Scribd
Upload
29 views

Lecture 4 Operating Systems Security

Uploaded by

kernelnot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
29 views

Lecture 4 Operating Systems Security

Uploaded by

kernelnot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 29

Basic Principles of Protecting

Computer System Objects—


The user’s view
Barbara Endicott-Popovsky
CSSE592/491

In collaboration with:
Deborah Frincke, Ph.D.
Director, Center for Secure and Dependable
Systems
University of Idaho
Text Book
 Both broad survey and focused
 Chapters 1-2 lay groundwork
 Chapters 3 –7 Software
• Chapter 4
– Protection Features of General OS
• Protecting memories
• Protecting files
• Protecting execution environment
– Controlled access to objects
– User authentication
 Chapter 8 Management
 Chapter 9 Privacy, ethics, the law
 Chapter 10 Cryptography – the how
In this section of the course we
will look at…

 User’s side of protection in


General-Purpose OS:

• Functions that directly address security

• Functions that have security as a by-product

Source: Pfleeger & Pfleeger


Agenda
 I. Overview

 II. Memory & File Protection

 III. Access Control

 IV. File Protection Mechanisms

 IV. User Authentication


I. Overview
 Protected Objects
• Memory
• Sharable I/O (disks)
• Serially reusable I/O (printers)
• Sharable programs
• Networks
• Sharable data
 Security Methods
• Physical separation
• Temporal separation
• Logical separation
• Cryptographic separation
 Levels of Protection
• Do not protect
• Isolate
• Share all or share nothing
• Share via access limitation
• Share by capabilities
• Limit use of an object

Source: Pfleeger & Pfleeger



II. Memory & File Protection
 Fences (between OS and user)
 Relocation
• Relocation factor = starting address of program
• Add relocation factor to each program address
 Base/Bounds Register
• Base register = variable fence register
• Bounds register = upper address limit
• 2 pair of registers
• Data
• Instructions

Source: Pfleeger & Pfleeger


Tagged Architecture
 Every word of memory
has “tag” bits
Tag Word

R 0001
RW 0137

R 4091
R= Read only
R 0002 RW = Read/Write
X
X = Execute only

Source: Pfleeger & Pfleeger


Segmentation
 Divide programs into
logical pieces

 OS maintains segment
address table
(name, offset)

 Different access for different segments

Source: Pfleeger & Pfleeger


Segmentation Problems
 Security holes (overflow)

 Efficiency (overhead)
• OS lookup slow
• Segment names difficult to encode

 Fragmentation of main memory

Source: Pfleeger & Pfleeger


Paging
 Divide programs into
equal pieces

(pages, page frames)

 OS maintains page
translation table
(page, offset)

 Different access for different segments

Source: Pfleeger & Pfleeger


Paging Problems
 Can’t associate
access controls

 No unity to page

Source: Pfleeger & Pfleeger


III. Access Control …
 Memory
 Remote file or data set
 Directory of files
 Hardware
 Data structure
 OS tables
 Instructions
 Passwords/authentication

Source: Pfleeger & Pfleeger


Goals
 Check every access

 Enforce least privilege

 Verify acceptable usage

Source: Pfleeger & Pfleeger


Protection Mechanisms:
Simple to Complex

 Directory
 Access Control List
 Access Control Matrix
 Capability
 Procedure-Oriented Access Control

Source: Pfleeger & Pfleeger


Directory
 Unique file owner
• “Controls” access rights
• Read, write, execute
 Each user has access rights directory
 Easy to implement
 Difficulties
• Directory gets too big
• Maintenance
• Revocation of access
• Pseudonyms

Source: Pfleeger & Pfleeger


Access Control Lists
 Access Control List / computing object
• Distinguishes rights of different users
• Directories created for each subject
 Access Control Matrix (variation)
• Subject, object
• Can be slow

Source: Pfleeger & Pfleeger


Capability

 Unforgeable token giving access rights


• OS holds all tokens, only issues pointers
• Encryption
 Keeps track of access rights during execution
• Hidden from normal users
• Accessed capabilities kept available
 Revocation can be complicated

Source: Pfleeger & Pfleeger


Procedure-Oriented Access Control

 Procedure encapsulates object


• Controls access
• Provides trusted interface
• Implements information hiding

 Efficiency penalty

Source: Pfleeger & Pfleeger


IV. File Protection Mechanisms
• All-None Protection
– Problems
• Lack of trust
• All or nothing – difficult to limit
• Complexity – human intervention required
• File listings exist
• Group Protection
– User, group, world class
– Ease of implementation
– Problems
• Group affiliation mutually exclusive
• Multiple accounts—inconvenient, redundancy, a/c proliferation
• All groups– limiting sharing for multiple personalities
• Limited sharing– won’t allow any but 3 levels of sharing

Source: Pfleeger & Pfleeger


IV. File Protection Mechanisms
(Cont’d.)
• Single Permissions
– Provide a password to files
– Finer degree of protection
– Problems
• Lose passwords
• Using passwords/file wastes time
• Sharing passwords
• Revocation—who does it? Involves sharing it
• Temporary Acquired Permission
– Set userid (suid)
– Allows users to share files
• Per-Object and Per-User Protection
– Complex
– Challenge to create groups

Source: Pfleeger & Pfleeger


V. User Authentication
 Identifying you are who you say your are

• Something you know—password, PIN, etc.


Something you have—badge, key, etc.
• Something you are--biometrics

Source: Pfleeger & Pfleeger


Authentication Mechanisms
 Passwords
• Problems
– Log-in failure notification
– Additional authentication
• Specific terminals
• Specific times
 Password attacks
• Try all possible
• Try many probable
• Try likely passwords
• Search system lists
• Ask users

Source: Pfleeger &


Exhaustive Attacks
 Brute force
 Alphabetic password—8 bits

261 + 262 + … 268 = 5 million million

 150 year attack


 Options
• ½ passwords
• Simple words

Source: Pfleeger & Pfleeger


Probable Passwords
 People are predictable
• Family names, pet names, etc.
• Common words (Use spell check dictionaries)

 86% uncovered in a week (7/24)

Source: Pfleeger & Pfleeger


Password Guessing Steps
• No password
• Same as user ID
• Derived from user name
• Common word
• Short college dictionary
• Complete English word list
• Common non-English language dictionaries
• Short college dictionary with capitalization (PaSsWorD) and
substitutions (0 for O)
• Complete English with capitalization and substitutions
• Common non-English dictionaries with capitalization and substitutions
• Brute force, lowercase alphabetic characters
• Brute force, full character set

Source: Pfleeger & Pfleeger


Password Management
 Lists discoverable by intruders
• Password files accessible
• Requires strong access controls
• Memory dump can acquire it
• Available from backups
 Protection
• Encryption
• Salt (UNIX)
 Indiscreet users
• Tape to PC
• Share
 One-time passwords
Source: Pfleeger & Pfleeger
Password Selection Criteria
 Use characters other than just A – Z
 Choose long passwords
 Avoid actual names or words
 Choose an unlikely password
 Change password regularly
 Don’t write it down
 Don’t tell anyone else

Source: Pfleeger & Pfleeger


Authentication Process Control
 Limit tries
 Profiles
• Password
• Time, log-in machine
 Fix flaws
• Challenge-Response
(deviate response)
• Impersonation of log-in
(attacker sets up machine to grab log-in)

Source: Pfleeger & Pfleeger

You might also like