1. Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as intended under all circumstances Security must consider the external environment of the system, and protect it from:  unauthorized access.  malicious modification or destruction  accidental introduction of inconsistency. Easier to protect against accidental than malicious misuse. Four levels of control  Physical  Human  Network  OS Hardware support for protection (internal) needed for security in the OS

2. Silberschatz, Galvin and Gagne  2002 19.2 Operating System Concepts Authentication Control access to resources by login User identity most often established through passwords  Login and lower level access  Basic mechanism of matching encrypted strings Passwords must be kept secret.  Frequent change of passwords.  Use of “non-guessable” passwords.  Log all invalid access attempts.

3. Silberschatz, Galvin and Gagne  2002 19.3 Operating System Concepts Authentication Attacks  User information (cat’s name)  Brute force (try them all)  Surveillance (shoulder surfing)  Dummy logins (trojan horse)  Sniffing (telnet)  Offsite passwd file attacks Alternatives  Password passing (system generated)  Passcards (physical control)  Biometrics (retina images)  Signature (False negatives)  Algorithms (Little danger if response is exposed)  Challenges  Onetime passwords  Password generators (timed smartcards)  Books of passwords

4. Silberschatz, Galvin and Gagne  2002 19.4 Operating System Concepts Program Threats Trojan Horse  Exploits mechanisms for allowing programs written by users to be executed by other users, e.g., login, editor, passwd, ls  Search paths as a way to invoke Trap Door  Specific user identifier or password that circumvents normal security procedures.  Could be included in a compiler. Stack and Buffer Overflow  Exploits a bug in a program (overflow either the stack or memory buffers.)

5. Silberschatz, Galvin and Gagne  2002 19.5 Operating System Concepts System Threats Worms  Standalone program  Use spawn mechanism Internet worm  Exploited UNIX networking features (remote access), and stack overflow in finger and debug features in sendmail.  Grappling hook program uploaded main worm program.

6. Silberschatz, Galvin and Gagne  2002 19.6 Operating System Concepts System Threats Viruses – fragment of code embedded in a legitimate program.  Mainly affect microcomputer systems.  Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection.  Macro viruses  Safe computing, e.g., RTF Denial of Service  Overload the targeted computer preventing it from doing any useful work. Change boot device

7. Silberschatz, Galvin and Gagne  2002 19.7 Operating System Concepts Threat Monitoring Check for suspicious patterns of activity  Several incorrect password attempts may signal password guessing - limit attempts  Cage rattlers - limit attempts from an IP address  Unexpected long-running processes  Rejected file accesses Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.

8. Silberschatz, Galvin and Gagne  2002 19.8 Operating System Concepts Threat Monitoring (Cont.) Scan the system periodically for security holes; done when the computer is relatively unused.  Short or easy-to-guess passwords  Unauthorized set-uid programs  Unauthorized programs in system directories  Improper directory protections  Improper protections on system data files  Dangerous entries in the program search path (Trojan horse)  Changes to system programs: monitor checksum values

9. Silberschatz, Galvin and Gagne  2002 19.9 Operating System Concepts Firewalls A firewall is placed between trusted and untrusted hosts. The firewall limits network access between these two security domains.