Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS703 - Advanced Operating Systems

Published byYrjö Kivelä Modified over 5 years ago

Similar presentations

Presentation on theme: "CS703 - Advanced Operating Systems"— Presentation transcript:

1 CS703 - Advanced Operating Systems
By Mr. Farhan Zaidi

2 Lecture No. 39

3 Overview of today’s lecture
Introduction to security and protection Security issues Policy vs Mechanism Design principles for security Security requirements Security related terminology Introduction to user authentication

4 Security & Protection The purpose of a protection system is to prevent accidental or intentional misuse of a system Accidents A program mistakenly deletes the root directory. No one can login. This sort of problem (relatively) easy to solve: just make the likelihood small. Malicious abuse: A high school hacker breaks the password for user B of accounting system A and transfers $3 million to his account. This kind of problem very hard to completely eliminate (no loopholes, can’t play on probabilities)

5 Security issues Separate processes execute in separate memory space
Isolation Separate processes execute in separate memory space Process can only manipulate allocated pages Authentication Who can access the system. Involves proving identities to the system Access control When can process create or access a file? Create or read/write to socket? Make a specific system call? Protection problem Ensure that each object is accessed correctly and only by those processes that are allowed to do so Comparison between different operating systems Compare protection models: which model supports least privilege most effectively? Which system best enforces its protection model?

6 Policy versus mechanism
A good way to look at the problem is to separate policy (what) from mechanism (how) A protection system is the mechanism to enforce a security policy roughly the same set of choices, no matter what policy A security policy delineates what acceptable behavior and unacceptable behavior. Example security policies: that each user can only allocate 40MB of disk that no one but root can write to the password file that you can’t read my mail.

7 There is no perfect protection system
Very simple point, very easy to miss: Protection can only increase the effort (“work factor”) needed to do something bad. It cannot prevent it. Even assuming a technically perfect system, there are always the four Bs: Burglary: if you can’t break into my system, you can always steal it (called “physical security”) Bribery: find whoever has access to what you want and bribe them. Blackmail. Bludgeoning. Or just beat them until they tell you.

8 Design Principles for Security
System design should be public Default should be no access Check for current authority Give each process least privilege possible Protection mechanism should be simple uniform in lowest layers of system Scheme should be psychologically acceptable

9

10 Terminology I: the entities
Principals – who is acting? User / Process Creator Code Author Objects – what is that principal acting on? File Network connection Rights – what actions might you take? Read Write Familiar UNIX file system example: owner / group / world read / write / execute

11 Terminology II: the activities
Authentication – who are you? identifying principals (users / programs) Authorization – what are you allowed to do? determining what access users and programs have to specific objects Auditing – what happened record what users and programs are doing for later analysis / prosecution

12 User Authentication Basic Principles. Authentication must identify:
Something the user knows Something the user has Something the user is This is done before user can use the system

Download ppt "CS703 - Advanced Operating Systems"

Similar presentations

Interactive lesson about operating system

Interactive lesson about operating system
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Common System Components

Common System Components
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Systems Security & Audit Operating Systems security.

Systems Security & Audit Operating Systems security.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.

Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.

14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Protection and Security Questions answered in this lecture: How can a system authenticate a user? How are access rights specified? What are common security.

Protection and Security Questions answered in this lecture: How can a system authenticate a user? How are access rights specified? What are common security.

Similar presentations

Ads by Google