Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIX System Protection

Published byAlaina Gaines Modified over 5 years ago

Similar presentations

Presentation on theme: "UNIX System Protection"— Presentation transcript:

1 UNIX System Protection

2 Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969

3 Design Features Written in C – portable
Application program interface (API) – enabled programmers to write applications that are compatible with multiple platforms A small base program called “kernel” with a standard interface to interact

4 Security Security goal: Common mechanisms
A common platform that could be shared by several users Security problem becomes one of “protection” Common mechanisms Password storage Protection ring Access control lists

5 Kernel and Processes A running Unix system consists of the kernel and the processes each running a program Protection ring boundary isolates the kernel from the processes Each process has its own address space The concept of “file” for representing all persistent system objects

6 Trusted Computing Base
The set of software and data upon which the system depends for correct enforcement of system security goals Consists of the kernel and processes running with root (superuser) privilege

7 Unix Protection System
What does protection mean? An access enforcement mechanism that authorizes requests from subjects to perform operations on objects Requests: read, write, etc. Subjects: users, processes, etc. Objects: files, sockets, etc.

8 Unix Protection System
Protection state: describes the operations that system subjects can perform on system objects UNIX protection state specification Subjects: process identities Process identities: user id (UID), group id (GID), and a set of supplementary groups. Objects: files Access: read, write, execute Protection state is specified by an access control list (ACL) associated with each file

9 Unix File Each file is associated with: An owner UID and an owner GID
Process with the owner UID privilege can modify the protection state “mode bits” describe the ACL of a file {owner bits, group bits, others bits}, where each element consists of a read bit, a write bit, and an execute bit e.g., rwxr--r--

10 Authorization Mechanism
If the process UID corresponds to the owner UID of the file, use the mode bits for the owner to authorize access. Else if the process GID or supplementary groups correspond to the file’s group GID, use the mode bits for the group permissions. Otherwise, use the permissions assigned to all others.

11 Examples -rw-rw-r-- 1 simon faculty 14 Sep 8 03:59 file1
-rw-rw-r user1 faculty Sep 8 04:04 file2 -rw-rw-r user2 students Sep 8 04:04 file3 “simon” belongs to group “faculty” “user1”, “user2” belong to group “students” -r simon faculty Sep 8 03:59 file1 ----r user1 faculty Sep 8 05:01 file2 r user2 students Sep 8 05:02 file3

12 Protection State Modification in Unix
Protection state operations: enable a protection state to be modified In Unix, the protection state can be modified by any process that has the owner ID privilege This is called “discretionary access control” Essentially we have to trust all user-level processes to achieve the security goal of protection

Download ppt "UNIX System Protection"

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Operating System Security

Operating System Security
Chapter 4 Security in Ordinary Operating Systems

Chapter 4 Security in Ordinary Operating Systems
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.

Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Silberschatz, Galvin and Gagne  2002 3.1 Operating System Concepts Common OS Components Process Management Memory Management File Management I/O System.

Silberschatz, Galvin and Gagne  Operating System Concepts Common OS Components Process Management Memory Management File Management I/O System.
Sharing Files Richard Newman based on Smith “Elementary Information Security”

Sharing Files Richard Newman based on Smith “Elementary Information Security”
CS4315A. Berrached:CMS:UHD1 Operating System Structures Chapter 3.

CS4315A. Berrached:CMS:UHD1 Operating System Structures Chapter 3.
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
Operating System Security CS460 Cyber Security Spring 2010.

Operating System Security CS460 Cyber Security Spring 2010.
Systems Security & Audit Operating Systems security.

Systems Security & Audit Operating Systems security.

Similar presentations

Ads by Google