SlideShare a Scribd company logo

20-security.ppt

Download as PPT, PDF
A
ajajkhan16

The document discusses techniques for operating system security including authentication, authorization, and confinement. It describes the goals of safely sharing resources while preventing unauthorized access to private data or interference between programs. The trusted computing base and security techniques like reference monitors, access control lists, and capabilities are explained. Later sections cover implementing authentication through passwords, public keys, and biometrics and how authorization works using access control matrices. The challenges of confinement and running untrusted code securely are also discussed.

1 of 23
Operating System Security Mike Swift CSE 451 Autumn 2003
Outline • Overarching goal: safe sharing • Authentication • Authorization • Reference Monitors • Confinement
Safe Sharing • Protecting a single computer with one user is easy – Prevent everybody else from having access – Encrypt all data with a key only one person knows • Sharing resources safely is hard – Preventing some people from reading private data (e.g. grades) – Prevent some people from using too many resources (e.g. disk space) – Prevent some people from interfering with other programs (e.g. inserting key strokes / modifying displays)
Why is security hard? • Security slows things down • Security gets in the way • Security adds no value if there are no attacks • Only the government used to pay for security – The Internet made us all potential victims
Trusted Computing Base (TCB) • Think carefully about what you are trusting with your information – if you type your password on a keyboard, you’re trusting: • the keyboard manufacturer • your computer manufacturer • your operating system • the password library • the application that’s checking the password – TCB = set of components (hardware, software, wetware) that you trust your secrets with • Public web kiosks should *not* be in your TCB – should your OS? • but what if it is promiscuous? (e.g., IE and active-X extensions) – how about your compiler? • A great read: “Reflections on Trusting Trust”.
Security Techniques • Authentication – identifying users and programs • Authorization – determining what access users and programs have to things – Complete mediation: check every access to every protected object • Auditing – record what users and programs are doing for later analysis
Authentication • How does a computer know who I am? – User name / password • How do it store the password? • How do it check the password? • How secure is a password? – Public/Private Keys – Biometrics • What does the computer do with this information? – Assign you an identifier • Unix: 32 bit number stored in process structure • Windows NT: 27 byte number, stored in an access token in kernel
Aside on Encryption • Encryption: takes a key and data and creates ciphertext – {Attack at dawn}key=h8JkS! = 29vn&#9njs@a • Decryption: takes cipertext and a key and recovers data – {29vn&#9njs@a}key=h8JkS! = Attack at dawn – Without key, can’t convert data into ciphertext or vice-versa • Hashing: takes data and creates a fixed-size fingerprint, or hash – H(Attack at Dawn) = 183870 – H(attack at dawn) = 465348 – Can’t determine data from hash or find two pieces of data with same hash
• CTSS (1962): password file • Unix (1974): encrypt passwords with passwords • Unix (1979): salted passwords Storing passwords Bob: 14: “12.14.52” David: 15: “allison” Mary: 16: “!ofotc2n” Bob: 14: S6Uu0cYDVdTAk David: 15: J2ZI4ndBL6X.M Mary: 16: VW2bqvTalBJKg Bob: 14: S6Uu0cYDVdTAk: 45 David: 15: J2ZI4ndBL6X.M: 392 Mary: 16: VW2bqvTalBJKg: 152 K=[0]allison392 K=[0]allison
More Storing Passwords • Unix-style password file – Password file not protected, because information in it can’t be used to logon – Doesn’t work for network authentication • Doesn’t contain any secret information • Windows-NT style password file – Contains MD4 hash of passwords – Hash must be protected because it can be used to log on • Hidden from users • Encrypted by random key • Physical security required
Password Security • 26 letters used, 7 letters long – 8 billion passwords (33 bits) – Checking 100,000/second breaks in 22 hours • System should make checking passwords slow • Adding symbols and numbers and longer passwords – 95 characters, 14 characters long – 1027 passwords = 91 bits – Checking 100,000/second breaks in 1014 years • SDSC computed 207 billion hashes for 50 million passwords in 80 minutes. – Hashing all passwords for one salt takes 20 minutes on a P4
Do longer passwords work? • People can’t remember 14-character strings of random characters • Random number generators aren’t always that good. • People write down difficult passwords • People give out passwords to strangers • Passwords can show up on disk
Authorization • How does the system know what I’m allowed to do? – Authorization matrix: • Objects = things that can be accessed • Subjects = things that can do the accessing (users or programs) – What are the limits? • Time of day • Ranges of values Alice Bob Carl /etc Read Read Read Write /homes Read Write Read Write Read Write /usr None None Read
Access Control Lists • Representation used in Windows NT, Unix for files • Stored on each file / directory Bob Read, Write, Delete Students Read Everyone Read Unix: Fixed set of permissions (read,write,delete) Three sets of subjects (owner, group, world) Windows NT Arbitrary number of entries 16 permissions per object
Capabilities • Once granted, can be used to get access to an object • Implemented as a protected pointer Kernel Boundary 1 2 3 4 5 6 1 2 3 User program Capability List Used in Unix, Windows NT for files, sockets, kernel objects Capability obtained after ACL check
Which one is better • ACLs: – Can have large numbers of objects – Easy to grant access to many objects at once – Require expensive operation on every access • Capabilities – Hard to manage huge number of capabilities – They have to come from somewhere – They are fast to use (just pointer dereferences) • Most systems use both – ACLs for opening an object (e.g. fopen()) – Capabilities for performing operations (e.g. read())
Protection Domain Concept • A protection domain is the set of objects and permissions on those objects that executing code may access – e.g. a process • memory • files • sockets – also: a device driver, a user, a single procedure • Capabilities: – protection domain defined by what is in the capability list • ACLs – protection domain defined by the complete set of objects code could access
How does this get implemented? • Originally: – every application had its own security checking code, – Separate set of users – Separate set of objects – Separate kinds of ACLs, capabilities • This makes the trusted computing base) huge!!! – You have to trust all applications do to this correctly! • Now: Reference monitor – Manages identity – Performs all access checks – Small, well-tested piece of code
Modern security problems • Confinement – How do I run code that I don’t trust? • E.g. RealPlayer, Flash – How do I restrict the data it can communicate? – What if trusted code has bugs? • E.g. Internet Explorer • Concepts: – Least Privilege: programs should only run with the minimal amount of privilege necessary • Solutions: – Restricted contexts - let the user divide their identity – ActiveX – make code writer identify self – Java – use a virtual machine that intercepts all calls – Binary rewriting - modify the program to force it to be safe
Restricted Contexts • Add extra identity information to an a process – e.g. both username and program name (mikesw:navigator) • Use both identities for access checks – Add extra security checks at system calls that use program name – Add extra ACLs on objects that grant/deny access to the program • Allows user to sub-class themselves for less-trusted programs
ActiveX • All code comes with a public-key signature • Code indicates what privileges it needs • Web browser verifies certificate • Once verified, code is completely trusted Code Signature / Certificate Permissions Written by HackerNet Signed by VerifySign Let JavaScript call this
Java • All problems are solved by a layer of indirection – All code runs on a virtual machine – Virtual machine tracks security permissions – Allows fancier access control models - allows stack walking • JVM doesn’t work for other languages • Virtual machines can be used with all languages – Run virtual machine for hardware – Inspect stack to determine subject for access checks edu.washington.cse451 Java.jdbc.Statement Com.sun.jdbc-odbc.stmt Com.msft.sql-srv.query
Binary Rewriting • Goal: enforce code safety by embedding checks in the code • Solution: – Compute a mask of accessible addresses – Replace system calls with calls to special code Original Code: lw $a0, 14($s4) jal ($s5) move $a0, $v0 jal $printf Rewritten Code: and $t6,$s4,0x001fff0 lw $a0, 14($t6) and $t6,$s5, 0x001fff0 jal ($t6) move $a0, $v0 jal $sfi_printf

Recommended

Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
ch15.pdf
ch15.pdfch15.pdf
ch15.pdf
Sami Mughal
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
DataArt
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
Demetrio Milea
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 

Recommended

Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
ch15.pdf
ch15.pdfch15.pdf
ch15.pdf
Sami Mughal
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
DataArt
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
Demetrio Milea
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Shumon Huque
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
Flaskdata.io
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127
 
Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles
Dr. P. Mohana Priya
 
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain AccessDefcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
eightbit
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
Sam Bowne
 
Ch14 security
Ch14 securityCh14 security
Ch14 security
Welly Dian Astika
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Rishabha Garg
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PROIDEA
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Agile Testing Alliance
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
Information Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric VanderburgInformation Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric Vanderburg
Eric Vanderburg
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
Brent Bernard, CISSP & PCI-QSA
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
Brent Bernard, CISSP & PCI-QSA
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology
Austin Ross
 
Unit-II DBMS presentation for students.pdf
Unit-II DBMS presentation for students.pdfUnit-II DBMS presentation for students.pdf
Unit-II DBMS presentation for students.pdf
ajajkhan16
 
data stream processing.and its applications pdf
data stream processing.and its applications pdfdata stream processing.and its applications pdf
data stream processing.and its applications pdf
ajajkhan16
 

More Related Content

Similar to 20-security.ppt

Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Shumon Huque
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
Flaskdata.io
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127
 
Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles
Dr. P. Mohana Priya
 
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain AccessDefcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
eightbit
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
Sam Bowne
 
Ch14 security
Ch14 securityCh14 security
Ch14 security
Welly Dian Astika
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Rishabha Garg
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PROIDEA
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Agile Testing Alliance
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
Information Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric VanderburgInformation Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric Vanderburg
Eric Vanderburg
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
Brent Bernard, CISSP & PCI-QSA
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
Brent Bernard, CISSP & PCI-QSA
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology
Austin Ross
 

Similar to 20-security.ppt (20)

Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
 
Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles
 
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain AccessDefcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
 
Ch14 security
Ch14 securityCh14 security
Ch14 security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
Information Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric VanderburgInformation Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric Vanderburg
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology
 

More from ajajkhan16

Unit-II DBMS presentation for students.pdf
Unit-II DBMS presentation for students.pdfUnit-II DBMS presentation for students.pdf
Unit-II DBMS presentation for students.pdf
ajajkhan16
 
data stream processing.and its applications pdf
data stream processing.and its applications pdfdata stream processing.and its applications pdf
data stream processing.and its applications pdf
ajajkhan16
 
data streammining and its applications.ppt
data streammining and its applications.pptdata streammining and its applications.ppt
data streammining and its applications.ppt
ajajkhan16
 
NOSQL in big data is the not only structure langua.pdf
NOSQL in big data is the not only structure langua.pdfNOSQL in big data is the not only structure langua.pdf
NOSQL in big data is the not only structure langua.pdf
ajajkhan16
 
Big-Data 5V of big data engineering.pptx
Big-Data 5V of big data engineering.pptxBig-Data 5V of big data engineering.pptx
Big-Data 5V of big data engineering.pptx
ajajkhan16
 
binarysearchtreeindatastructures-200604055006 (1).pdf
binarysearchtreeindatastructures-200604055006 (1).pdfbinarysearchtreeindatastructures-200604055006 (1).pdf
binarysearchtreeindatastructures-200604055006 (1).pdf
ajajkhan16
 
Array and its types and it's implemented programming Final.pdf
Array and its types and it's implemented programming Final.pdfArray and its types and it's implemented programming Final.pdf
Array and its types and it's implemented programming Final.pdf
ajajkhan16
 
sparkbigdataanlyticspoweerpointpptt.pptx
sparkbigdataanlyticspoweerpointpptt.pptxsparkbigdataanlyticspoweerpointpptt.pptx
sparkbigdataanlyticspoweerpointpptt.pptx
ajajkhan16
 
Linked list.pptx
Linked list.pptxLinked list.pptx
Linked list.pptx
ajajkhan16
 
key1.pdf
key1.pdfkey1.pdf
key1.pdf
ajajkhan16
 
08 MK-PPT Advanced Topic 2.ppt
08 MK-PPT Advanced Topic 2.ppt08 MK-PPT Advanced Topic 2.ppt
08 MK-PPT Advanced Topic 2.ppt
ajajkhan16
 
Unit-I Recursion.pptx
Unit-I Recursion.pptxUnit-I Recursion.pptx
Unit-I Recursion.pptx
ajajkhan16
 
Unit-I Pointer Data structure.pptx
Unit-I Pointer Data structure.pptxUnit-I Pointer Data structure.pptx
Unit-I Pointer Data structure.pptx
ajajkhan16
 
Day2.pptx
Day2.pptxDay2.pptx
Day2.pptx
ajajkhan16
 
Unit-1 DataStructure Intro.pptx
Unit-1 DataStructure Intro.pptxUnit-1 DataStructure Intro.pptx
Unit-1 DataStructure Intro.pptx
ajajkhan16
 

More from ajajkhan16 (15)

Unit-II DBMS presentation for students.pdf
Unit-II DBMS presentation for students.pdfUnit-II DBMS presentation for students.pdf
Unit-II DBMS presentation for students.pdf
 
data stream processing.and its applications pdf
data stream processing.and its applications pdfdata stream processing.and its applications pdf
data stream processing.and its applications pdf
 
data streammining and its applications.ppt
data streammining and its applications.pptdata streammining and its applications.ppt
data streammining and its applications.ppt
 
NOSQL in big data is the not only structure langua.pdf
NOSQL in big data is the not only structure langua.pdfNOSQL in big data is the not only structure langua.pdf
NOSQL in big data is the not only structure langua.pdf
 
Big-Data 5V of big data engineering.pptx
Big-Data 5V of big data engineering.pptxBig-Data 5V of big data engineering.pptx
Big-Data 5V of big data engineering.pptx
 
binarysearchtreeindatastructures-200604055006 (1).pdf
binarysearchtreeindatastructures-200604055006 (1).pdfbinarysearchtreeindatastructures-200604055006 (1).pdf
binarysearchtreeindatastructures-200604055006 (1).pdf
 
Array and its types and it's implemented programming Final.pdf
Array and its types and it's implemented programming Final.pdfArray and its types and it's implemented programming Final.pdf
Array and its types and it's implemented programming Final.pdf
 
sparkbigdataanlyticspoweerpointpptt.pptx
sparkbigdataanlyticspoweerpointpptt.pptxsparkbigdataanlyticspoweerpointpptt.pptx
sparkbigdataanlyticspoweerpointpptt.pptx
 
Linked list.pptx
Linked list.pptxLinked list.pptx
Linked list.pptx
 
key1.pdf
key1.pdfkey1.pdf
key1.pdf
 
08 MK-PPT Advanced Topic 2.ppt
08 MK-PPT Advanced Topic 2.ppt08 MK-PPT Advanced Topic 2.ppt
08 MK-PPT Advanced Topic 2.ppt
 
Unit-I Recursion.pptx
Unit-I Recursion.pptxUnit-I Recursion.pptx
Unit-I Recursion.pptx
 
Unit-I Pointer Data structure.pptx
Unit-I Pointer Data structure.pptxUnit-I Pointer Data structure.pptx
Unit-I Pointer Data structure.pptx
 
Day2.pptx
Day2.pptxDay2.pptx
Day2.pptx
 
Unit-1 DataStructure Intro.pptx
Unit-1 DataStructure Intro.pptxUnit-1 DataStructure Intro.pptx
Unit-1 DataStructure Intro.pptx
 

Recently uploaded

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 

Recently uploaded (20)

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 

20-security.ppt

  • 1. Operating System Security Mike Swift CSE 451 Autumn 2003
  • 2. Outline • Overarching goal: safe sharing • Authentication • Authorization • Reference Monitors • Confinement
  • 3. Safe Sharing • Protecting a single computer with one user is easy – Prevent everybody else from having access – Encrypt all data with a key only one person knows • Sharing resources safely is hard – Preventing some people from reading private data (e.g. grades) – Prevent some people from using too many resources (e.g. disk space) – Prevent some people from interfering with other programs (e.g. inserting key strokes / modifying displays)
  • 4. Why is security hard? • Security slows things down • Security gets in the way • Security adds no value if there are no attacks • Only the government used to pay for security – The Internet made us all potential victims
  • 5. Trusted Computing Base (TCB) • Think carefully about what you are trusting with your information – if you type your password on a keyboard, you’re trusting: • the keyboard manufacturer • your computer manufacturer • your operating system • the password library • the application that’s checking the password – TCB = set of components (hardware, software, wetware) that you trust your secrets with • Public web kiosks should *not* be in your TCB – should your OS? • but what if it is promiscuous? (e.g., IE and active-X extensions) – how about your compiler? • A great read: “Reflections on Trusting Trust”.
  • 6. Security Techniques • Authentication – identifying users and programs • Authorization – determining what access users and programs have to things – Complete mediation: check every access to every protected object • Auditing – record what users and programs are doing for later analysis
  • 7. Authentication • How does a computer know who I am? – User name / password • How do it store the password? • How do it check the password? • How secure is a password? – Public/Private Keys – Biometrics • What does the computer do with this information? – Assign you an identifier • Unix: 32 bit number stored in process structure • Windows NT: 27 byte number, stored in an access token in kernel
  • 8. Aside on Encryption • Encryption: takes a key and data and creates ciphertext – {Attack at dawn}key=h8JkS! = 29vn&#9njs@a • Decryption: takes cipertext and a key and recovers data – {29vn&#9njs@a}key=h8JkS! = Attack at dawn – Without key, can’t convert data into ciphertext or vice-versa • Hashing: takes data and creates a fixed-size fingerprint, or hash – H(Attack at Dawn) = 183870 – H(attack at dawn) = 465348 – Can’t determine data from hash or find two pieces of data with same hash
  • 9. • CTSS (1962): password file • Unix (1974): encrypt passwords with passwords • Unix (1979): salted passwords Storing passwords Bob: 14: “12.14.52” David: 15: “allison” Mary: 16: “!ofotc2n” Bob: 14: S6Uu0cYDVdTAk David: 15: J2ZI4ndBL6X.M Mary: 16: VW2bqvTalBJKg Bob: 14: S6Uu0cYDVdTAk: 45 David: 15: J2ZI4ndBL6X.M: 392 Mary: 16: VW2bqvTalBJKg: 152 K=[0]allison392 K=[0]allison
  • 10. More Storing Passwords • Unix-style password file – Password file not protected, because information in it can’t be used to logon – Doesn’t work for network authentication • Doesn’t contain any secret information • Windows-NT style password file – Contains MD4 hash of passwords – Hash must be protected because it can be used to log on • Hidden from users • Encrypted by random key • Physical security required
  • 11. Password Security • 26 letters used, 7 letters long – 8 billion passwords (33 bits) – Checking 100,000/second breaks in 22 hours • System should make checking passwords slow • Adding symbols and numbers and longer passwords – 95 characters, 14 characters long – 1027 passwords = 91 bits – Checking 100,000/second breaks in 1014 years • SDSC computed 207 billion hashes for 50 million passwords in 80 minutes. – Hashing all passwords for one salt takes 20 minutes on a P4
  • 12. Do longer passwords work? • People can’t remember 14-character strings of random characters • Random number generators aren’t always that good. • People write down difficult passwords • People give out passwords to strangers • Passwords can show up on disk
  • 13. Authorization • How does the system know what I’m allowed to do? – Authorization matrix: • Objects = things that can be accessed • Subjects = things that can do the accessing (users or programs) – What are the limits? • Time of day • Ranges of values Alice Bob Carl /etc Read Read Read Write /homes Read Write Read Write Read Write /usr None None Read
  • 14. Access Control Lists • Representation used in Windows NT, Unix for files • Stored on each file / directory Bob Read, Write, Delete Students Read Everyone Read Unix: Fixed set of permissions (read,write,delete) Three sets of subjects (owner, group, world) Windows NT Arbitrary number of entries 16 permissions per object
  • 15. Capabilities • Once granted, can be used to get access to an object • Implemented as a protected pointer Kernel Boundary 1 2 3 4 5 6 1 2 3 User program Capability List Used in Unix, Windows NT for files, sockets, kernel objects Capability obtained after ACL check
  • 16. Which one is better • ACLs: – Can have large numbers of objects – Easy to grant access to many objects at once – Require expensive operation on every access • Capabilities – Hard to manage huge number of capabilities – They have to come from somewhere – They are fast to use (just pointer dereferences) • Most systems use both – ACLs for opening an object (e.g. fopen()) – Capabilities for performing operations (e.g. read())
  • 17. Protection Domain Concept • A protection domain is the set of objects and permissions on those objects that executing code may access – e.g. a process • memory • files • sockets – also: a device driver, a user, a single procedure • Capabilities: – protection domain defined by what is in the capability list • ACLs – protection domain defined by the complete set of objects code could access
  • 18. How does this get implemented? • Originally: – every application had its own security checking code, – Separate set of users – Separate set of objects – Separate kinds of ACLs, capabilities • This makes the trusted computing base) huge!!! – You have to trust all applications do to this correctly! • Now: Reference monitor – Manages identity – Performs all access checks – Small, well-tested piece of code
  • 19. Modern security problems • Confinement – How do I run code that I don’t trust? • E.g. RealPlayer, Flash – How do I restrict the data it can communicate? – What if trusted code has bugs? • E.g. Internet Explorer • Concepts: – Least Privilege: programs should only run with the minimal amount of privilege necessary • Solutions: – Restricted contexts - let the user divide their identity – ActiveX – make code writer identify self – Java – use a virtual machine that intercepts all calls – Binary rewriting - modify the program to force it to be safe
  • 20. Restricted Contexts • Add extra identity information to an a process – e.g. both username and program name (mikesw:navigator) • Use both identities for access checks – Add extra security checks at system calls that use program name – Add extra ACLs on objects that grant/deny access to the program • Allows user to sub-class themselves for less-trusted programs
  • 21. ActiveX • All code comes with a public-key signature • Code indicates what privileges it needs • Web browser verifies certificate • Once verified, code is completely trusted Code Signature / Certificate Permissions Written by HackerNet Signed by VerifySign Let JavaScript call this
  • 22. Java • All problems are solved by a layer of indirection – All code runs on a virtual machine – Virtual machine tracks security permissions – Allows fancier access control models - allows stack walking • JVM doesn’t work for other languages • Virtual machines can be used with all languages – Run virtual machine for hardware – Inspect stack to determine subject for access checks edu.washington.cse451 Java.jdbc.Statement Com.sun.jdbc-odbc.stmt Com.msft.sql-srv.query
  • 23. Binary Rewriting • Goal: enforce code safety by embedding checks in the code • Solution: – Compute a mask of accessible addresses – Replace system calls with calls to special code Original Code: lw $a0, 14($s4) jal ($s5) move $a0, $v0 jal $printf Rewritten Code: and $t6,$s4,0x001fff0 lw $a0, 14($t6) and $t6,$s5, 0x001fff0 jal ($t6) move $a0, $v0 jal $sfi_printf