CSI 400/500 Operating CSI 400/500 Operating Systems Spring 2009Systems Spring 2009

Lecture #20 – Security Lecture #20 – Security MeasuresMeasures

Wednesday, April 29Wednesday, April 29thth

Units of ProtectionUnits of Protection

MemoryMemory I/O devicesI/O devices ProgramsPrograms DataData

Levels of ProtectionLevels of Protection

NoneNone IsolationIsolation

– No sharing of processes or resourcesNo sharing of processes or resources Share all or nothingShare all or nothing

– Public or privatePublic or private Limit access : permissionsLimit access : permissions Limit usersLimit users Dynamic sharingDynamic sharing

Protection SchemesProtection Schemes

Control access to entitiesControl access to entities DecryptionDecryption

– Protects data and memoryProtects data and memory Access tokensAccess tokens

– Protects devices and network nodesProtects devices and network nodes General techniquesGeneral techniques

– AuthenticationAuthentication– AuthorizationAuthorization

AuthenticationAuthentication

Verifying that user is truly userVerifying that user is truly user Types:Types:

– Physical : Check IP address of machinePhysical : Check IP address of machine– User : User id and passwordUser : User id and password– Process : Thread is associated with Process : Thread is associated with

proper user processproper user process

Physical AuthenticationPhysical Authentication

Checks IP address of machineChecks IP address of machine How secure?How secure?

– Same technique used by web sitesSame technique used by web sites– IP addresses can be changedIP addresses can be changed

Requires knowledgeRequires knowledgeChange too much, won’t match protocol Change too much, won’t match protocol

detailsdetails

User AuthenticationUser Authentication

Key is passwordKey is password How secure?How secure?

– Password must be complex enoughPassword must be complex enoughEasy to guess if all lowercaseEasy to guess if all lowercaseMix of letters, digits, and special charactersMix of letters, digits, and special characters

– Store encryptedStore encryptedHacker could read text fileHacker could read text fileEncryption code stored separatelyEncryption code stored separately

Process AuthenticationProcess Authentication

Most secureMost secure Uses process status registerUses process status register

– Changed with each context switchChanged with each context switch– Hacker program would cause context Hacker program would cause context

switchswitch Best hacker could do would be to Best hacker could do would be to

deactivate this schemedeactivate this scheme

FirewallsFirewalls

Protects emailProtects email Allows mail only from trusted sourcesAllows mail only from trusted sources Separates attachments to isolated Separates attachments to isolated

areasareas

Web Traffic SecurityWeb Traffic Security

Secure Sockets LayerSecure Sockets Layer– Included in https secure protocolIncluded in https secure protocol

Authentication serverAuthentication server– Uses credentials of user to create Uses credentials of user to create

unique ticket and session keyunique ticket and session key– Ticket encrypted using session keyTicket encrypted using session key

Secure cookie encryptionSecure cookie encryption– Return to previous web siteReturn to previous web site– Prevents reroutesPrevents reroutes

Software AuthenticationSoftware Authentication

Verify that software is authentic and Verify that software is authentic and can be trustedcan be trusted

Trusted source for downloaded Trusted source for downloaded softwaresoftware

Digital signature to ensure unalteredDigital signature to ensure unaltered

Authorization schemes

Limit access to only approved users, processes, or procedures

Schemes:– Permissions : mostly associated with

users or groups– Memory keys : protects data areas

PermissionsPermissions

UNIX has simple file protection maskUNIX has simple file protection mask Windows uses permission groupsWindows uses permission groups

These protect files and directoriesThese protect files and directories

Permission Policy CommandsPermission Policy Commands

TransferTransfer

GrantGrant

DeleteDelete

Copy accessCopy access

Give access levelGive access level

Remove accessRemove access

Memory KeysMemory Keys

Used to protect specific data areasUsed to protect specific data areas Memory key is binary bit pattern Memory key is binary bit pattern

attached to data locationattached to data location Only process with same memory key Only process with same memory key

can accesscan access

Security Access MatrixSecurity Access Matrix

Most operating systems combine Most operating systems combine security techniquessecurity techniques

Combination is called “access Combination is called “access matrix”matrix”

Trick is finding most security with Trick is finding most security with least cost and least impact to least cost and least impact to efficiency efficiency

Ring ArchitectureRing Architecture

Concentric domains where innermost Concentric domains where innermost is most secure and outer is leastis most secure and outer is least

Files are placed in appropriate ringFiles are placed in appropriate ring Access to an inner ring is granted Access to an inner ring is granted

only through a monitored entry pointonly through a monitored entry point– Entry requires appropriate authorizationEntry requires appropriate authorization– Only one entry at a time; prevents Only one entry at a time; prevents

piggybackingpiggybacking

Collapsed Access MatrixCollapsed Access Matrix

Collection of access control dataCollection of access control data Access Control List is column-basedAccess Control List is column-based

– List of all entities’ access to particular List of all entities’ access to particular protected objectprotected object

Capacity is row-basedCapacity is row-based– List of all permissions of a particular List of all permissions of a particular

entityentity

EncryptionEncryption

Convert clear data to ciphered data Convert clear data to ciphered data and back againand back again

Encrypt() and decrypt()Encrypt() and decrypt() Types:Types:

– Private key : share encryption between Private key : share encryption between trusted sourcestrusted sources

– Public key : support multiple interaction Public key : support multiple interaction typestypes

Private Key EncryptionPrivate Key Encryption

Symmetric : same key used to Symmetric : same key used to encrypt and decryptencrypt and decrypt

Data Encryption Standard Data Encryption Standard – Complex series of substitutions and Complex series of substitutions and

permutations on smaller blockspermutations on smaller blocks– Pattern changes dailyPattern changes daily

Public Key EncryptionPublic Key Encryption

Two-part data encryptionTwo-part data encryption– Uses a public one that is available to Uses a public one that is available to

anyone wishing to interact with data anyone wishing to interact with data locationlocation

– Data encrypted with private oneData encrypted with private one– Decrypt function sent to requestor if Decrypt function sent to requestor if

passes authorizationpasses authorization