Presentation is loading. Please wait.

Presentation is loading. Please wait.

29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.

Published byDrusilla Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides."— Presentation transcript:

1 29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides

2 29.2 Security The Security Problem Authentication Program Threats

3 29.3 The Security Problem Security must consider external environment of the system, and protect it from: –unauthorized access. –malicious modification or destruction –accidental introduction of inconsistency. Easier to protect against accidental than malicious misuse.

4 29.4 Types of Threats Interruption –an asset of the system is destroyed of becomes unavailable or unusable –Examples  destruction of hardware (hard disk)  cutting of a communication line  disabling the file management system

5 29.5 Types of Threats Interception –an unauthorized party gains access to an asset –Examples  wiretapping to capture data in a network  illicit copying of files or programs

6 29.6 Types of Threats Modification –an unauthorized party not only gains access but tampers with an asset –Examples  changing values in a data file  altering a program so that it performs differently  modifying the content of messages being transmitted in a network

7 29.7 Types of Threats Fabrication –an unauthorized party inserts counterfeit objects into the system –Examples  insertion of spurious messages in a network  addition of records to a file

8 29.8 Authentication User identity most often established through passwords, can be considered a special case of either keys or capabilities. Passwords must be kept secret. –Frequent change of passwords. –Use of “non-guessable” passwords. –Log all invalid access attempts.

9 29.9 Techniques for Learning Passwords Try default password used with standard accounts shipped with computer Exhaustively try all short passwords Try words in dictionary or a list of likely passwords Collect information about users and use these items as passwords`4

10 29.10 Observed Password Lengths Length Number Fraction of Total 1 55.004 2 87.006 3 212.02 4 449.03 5 1262.09 6 3035.22 7 2917.21 8 5772.42 Purdue University. 54 machines. 7000 user accounts

11 29.11 Techniques for Learning Passwords Try user’s phone numbers, social security numbers, and room numbers Try license plate numbers Use a Trojan horse to bypass restrictions on access Tap the line between a remote user and the host system

12 29.12 Password Cracked from a Sample Set of 13,797 Accounts [KLEI90] Type of Password Search Number Percentage of Size of Matches Passw. Match User/account name 130 368 2.7% Common names 2239 548 4.0% Female names 4280 161 1.2% Phrases and patterns 933 253 1.8% System dictionary 19683 1027 7.4% Machine names 9018 132 1.0%

13 29.13 Effectiveness of guessing (W. Stallings) Personal information Words from various dictionaries (60000 words) Various permutations of words from the dictionaries) Capitalization permutations Test with 3 million words Thinking Machine Time to encrypt all these words: under one hour Success rate: 25%

14 29.14 Password Selection Strategies Computer generated passwords –users have difficulty remembering them –need to write it down –have history of poor acceptance Eliminate guessable passwords while allowing the user to select a password that is memorable

15 29.15 Password Selection Strategies Reactive password checking strategy –system periodically runs its own password cracker to find guessable passwords –system cancels passwords that are guessed and notifies user –consumes resources to do this –hacker can use this on their own machine with a copy of the password file

16 29.16 Password Selection Strategies Proactive password checker –the system checks at the time of selection if the password is allowable –with guidance from the system users can select memorable passwords that are difficult to guess

17 29.17 Program Threats (Needs Host Programs) Trojan Horse –Useful program (example a game) that contains hidden code that when invoked performs some unwanted or harmful function –can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly  user may set file permission so everyone has access

18 29.18 Program Threats (Needs Host Programs) Trap Door –Entry point into a program that allows someone who is aware of trapdoor to gain access –used by programmers to debug and test programs  avoids necessary setup and authentication  method to activate program if something wrong with authentication procedure

19 29.19 Program Threats (Needs Host Programs) Logic Bomb –Logic embedded in a computer program that checks for a certain set of conditions to be present on the system  presence or absence of certain files  particular day of the week  particular user running application –When these conditions are met, it executes some function resulting in unauthorized actions

Download ppt "29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides."

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Chapter 14 Computer Security Threats

Chapter 14 Computer Security Threats
Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.

Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Requirements

Security Requirements
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
CPE 5002 Network security. Look at the surroundings before you leap.

CPE 5002 Network security. Look at the surroundings before you leap.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.

Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.

Similar presentations

Ads by Google