1 / 21

Operating System Security & Smartphones

Operating System Security & Smartphones. Md Shahrear Iqbal PhD student QRST Lab , School of computing queen’s university, Kingston, Ontario, Canada. CISC 324: Security & Protection. Concepts. Protection:

theresagreen
Télécharger la présentation

Operating System Security & Smartphones

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operating System Security&Smartphones Md Shahrear Iqbal PhD student QRST Lab, School of computing queen’s university, Kingston, Ontario, Canada.

  2. CISC 324: Security & Protection

  3. Concepts • Protection: • Mechanisms and policy to keep programs and users from accessing or changing stuff they should not do • Internal to OS • Chapter 14 in Silbershatz • Security: • Issues external to OS • Authentication of user, validation of messages, malicious or accidental introduction of flaws, etc. • Chapter 15 of Silbershatz

  4. Goals of Protection • In one protection model, computer consists of a collection of objects, hardware or software • Each object has a unique name and can be accessed through a well-defined set of operations • Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  5. Principles of Protection • Guiding principle – principle of least privilege • Programs, users and systems should be given just enough privilegesto perform their tasks • Limits damage if entity has a bug, gets abused • Can be static (during life of system, during life of process) • Or dynamic (changed by process as needed) – domain switching, privilege escalation • “Need to know” a similar concept regarding access to data Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  6. Principles of Protection (Cont.) • Must consider “grain” aspect • Rough-grained privilege management easier, simpler, but least privilege now done in large chunks • For example, traditional Unix processes either have abilities of the associated user, or of root • Fine-grained management more complex, more overhead, but more protective • File ACL lists, RBAC • Domain can be user, process, procedure Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  7. The Security Problem • System secureif resources used and accessed as intended under all circumstances • Unachievable • Intruders (crackers) attempt to breach security • Threatis potential security violation • Attack is attempt to breach security • Attack can be accidental or malicious • Easier to protect against accidental than malicious misuse Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  8. Security Violation Categories • Breach of confidentiality • Unauthorized reading of data • Breach of integrity • Unauthorized modification of data • Breach of availability • Unauthorized destruction of data • Theft of service • Unauthorized use of resources • Denial of service (DOS) • Prevention of legitimate use Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  9. Security Measure Levels • Impossible to have absolute security, but make cost to perpetrator sufficiently high to deter most intruders • Security must occur at four levels to be effective: • Physical • Data centers, servers, connected terminals • Human • Avoid social engineering, phishing, dumpster diving • Operating System • Protection mechanisms, debugging • Network • Intercepted communications, interruption, DOS • Security is as weak as the weakest link in the chain • But can too much security be a problem? Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  10. Program Threats • Many variations, many names • Trojan Horse • Code segment that misuses its environment • Exploits mechanisms for allowing programs written by users to be executed by other users • Spyware, pop-up browser windows, covert channels • Up to 80% of spam delivered by spyware-infected systems • Trap Door • Specific user identifier or password that circumvents normal security procedures • Could be included in a compiler • How to detect them? Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  11. Program Threats (Cont.) • Logic Bomb • Program that initiates a security incident under certain circumstances • Stack andBuffer Overflow • Exploits a bug in a program (overflow either the stack or memory buffers) • Failure to check bounds on inputs, arguments • Write past arguments on the stack into the return address on stack • When routine returns from call, returns to hacked address • Pointed to code loaded onto stack that executes malicious code • Unauthorized user or privilege escalation Slides from Operating System Concepts – 9th Edition, Silberschatz, Galvin, Gagne

  12. Smartphone Security

  13. Security Risks Asset

  14. Security Risks Threat Asset Hacker Malware

  15. Security Risks Vulnerable Operating Systems Vulnerable Apps New Technologies Threat Asset Vulnerability Risk malware

  16. Existing Security for fighting Malware

  17. Smart City 21st century education Entrepreneurship & innovation Inclusive society Productivity Local & global interconnectedness Embrace creativity Smart People Mixed-modal access Smart Econ. Green buildings Smart City Clean & non-motorized options Smart Mobility Smart Env. Green energy Green urban planning Smart Gov. Smart Living Integrated ICT Culturally vibrant & happy Enabling supply & demand side policy Transportation & open data Safe ICT & eGov Healthy

  18. Smartphone Smart communication Data safety Surveillance • Fine-grained access control Security modes Behavioral analysis and detection Service providers Controlling malware Maintain relationship between apps Prevention Monitor and Control • Execution zones Smart Phone Maintaining separate execution profiles API for apps Framework management API for anti-virus Maintain application status Reporting suspicious activity Report malware Maintain devicecontext Offload computation Provide custom monitors Maintain a list of trusted devices Smart Country Smart Security Framework

  19. Implementation View Applications New App Zone Trusted App Zone Restricted Zone High Privilege App Zone Untrusted App Zone App 2 App 1 App 5 App 3 App 8 Zone and Policy Manager App 6 App 7 App 4 App Market Application framework Context Management Application Status and Relationship Management Secure Communication Package Installer K Policy Management Permission Checker Trusted Device Management Computation Offloading Management Security Mode Management High Privilege App Service Provider Zone Management API Management Data Safety Management App Behavior Sensors Hardware OS Surveillance K Custom Telephony/SMS Communication Channels

  20. Job & Grad Life

  21. Questions

More Related