysDaemon.* sm*.SysAdmin.*

Multilevel Security Multilevel Security (MLS) Multics pioneered the enforcement of Multilevel Security (MLS) in operating systems. An MLS policy prevents a subject from reading data that is more secret than the subject or writing data to less secret objects. In Multics, each directory stores a mapping from each segment to a secrecy level.

Multilevel Security Multics stores an association between each process and its secrecy level. A request is authorized if one of three conditions are met: 1.Write: The process requests write access only and the level of the segment/directory is greater than (i.e., dominates) or equal to the level of the process. 2.Read: The process requests read access only and the level of the segment/directory is less than (i.e., dominated by) or equal to the level of the process. 3.Read/Write: The process requests read and write access and the level of the segment/directory is the same as the process or the process is designated as trusted.

Multilevel Security A process can only read a segment/directory if its level is more secret or the same as the level of the object write a segment/directory if its level is less secret or the same as that of the object This prevents information leakage by preventing a process from: reading information that is more secret than its secrecy level writing its information to objects of a lower secrecy level

Q n A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.