Professional Documents
Culture Documents
Computer System
Security
Protection in Operating
Systems
• At the end of this topic, you will be
able to:
– describe the functions of
operating system including its
security functions. (C1)
Learning – use techniques to protect
Objectives operating systems from
malicious software and to
recover from an attack. (P3)
– explain the different levels of
privilege. (A3)
• This topic will cover the following topics:
1. Protected Objects and Methods of
Protection
2. Memory and Address Protection
Outline 3. Control of Access to General Objects
4. File Protection Mechanisms
5. User Authentication
• An operating
system has TWO
goals:
1. Controlling
shared access
2. Implementing an
interface to
Introduction allow that
access.
Underneath those goals are support
activities
1. IDENTIFICATION AND AUTHENTICATION
2. NAMING
3. FILING OBJECTS
4. SCHEDULING
– Element/word
– Field implementation granularity
– Record
– File
– Volume
easy worth
protection
• The basis of protection of those objects is separation:
Protected – keeping one user’s objects secure from interference
by other users
Objects • Types of separation:
and 1. Physical separation
• Different processes use different physical
Methods objects
• E.g., different printers for different
of 2.
‘confidentiality levels’ of output
Temporal separation
Protection 3.
• Different processes execute at different times
Logical separation
• Maintain the illusion of Physical or Temporal
Separation
4. Cryptographic separation
• Processes conceal their data and
computations so that external processes cannot
gain access
5. Combinations of two or more of the above
separation
Memory and
Address
Protection
Memory
Memory and Address Protection
• The main challenge in multiprogramming in an
OS is
1. Separating OS and other programs/users in
terms of memory space
2. Separating a user/program from other
users/programs
• To prevent one program/user from affecting the data
and programs in the memory space of other
program/users.
Memory and Address Protection
• Protection methods:
1. Fence
2. Relocation
3. Base/Bounds Registers
4. Tagged Architecture
5. Segmentation
6. Paging
7. Combined Paging with Segmentation
Memory and Address Protection
1. Fence
– Simplest of all protection
Fixed fence
Variable fence
Base/bounce register
Memory and Address Protection
– Problem with base/bounds registers:
• All-or-non data sharing problem
– Either a program makes all its data available to be accessed and modified
or it prohibits access to all.
• Directory
– Unique object owner
• Owner controls access rights: assigns/revokes them
• Access rights (ARs): Read, write, execute (possible
others)
– Each user has access rights directory
– Advantage: Easy to implement
• Just one list (directory) per user
Control of Access to General Objects
Control of Access to General Objects
• Maintenance difficulties:
– the list becomes too large if many shared objects are
accessible to all users
– Deletion of shared objects
• Requires deleting entry from each directory referencing it
– Revocation of access
• If owner A revokes access rights for X from every subject,
OS must search dir’s of all subjects to remove entries for X
– Pseudonyms
Control of Access to General Objects
• Analogy example:
– “Alice wishes to keep all of her valuables in three
safe deposit boxes in the bank. Occasionally, she
would like one or more trustworthy friends to
make deposits or withdrawals for her. There are
two ways that the bank can control access to the
box”
– *imagine Operating System act as the bank
Control of Access to General Objects
• The ACL Approach
– Authentication: The bank must authenticate.
– Bank’s involvement: The bank must (i) store the list, (ii) verify users.
– Forging access right: The bank must safeguard the list.
– Add a new person: The owner must visit the bank.
– Delegation: A friend cannot extend his or her privilege to someone else.
– Revocation: If a friend becomes untrustworthy, the owner can remove his/her name.
• Capability Approach
– Authentication: The bank does not need to authenticate.
– Bank’s involvement: The bank need not be involved in any transactions
– Forging access right: The key cannot be forged
– Adding a new person: The owner can give the key to other people
– Delegation: A friend can extend his or her privilege to someone else.
– Revocation: The owner can ask for the key back, but it may not be possible to know
whether or not the friend has made a copy
Control of Access to General Objects
• Kerberos
– Kerberos is an implementation of a ticket based
system with authentication (secured with
symmetric cryptography)
Hardware
ce
Au
ss
th
Directories
on
en
tro
tic
l
ati
s
on
e s
cc
A
Users/ Other System Operating System
Recall some..
Access Control List
• Credentials can be
Something the user is
Something the user has
Something the user knows
exactly once
Immediately invalidated after its use
• SQL Injection
– Is a code injection technique
– Involves inserting malicious SQL statements into
an entry field for execution.
– The goal is to modify a database.
– Can execute command as well (depending on the
code injected)
Characteristics of Computer Intrusion
• Normal Login
– Username: izuan izuan