operating system security cs 111 operating systems peter
play

Operating System Security CS 111 Operating Systems Peter Reiher - PowerPoint PPT Presentation

Jan 01, 2023 •279 likes •844 views

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

  1. Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015

  2. Outline • Basic concepts in computer security • Design principles for security • Important security tools for operating systems • Access control • Cryptography and operating systems • Authentication and operating systems • Protecting operating system resources Lecture 17 CS 111 Page 2 Spring 2015

  3. Security: Basic Concepts • What do we mean by security? • What is trust? • Why is security a problem? – In particular, a problem with a different nature than, say, performance – Or even reliability Lecture 17 CS 111 Page 3 Spring 2015

  4. What Is Security? • Security is a policy – E.g., “no unauthorized user may access this file” • Protection is a mechanism – E.g., “the system checks user identity against access permissions” • Protection mechanisms implement security policies • We need to understand our goals to properly set our policies – And threats to achieving our goals – These factors drive which mechanisms we must use Lecture 17 CS 111 Page 4 Spring 2015

  5. Security Goals • C onfidentiality – If it’s supposed to be secret, be careful who hears it • I ntegrity – Don’t let someone change something they shouldn’t • A vailability – Don’t let someone stop others from using services • Note that we didn’t mention “computers” here – This classification of security goals is very general Lecture 17 CS 111 Page 5 Spring 2015

  6. Trust • An extremely important security concept • You do certain things for those you trust • You don’t do them for those you don’t • Seems simple, but . . . Lecture 17 CS 111 Page 6 Spring 2015

  7. What Do We Trust? • Other users? • Other computers? • Our own computer? • Programs? • Pieces of data? • Network messages? • In each case, how can we determine trust? Lecture 17 CS 111 Page 7 Spring 2015

  8. Problems With Trust • How do you express trust? • Why do you trust something? • How can you be sure who you’re dealing with? – Since identity and trust usually linked • What if trust is situational? • What if trust changes? Lecture 17 CS 111 Page 8 Spring 2015

  9. Why Is Security Different? • OK, so we care about security • Isn’t this just another design dimension – Like performance, usability, reliability, cost, etc. • Yes and no • Yes, it’s a separable dimension of design • No, it’s not just like the others Lecture 17 CS 111 Page 9 Spring 2015

  10. What Makes Security Unique? • Security is different than most other problems in CS • The “universe” we’re working in is much more hostile • Human opponents seek to outwit us • Fundamentally, we want to share secrets in a controlled way – A classically hard problem in human relations Lecture 17 CS 111 Page 10 Spring 2015

  11. What Makes Security Hard? • You have to get everything right – Any mistake is an opportunity for your opponent • When was the last time you saw a computer system that did everything right? • Since the OS underlies everything, security errors there compromise everything Lecture 17 CS 111 Page 11 Spring 2015

  12. Security Is Actually Even Harder • The computer itself isn’t the only point of vulnerability • If the computer security is good enough, the foe will attack: – The users – The programmers – The system administrators – Or something you never thought of Lecture 17 CS 111 Page 12 Spring 2015

  13. A Further Problem With Security • Security costs – Computing resources – People’s time and attention • Security must work 100% effectively • With 0% overhead • Critically important that fundamental, common OS operations aren’t slowed by security Lecture 17 CS 111 Page 13 Spring 2015

  14. Design Principles for Secure Systems • Economy • Complete mediation • Open design • Separation of privileges • Least privilege • Least common mechanism • Acceptability • Fail-safe defaults Lecture 17 CS 111 Page 14 Spring 2015

  15. Economy in Security Design • Economical to develop – And to use – And to verify • Should add little or no overhead • Should do only what needs to be done • Generally, try to keep it simple and small • As OS grows, this gets harder Lecture 17 CS 111 Page 15 Spring 2015

  16. Complete Mediation • Apply security on every access to a protected object – E.g., each read of a file, not just the open • Also involves checking access on everything that could be attacked • Hardware can help here – E.g., memory accesses have complete mediation via paging hardware Lecture 17 CS 111 Page 16 Spring 2015

  17. Open Design • Don’t rely on “security through obscurity” • Assume all potential attackers know everything about the design – And completely understand it • This doesn’t mean publish everything important about your security system – Though sometimes that’s a good idea • Obscurity can provide some security, but it’s brittle – When the fog is cleared, the security disappears • Windows (closed design) is not more secure than Linux (open design) Lecture 17 CS 111 Page 17 Spring 2015

  18. Separation of Privilege • Provide mechanisms that separate the privileges used for one purpose from those used for another • To allow flexibility in security systems • E.g., separate access control on each file Lecture 17 CS 111 Page 18 Spring 2015

  19. Least Privilege • Give bare minimum access rights required to complete a task • Require another request to perform another type of access • E.g., don’t give write permission to a file if the program only asked for read Lecture 17 CS 111 Page 19 Spring 2015

  20. Least Common Mechanism • Avoid sharing parts of the security mechanism – Among different users – Among different parts of the system • Coupling leads to possible security breaches • E.g., in memory management, having separate page tables for different processes – Makes it hard for one process to touch memory of another Lecture 17 CS 111 Page 20 Spring 2015

  21. Acceptability • Mechanism must be simple to use • Simple enough that people will use it without thinking about it • Must rarely or never prevent permissible accesses • Windows 7 mechanisms to prevent attacks from downloaded code worked – But users hated them – So now Windows doesn’t use them Lecture 17 CS 111 Page 21 Spring 2015

  22. Fail-Safe Design • Default to lack of access • So if something goes wrong or is forgotten or isn’t done, no security lost • If important mistakes are made, you’ll find out about them – Without loss of security – But if it happens too often . . . • In OS context, important to think about what happens with traps, interrupts, etc. Lecture 17 CS 111 Page 22 Spring 2015

  23. Tools For Securing Systems • Physical security • Access control • Encryption • Authentication • Encapsulation • Intrusion detection • Filtering technologies Lecture 17 CS 111 Page 23 Spring 2015

  24. Physical Security • Lock up your computer – Usually not sufficient, but . . . – Necessary (when possible) • Networking means that attackers can get to it, anyway • But lack of physical security often makes other measures pointless – A challenging issue for mobile computing Lecture 17 CS 111 Page 24 Spring 2015

  25. Access Control • Only let authorized parties access the system • A lot trickier than it sounds • Particularly in a network environment • Once data is outside your system, how can you continue to control it? – Again, of concern in network environments Lecture 17 CS 111 Page 25 Spring 2015

  26. Encryption • Algorithms to hide the content of data or communications • Only those knowing a secret can decrypt the protection • Obvious value in maintaining secrecy • But clever use can provide other important security properties • One of the most important tools in computer security – But not a panacea Lecture 17 CS 111 Page 26 Spring 2015

  27. Authentication • Methods of ensuring that someone is who they say they are • Vital for access control • But also vital for many other purposes • Often (but not always) based on encryption • Especially difficult in distributed environments Lecture 17 CS 111 Page 27 Spring 2015

  28. Encapsulation • Methods of allowing outsiders limited access to your resources • Let them use or access some things – But not everything • Simple, in concept • Extremely challenging, in practice • Operating system often plays a large role, here Lecture 17 CS 111 Page 28 Spring 2015

  29. Intrusion Detection • All security methods sometimes fail • When they do, notice that something is wrong • And take steps to correct the problem • Reactive, not preventative – But unrealistic to believe any prevention is certain • Must be automatic to be really useful Lecture 17 CS 111 Page 29 Spring 2015

  30. Filtering Technologies • Detect that there’s something bad: – In a data stream – In a file – Wherever • Filter it out and only deliver “safe” stuff • The basic idea behind firewalls – And many other approaches • Serious issues with detecting the bad stuff and not dropping the good stuff Lecture 17 CS 111 Page 30 Spring 2015

Recommend

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall 2015 Outline Important properties for an operating system Critical abstractions for operating systems System services Lecture 2 CS 111

656 views • 64 slides
Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring 2015 Outline Important properties for an operating system Critical abstractions for operating systems System services Lecture 2 CS 111

1.13k views • 73 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Operating System Principles: Processes, Execution, and State CS 111 Operating Systems Peter

Operating System Principles: Processes, Execution, and State CS 111 Operating Systems Peter

Operating System Principles: Processes, Execution, and State CS 111 Operating Systems Peter Reiher Lecture 3 CS 111 Page 1 Fall 2016 Outline What are processes? How does an operating system handle processes? How do we manage

728 views • 58 slides
Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111

Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111

Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111 Page 1 Fall 2015 Outline Hardware and the operating system Processor issues Buses and devices Disk drives Well talk about

777 views • 64 slides
Operating System Principles: File Systems CS 111 Operating Systems Peter Reiher Lecture 13 CS

Operating System Principles: File Systems CS 111 Operating Systems Peter Reiher Lecture 13 CS

Operating System Principles: File Systems CS 111 Operating Systems Peter Reiher Lecture 13 CS 111 Page 1 Summer 2017 Outline File systems: Why do we need them? Why are they challenging? Basic elements of file system design

762 views • 58 slides
Operating System Principles: Threads, IPC, and Synchronization CS 111 Operating Systems Peter

Operating System Principles: Threads, IPC, and Synchronization CS 111 Operating Systems Peter

Operating System Principles: Threads, IPC, and Synchronization CS 111 Operating Systems Peter Reiher Lecture 7 CS 111 Page 1 Fall 2016 Outline Threads Interprocess communications Synchronization Critical sections

683 views • 52 slides
CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time, this patch was made to Linuxs wait4() system call: + if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) +

550 views • 33 slides
Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111

Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111

Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 Operating Systems Peter Reiher Lecture 18 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for

1.06k views • 62 slides
Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real

Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real

Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real world Studied mechanisms used by operating systems Processes & scheduling Memory management File systems Security How are

408 views • 22 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Operating System Principles: Services, Resources, and Interfaces CS 111 Operating Systems

Operating System Principles: Services, Resources, and Interfaces CS 111 Operating Systems

Operating System Principles: Services, Resources, and Interfaces CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall 2016 Outline Operating systems services System service layers and mechanisms Service interfaces

830 views • 69 slides
Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Unit OS1: Overview of Operating Systems 1.2. The Evolution of Operating Systems Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 1.2. History of Operating Systems Tasks of

556 views • 12 slides
Operating System Principles: Devices, Device Drivers, and I/O CS 111 Operating Systems Peter

Operating System Principles: Devices, Device Drivers, and I/O CS 111 Operating Systems Peter

Operating System Principles: Devices, Device Drivers, and I/O CS 111 Operating Systems Peter Reiher Lecture 12 CS 111 Page 1 Summer 2017 Outline Devices and device drivers I/O performance issues Device driver abstractions

1.92k views • 58 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Operating System Principles: Scheduling CS 111 Operating Systems Peter Reiher Lecture 4 CS

Operating System Principles: Scheduling CS 111 Operating Systems Peter Reiher Lecture 4 CS

Operating System Principles: Scheduling CS 111 Operating Systems Peter Reiher Lecture 4 CS 111 Page 1 Fall 2016 Outline What is scheduling? What are our scheduling goals? What resources should we schedule? Example scheduling

977 views • 59 slides
Operating System Principles: Semaphores and Locks for Synchronization CS 111 Operating Systems

Operating System Principles: Semaphores and Locks for Synchronization CS 111 Operating Systems

Operating System Principles: Semaphores and Locks for Synchronization CS 111 Operating Systems Peter Reiher Lecture 9 CS 111 Page 1 Fall 2016 Outline Locks Semaphores Mutexes and object locking Getting good performance with

583 views • 54 slides
OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC

704 views • 27 slides
Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is an Operating System? try to come up with a defjnition of what the term operating system means. Discuss your fjndings amongst yourselves. Operating

607 views • 26 slides
A better picture Many applications Application One Operating System System calls Operating

A better picture Many applications Application One Operating System System calls Operating

Introduction Operating Systems Spring 2003 OS Spring03 What is Operating System? It is a program! It is the first piece of software to run after boot It coordinates the execution of all other software User programs It

306 views • 12 slides
Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher

Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher

Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher Lecture 16 CS 111 Page 1 Fall 2017 Outline Data on other machines Remote file access architectures Challenges in remote data access

925 views • 56 slides
Operating System Principles: Deadlocks Problems and Solutions CS 111 Operating Systems

Operating System Principles: Deadlocks Problems and Solutions CS 111 Operating Systems

Operating System Principles: Deadlocks Problems and Solutions CS 111 Operating Systems Peter Reiher Lecture 10 CS 111 Page 1 Fall 2016 Outline The deadlock problem Approaches to handling the problem Handling general

804 views • 54 slides
Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron Brightwell Scalable System Software Sandia National Laboratories Albuquerque, NM, USA International Workshop on Runtime and Operating Systems for

575 views • 32 slides

More recommend