• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security & Protection
 

Security & Protection

on

  • 1,283 views

 

Statistics

Views

Total Views
1,283
Views on SlideShare
1,283
Embed Views
0

Actions

Likes
0
Downloads
94
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security & Protection Security & Protection Presentation Transcript

    • Protection & Security Organized By: V.A. V.A. CSED,TU
    • Disclaimer This is NOT A COPYRIGHT MATERIALContent has been taken mainly from the following books: Operating Systems Concepts By Silberschatz & Galvin , Operating systems By D M Dhamdhere, System Programming By John J Donovan etc… VA. CSED,TU
    • Protection – Goals & Principle  Each Object has a Unique Name and can be accessed through a well-defined set of Operations.  Ensure that each Object is accessed correctly and only by those Processes that are allowed to do so.  Guiding Principle – Principle of Least Privilege  Programs, users and systems should be given just enough privileges to perform their tasks VA. CSED,TU
    • Domain Structure  Access-right = <object-name, rights-set> where rights-set is a subset of all valid operations that can be performed on the object.  Domain = Set of Access-Rights  Domain can be realized in variety of ways: Each User, Each Process and Each Procedure. VA. CSED,TU
    • Access Matrix  View Protection as a MATRIX (access matrix)  Rows represent Domains  Columns represent Objects  Access (i, j) is the Set Of Operations that a process executing in Domaini can invoke on Objectj VA. CSED,TU
    • Access Control Matrix  Access control matrix consists of triple parts such as subject, object, and access operation.  A SUBJECT is an Active Entity in a computer system such as User, Program, Process and Thread.  An OBJECT is a Passive Entity or System Resource such as File, Directory, Database Record and Printer.  In Access Control Matrix’s schema, the Subjects and Objects are placed in a table. Each row represents a Subject and each column represents an Object.  The data inside the table are Set Of Access Operations such as read, write, and execute. The access operations are responsible for interactions between subjects and objects. VA. CSED,TU
    • Access Matrix VA. CSED,TU
    • Use of Access Matrix  If a Process in Domain Di tries to do “op” on object Oj, then “op” must be in the ACCESS MATRIX.  Can be Expanded to DYNAMIC PROTECTION.  Operations to ADD, DELETE access rights.  Special Access Rights:  Owner of Oi  Copy op from Oi to Oj  Control – Di can modify Dj access rights  Transfer – Switch from domain Di to Dj VA. CSED,TU
    • Access Matrix – Showing Switch VA. CSED,TU
    • Role Based Access Control VA. CSED,TU
    • Sample Access Matrix The Derivative forms of access control matrix such as Access Control List (ACL) and Capability List (C-list) are better applied. VA. CSED,TU
    • Access Control List VA. CSED,TU
    • ACL When we look for Insurance Data we can write: VA. CSED,TU
    • C-List VA. CSED,TU
    • C-List When we look for Alice’s C-list we can write: VA. CSED,TU
    • ACL vs CL VA. CSED,TU
    • Security  Security must consider External Environment of the System and protect the system resources  Intruders (crackers) attempt to breach security  THREAT is potential security violation  ATTACK is attempt to breach security  Attack can be accidental or malicious  Easier to protect against accidental than malicious misuse VA. CSED,TU
    • Security Violations  Categories  Breach of confidentiality  Breach of integrity  Breach of availability  Theft of service  Denial of service  Methods  Masquerading (breach authentication)  Replay attack  Message modification  Man-in-the-middle attack  Session hijacking VA. CSED,TU
    • Security Attacks VA. CSED,TU
    • Reference ListOperating Systems Concepts By Silberschatz & Galvin, Operating systems By D M Dhamdhere, System Programming By John J Donovan, www.os-book.com www.cs.jhu.edu/~yairamir/cs418/os2/sld001.htmhttp://gaia.ecs.csus.edu/~zhangd/oscal/pscheduling.html http://www.edugrid.ac.in/iiitmk/os/os_module03.htm http://williamstallings.com/OS/Animations.html etc… VA. CSED,TU
    • Thnx…VA.CSED,TU