1 / 17

Operating Systems Security

Operating Systems Security. Design Objectives Protection by separation Memory and address protection Access control for general objects Directory Access control lists, matrix Capability File protection mechanisms User authentication, passwords Trusted OS. Design Objectives.

vance-newman
Télécharger la présentation

Operating Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operating Systems Security Design Objectives Protection by separation Memory and address protection Access control for general objects Directory Access control lists, matrix Capability File protection mechanisms User authentication, passwords Trusted OS Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  2. Design Objectives • Access to resources • Controlling unintentional and intentional corruption of data • Protection of one user’s computation from interference from other users • Memory protection • File protection • General control of access to objects • User authentication Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  3. Protection by separation • Physical separation: use of different objects • Temporal separation: use of different times • Logical separation: limiting program access to domains • Cryptographic separation: concealment of data and computations Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  4. Memory and address protection • Fence, Fence register • Can protect operating system from one user, but not users from each other • Relocation (relocation factor) • Base/Bounds register (variable fence register/upper address limit register) • For instructions code and for data space • Tagged architecture: every word of machine memory has extra bits identifying access rights. Only OS instructions can set them. Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  5. Memory and address protection II • Segmentation: program divided into segments represented as pair <name, offset>. OS maintains a table of segment names and true addresses in memory. Segments can be non-contiguous, and stored on auxiliary devices. Protection can be checked each time it is referenced. Fragmentation can be a problem • Paging: programs divided into equal sized page frames represented as pair <page, offset> • Paging and segmentation Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  6. Access control for general objects • Objects: memory, files, executing program in memory, directory, hardware device, data structures, table of the OS, instructions, passwords/user authentication mechanism, protection mechanism itself. • Goals: • Check every access • Enforce least privilege • Verify acceptable usage Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  7. Directory • File directory (problems) (Fig 4-10 and 4-11) • Shared objects (list becomes too long) • Revocation of access • Pseudonyms (two different files with the same name) Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  8. Access control list, matrix • One list for each object (Fig 4-12) • Access Control Matrix(Table 4-1) Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  9. Capability • A ticket giving permission to a subject to have certain type of access to an object • Server holds tickets on behalf of users • Encrypt capabilities under a key available only to the access control mechanism • Domain or name space: each process/procedure operates in a domain Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  10. File Protection Mechanisms • All-or-none protection • Group protection • Single permissions (password protection for files) Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  11. User Authentication • Passwords • Brute force • Probable passwords • Dictionary • Social engineering Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  12. Passwords • Password selection criteria • Non-alphabetic (mixed) • Long • Avoid actual names • Change regularly • Don’t write it down • Don’t tell any one • One-time passwords Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  13. Designing Trusted Operating Systems • An OS is trusted if we have confidence that it provides the four services in a consistent and effective way • Memory protection • File protection • General object access control • User authentication Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  14. Trusted vs. Secure Systems Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  15. Security Policies I • Military security policy • Top secret, Secret, Confidential, Restricted, Un classified • Compartment: contains information associated with a project • Combination <rank, compartments> is called a class or classification of information • A person seeking access to information must be cleared Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  16. Security Policies II • Dominance: For subject s and object o, s 0 if and only if rank s  rank o and compartments s  compartments o We say, o dominates s. Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

  17. Security Policies III • A subject can read an object only if: • The clearance level of the subject is at least as high as the clearance level of the information • The subject has a need to know about all compartments for which the information is classified Acc661 Aud of Adv Acctg Systems, Spring 2003 (Gangolly)

More Related