Bài giảng Operating system Concepts - Module 19: Security

ppt 17 trang huongle 2810
Bạn đang xem tài liệu "Bài giảng Operating system Concepts - Module 19: Security", để tải tài liệu gốc về máy bạn click vào nút DOWNLOAD ở trên

Tài liệu đính kèm:

  • pptbai_giang_operating_system_concepts_module_19_security.ppt

Nội dung text: Bài giảng Operating system Concepts - Module 19: Security

  1. Module 19: Security n The Security Problem n Authentication n Program Threats n System Threats n Securing Systems n Intrusion Detection n Encryption n Windows NT Operating System Concepts 19.1 Silberschatz, Galvin and Gagne 2002
  2. The Security Problem n Security must consider external environment of the system, and protect it from: F unauthorized access. F malicious modification or destruction F accidental introduction of inconsistency. n Easier to protect against accidental than malicious misuse. Operating System Concepts 19.2 Silberschatz, Galvin and Gagne 2002
  3. Authentication n User identity most often established through passwords, can be considered a special case of either keys or capabilities. n Passwords must be kept secret. F Frequent change of passwords. F Use of “non-guessable” passwords. F Log all invalid access attempts. n Passwords may also either be encrypted or allowed to be used only once. Operating System Concepts 19.3 Silberschatz, Galvin and Gagne 2002
  4. Program Threats n Trojan Horse F Code segment that misuses its environment. F Exploits mechanisms for allowing programs written by users to be executed by other users. n Trap Door F Specific user identifier or password that circumvents normal security procedures. F Could be included in a compiler. n Stack and Buffer Overflow F Exploits a bug in a program (overflow either the stack or memory buffers.) Operating System Concepts 19.4 Silberschatz, Galvin and Gagne 2002
  5. System Threats n Worms – use spawn mechanism; standalone program n Internet worm F Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs. F Grappling hook program uploaded main worm program. n Viruses – fragment of code embedded in a legitimate program. F Mainly effect microcomputer systems. F Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection. F Safe computing. n Denial of Service F Overload the targeted computer preventing it from doing any sueful work. Operating System Concepts 19.5 Silberschatz, Galvin and Gagne 2002
  6. The Morris Internet Worm Operating System Concepts 19.6 Silberschatz, Galvin and Gagne 2002
  7. Threat Monitoring n Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing. n Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures. n Scan the system periodically for security holes; done when the computer is relatively unused. Operating System Concepts 19.7 Silberschatz, Galvin and Gagne 2002
  8. Threat Monitoring (Cont.) n Check for: F Short or easy-to-guess passwords F Unauthorized set-uid programs F Unauthorized programs in system directories F Unexpected long-running processes F Improper directory protections F Improper protections on system data files F Dangerous entries in the program search path (Trojan horse) F Changes to system programs: monitor checksum values Operating System Concepts 19.8 Silberschatz, Galvin and Gagne 2002
  9. FireWall n A firewall is placed between trusted and untrusted hosts. n The firewall limits network access between these two security domains. Operating System Concepts 19.9 Silberschatz, Galvin and Gagne 2002
  10. Network Security Through Domain Separation Via Firewall Operating System Concepts 19.10 Silberschatz, Galvin and Gagne 2002
  11. Intrusion Detection n Detect attempts to intrude into computer systems. n Detection methods: F Auditing and logging. F Tripwire (UNIX software that checks if certain files and directories have been altered – I.e. password files) n System call monitoring Operating System Concepts 19.11 Silberschatz, Galvin and Gagne 2002
  12. Data Structure Derived From System-Call Sequence Operating System Concepts 19.12 Silberschatz, Galvin and Gagne 2002
  13. Encryption n Encrypt clear text into cipher text. n Properties of good encryption technique: F Relatively simple for authorized users to incrypt and decrypt data. F Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key. F Extremely difficult for an intruder to determine the encryption key. n Data Encryption Standard substitutes characters and rearranges their order on the basis of an encryption key provided to authorized users via a secure mechanism. Scheme only as secure as the mechanism. Operating System Concepts 19.13 Silberschatz, Galvin and Gagne 2002
  14. Encryption (Cont.) n Public-key encryption based on each user having two keys: F public key – published key used to encrypt data. F private key – key known only to individual user used to decrypt data. n Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme. F Efficient algorithm for testing whether or not a number is prime. F No efficient algorithm is know for finding the prime factors of a number. Operating System Concepts 19.14 Silberschatz, Galvin and Gagne 2002
  15. Encryption Example - SSL n SSL – Secure Socket Layer n Cryptographic protocol that limits two computers to only exchange messages with each other. n Used between web servers and browsers for secure communication (credit card numbers) n The server is verified with a certificate. n Communication between each computers uses symmetric key cryptography. Operating System Concepts 19.15 Silberschatz, Galvin and Gagne 2002
  16. Computer Security Classifications n U.S. Department of Defense outlines four divisions of computer security: A, B, C, and D. n D – Minimal security. n C – Provides discretionary protection through auditing. Divided into C1 and C2. C1 identifies cooperating users with the same level of protection. C2 allows user-level access control. n B – All the properties of C, however each object may have unique sensitivity labels. Divided into B1, B2, and B3. n A – Uses formal design and verification techniques to ensure security. Operating System Concepts 19.16 Silberschatz, Galvin and Gagne 2002
  17. Windows NT Example n Configurable security allows policies ranging from D to C2. n Security is based on user accounts where each user has a security ID. n Uses a subject model to ensure access security. A subject tracks and manages permissions for each program that a user runs. n Each object in Windows NT has a security attribute defined by a security descriptor. For example, a file has a security descriptor that indicates the access permissions for all users. Operating System Concepts 19.17 Silberschatz, Galvin and Gagne 2002