Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 6: Protection & Security

Published byHope Charles Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 6: Protection & Security"— Presentation transcript:

1 Chapter 6: Protection & Security

2 Goals of Protection In one protection model, computer consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so

3 Principles of Protection
Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks Limits damage if entity has a bug, gets abused Can be static (during life of system, during life of process) Or dynamic (changed by process as needed) – domain switching, privilege escalation “Need to know” a similar concept regarding access to data

4 Principles of Protection (Cont.)
Must consider “grain” aspect Rough-grained privilege management easier, simpler, but least privilege now done in large chunks For example, traditional Unix processes either have abilities of the associated user, or of root Fine-grained management more complex, more overhead, but more protective File ACL lists, RBAC Domain can be user, process, procedure

5 The Security Problem System secure if resources used and accessed as intended under all circumstances Unachievable Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious misuse

6 Security Violation Categories
Breach of confidentiality Unauthorized reading of data (or theft of information) Breach of integrity Unauthorized modification of data E.g.: modification of the source code of an important commercial application. Breach of availability Unauthorized destruction of data E.g.: Website defacement Theft of service Unauthorized use of resources E.g.: an intruder (or intrusion program) may install a daemon on a system that acts as a file server. Denial of service (DOS) Prevention of legitimate use

7 Security Violation Methods
Masquerading (breach authentication) Pretending to be an authorized user to escalate privileges attackers breach authentication Replay attack malicious or fraudulent repeat of a valid data transmission As is or with message modification E.g.: in a repeat of a request to transfer money Man-in-the-middle attack Intruder sits in data flow, masquerading as sender to receiver and vice versa Session hijacking Intercept an already-established session to bypass authentication

8 Standard Security Attacks

9 Security Measure Levels
Impossible to have absolute security, but make cost to perpetrator sufficiently high to deter most intruders Security must occur at four levels to be effective: Physical The site or sites containing the computer systems must be physically secured against armed entry by intruders Data centers, servers, connected terminals Human Only appropriate users have access to the system Avoid social engineering (phishing), dumpster diving (attempting to gather information in order to gain unauthorized access to the computer) Operating System Protection mechanisms, debugging Network Intercepted communications, interruption, DOS Security is as weak as the weakest link in the chain

10 Program Threats Many variations, many names Trojan Horse
Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Spyware, pop-up browser windows, covert channels Up to 80% of spam delivered by spyware-infected systems Trap Door Specific user identifier or password that circumvents normal security procedures Could be included in a compiler

11 Program Threats (Cont.)
Logic Bomb Program that initiates a security incident under certain circumstances Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers) Failure to check bounds on inputs, arguments Write past arguments on the stack into the return address on stack When routine returns from call, returns to hacked address Pointed to code loaded onto stack that executes malicious code Unauthorized user or privilege escalation

12 Program Threats (Cont.)
Viruses Code fragment embedded in legitimate program Self-replicating, designed to infect other computers Very specific to CPU architecture, operating system, applications Usually borne via or as a macro

13 Program Threats (Cont.)
Virus dropper inserts virus onto the system Many categories of viruses, literally many thousands of viruses File / parasitic Executable program virus Boot / memory Parasitic virus Macro Memory-resident virus Source code Boot sector virus Polymorphic to avoid having a virus signature Device driver virus Macro virus Encrypted Source code virus Stealth Tunneling Multipartite Armored Companion virus

14 A Boot-sector Computer Virus

15 Parasitic Viruses An executable program. With a virus at the front.
With a virus at the end. With a virus spread over free space within the program.

16 Spyware (1) Description:
Surreptitiously loaded onto a PC without the owner’s knowledge Runs in the background doing things behind the owner’s back

17 Spyware (2) Characteristics: Hides, victim cannot easily find
Collects data about the user Communicates the collected information back to its distant master Tries to survive determined attempts to remove it

18 How Spyware Spreads Possible ways: Same as malware, Trojan horse
Drive-by download, visit an infected web site Web pages tries to run an .exe file Unsuspecting user installs an infected toolbar Malicious activeX controls get installed

19 Actions Taken by Spyware
Change the browser’s home page. Modify the browser’s list of favorite (bookmarked) pages. Add new toolbars to the browser. Change the user’s default media player. Change the user’s default search engine. Add new icons to the Windows desktop. Replace banner ads on Web pages with those the spyware picks. Put ads in the standard Windows dialog boxes Generate a continuous and unstoppable stream of pop-up ads.

20 System and Network Threats
Some systems “open” rather than secure by default Reduce attack surface But harder to use, more knowledge needed to administer Network threats harder to detect, prevent Protection systems weaker More difficult to have a shared secret on which to base access No physical limits once system attached to internet Or on network with system attached to internet Even determining location of connecting system difficult IP address is only knowledge

21 System and Network Threats (Cont.)
Worms – uses the spawn mechanism to duplicate itself. The worm spawns copies of itself, using up system resources and perhaps locking out all other processes.; standalone program Internet worm Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs Exploited trust-relationship mechanism used by rsh to access friendly systems without use of password Grappling hook program uploaded main worm program 99 lines of C code Hooked system then uploaded main code, tried to attack connected systems Also tried to break into other users accounts on local system via password guessing If target system already infected, abort, except for every 7th time

22 The Morris Internet Worm

23 System and Network Threats (Cont.)
Port scanning not an attack but rather a means for a cracker to detect a system’s vulnerabilities to attack Automated attempt to connect to a range of ports on one or a range of IP addresses Detection of answering service protocol Detection of OS and version running on system nmap scans all ports in a given IP range for a response nessus has a database of protocols and bugs (and exploits) to apply against a systems

24 System and Network Threats (Cont.)
Denial of Service Overload the targeted computer preventing it from doing any useful work Distributed denial-of-service (DDOS) come from multiple sites at once Consider the start of the IP-connection handshake (SYN) Consider traffic to a web site Accidental – CS students writing bad fork() code Purposeful – extortion, punishment

25 Cryptography Means to constrain potential senders (sources) and / or receivers (destinations) of messages Based on secrets (keys) Enables Confirmation of source Receipt only by certain destination Trust relationship between sender and receiver

26 Authentication General principles of authenticating users:
Something the user knows. Something the user has. Something the user is.

27 Authentication Using Passwords
A successful login. Login rejected after name is entered. (c) Login rejected after name and password are typed.

28 User Authentication Crucial to identify user correctly, as protection systems depend on user ID User identity most often established through passwords, can be considered a special case of either keys or capabilities Passwords must be kept secret Frequent change of passwords History to avoid repeats Use of “non-guessable” passwords Log all invalid access attempts (but not the passwords themselves) Unauthorized transfer Passwords may also either be encrypted or allowed to be used only once

29 Challenge-Response Authentication
The questions should be chosen so that the user does not need to write them down. Examples: Who is Marjolein’s sister? On what street was your elementary school? What did Mrs. Woroboff teach?

30 Authentication Using a Physical Object
Use of a smart card for authentication.

31 Authentication Using Biometrics
A device for measuring finger length.

32 Digital Certificates Proof of who or what owns a public key
Public key digitally signed a trusted party Trusted party receives proof of identification from entity and certifies that public key belongs to entity Certificate authority are trusted party – their public keys included with web browser distributions They vouch for other authorities via digitally signing their keys, and so on

33 Implementing Security Defenses
Defense in depth is most common security theory – multiple layers of security Security policy describes what is being secured Vulnerability assessment compares real state of system / network compared to security policy Intrusion detection endeavors to detect attempted or successful intrusions Signature-based detection spots known bad patterns Anomaly detection spots differences from normal behavior Can detect zero-day attacks False-positives and false-negatives a problem Virus protection Searching all programs or programs at execution for known virus patterns Or run in sandbox so can’t damage system Auditing, accounting, and logging of all or specific system or network activities Practice safe computing – avoid sources of infection, download from only “good” sites, etc

34 Firewalling to Protect Systems and Networks
A network firewall is placed between trusted and untrusted hosts The firewall limits network access between these two security domains Can be tunneled or spoofed Tunneling allows disallowed protocol to travel within allowed protocol (i.e., telnet inside of HTTP) Firewall rules typically based on host name or IP address which can be spoofed Personal firewall is software layer on given host Can monitor / limit traffic to and from the host Application proxy firewall understands application protocol and can control them (i.e., SMTP) System-call firewall monitors all important system calls and apply rules to them (i.e., this program can execute that system call)

35 Network Security Through Domain Separation Via Firewall

36 Computer Security Classifications
U.S. Department of Defense outlines four divisions of computer security: A, B, C, and D D – Minimal security C – Provides discretionary protection through auditing Divided into C1 and C2 C1 identifies cooperating users with the same level of protection C2 allows user-level access control B – All the properties of C, however each object may have unique sensitivity labels Divided into B1, B2, and B3 A – Uses formal design and verification techniques to ensure security

37 Example: Windows 7 Security is based on user accounts
Each user has unique security ID Login to ID creates security access token Includes security ID for user, for user’s groups, and special privileges Every process gets copy of token System checks token to determine if access allowed or denied Uses a subject model to ensure access security A subject tracks and manages permissions for each program that a user runs Each object in Windows has a security attribute defined by a security descriptor For example, a file has a security descriptor that indicates the access permissions for all users

38 Example: Windows 7 (Cont.)
Win added mandatory integrity controls – assigns integrity label to each securable object and subject Subject must have access requested in discretionary access-control list to gain access to object Security attributes described by security descriptor Owner ID, group security ID, discretionary access-control list, system access-control list

Download ppt "Chapter 6: Protection & Security"

Similar presentations

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Access Control Methodologies

Access Control Methodologies
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.

Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Module 6.0: Security and Protection

Module 6.0: Security and Protection
Chapter 15: Security. The Security Problem Security must consider external environment of the system, and protect the system resources Intruders (crackers)

Chapter 15: Security. The Security Problem Security must consider external environment of the system, and protect the system resources Intruders (crackers)
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Buffer Overflow Attacks Figure 9-21. (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.

Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Similar presentations

Ads by Google