operating system security cs 111 operating systems peter
play

Operating System Security CS 111 Operating Systems Peter Reiher - PowerPoint PPT Presentation

Dec 01, 2022 •498 likes •1.15k views

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

  1. Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015

  2. Outline • Basic concepts in computer security • Design principles for security • Important security tools for operating systems • Access control • Cryptography and operating systems • Authentication and operating systems • Protecting operating system resources Lecture 17 CS 111 Page 2 Fall 2015

  3. Security: Basic Concepts • What do we mean by security? • What is trust? • Why is security a problem? – In particular, a problem with a different nature than, say, performance – Or even reliability Lecture 17 CS 111 Page 3 Fall 2015

  4. What Is Security? • Security is a policy – E.g., “no unauthorized user may access this file” • Protection is a mechanism – E.g., “the system checks user identity against access permissions” • Protection mechanisms implement security policies • We need to understand our goals to properly set our policies – And threats to achieving our goals – These factors drive which mechanisms we must use Lecture 17 CS 111 Page 4 Fall 2015

  5. Security Goals • C onfidentiality – If it’s supposed to be secret, be careful who hears it • I ntegrity – Don’t let someone change something they shouldn’t • A vailability – Don’t let someone stop others from using services • Note that we didn’t mention “computers” here – This classification of security goals is very general Lecture 17 CS 111 Page 5 Fall 2015

  6. What Makes Security Hard? • The “universe” we work in is more hostile • Human opponents seek to outwit us • Fundamentally, we want to share secrets in a controlled way • You have to get everything right – Any mistake is an opportunity for your opponent • Security costs, both performance and money Lecture 17 CS 111 Page 6 Fall 2015

  7. Tools For Securing Systems • Physical security • Access control • Encryption • Authentication • Encapsulation • Intrusion detection • Filtering technologies Lecture 17 CS 111 Page 7 Fall 2015

  8. Physical Security • Lock up your computer – Usually not sufficient, but . . . – Necessary (when possible) • Networking means that attackers can get to it, anyway • But lack of physical security often makes other measures pointless – A challenging issue for mobile computing Lecture 17 CS 111 Page 8 Fall 2015

  9. Access Control • Only let authorized parties access the system • A lot trickier than it sounds • Particularly in a network environment • Once data is outside your system, how can you continue to control it? – Again, of concern in network environments Lecture 17 CS 111 Page 9 Fall 2015

  10. Encryption • Algorithms to hide the content of data or communications • Only those knowing a secret can decrypt the protection • Obvious value in maintaining secrecy • But clever use can provide other important security properties • One of the most important tools in computer security – But not a panacea Lecture 17 CS 111 Page 10 Fall 2015

  11. Authentication • Methods of ensuring that someone is who they say they are • Vital for access control • But also vital for many other purposes • Often (but not always) based on encryption • Especially difficult in distributed environments Lecture 17 CS 111 Page 11 Fall 2015

  12. Encapsulation • Methods of allowing outsiders limited access to your resources • Let them use or access some things – But not everything • Simple, in concept • Extremely challenging, in practice • Operating system often plays a large role, here Lecture 17 CS 111 Page 12 Fall 2015

  13. Intrusion Detection • All security methods sometimes fail • When they do, notice that something is wrong • And take steps to correct the problem • Reactive, not preventative – But unrealistic to believe any prevention is certain • Must be automatic to be really useful Lecture 17 CS 111 Page 13 Fall 2015

  14. Filtering Technologies • Detect that there’s something bad: – In a data stream – In a file – Wherever • Filter it out and only deliver “safe” stuff • The basic idea behind firewalls – And many other approaches • Serious issues with detecting the bad stuff and not dropping the good stuff Lecture 17 CS 111 Page 14 Fall 2015

  15. Operating Systems and Security Tools • Physical security is usually assumed by OS • Access control is key to OS technologies • Encapsulation in various forms is widely provided by operating systems • Some form of authentication required by OS • Encryption is increasingly used by OS • Intrusion detection and filtering not common parts of the OS Lecture 17 CS 111 Page 15 Fall 2015

  16. Access Control • Security could be easy – If we didn’t want anyone to get access to anything • The trick is giving access to only the right people • How do we ensure that a given resource can only be accessed by the proper people? • The OS plays a major role in enforcing access control Lecture 17 CS 111 Page 16 Fall 2015

  17. Goals for Access Control • Complete mediation • Least privilege • Useful in a networked environment • Scalability • Cost and usability Lecture 17 CS 111 Page 17 Fall 2015

  18. Common Mechanisms for Access Control in Operating Systems • Access control lists – Like a list of who gets to do something • Capabilities – Like a ring of keys that open different doors • They have different properties • And are used by the OS in different ways Lecture 17 CS 111 Page 18 Fall 2015

  19. Access Control Lists • ACLs • For each protected object, maintain a single list • Each list entry specifies who can access the object – And the allowable modes of access • When something requests access to a object, check the access control list Lecture 17 CS 111 Page 19 Fall 2015

  20. An ACL Protecting a File Subject A File X Subject B read A write ACL for file X B read write Subject C C none denied Lecture 17 CS 111 Page 20 Fall 2015

  21. Issues For Access Control Lists • How do you know the requestor is who he says he is? • How do you protect the access control list from modification? • How do you determine what resources a user can access? • Costs associated with complete mediation Lecture 17 CS 111 Page 21 Fall 2015

  22. An Example Use of ACLs: the Unix File System • An ACL-based method for protecting files – Developed in the 1970s • Still in very wide use today – With relatively few modifications • Per-file ACLs (files are the objects) • Three subjects on list for each file • Owner, group, other • And three modes – Read, write, execute – Sometimes these have special meanings Lecture 17 CS 111 Page 22 Fall 2015

  23. Pros and Cons of ACLs + Easy to figure out who can access a resource + Easy to revoke or change access permissions – Hard to figure out what a subject can access – Changing access rights requires getting to the object Lecture 17 CS 111 Page 23 Fall 2015

  24. Capabilities • Each entity keeps a set of data items that specify his allowable accesses • Essentially, a set of tickets • To access an object, present the proper capability • Possession of the capability for an object implies that access is allowed Lecture 17 CS 111 Page 24 Fall 2015

  25. Capabilities Protecting a File Capabilities for A Subject A File X File X Read X Read, Write Read, Write OK! Capabilities File for B X Subject B File X Check Read File X Read, Write validity of Capabilities capability for C Subject C Capability Checking Lecture 17 CS 111 Page 25 Fall 2015

  26. Capabilities Denying Access Capabilities for A User A File X Read, Write No Capability Capabilities File for B X Provided! User B File X Check Read validity of Capabilities capability for C User C Capability write Checking Lecture 17 CS 111 Page 26 Fall 2015

  27. Properties of Capabilities • Capabilities are essentially a data structure – Ultimately, just a collection of bits • Merely possessing the capability grants access – So they must not be forgeable • How do we ensure unforgeability for a collection of bits? • One solution: – Don’t let the user/process have them – Store them in the operating system Lecture 17 CS 111 Page 27 Fall 2015

  28. Capabilities and Networks How can we Capabilities tell if it’s a for A good Subject A Subject A capability? File X File X Read, Write Read, Write Capabilities File for B X Subject B Subject B File X File X Read Read File X File X File X File X File X Read, Write Read, Write Read, Write Read, Write Read, Write Capabilities for C Subject C Subject C Capability Checking Lecture 17 CS 111 Page 28 Fall 2015

  29. Cryptographic Capabilities • Create unforgeable capabilities by using cryptography – We’ll discuss cryptography in detail in the next lecture • Essentially, a user CANNOT create this capability for himself • The examining entity can check the validity • Prevents creation of capabilities from nothing – But doesn’t prevent copying them Lecture 17 CS 111 Page 29 Fall 2015

Recommend

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall 2015 Outline Important properties for an operating system Critical abstractions for operating systems System services Lecture 2 CS 111

656 views • 64 slides
Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring 2015 Outline Important properties for an operating system Critical abstractions for operating systems System services Lecture 2 CS 111

1.13k views • 73 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Operating System Principles: Processes, Execution, and State CS 111 Operating Systems Peter

Operating System Principles: Processes, Execution, and State CS 111 Operating Systems Peter

Operating System Principles: Processes, Execution, and State CS 111 Operating Systems Peter Reiher Lecture 3 CS 111 Page 1 Fall 2016 Outline What are processes? How does an operating system handle processes? How do we manage

728 views • 58 slides
Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111

Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111

Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111 Page 1 Fall 2015 Outline Hardware and the operating system Processor issues Buses and devices Disk drives Well talk about

777 views • 64 slides
Operating System Principles: File Systems CS 111 Operating Systems Peter Reiher Lecture 13 CS

Operating System Principles: File Systems CS 111 Operating Systems Peter Reiher Lecture 13 CS

Operating System Principles: File Systems CS 111 Operating Systems Peter Reiher Lecture 13 CS 111 Page 1 Summer 2017 Outline File systems: Why do we need them? Why are they challenging? Basic elements of file system design

762 views • 58 slides
Operating System Principles: Threads, IPC, and Synchronization CS 111 Operating Systems Peter

Operating System Principles: Threads, IPC, and Synchronization CS 111 Operating Systems Peter

Operating System Principles: Threads, IPC, and Synchronization CS 111 Operating Systems Peter Reiher Lecture 7 CS 111 Page 1 Fall 2016 Outline Threads Interprocess communications Synchronization Critical sections

683 views • 52 slides
CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time, this patch was made to Linuxs wait4() system call: + if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) +

550 views • 33 slides
Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111

Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111

Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 Operating Systems Peter Reiher Lecture 18 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for

1.06k views • 62 slides
Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real

Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real

Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real world Studied mechanisms used by operating systems Processes & scheduling Memory management File systems Security How are

408 views • 22 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Operating System Principles: Services, Resources, and Interfaces CS 111 Operating Systems

Operating System Principles: Services, Resources, and Interfaces CS 111 Operating Systems

Operating System Principles: Services, Resources, and Interfaces CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall 2016 Outline Operating systems services System service layers and mechanisms Service interfaces

830 views • 69 slides
Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Unit OS1: Overview of Operating Systems 1.2. The Evolution of Operating Systems Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 1.2. History of Operating Systems Tasks of

556 views • 12 slides
Operating System Principles: Devices, Device Drivers, and I/O CS 111 Operating Systems Peter

Operating System Principles: Devices, Device Drivers, and I/O CS 111 Operating Systems Peter

Operating System Principles: Devices, Device Drivers, and I/O CS 111 Operating Systems Peter Reiher Lecture 12 CS 111 Page 1 Summer 2017 Outline Devices and device drivers I/O performance issues Device driver abstractions

1.92k views • 58 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Operating System Principles: Scheduling CS 111 Operating Systems Peter Reiher Lecture 4 CS

Operating System Principles: Scheduling CS 111 Operating Systems Peter Reiher Lecture 4 CS

Operating System Principles: Scheduling CS 111 Operating Systems Peter Reiher Lecture 4 CS 111 Page 1 Fall 2016 Outline What is scheduling? What are our scheduling goals? What resources should we schedule? Example scheduling

977 views • 59 slides
Operating System Principles: Semaphores and Locks for Synchronization CS 111 Operating Systems

Operating System Principles: Semaphores and Locks for Synchronization CS 111 Operating Systems

Operating System Principles: Semaphores and Locks for Synchronization CS 111 Operating Systems Peter Reiher Lecture 9 CS 111 Page 1 Fall 2016 Outline Locks Semaphores Mutexes and object locking Getting good performance with

583 views • 54 slides
OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC

704 views • 27 slides
Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is an Operating System? try to come up with a defjnition of what the term operating system means. Discuss your fjndings amongst yourselves. Operating

607 views • 26 slides
A better picture Many applications Application One Operating System System calls Operating

A better picture Many applications Application One Operating System System calls Operating

Introduction Operating Systems Spring 2003 OS Spring03 What is Operating System? It is a program! It is the first piece of software to run after boot It coordinates the execution of all other software User programs It

306 views • 12 slides
Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher

Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher

Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher Lecture 16 CS 111 Page 1 Fall 2017 Outline Data on other machines Remote file access architectures Challenges in remote data access

925 views • 56 slides
Operating System Principles: Deadlocks Problems and Solutions CS 111 Operating Systems

Operating System Principles: Deadlocks Problems and Solutions CS 111 Operating Systems

Operating System Principles: Deadlocks Problems and Solutions CS 111 Operating Systems Peter Reiher Lecture 10 CS 111 Page 1 Fall 2016 Outline The deadlock problem Approaches to handling the problem Handling general

804 views • 54 slides
Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron Brightwell Scalable System Software Sandia National Laboratories Albuquerque, NM, USA International Workshop on Runtime and Operating Systems for

575 views • 32 slides

More recommend