SSK 4505

SSK 4505
Computer System
Security
Protection in Operating
Systems
• At the end of this topic, you will be
able to:
– describe the functions of
operating system including its
security functions. (C1)
Learning – use techniques to protect
Objectives operating systems from
malicious software and to
recover from an attack. (P3)
– explain the different levels of
privilege. (A3)
• This topic will cover the following topics:
1. Protected Objects and Methods of
Protection
2. Memory and Address Protection
Outline 3. Control of Access to General Objects
4. File Protection Mechanisms
5. User Authentication
• An operating
system has TWO
goals:
1. Controlling
shared access
2. Implementing an
interface to
Introduction allow that
access.
Underneath those goals are support
activities
1. IDENTIFICATION AND AUTHENTICATION
2. NAMING
3. FILING OBJECTS
4. SCHEDULING
5. COMMUNICATION AMONG PROCESSES, AND
6. RECLAIMING AND REUSING OBJECTS

Introduction
• Operating system functions can be categorized

as:
1. access control
2. identity and credential management
3. information flow
4. audit and integrity protection
• Three example of operating system?

Predecessors of
Operating Systems
(OSs)
1) No system software
– User entered programs in binary
• Via switches or via keyboard
– Single user had full control of
computer
• Scheduled time for exclusive
computer use
• Prepare before use
– Load assembler,
compiler, shared
subroutines, etc.
• Clean up after use
Predecessors of
Operating
Systems (OSs)
2) Executive – simple utilities
program
– Assist single user with
preparation and cleanup
– Entirely passive role:
• Waited for user’s
request
• Provided service on
demand
– focusing on a single
programmer during
execution
Predecessors of
Operating
Systems (OSs)
3) Monitor – multiprogramming OSs
• Assisted multiple users in
multiprogramming systems
(more than one users)
• Actively controlled system
resources
– Provided service if consistent
with system policies, denying
otherwise
• Protect one user from
interference (malicious or
acceidental or malicious) by
another
• The operating system had to
protect these objects:
1. memory
Protected 2. sharable I/O devices, such as
Objects disks
and 3. serially reusable I/O devices,
Methods such as printers
of 4. sharable programs and sub-
procedures
Protection
5. networks
6. sharable data
Protected Objects and Methods of
Protection
• Strength of security via separation (least to most secure):
Logical separation
Temporal separation Level of security
Physical separation
• Complexity of implementation of separation (least to most
complex):
Physical separation
Temporal separation Complexity of implementation
Logical separation
Cryptographic separation
• Resource utilization in different kinds of separation:
– Poor: physical separation / temporal separation
– Good: logical separation / cryptographic separation
Protected Objects and
Methods of
Protection
• However, the first two approaches are
very strict
– can lead to poor resource
utilization.
• Separation is only half the answer.

– while we separate users and
their objects, they need to share
some resources for efficiency.
– Example: sharing access of a
document for different users
with different security level
Protected
Objects • Operating Systems use a variety of
and methods to enable sharing
Methods of resources:
1. Do not protect
of
2. Isolate
Protection 3. Share all or Share nothing
4. Share via access limitations
5. Share by capabilities
6. Limit use of an object
1. No Protection is
appropriate when
Protected sensitive procedures
are being run at
separate times
Objects
2. Isolate When an
and operating system
provides isolation,
Methods different processes
running concurrently
of are unaware of the
presence of each
other. Each process
Protection has its own address
space, files, and
other objects.
Protected 3. Share all or share
nothing. With this
form of protection,
Objects the owner of an
object declares it to
and be public or private.
– A public object is
Methods available to all
users
of – a private object is
available only to
Protection its owner
Protected
4. Share via access limitation. the
Objects operating system checks the
and allowability of each user's potential
access to an object.
Methods
– access control is implemented for
of a specific user and a specific
Protection object.
– Lists of acceptable actions guide
the operating system in
determining whether a particular
user should have access to a
particular object.
Protected
Objects
and 5. Share by capabilities. This form of
Methods protection allows dynamic creation of
of sharing rights for objects.
– The degree of sharing can depend
Protection on the owner or the subject, on
the context of the computation, or
on the object itself.
Protected Objects and
Methods of Protection
6. Limit use of an object. This form of protection limits not just

the access to an object but the use made of that object after
it has been accessed.
– Example: a user may be allowed to view a sensitive
document, but not to print a copy of it.
– Example: a user may be allowed access to data in a
database to derive statistical summaries (such as average
salary at a particular grade level), but not to determine
specific data values (salaries of individuals).
Protection
• Complexity of implementation and fineness of
protection:
1. No protection
2. Isolation Complexity of
3. Full sharing or no sharing implementation
and
4. Sharing via access limitation Fineness of protection
5. Sharing by capabilities
6. Limited object use
Protection
• Data access can be controlled at various levels
– Bit difficult Superior
– Byte protection
– Element/word
– Field implementation granularity
– Record
– File
– Volume
easy worth
protection
• The basis of protection of those objects is separation:
Protected – keeping one user’s objects secure from interference
by other users
Objects • Types of separation:
and 1. Physical separation
• Different processes use different physical
Methods objects
• E.g., different printers for different
of 2.
‘confidentiality levels’ of output
Temporal separation
Protection 3.
• Different processes execute at different times
Logical separation
• Maintain the illusion of Physical or Temporal
Separation
4. Cryptographic separation
• Processes conceal their data and
computations so that external processes cannot
gain access
5. Combinations of two or more of the above
separation
Memory and
Address
Protection
Presented by each group

Memory protection
• WHAT?
– a way to control memory access rights on a
computer
– to prevent a process from accessing memory area
that has not been allocated to it
Operating User Program
System Space
Memory
Memory and Address Protection
• The main challenge in multiprogramming in an
OS is
1. Separating OS and other programs/users in
terms of memory space
2. Separating a user/program from other
users/programs
• To prevent one program/user from affecting the data
and programs in the memory space of other
program/users.
• Protection methods:
1. Fence
2. Relocation
3. Base/Bounds Registers
4. Tagged Architecture
5. Segmentation
6. Paging
7. Combined Paging with Segmentation
1. Fence
– Simplest of all protection
– Confine the user to one side of a boundary

– Used to separate OS and Program (wasteful use
of space)
– Protects a user from an OS but not a user from
another user
Fixed fence
Fixed fence drawback:

• Predefined mount of space assigned to the OS
• Wastes space if unused by OS
• Space could not growing if demand is more than
the available space
Variable fence
- Using fence register — hardware register

- Contains the address of the end of the OS
- Can be modified
- Drawback
Cannot protect one user from another user
2. Relocation
– If OS has fixed size, it easy to determine the
address of any object in the program.
– However, that is not the case.
– Because the size of the operating system is
allowed to change (older version vs. newer
version)
– So, programs must be written in a way that does
not depend on placement at a specific location in
memory.
– Relocation is the process of changing all program addresses
to reflect the changes in Operating System address (size)
– adding a constant relocation factor to each address of the
program
• Relocation factor is the starting address of program in memory
– The fence register can be use as a hardware relocation
device
• The contents of the fence register are added to each program
address
• This action both relocates the address and guarantees that no one
can access a location lower than the fence address
• A major advantage of an operating system
with fence registers is the ability to relocate.
– important in a multiuser environment
• However, Fence registers provide a lower
bound (a starting address) but not an upper
one.
– It is difficult to know how much space is allotted
and in checking for overflows into "forbidden"
areas.
3. Base/bounce Register
– To overcome this difficulty, a second register is
often added called a bounds register.
– Base register : variable fence register
• Determines starting address, i.e. lower limit, for
user program addresses
– Bounds register
• Determines upper limit for user program
addresses
Base/bounce register
– Problem with base/bounds registers:
• All-or-non data sharing problem
– Either a program makes all its data available to be accessed and modified
or it prohibits access to all.
• How about if we want to allow other module to

access only some data values (not all)?
– The only way to accomplish partial sharing would be to
move each appropriate set of data values to different
contiguous space.
• this solution would not be acceptable if the data items were large
records, arrays, or structures
Assignment
• Assign each technique to group
• Work in group and do sharing presentation on

Wednesday session.
Group Topic
Done MAP: Fence and Relocation
Done MAP: Base/Bounds Registers
1 MAP: Tagged Architecture
2 MAP: Segmentation
3 MAP: Paging
4 MAP: Combined Paging with Segmentation
5 Access Control: Directory
6 Access Control: Access Control List
7 Access Control: Access Control Matrix
8 Access Control: Capability-based AC
9 Access Control: Role-based AC
10 Kerberos
4. Tagged Architecture
– every word of machine memory has one extra bits
to identify access right.
– These access bits can be set only by privileged
(operating system) instructions
– Will be tested every time instruction accesses its
location
• One memory location may be
protected as
o R = Read only OR
o RW = Read/Write OR
o X = Execute only
• In this way, two adjacent locations

can have different access rights
– Advantages of Tagged Architecture:
• Low (good!) granularity of memory access control at
memory word level
– With a few extra tag bits, different classes of data (numeric,
character, address or pointer, and undefined) can be
separated
– data fields can be protected for privileged (operating system)
access only
– Problems with tagged architecture:
• Requires special hardware
– Incompatible with code of most OSs
» OS compatible with it must:
• Accommodate tags in each memory word
• Test each memory word accessed
» Need to rewrite OS -> costly
– Higher memory costs (extra bits per word)
5. Segmentation
– A notion of dividing a program into separate
pieces (called segments)
– E.g. Pieces are: code for single procedure/data of
an array / collection of local data values
• Consecutive program segments can be easily
stored in nonconsecutive memory locations
– Unlimited number of base/bound registers
<name, offset>
• Each segment has a unique name
• data item within a segment is addressed as
the pair <name, offset>
– name is the name of the segment containing the
data item
– offset is its location within the segment (its
distance from the start of the segment)
Segment Translation Table is created for each program
used to determine the true memory address of an
instruction or data
• each process in execution has one segment
translation table.
• Two processes that need to share access to a
single segment would have the same segment
name and address in their segment tables.
– Allow sharing in better way
• Segmentation offers these security benefits:
1. Each address reference is checked for protection
2. Many different classes of data items can be
assigned different levels of protection
3. Two or more users can share access to a
segment, with potentially different access rights.
4. A user cannot generate an address or access to
an unpermitted segment.
– Problems with segmentation
• Fragmentation of main memory (by variable-
sized holes left after “old” segments)
• Low efficiency
– Symbolic segment names difficult to encode
in program instructions – slow process
6. Paging
• Principles:
– Program divided into separate pieces with equal-
sized pages
– Memory divided into same-sized page frames
– Similar to segmentation, each address in a paging
scheme is a two-part object - <page, offset>
Paging
– Benefits of paging
• Programmer can be oblivious to page boundaries
– Paging completely hidden from programmer
• Unlike Segmentation, Paging reduces the problem of
fragmentation in main memory
– Problem with paging
• Cannot associate access rights with pages
– Pages are random collections of items that require
different protection level in general
– Pages are not ‘access rights’ units (logical units) to
be protected at the same level
7. Combine Paging with Segmentation
– Principle:
• Paging offers efficiency
– Hiding from programmer
– No fragmentation
• Segmentation offers ‘logical protection’
– Grouping items with similar protection needs within
the same segment
• Paged segmentation:
• Programmer defines segments
• Segments broken into pages
automatically
• Benefits of paging and segmentation
but extra layer of address translation
– Additional hardware deals with this
overhead
Combined Paging with Segmentation
CONTROL OF ACCESS TO GENERAL
OBJECTS
Control of Access to General Objects
• Protecting memory is a specific case of the

more general problem of protecting objects.
• As multiprogramming has developed, the

numbers and kinds of objects shared have also
increased.
• Several complementary goals in protecting

objects:
1. Check every access
2. Enforce least privilege
3. Verify acceptable usage
• General objects that needs protection:
1. memory
2. a file or data set on an auxiliary storage device
3. an executing program in memory
4. a directory of files
5. a hardware device
6. a data structure, such as a stack
7. a table of the operating system
8. instructions, especially privileged instructions
9. passwords and the user authentication mechanism
10. the protection mechanism itself
• Directory
– Unique object owner
• Owner controls access rights: assigns/revokes them
• Access rights (ARs): Read, write, execute (possible
others)
– Each user has access rights directory
– Advantage: Easy to implement
• Just one list (directory) per user
• Maintenance difficulties:
– the list becomes too large if many shared objects are
accessible to all users
– Deletion of shared objects
• Requires deleting entry from each directory referencing it
– Revocation of access
• If owner A revokes access rights for X from every subject,
OS must search dir’s of all subjects to remove entries for X
– Pseudonyms
• Access Control List

– A list attached to an object
– Specifying access rights for each subject (who
accesses this object)
• For some subjects specified individually, for others —
via being member of a group
• Note: This “reverses” directory approach where:
– lists are attached to a subject
– specifying access rights for each object (accessed by this
subject)
• Example 1
– Subjects: A, B, C, D, E
– Use of wild card (*) for ‘any’ (any subject other than B can
R/W Object 4)
• Previous access control mechanism used lists

– Directory – subject’s list of access rights for
objects accessible by the subject
– Access Control list – object’s list of access rights
for subjects that can access the object
• Access Control Matrix

– A sparse matrix (a table)
• Rows — subjects / columns — objects
• Cell (i, j) — subjects i’s access rights for access to object
j
• Capabilities
– A capability is a token, ticket, or key that gives the
possessor permission to access an entity or object in
a computer system.
– Analogy:
• A movie ticket is a capability to watch a movie
• A key is a capability to enter a house
– Unforgeable: once a capability is issued to a user,
the user should not be able to tamper with the
capability.
• A capability is implemented as a data

structure that contains:
– Identifier: addresses or names.
• e.g. a segment of memory, an array, a file, a printer, or
a message port.
– Access right: read, write, execute, access, etc.
• Basic operation of Capabilities:
– Create capability: a capability is created for a user
(or assign to a user).
– Delegate capability: a subject delegates its
capability to other subjects.
• There are many interesting features related to
delegation:
– Expiration time: specify the lifetime of a delegated capability.
– Propagation control: specify whether the users who get a
capability via delegation can further delegate the capability.
– Revoke capability: a subject revokes the
capabilities it has delegated to other subjects.
• The implementation of revocation in general is a
difficult problem. The followings are two common
revocation schemes:
– Approach 1: Have each capability point to an indirect object.
» when revoking a capability, we can simply delete the
indirect object.
– Approach 2: Use a random number.
» The owner can change the number.
» A user must also present the number in addition to the
capability.
– Enable capability: a subject enables a disabled
capability.
– Disable capability: a subject temporarily disables a
capability.
– Delete capability: a subject permanently deletes a
capability
• Analogy example:
– “Alice wishes to keep all of her valuables in three
safe deposit boxes in the bank. Occasionally, she
would like one or more trustworthy friends to
make deposits or withdrawals for her. There are
two ways that the bank can control access to the
box”
– *imagine Operating System act as the bank
• The ACL Approach
– Authentication: The bank must authenticate.
– Bank’s involvement: The bank must (i) store the list, (ii) verify users.
– Forging access right: The bank must safeguard the list.
– Add a new person: The owner must visit the bank.
– Delegation: A friend cannot extend his or her privilege to someone else.
– Revocation: If a friend becomes untrustworthy, the owner can remove his/her name.
• Capability Approach
– Authentication: The bank does not need to authenticate.
– Bank’s involvement: The bank need not be involved in any transactions
– Forging access right: The key cannot be forged
– Adding a new person: The owner can give the key to other people
– Delegation: A friend can extend his or her privilege to someone else.
– Revocation: The owner can ask for the key back, but it may not be possible to know
whether or not the friend has made a copy
• Kerberos
– Kerberos is an implementation of a ticket based
system with authentication (secured with
symmetric cryptography)
– Kerberos requires two systems,

• authentication server (AS) and
• the ticket-granting server (TGS)
• Authentication server (AS) function
– A user presents an authenticating credential (such
as a password) to the AS and receives a ticket
showing that the user has passed authentication
– the ticket must be encrypted to prevent the user
from modifying or forging one claiming to be a
different user
– the ticket must contain some provision to prevent
one user from acquiring another user's ticket to
impersonate that user
• Ticket-granting server (TGS) function
– Assume a user, Joe, wants to access a resource R
(for example, a file, printer, or network port).
– Joe sends to TGS his authenticated ticket and a
request to use R.
– Assuming Joe is allowed access, the TGS returns to
Joe two tickets:
• One shows Joe that his access to R has been authorized,
• and the second is for Joe to present to R in order to
access R.
• Other Kerberos example:

– Suppose you want to access a server on another
computer.
– To get your ticket (or capabilities), you first request
authentication from the Authentication Server
(AS).
– The Authentication Server creates a "session key"
(it is like "ticket-granting ticket.“)
– Next, you send your ticket-granting ticket to a ticket-granting
server (TGS). The TGS may be physically the same server as
the Authentication Server, but it's now performing a different
service.
– The TGS returns the ticket that can be sent to the server for
the requested service.
– Because the ticket you received from the TGS is time-
stamped, it allows you to make additional requests using the
same ticket within a certain time period (typically, eight
hours) without having to be reauthenticated.
– Making the ticket valid for a limited time period make it less
likely that someone else will be able to use it later.
• Procedure-Oriented Access Control (P-OAC)

– restricting not just which subjects have access to
an object, but also what they can do to that object
– more refined actions than just R or W or X
– Mechanism:
• Procedure encapsulates object
• Controls accesses to object
• Provides trusted interface to object
• Implements information hiding
– Disadvantages of P-OAC
• Not simple - must check on each access
• No fast access – slow response to users
• Role-Based Access Control (RBAC)

– Distinguishes access among kinds of users
– control access by job demands, not by person
• Access control keeps up with a person who changes
responsibilities
– associate privileges with groups
– Example in a hospital, access control is different
between administrators, doctor, nurse, driver,
receptionist etc.
• Growing flexibility — but also complexity and

overhead
– Directory-like mechanism Flexibility
– Access control lists Complexity
– Access control matrices Overhead
– Capabilities for access control
– Procedure-Oriented Access Control
File Protection Mechanism
• All-None System
– files were by default public
• Unacceptable because:
– Lack of Trust
– Too Course
– Rise of Sharing
– Complexity
– File Listings
File Protection Mechanism
• Group Protection
– focused on identifying groups of users who had
some common relationship (working on a common
project, a department, a class, or a single user)
• Problems:
– Group Affiliation
– Multiple Personalities
– All Groups
– Limited Sharing
AUTHENTICATION
• Some general objects :
1. memory
Memory
2. files
3. directories
4. hardware
5. instructions
Files 6. passwords
7. the protection mechanism itself
Ac
Hardware
ce
Au
ss
th
Directories
on
en
tro
tic
l
ati
s
on
e s
cc
A
Users/ Other System Operating System
Recall some..
Access Control List
Access Control Matrix

User Authentication
• What is Authentication?
– establishes identity
– evaluates the authenticity of identity proving
credentials
• Credential – is proof of identity
• Evaluation – process that assesses the
correctness of the association between
credential and claimed identity
– Authentication is essential for an operating
system because accurate user identification is
the key to individual access rights
User Authentication
• Credentials can be
 Something the user is
 Something the user has
 Something the user knows
• Two or more forms can be combined

for more solid authentication;
– for example, a bank card and a
PIN combine something the user
has with something the user
knows
User Authentication
• Passwords as Authenticators
– a "word" known to computer and user
– suffer from some difficulties of use:
i. Loss/ Forgotten
ii. Use
iii. Disclosure
iv. Revocation
• Attacks on Passwords
– Passwords are somewhat limited as
protection
– Password can be determined by:
i. Try all possible passwords.
User ii. Try frequently used
Authentication passwords.
iii. Try passwords likely for the
user.
iv. Search for the system list of
passwords.
v. Ask the user!
User Authentication
Try all possible passwords

• Try all possible = exhaustive attack / brute force
attack
• Approach: Try all possible character combinations
• Example
– Suppose: - only 26 chars (a-z) allowed in pwd
and pwd length: 8 chars
– five million million possible passwords
– If 1 password per microsecond, the work takes
about two months
User Authentication
Try many probable passwords

• People prefer short passwords
• Can reduce expected successful attack time by checking
most probable char combinations first:
– Check short passwords first
– Check common words First
• Example – check short passwords first
– check passwords of length ≤ k
• k=3: ≈ 18.3 ms to check all combinations
• k=4: ≈ 475 ms ≈ 0.5 s
• k=5: ≈ 12,356 ms ≈ 12.4 s
User Authentication
Try likely passwords

• People are predictable in password selection
• not choosing a word completely at random
– Attacker can restrict attack dictionary first to

names of
• Family
• Pets
• Celebrities
• sports stars
• Streets
User Authentication
• 12 steps an attacker might try (start with/ ‘most probable’ guesses)
1. No password
2. Same as user ID
3. User’s name or derived from it
4. Common word list plus common names and patterns
• Ex. common patterns: ‘asdfg’ – consecutive keyboard keys, ‘aaaa’
5. Short college dictionary
6. Complete English word list
7. Common non-English language dictionaries
8. Short college dictionary with capitalizations & substitutions
• E.g. PaSsWoRd, pa$$w0rd
• Substitutions include: a -> @, e -> 3, i/l -> 1, o -> 0, s -> $, ...
9. Complete English with capitalization and substitutions
10. Common non-English dictionaries with capitalization and substitutions
11. Brute force, lowercase alphabetic characters
12. Brute force, full character set
Search system list of
passwords
• System must keep list of
passwords to authenticate
logging users
User • Attacker may try to capture
Authentication password list
• Password lists:
– Protected with strong access
controls and encryption
User
Authentication Ask the user
 Exploiting indiscreet users
 A case of social
engineering
 Can be much simpler
than guessing passwords
or breaking password
file encryption
 Phishing techniques
User Authentication
 Password selection criteria
 Use characters other than just A – Z
 Choose long passwords
 Avoid actual names or words
 Choose an unlikely password
 Change password regularly
 Don’t write it down
 Don’t tell anyone else

• Biometrics: Authentication
Not Using Passwords
• biological authenticators
are based on some physical
User
characteristic of the human
Authentication
body
i. Handprint detectors
ii. voice recognizers,
iii. identifiers of patterns in
the retina
iv. What else?
• Advantages over passwords
– cannot be lost, stolen,
User forgotten, lent, or forged
Authentication
– always available
• problems with biometrics:
i. Invasive
ii.Costly
User iii.
Variation reduces accuracy
Authentication iv.false accept and false
rejection
v. Speed vs. accuracy
N-factor Authentication
 n-factor authentication (nFA)
 Makes authentication more trustworthy
 Usually, two-factor authentication (2FA) and
three-factor authentication (3FA)
 nFA uses n means of authentication
 E.g., for 2FA: password + challenge-response
One-time passwords
 One-time passwords = challenge-response systems
 Pwd changes every time it is used => can be used
exactly once
 Immediately invalidated after its use
 An ultimate form of password aging

 Not a static word/phrase but a math function
 Also for host-host authentication (not only user-host)
 Scenario:
 System provides challenge (argument)
User returns response (computed fcn value)

 E.g., :
 Challenge: the number of authentication (NOA)

 Response: the one-time password for that NOA
 System evaluates response
 If response is valid, user is authenticated
Characteristics of Computer Intrusion
• SQL Injection
– Is a code injection technique
– Involves inserting malicious SQL statements into
an entry field for execution.
– The goal is to modify a database.
– Can execute command as well (depending on the
code injected)
Characteristics of Computer Intrusion
• Normal Login
– Username: izuan izuan
– Password: abc123 ******
• Login values is passed to the web application

and check the values in database
• What happen behind the scene
– The following SQL
Characteri statement is made to the
stics of database:
SELECT FROM Users
Computer WHERE
Intrusion username=‘izuan’ AND
password=‘abc123’;
– The system then check if the

value given is equal to the
value in database
Characteristics of
Computer Intrusion
*/--
• How the injection is done?
– Instead of inserting correct
username, the attacker send
special code.
*******
– Injected Login
• Username: */--
• Password: ‘ or 1=1--
Characteristics of Computer
Intrusion
• Effects of SQL Injection
– Modification of database (delete database,
change value etc)
– To access private information
• SONY Incident
• Attacker breaks 77 milions account and stole
Personal Identifiable Information (PII) – names,
address, d.o.b, username, password and credit/debit
card numbers.
• The attacker faces 122 years in prison. So don’t do it!
Conclusion
• Object protection
– Memory protection
• Method: fence, relocation register, base bounds, tags, segments,
pages
– General objects
• Methods: directory, ACL, capability
– Files
• permission
• Authentication
– Based on something you know, something you
have, something you are

– Passwords
Thank you
End of Chapter 5

SSK 4505 - Chapter 5

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SSK 4505 - Chapter 5

Uploaded by

Copyright:

Available Formats

5. COMMUNICATION AMONG PROCESSES, AND

6. RECLAIMING AND REUSING OBJECTS

• Operating system functions can be categorized

• Three example of operating system?

• Separation is only half the answer.

6. Limit use of an object. This form of protection limits not just

Presented by each group

– Confine the user to one side of a boundary

Fixed fence drawback:

- Using fence register — hardware register

• How about if we want to allow other module to

• Work in group and do sharing presentation on

• In this way, two adjacent locations

• Protecting memory is a specific case of the

• As multiprogramming has developed, the

• Several complementary goals in protecting

• Access Control List

• Previous access control mechanism used lists

• Access Control Matrix

• A capability is implemented as a data

– Kerberos requires two systems,

• Other Kerberos example:

• Procedure-Oriented Access Control (P-OAC)

• Role-Based Access Control (RBAC)

• Growing flexibility — but also complexity and

Access Control Matrix

• Two or more forms can be combined

Try all possible passwords

Try many probable passwords

Try likely passwords

– Attacker can restrict attack dictionary first to

 Choose long passwords

 Avoid actual names or words

 Choose an unlikely password

 Change password regularly

 Don’t write it down

 Don’t tell anyone else

 An ultimate form of password aging

User returns response (computed fcn value)

 Challenge: the number of authentication (NOA)

– Password: abc123 ******

• Login values is passed to the web application

– The system then check if the

have, something you are

You might also like