Download presentation
Presentation is loading. Please wait.
1
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 1 Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003 IA 705, Prof. Brown, Spring 2003
2
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 2 Chapter 9, UNIX & Linux Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003
3
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 3 Jose Paloschavez
4
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 4 The Security Environment Threats Intruders Accidental Data Loss
5
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 5 Basics of Cryptography Secret-Key Cryptography Public-Key Cryptography One-Way Functions Digital Signatures
6
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 6 Authentication Using Passwords Authentication Using a Physical Object Authentication Using Biometrics Countermeasures
7
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 7 Matt Troxler
8
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 8 Attacks from the Inside Trojan Horses Login Spoofing Logic Bombs Trap Doors Buffer Overflow
9
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 9 Design Principles for Security Public Design - easier to service. Default = Deny Access - easier to trace errors. Check access occasionally, not just a login or file open procedure
10
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 10 Design Principles Cont’d Minimal permissions for all users/processes. Ease of use - difficult interfaces usually result in wide-open environments. Keep it simple - Tight and efficient code is easy to review and lock down.
11
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 11 External Attacks (Viruses) How they function “Dropper” tool is used to deploy a virus Infected file is distributed (preferably publicly) Users go get (or receive unknowingly) and install the infected file Payload of the file runs, does whatever the virus does
12
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 12 Classifications of Viruses Companion virus - runs in place of a legitimate file Executables - virus code imbeds itself in another.exe (overwriting) Parasitic viruses - overwriting, but the original files still work after infection. Cavity virus - virus embeds itself in unused portions of legit. files Memory Resident - Lives in memory, little disk activity Boot Sector - lives at the first sector of the HDD Device Driver - gets loaded as a legit. file in kernel mode Macro - attached to a file that appears innocent Source Code - requires some knowledge of programming
13
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 13 How Viruses Spread Downloads Email Storage Space (fixed or removable disks, memory, etc.)
14
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 14 Antivirus and Anti-Antivirus… and so on… Date hiding – Date disguising – Parent folder… Size hiding – Compression Bitwise hiding – Look for decryption routine/key Polymorphic – Look for morphing routine code Checksums – Delete or overwrite – Encrypt
15
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 15 Securing Mobile Code Sandboxing Interpretation Code Java Security
16
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 16 Protection Mechanisms Protection Domains Access Control Lists Capabilities
17
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 17 Trusted Systems and Multilevel Security Trusted Computing Base Formal Models Bell-La Padula Model Biba Model Orange Book
18
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 18 Covert Channels
19
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 19 Chapter 10, UNIX & Linux Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003
20
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 20 Jim Boggs
21
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 21 History UNICS PDP-11 UNIX & Portable UNIX Berkeley UNIX Standard UNIX & POSIX MINIX Linux
22
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 22 Overview of UNIX UNIX Goals & Interfaces Goals –Handle Multiple Processes & Users –Design Principles Interfaces Standard Library Utility Programs Users User Mode Hardware UNIX OS Kernel Mode User Interface Library Interface System Call Interface
23
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 23 Overview of UNIX UNIX Shell & Utility Programs Shell –Ordinary program providing command line interface –Standard input/output –Flexibility (wild cards, standard I/O,flags, pipes) –Shell Scripts Utility Programs –File & Directory Commands –Filters –Development Tools & Text Processing –System Administration
24
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 24 Overview of UNIX Kernel Structure Simplified Kernel Drawing Here
25
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 25 Processes in UNIX Concepts and Process Management Active Entities are Processes –Foreground & Background –Parent & Child –ID for Each –Single & Multiple Threads Process Management System Calls –Means for Processes to Communicate –Based on POSIX –Examples
26
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 26 Processes in UNIX Implementation Process Table –Scheduling Parameters –Memory Image –Signals –Miscellaneous Use Structure –Machine Registers –System Call State –File Descriptor –Accounting –Kernel Stack
27
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 27 Processes in UNIX Threads UNIX –Supported in Kernel, but Process-oriented –Difficult Thought Process in Using Multiple Threads Fork & other Examples Linux –Kernel-oriented –Clone –Detailed Sharing –Non-portability
28
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 28 Processes in UNIX Scheduling UNIX –Designed for Response to Interactive Processes –Process-oriented Queue Management –Get Processes Rapidly out of the Kernel Linux –Thread-oriented –Classes of Linux Threads Real-time FIFO Real-time Round Robin Timesharing
29
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 29 Processes in UNIX Booting UNIX Get Kernel Running Set Message Buffer Allocate Kernel Data Structure System Configuration (drivers) –Static Links –Dynamic Loads Begin Process 0 Init Login
30
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 30 Memory Management in UNIX Concepts Text Segment Data Segment Stack Segment Space Saving Techniques –Shared Text Segments –Memory-mapped Files No POSIX System Calls
31
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 31 Memory Management in UNIX Implementation in UNIX Swapping –Early Concept –Moving Process from Memory to Disk –Moving Process from Disk to Memory Paging –Entire Process Need Not be in Memory –Kernel and Paging Daemon –Replacement Algorithm
32
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 32 Memory Management in UNIX Implementation in Linux Default Allocation to each Process Copy-on-Write Three-level Paging Kernel is Never Paged Out Buddy Algorithm
33
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 33 John Lagas
34
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 34 I/O in UNIX Concepts
35
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 35
36
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 36 UNIX File System Concepts
37
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 37
38
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 38 Security in UNIX Concepts
39
J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003 39
Similar presentations
