1 / 24

Chapter 4 – Protection in General Purpose Operating Systems

Chapter 4 – Protection in General Purpose Operating Systems. Protection features provided by general-purpose operating systems—protecting memory, files, and the execution environment Controlled access to objects User authentication. Protected Objects and Methods of Protections.

erv
Télécharger la présentation

Chapter 4 – Protection in General Purpose Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4 – Protection in General Purpose Operating Systems • Protection features provided by general-purpose operating systems—protecting memory, files, and the execution environment • Controlled access to objects • User authentication

  2. Protected Objects and Methods of Protections • 1rst OS were simple utilities – executives • Multiprogramming OS required monitors which oversaw each program’s execution • Protected objects • Memory • Sharable I/O devices (disks) • Serially reusable devices (printers) • Shareable programs & subprocedures • Networks • Shareable Data

  3. Security Methods of Operating Systems • Physical Separation (different processes use different objects) • Temporal Separation (processes executed at different times) • Logical Separation (process appears to be alone) • Cryptographic Separation (processes conceal data and computations)

  4. Security Methods of Operating Systems • Want to be able to share resources without compromising security • Do not protect • Isolate different processes • Share all or nothing • Share via access limitation (granularity) • Share by capabilities • Limit use of an object

  5. Memory & Address Protection • Fence – confines user to one side of boundary • Use predefined memory addresses • Can protect OS, but not one user from another • Relocation – changes all addresses of program using offset • Base/Bounds Registers • Uses variable fence register (base register) to provide lower bound • Uses bounds register for upper address

  6. Memory & Address Protection • Tagged Architecture • Every word of machine memory has extra bits to indicate access rights (expensive) • Segmentation (program divided into pieces) • Each segment has name & offset • Each address reference is checked for protection • Different classes of data can be assigned different levels of protection • Users can share access to segments • User cannot access an unpermitted segment • Paging (program uses equal sized “pages”; memory divided into equal sized page frames)

  7. Control of Access to General Objects • Memory • File/data set • Program in memory • Directory of files • Hardware device • Data structure (stack) • Operating system table • Instructions (privileged) • Passwords / user authentication mechanism • Protection mechanism

  8. Goals in protecting objects • Check every access • Enforce least privilege • Verify acceptable usage

  9. Directory mechanism • Each user (subject) has a file directory, which lists all files accessible by user • List can become too large if many shared objects • Cannot revoke rights of everyone to an object • File names for different owners may be different

  10. Access Control List • One list for each object with list showing all subjects & their access rights • Can use wildcards to limit size of ACL • Access Control Matrix • Rows for subjects • Columns for objects • Sparse matrix of triples <subjects, objects, rights>

  11. Capability • Unforgeable token that gives possessor rights to an object • Predecessor of Kerberos • Can propagate capabilities to other subjects • Capabilities must be stored in inaccessible memory

  12. Procedure-Oriented Access Control • Procedure that controls access to objects including what subjects can do to objects

  13. File Protection Mechanisms • All-None Protection • Lack of trust • All or nothing • Timesharing issues • Complexity • File listings

  14. File Protection Mechanisms • Group Protection • User cannot belong to two groups • Forces one person to be multiple users • Forces user to be put into all groups • Files can only be shared within groups

  15. File Protection Mechanisms • Single Permissions • Password/Token for each file • Can be lost • Inconvenient • Must be protected (if changed, must notify all users) • Temporary Acquired Permission • UNIX’s set userid (suid)

  16. User Authentication • Something the user knows(password, PIN, passphrase, mother’s maiden name) • Something the user has(ID, key, driver’s license, uniform) • Something the user is(biometrics)

  17. Use of Passwords • Mutually agreed-upon code words, assumed known only to user and system • First line of defense • Loose-Lipped Systems • WELCOME TO XYZ COMPUTING • ENTER USER ID: summers • INVALID USER NAME • ENTER USER ID:

  18. Attack on Passwords • Ask the user • Search for the system list of passwords • Find a valid user ID • Create a list of possible passwords (encrypt if needed) • Rank the passwords from high to low probability • Try each password • If attempt fails, try again (don't exceed password lockout)

  19. Attack on Passwords • Exhaustive Attack (brute-force) • 18,278 passwords of 3 letters or less • 1 password / millisecond would take 18 seconds (8 minutes for 4 letters, 3.5 hours for 5 letters) • Probable passwords (dictionary attack) • 80,000 word dictionary would take 80 seconds • Expanded “dictionary”

  20. Attack on Passwords • UK Study (http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/?related) • 50% passwords were family names • Celebrities/soccer stars – 9% each • Pets – 8% • 10% reflect a fantasy • Only 10% use cryptic combinations

  21. Attack on Passwords • Look on desk… • Try no password • Try user ID • Try user’s name • Common words (password, private, secret) • Short dictionary • Complete English word list • Common non-English dictionaries • Dictionary with capitalization and substitutions (0 for o and 1 for i) • Brute force (lowercase alphabet) • Brute force (full character set)

  22. Attack on Passwords • Plaintext System Password List (MS Windows) • Encrypted Password List – 1-way (/etc/passwd) • Shadow Password List (/etc/shadow) • Salt – 12-bit number formed from system time and process id; concatenated to password

  23. Password Selection Criteria • Use characters other than A-Z • Choose long passwords • Avoid names and words • Choose unlikely password • Change password regularly (don’t reuse) • Don’t write it down • Don’t tell anyone • http://www.mit.edu/afs/sipb/project/doc/passwords/passwords.html • One-time passwords

  24. Authentication • Should be slow (5-10 seconds) • Should only allow a limited # of failures (e.g. 3) • Challenge-Response Systems • Impersonation of Login • Authentication Other than Passwords

More Related