Presentation is loading. Please wait.

Presentation is loading. Please wait.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

Published byIsabella Jacobs Modified over 9 years ago

Similar presentations

Presentation on theme: "U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture."— Presentation transcript:

1 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture 22: Protection & Security

2 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 2 Protection vs. Security Protection = controlling access to programs & data stored on computer system Internal problem Security = protecting system from external unauthorized access, malicious destruction, etc.

3 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 3 Protection Goals of Protection Protection Domains Access Matrix Implementation Revocation of Access Rights Capability-Based Systems Language-Based Protection

4 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 4 Protection Goal OS: collection of objects, hardware & software Objects have unique names Accessed through well-defined set of operations Goal of protection: Ensure each object accessed correctly & only by those processes that are allowed to do so

5 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 5 Protection Domains Access-right = Rights-set = subset of all valid operations that can be performed on the object Domain = set of access-rights

6 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 6 Domain Implementation UNIX Domain = user-id Domain switch accomplished via file system Each file has associated domain bit (setuid bit) When file executed and setuid = on, user-id set to owner of the file being executed When execution completes, user-id is reset

7 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 7 Domain Implementation MULTICS Precursor to UNIX, by MIT & GE “Ring” protection system, by Bob Graham

8 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 8 Multics: Rings Nested domain structure (“rings”) Let D i and D j be any two domain rings If j < I  D i  D j lower-level = more privileges each process maintains current ring number

9 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 9 Access Matrix Column = access-control list for one object Defines who can perform what operation Row = capability list Operations allowed on what objects, per-domain

10 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 10 Use of Access Matrix (Cont.) Design separates mechanism from policy Mechanism Operating system provides access-matrix + rules. Ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced Policy User dictates policy: who can access what object and in what mode

11 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 11 Dynamic Access Matrices Extend for dynamic protection: Operations to add, delete access rights transfer – switch from domain D i to D j owner of O i copy op from O i to O j control – D i can modify D j ’s access rights

12 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 12 Switching Domains Switching domains: add domains as objects!

13 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 13 Access Matrix with Copy Rights Asterisk denotes that access right can be copied within column

14 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 14 Access Matrix With Owner Rights Ownership: can add new rights, remove some rights

15 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 15 Control: Modifying Access Matrix Control: process executing in one domain can modify another domain Example: D2 changes D4

16 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 16 Implementation of Access Matrix Global table – Too large, no grouping Access list – per object Simple Capability List – list of objects + operations Object name = capability (think: special pointer) Check in capability list for access

17 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 17 Revocation of Access Rights Access-list scheme: Search for right to be revoked, delete Immediate, can be selective (just affect some users), can be partial (just some rights revoked)

18 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 18 Revocation of Access Rights Capabilities: more complicated Reacquisition: Try to reacquire after deletion Back-pointers: point from object to capabilities Expensive (used in MULTICS) Indirection: Capability points to entry in table Not selective Keys: One key per capability Check in global key table

19 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 19 Capability-Based Systems Hydra Fixed set of access rights known to and interpreted by the system Interpretation of user-defined rights performed solely by user's program System provides access protection for use of these rights Cambridge CAP System Data capability - provides standard read, write, execute of individual storage segments associated with objects Software capability – interpretation left to the subsystem, through its protected procedures

20 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 20 Language-Based Protection Specification of protection in programming language: Allows high-level description of policies for allocation and use of resources Example: Java Language implementation: Can provide software for protection enforcement when automatic hardware-supported checking is unavailable Interpret protection specifications to generate calls on whatever protection system is provided by the hardware and the operating system

21 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 21 Security The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption

22 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 22 The Security Problem Security must consider external environment of the system, and protect it from: unauthorized access malicious modification or destruction accidental introduction of inconsistency Easier to protect against accidental than malicious misuse

23 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 23 Authentication User identity most often established through passwords, can be considered a special case of either keys or capabilities. Passwords must be kept secret. Frequent change of passwords Use of “non-guessable” passwords Log all invalid access attempts

24 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 24 Program Threats (“Malware”) Trojan Horse Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Trap Door Specific user identifier or password that circumvents normal security procedures. Could be included in compiler

25 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 25 System Threats: Worms Worms – use spawn mechanism; standalone program Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs Grappling hook program uploaded main worm program

26 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 26 System Threats: Viruses Viruses – fragment of code embedded in a legitimate program Mainly affect PCs, infected via Internet “Old days”: exchanging floppy disks containing an infection

27 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 27 The Morris Internet Worm (1988)

28 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 28 Threat Monitoring Check for suspicious patterns of activity i.e., several incorrect password attempts may signal password guessing Audit log Records time, user, & type of all accesses to object Useful for recovery from violation, developing better security measures Scan system periodically for security holes Done when the computer is relatively unused

29 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 29 Threat Monitoring (Cont.) Check for: Short or easy-to-guess passwords Unauthorized setuid programs Unauthorized programs in system directories Unexpected long-running processes Improper directory protections Improper protections on system data files Dangerous entries in the program search path (Trojan horse) Changes to system programs: monitor checksum values

30 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 30 Network Security Through Domain Separation Via Firewall

31 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 31 Encryption Encrypt clear text into cipher text, and vice versa Properties of good encryption technique: Relatively simple for authorized users to encrypt and decrypt data Encryption scheme depends not on secrecy of algorithm but on parameter of algorithm called encryption key Extremely difficult for an intruder to determine the encryption key Advanced Encryption Standard now standard (Rijndael)

32 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 32 Encryption (Cont.) Public-key encryption based on each user having two keys: public key – published key used to encrypt data private key – key known only to individual user used to decrypt data Encryption scheme is public, but still strong No reliance on security through obscurity Basis of these: Easy to multiply primes, but hard to factor this product

33 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 33 Java Security Model

34 U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 34 Summary Protection Protection Domains, Access Matrix, Revocation of Access Rights, Capability-Based Systems, Language-Based Protection Security Authentication, Program Threats, System Threats, Threat Monitoring, Encryption

Download ppt "U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.

Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.

1999 Chapter 8-Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.

1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Chapter 14: Protection.

Chapter 14: Protection.
Chapter 14: Protection.

Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Similar presentations

Ads by Google