Presentation is loading. Please wait.

Presentation is loading. Please wait.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

Published byGiles Morrison Modified over 9 years ago

Similar presentations

Presentation on theme: "14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection."— Presentation transcript:

1 14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection

2 14.2 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed through a well-defined set of operations Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so

3 14.3 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Principles of Protection Guiding principle – principle of least privilege Programs, users and systems should be given just enough privileges to perform their tasks

4 14.4 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Domain Structure Access-right = where rights-set is a subset of all valid operations that can be performed on the object. Domain = set of access-rights

5 14.5 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix View protection as a matrix (access matrix) Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process executing in Domain i can invoke on Object j

6 14.6 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix

7 14.7 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Use of Access Matrix (Cont) Access matrix design separates mechanism from policy Mechanism  Operating system provides access-matrix + rules  If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced Policy  User dictates policy  Who can access what object and in what mode

8 14.8 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Matrix of Figure A With Domains as Objects Figure B

9 14.9 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Access Control Protection can be applied to non-file resources Solaris 10 provides role-based access control (RBAC) to implement least privilege Privilege is right to execute system call or use an option within a system call Can be assigned to processes Users assigned roles granting access to privileges and programs

10 14.10 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Role-based Access Control in Solaris 10

11 14.11 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Security

12 14.12 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition The Security Problem Security must consider external environment of the system, and protect the system resources Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious misuse

13 14.13 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Security Violations Categories Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service Methods Masquerading (breach authentication) Replay attack  Message modification Man-in-the-middle attack Session hijacking

14 14.14 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Standard Security Attacks

15 14.15 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Security Measure Levels Security must occur at four levels to be effective: Physical Human  Avoid social engineering, phishing Operating System Network Security is as weak as the weakest link in the chain

16 14.16 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Program Threats Trojan Horse Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Spyware: software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive., pop-up browser windows Trap Door Specific user identifier or password that circumvents normal security procedures Could be included in a compiler

17 14.17 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Program Threats Logic Bomb Logic bombs are small programs or sections of a program triggered by some event such as a certain date or time, a certain percentage of disk space filled, the removal of a file, and so on. For example, a programmer could establish a logic bomb to delete critical sections of code if she is terminated from the company. Logic bombs are most commonly installed by insiders with access to the system. Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers)

18 14.18 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Program Threats (Cont.) Many categories of viruses, many thousands of viruses Boot sector virus Source code virus Polymorphic virus Encrypted virus Stealth: A stealth virus is complex malware that hides itself after infecting a computer. Once hidden, it copies information from uninfected data onto itself and relays this to antivirus software during a scan. This makes it a difficult type of virus to detect and delete. Multipartite: » A multipartite virus uses multiple infection methods, typically infecting both files and boot sectors. Accordingly, multipartite viruses combine the characteristics of file infector and boot sector viruses. Examples of multipartite viruses include Flip and Invader.infectioninfectingfilesboot sectorsfile infectorboot sector virusesFlipInvader

19 14.19 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition A Boot-sector Computer Virus

20 14.20 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition End

Download ppt "14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection."

Similar presentations

Protection Goals of Protection Domain of Protection Access Matrix

Protection Goals of Protection Domain of Protection Access Matrix
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.

Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Bilkent University Department of Computer Engineering

Bilkent University Department of Computer Engineering
What we will cover… Protection and Security in OS.

What we will cover… Protection and Security in OS.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Lecture 21 Chapter 14: Protection Chapter 15: Security

Lecture 21 Chapter 14: Protection Chapter 15: Security
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Chapter 14: Protection.

Chapter 14: Protection.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Chapter 14: Protection.

Chapter 14: Protection.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 14: Protection.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Protection.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.

Similar presentations

Ads by Google