SISTEMAS OPERATIVOS: Lección 14: Introduction to OS...
Transcript of SISTEMAS OPERATIVOS: Lección 14: Introduction to OS...
![Page 1: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/1.jpg)
OperatingSystems
SISTEMAS OPERATIVOS:
Lección 14:Introduction to OS Security
1
• Introducción y conceptos básicos
Jesús Carretero PérezDavid Exposito SinghJosé Daniel García SánchezFrancisco Javier García BlasFlorin Isaila
![Page 2: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/2.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindowsNT.
2
![Page 3: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/3.jpg)
OperatingSystems
Securityandprotection
• The security ofasystem hasmultiple facets:– Protection from datadamage (fires,earthquakes,etc.).– Unauthorized accessto system (intruders,privacyviolations,etc.).
– ...
• Protection is topreventmisuse ofresourcesmade when it is within the scope ofthe operatingsystem.– Protection policiesandmechanisms areneed– Toensure that users have access only totheir ownresources (files,memory,etc.).
3
![Page 4: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/4.jpg)
OperatingSystems
Posiblesecurity problems
Elemento
Hardware RobadoCopiado
DestruidoSobrecargadoPinchadoFalsificado
Fallido
Robado Destruido
No disponible
Privacidad Integridad Disponibilidad
Elemento Privacidad Integridad Disponibilidad
Software RobadoCopiado
Modificado Caballo de Troya VirusFalsificado
BorradoMal instaladoExpirado
Elemento
BorradosMal instaladosDestruídos
DescubiertosInferidosInterceptados
Dañados Error HW Error SW Error usuario
Datos
Privacidad Integridad Disponibilidad
4
![Page 5: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/5.jpg)
OperatingSystems
Securityaspects inan OS
• Three aspects ofdesign:
• To avoid dataloss.– Backup,...
• Controldataprivacy.– Encryption,...
• Controlaccess todataandresources.– Passwords,e - cards,physical identification,...
5
![Page 6: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/6.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindowsNT.
6
![Page 7: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/7.jpg)
OperatingSystems
Securityproblems (I)
• Using improper or malicious programs– Troyan Horse– Backdoor– Covert Channels
• Unexperienced or neglected users– Deleting by mistake,openaccounts,easy passwords,..
• Unauthorized users– Authenticationproblems– Login andpassword discovery
• Virus
7
![Page 8: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/8.jpg)
OperatingSystems
Using acover channel
8
![Page 9: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/9.jpg)
OperatingSystems
Virusinstallation andpropagation
9
![Page 10: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/10.jpg)
OperatingSystems
Securityproblems (II)
• Worms– Self-propagating destructive Programs– Usually malitious
• Breakers protection systems breakers– Password analyzers
• Systems bombing– Service denial attacks
10
![Page 11: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/11.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindows.
11
![Page 12: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/12.jpg)
OperatingSystems
Securitypolicies
• Each organization hasdifferent securityrequirements
• The security policy dictates the rulesto be followedtoprovide protection andsecurity toprovidesystems
• Nomechanisms involved,only policies• There are laws that must bemet when confidentialinformation is used
• The security policy should give confidence
12
![Page 13: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/13.jpg)
OperatingSystems
Military policies
• It is based on the classification ofall objects with safetyrequirements inone ofthe followingfive levels:– Declassified,Restricted,Confidential,Secret,TopSecret.
• Users who have access toobjects oflevel i also have to i+ 1.
• Ruleofwhat you need to know:– Accessis allowed only tosensitive datatothosewho need todotheir
job.
• Thus,it cancompartmentalize users,by tightening the accessrule.
• Acompartment canbeextendedatvarious levels andwithinthe same generalaccess rulealso applies.
13
![Page 14: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/14.jpg)
OperatingSystems
Military policy levels
14
![Page 15: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/15.jpg)
OperatingSystems
VMSsecurity police
15
![Page 16: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/16.jpg)
OperatingSystems
Commercial policies
• They arebased on military policy,but weaken therequirements.
• Chinesse Wall:– Classifies objects andusers inthree levels ofabstraction:
• Objects,Groups andConflict Classes.– Each object belongs toone group andeach group toasingleclass of
conflict.– Aclass ofconflict,however,may include various groups.
• AccessControlPolicy:– Aperson canaccess the information provided beforewas not
connected toanother group ofclass conflict tothe information theywant to access belongs.
16
![Page 17: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/17.jpg)
OperatingSystems
ChinesseWallexample
17
![Page 18: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/18.jpg)
OperatingSystems
Securitymodels
• Amodel is amechanism that allows tomake explicit asecurity policy.• Multilevel securitymodels:
– Sensitivity ranges andstrict separation between subjects andobjects that donot haveaccess.
– They tend to beabstract andvery generalmodels,which makes them verycomplex,difficult toverify andexpensive toimplement.
• Limited security models:– Respond formally tothe properties that asafe system must meet,but introducing
restrictions on multi - level security systems.– They arebased on two principles:
• They usethe generaltheory ofcomputation todefine aformalsystem ofrulesofprotection.• They usean array ofaccess control,whose ranks arethe subjects andwhose columns arethe
subjects.
• Accessrights subject on the object i j arethe contents ofthe arrayelement (i, j).
• Examples:Graham-Denning,Harrison-Ruzzo-Hullman (HRU)andaccesspermission.
18
![Page 19: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/19.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindowsNT.
19
![Page 20: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/20.jpg)
OperatingSystems
Securityprinciples
• Opendesign.• Require permissions.• Minimum privilege.• Economic mechanisms.• Fullintermediation.• Sharing minimum.• Easy touseandadapt.• Separation ofprivileges.
20
![Page 21: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/21.jpg)
OperatingSystems
Safetytasks
• Authentication ofresources.• Resource allocation.• Controlaccess toresources.• Controlofcommunication andsharing betweenprocesses.
• DataProtection.
21
![Page 22: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/22.jpg)
OperatingSystems
Safetytasks andOScomponents
22
![Page 23: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/23.jpg)
OperatingSystems
Secure systems design techniques
• Separation ofresources– Physical– Temporary– Cryptography - Logic
• Using virtualenvironments– Multiple virtualmemory spaces– VirtualMachines
• Layered Design– Kernel assurance– Safetymonitors– Layers Coating
23
![Page 24: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/24.jpg)
OperatingSystems
Virtualmachines
24
![Page 25: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/25.jpg)
OperatingSystems
SecurityinOSlayers
HardwareFunciones de seguridadNúcleo de
Seguridad
Núcleo del SO
SistemaOperativo
Interfaz deUsuario
Identificacióndel usuario
Autenticacióndel usuario
Actualización de datos de identificacióndel usuario
E/S básica
Llamadas al sistema
ProcesosE/S de alto nivelGestión de memoria
Planificación, compartición de recursos
ManejadoresInterrupciones
25
![Page 26: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/26.jpg)
OperatingSystems
Secure Kernel OS
Núcleo del SOE/S básica
ManejadoresInterrupcionesMultitarea ...
Servicios del SO
Aplicaciones privilegiadas
Aplicaciones de usuario
Base de computación no fiable
Base de computación fiable
Hardware
26
![Page 27: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/27.jpg)
OperatingSystems
External controls for security
• Penetration equipment andaccess oflimitation– Firewallsandinternal networks
• Programming controls– Trusted design– Isolation principle– IndependentTesters– ConfigurationManagement
• Safetystandards– DoD 2167A– SEE-CMM– ISO-9000
27
![Page 28: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/28.jpg)
OperatingSystems
Firewalls
28
![Page 29: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/29.jpg)
OperatingSystems
OSsecurity controls
• Runreliable software– Donot download softwarefrom unknownnetworks
• Suspect processes– Minimumprivileges
• Runprocesses confined– Isolated machinesif necessary
• Register accesses– Enable operating system logs
• Periodically search ofsecurity holes– Loganalysis– See if there arestrange information flows ...
29
![Page 30: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/30.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindowsNT.
30
![Page 31: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/31.jpg)
OperatingSystems
Cryptography
• Cryptography is the technique toencode an objectsothat its meaning isnot obvious.
• Originalobject (O)canbeconverted into anencrypted object (C)applying an encryption function(E). It is decrypted by another function (D).
• Keyissues:– Cipher algorithms– Passwords
31
![Page 32: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/32.jpg)
OperatingSystems
Encryption anddecryption
32
![Page 33: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/33.jpg)
OperatingSystems
Encryption Algorithms
• Procedures that allow you to hide the contents ofthe objectandput it inits originalform,respectively.
• Substitution:change atext by another– Monoalphabetic– Polyalphabetic
• Transposition or permutation:reorder text– Flow Characters flow– Blocks
• Currently:Exponential algorithms with very long keys– RSA– DES– KeyScrutiny
33
![Page 34: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/34.jpg)
OperatingSystems
Passwords
• Thekeyisthepatternusedbytheencryptionanddecryptionalgorithmstomanipulatemessagesineitherdirection.
• There are systemsnotusingcryptographickey.• Cryptographysystems:
– Symmetrical orAsymmetrical• Advantagesofpasswords:
– Publicalgorithms– Youneed to knowalgorithmandpassword– Samealgorithmusedwithdifferentkeys
• Disadvantages:– Propagationkey->complexalgorithms– It mustwithstandattemptstobreakpasswords
34
![Page 35: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/35.jpg)
OperatingSystems
Public andprivate keys
• Private keys:known only encrypter anddecrypter– Example:DES.– Problem:propagationofkeys.
• Public keys:the encryption key is known,but todecipherneed one key that only hasthe receiver.– Anyone cansend encryptedmessages,but only the recipient can
decrypt them.– Noproblemofpropagationofkeys– Example:RSA
• DigitalSignatures key that identifies auser or systemunequivocally.– Accepted legallevel– There areauthorities granting signatures andvalid certificates.
35
![Page 36: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/36.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindowsNT.
36
![Page 37: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/37.jpg)
OperatingSystems
Protection
• Protect from inappropriate access• Different types ofprotection:
– Reading– Writing– Performance– Elimination
• All operating systems must have protectionmechanisms that allow implement different securitypolicies for access to the system.
• Commitment security-sharing is needed
37
![Page 38: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/38.jpg)
OperatingSystems
User authentication
• Authentication (who?)– Keys (paswords)– Physical ids
• SmartCards• Speech,iris,or fingerprint recognition
• Accessrights (what?)– Object =>which users andrights– User =>what objects andwhat rights
• SecurityDescriptorobject indicating what rightseach user hasaccess tothat object
38
![Page 39: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/39.jpg)
OperatingSystems
Windowssecurity descriptor
39
![Page 40: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/40.jpg)
OperatingSystems
Authentication process
• When auser wants to access the data,the system asks:– User ID:user name inthe system.– Keyword or password:space totype the keyword (echoshows*).– Protection domain towhich the user belongs.
• Authentication:– Check that all dataareconsistent.
• Problems:– Filesvisibledata(passwords,users,...)– Incomplete or partial process. Gives clues.– Authentication process suplantantion
• Basicprinciple:– Distrust
40
![Page 41: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/41.jpg)
OperatingSystems
Passwords
• Apassword is asetofalphanumeric andspecialcharacters known only tothe user andthe operatingsystem on which it hasreached an agreement tobeused as a key toaccess the system.
• The authentication is based on tuples <username,password>
• Decisions:– Who assigns keywords? Administrator,user,...– Length andformat keywords.
• Minimum length,special chars,...– Where are the keys stored? Shadowfiles– Duration ofthe keys.Keys with expiration
41
![Page 42: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/42.jpg)
OperatingSystems
Password distribution study
0
5
10
15
20
25
Dos le
tras
Tres le
tras
Cuatro
letra
s
Cinco l
etras
Seis le
tras
Diccion
ario
Buena
Tipo de clave
Porc
enta
je
42
![Page 43: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/43.jpg)
OperatingSystems
Protection Domains
• Domain:asetofpairs (object,rights),where eachpair specifies an object andoperations that canrunon it.
• Identify users andgroups– UID:user id– GID:group id
• Processes runwith:– RealUIDor Effective UID– RealGIDor Effective GID
43
![Page 44: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/44.jpg)
OperatingSystems
Protection in UNIX (I)
• Protection ofafile– Owner UIDandgroup GID– 9protectionbitsfor owner,group andothers (rwx).
• Infiles– r =>read– w =>write– x =>Execute permission
• InDirectories– r =>list content– w =>create or delete entries– x =>access permission
44
![Page 45: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/45.jpg)
OperatingSystems
Protection inUNIX(II)
• BitsSETUIDyGETUID– If aprocess executes afilewith the activeSETUIDUID=UIDfileowner
– If aprocess executes afilewith activegetuid GID=GIDfileowner
• Protection rules:– If effective uid =0access is granted– If effective uid =UIDowner ofthe first group ofbitsisused; if not
– If GID=GIDowner ofthe second group ofbitsis used; ifnot the last three bitsareused
45
![Page 46: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/46.jpg)
OperatingSystems
Changing the protection domain
Llamada al sistemaDominio de
protección del usuario
Dominio de protección del núcleo del SO
Aplicación
trap
46
![Page 47: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/47.jpg)
OperatingSystems
Protection matrix
• Definethe relationship between domains andsystemobjects.
• The element (i,j)indicates the operations that the domain icanperform on the object j.
• Drifting HRUmodel andis very clear,but there areproblemsofimplementation:– It canbevery large anddisperse– Astatic structure ->number ofdomains andfixed objects ->sizing?
• Solutions:– Access by rows:capabilities– Access by columns:access controllists (ACLs)
47
![Page 48: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/48.jpg)
OperatingSystems
Protection matrix example
48
![Page 49: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/49.jpg)
OperatingSystems
Access Control Lists (ACL)
• Each object is assigned alist ofpairs (domain,operation)thatdescribeswhat the domain candointhe object. Ex.:– Data->(john,teacher,RW)(elvira,pupil,R)
• Concessions anddenial ofservice– Denials first– You canspecify user andgroup.
• They areeasy tocreate andmaintain.• They arecentralized with the object,making it easy to revoke
permissions.• But they arenot good if the system is large andhighly
sought after :– the ACLbecome very large andits operations areslow
49
![Page 50: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/50.jpg)
OperatingSystems
ACLs inWindows
50
![Page 51: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/51.jpg)
OperatingSystems
Capabilities
• Linked toeach domain asetofdescriptors indicatingoperations components that domain canperform on eachobject in the system. Ex.:Cap-id Tipo Derechos Objeto------------------------------------0 archivo rw- datos
• Explicitlyrequestedandgrantedforasessionorsetofoperations.
• Theownerhas,thatcangivetoothers.• Thelistsofcapabilitiesarecapabilities.• Problem:Grantrightsiseasy,butverydifficult to revokeifthe
systemislarge.
51
![Page 52: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/52.jpg)
OperatingSystems
Structure ofacapability
• Structureofacapability
• Capabilities not directly correspond tothe needs ofusers andareless intuitive than the ACL.– Because ofthis,most operating systems provide ACLasaprotectionmechanism.
52
![Page 53: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/53.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindowsNT.
53
![Page 54: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/54.jpg)
OperatingSystems
Generic services
• Create protection descriptor• Openprotection descriptor• Close protection descriptor• Destroy descriptorprotection• Get protection information• Defineprotection information• Definedefaultprotection information
54
![Page 55: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/55.jpg)
OperatingSystems
POSIXservices
• POSIX provides services similar to the above.
• However, there are no specific services to create, destroy oropen descriptors protection.
• The descriptors are associated with objects are created and destroyed with those objects.
• Consult example of use.
55
![Page 56: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/56.jpg)
OperatingSystems
access.
• Service:#include <unistd.h>
int access(char *name, int amode);
• Arguments:– Name file name– Amode access mode to test. amode is inclusive OR of R_OK, W_OK,X_OK or F_OK.
• Returns:– 0 if the process can access the file (for read, write or exec) or -1 if not.
• Example:– access("archivo", F_OK) returns0ifthefileexistsor-1if
not.
56
![Page 57: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/57.jpg)
OperatingSystems
chmod.
• Service:#include <sys/types.h>
#include <sys/stat.h>
int chmod(char *name, mode_t mode);
• Arguments:– Name file name– Mode new protection bits for access rights
• Returns:– Zero or -1 in case of error.
• Description:– Modify permission bits and SETUID y SETGID of the file.– Only the onwer can change those bits.
57
![Page 58: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/58.jpg)
OperatingSystems
chown.
• Service:#include <sys/types.h>
#include <unistd.h>
int chown(char name, uid_t owner, gid_t group);
• Arguments:– Name file name– owner new owner of the file– group new id for the file group
• Returns:– Zero or -1 in case of error.
• Description:– Modify user ID and/orGID of a file– Bits SETUID y SETGID are reset
58
![Page 59: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/59.jpg)
OperatingSystems
Managing security ids
• Description:– Get information about the id of a process or group.uid_t getuid (void);uid_t geteuid (void);gid_t getgid (void);gid_t getegid (void);
– Allow to change the id of a process or its group.
uid_t setuid (uid_t uid);gid_t setgid (gid_t gid);
59
![Page 60: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/60.jpg)
OperatingSystems
umask.
• Service:#include <sys/types.h>#include <sys/stat.h>mode_t umask(mode_t cmask);
• Arguments:– Cmask permission bits to be removedwhen a file is created.
• Returns:– Previousmasks
• Description:– Setthe filecreation mask ofthe calling process.– Bitsinthe mask aredisabled inthe fileprotection word .
• If mask =022,and0777bitsafileis created,actualfilewillbe0755bits.
– . 60
![Page 61: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/61.jpg)
OperatingSystems
Contents
• Safetyandsecurity• Securityissues.• Securitypolitics.• Design ofsecure operating systems.• Cryptography.• Protection mechanisms inoperating systems.• Protection andsecurity services.• The security system inWindowsNT.
61
![Page 62: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/62.jpg)
OperatingSystems
Windowsservices
• Windows has a security level C2 according to DoD.
• Existence of discretionary access control:• Ability to allow or deny access rights any object
based on the user's identity.
• Windows uses a security descriptor and checklists(ACL), with access control entries (ACE) for:
• Permits and denials of access.
62
![Page 63: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/63.jpg)
OperatingSystems
Securitysubsystem
• Specific security subsystem Windows.• Logon processes,showing the dialog sothat users canaccess
the system,ask the user ID,your keyword anddomain.• LocalSecurityAuthority,which controls the user has
permission toaccess the system. It is the heart ofthe systemthat manages localpolitics,authentication services,policyauditing andlogging ofaudited events.
• User AccountManager,whichmaintains the database ofusers andgroups. It provides user validation.
• SecurityReferenceMonitor,which controls user access toobjects tosee if they have the appropriate permissions usingsecurity policy andgenerates events for audit logs.
63
![Page 64: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/64.jpg)
OperatingSystems
Structure ofthe security system
Autoridad deseguridad
local
Subsistemawin32
AplicaciónRegistro
Política deseguridad
Procesode logon Gestor de
cuentas deusuario
Nivel deusuarioNivel desistema
Manejadores de Dispositivo
Nivel de Abstracción del Hardware (HAL)
Auditoría
Validaciónde accesos
Monitor dereferencia
de seguridad
Servicios del sistema
64
![Page 65: SISTEMAS OPERATIVOS: Lección 14: Introduction to OS Securityocw.uc3m.es/ingenieria-informatica/operating-systems/lecture-notes … · SISTEMAS OPERATIVOS: Lección 14: Introduction](https://reader033.fdocuments.net/reader033/viewer/2022060508/5f237d14f95ef22bb6296de3/html5/thumbnails/65.jpg)
OperatingSystems
SISTEMAS OPERATIVOS:
Lección 14:Introduction to OS Security
65
• Introducción y conceptos básicos
Jesús Carretero PérezDavid Exposito SinghJosé Daniel García SánchezFrancisco Javier García BlasFlorin Isaila