Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,"— Presentation transcript:

1 Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

2 Figure 9-1. Security goals and threats. Threats Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

3 Intruders Common categories: Casual prying by nontechnical users. Snooping by insiders. Determined attempts to make money. Commercial or military espionage. Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

4 Accidental Data Loss Common causes of accidental data loss: Acts of God: fires, floods, earthquakes, wars, riots, or rats gnawing backup tapes. Hardware or software errors: CPU malfunctions, unreadable disks or tapes, telecommunication errors, program bugs. Human errors: incorrect data entry, wrong tape or CD- ROM mounted, wrong program run, lost disk or tape, or some other mistake. Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

5 Figure 9-2. Relationship between the plaintext and the ciphertext. Basics Of Cryptography Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

6 Secret-Key Cryptography Monoalphabetic substitution: Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

7 Public-Key Cryptography Encryption makes use of an "easy" operation, such as how much is 314159265358979 × 314159265358979? Decryption without the key requires you to perform a hard operation, such as what is the square root of 3912571506419387090594828508241? Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

8 Figure 9-3. (a) Computing a signature block. (b) What the receiver gets. Digital Signatures Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

9 Figure 9-4. Three protection domains. Protection Domains (1) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

10 Figure 9-5. A protection matrix. Protection Domains (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

11 Figure 9-6. A protection matrix with domains as objects. Protection Domains (3) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

12 Figure 9-7. Use of access control lists to manage file access. Access Control Lists (1) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

13 Figure 9-8. Two access control lists. Access Control Lists (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

14 Figure 9-9. When capabilities are used, each process has a capability list. Capabilities (1) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

15 Figure 9-10. A cryptographically protected capability. Capabilities (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

16 Capabilities (3) Examples of generic rights: Copy capability: create a new capability for the same object. Copy object: create a duplicate object with a new capability. Remove capability: delete an entry from the C-list; object unaffected. Destroy object: permanently remove an object and a capability. Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

17 Trusted Systems Consider reports of viruses, worms, etc. Two naive (but logical) questions: –Is it possible to build a secure computer system? –If so, why is it not done? Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

18 Figure 9-11. A reference monitor. Trusted Computing Base Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

19 Figure 9-12. (a) An authorized state. (b) An unauthorized state. Formal Models of Secure Systems Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

20 The Bell-La Padula Model (1) Rules for the Bell-La Padula model : The simple security property: A process running at security level k can read only objects at its level or lower. The * property: A process running at security level k can write only objects at its level or higher. Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

21 Figure 9-13. The Bell-La Padula multilevel security model. The Bell-La Padula Model (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

22 The Biba Model Rules for the Biba model: The simple integrity principle: A process running at security level k can write only objects at its level or lower (no write up). The integrity * property: A process running at security level k can read only objects at its level or higher (no read down). Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

23 Figure 9-14. (a) The client, server, and collaborator processes. (b) The encapsulated server can still leak to the collaborator via covert channels. Covert Channels (1) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

24 Figure 9-15. A covert channel using file locking. Covert Channels (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

25 Figure 9-16. (a) Three zebras and a tree. (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare. Covert Channels (3) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

Download ppt "Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,"

Similar presentations

Chapter 9 Security 9.1 The security environment

Chapter 9 Security 9.1 The security environment
Tanenbaum & Woodhull, Operating Systems: Design and Implementation, (c) 2006 Prentice-Hall, Inc. All rights reserved. 0-13-142938-8 OPERATING SYSTEMS DESIGN.

Tanenbaum & Woodhull, Operating Systems: Design and Implementation, (c) 2006 Prentice-Hall, Inc. All rights reserved OPERATING SYSTEMS DESIGN.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
By Mary Anne Poatsy, Keith Mulbery, Eric Cameron, Jason Davidson, Rebecca Lawson, Linda Lau, Jerri Williams Chapter 9 Fine-Tuning the Database 1 Copyright.

By Mary Anne Poatsy, Keith Mulbery, Eric Cameron, Jason Davidson, Rebecca Lawson, Linda Lau, Jerri Williams Chapter 9 Fine-Tuning the Database 1 Copyright.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
1 Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Chapter 10 Privacy and Security McGraw-Hill

Chapter 10 Privacy and Security McGraw-Hill
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.

1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Similar presentations

Ads by Google