Scribd
Upload
132 views54 pages

Security in Modern Operating Systems

Uploaded by

Ali Çakıcı
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
132 views54 pages

Security in Modern Operating Systems

Uploaded by

Ali Çakıcı
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 54

Security

Chapter 9

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
The Security Environment
Threats

Figure 9-1. Security goals and threats.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Can We Build Secure Systems?

Two questions concerning security:


1.Is it possible to build a secure computer
system?
2.If so, why is it not done?

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Trusted Computing Base

Figure 9-2. A reference monitor.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Protection Domains (1)

Figure 9-3. Three protection domains.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Protection Domains (2)

Figure 9-4. A protection matrix.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Protection Domains (3)

Figure 9-5. A protection matrix with domains as objects.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Access Control Lists (1)

Figure 9-6. Use of access control lists to manage file access.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Access Control Lists (2)

Figure 9-7. Two access control lists.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Capabilities (1)

Figure 9-8. When capabilities are used, each


process has a capability list.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Capabilities (2)

Figure 9-9. A cryptographically protected capability.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Capabilities (3)
Examples of generic rights:
1.Copy capability: create new capability for same
object.
2.Copy object: create duplicate object with new
capability.
3.Remove capability: delete entry from C-list; object
unaffected.
4.Destroy object: permanently remove object and
capability.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Formal Models of Secure Systems

Figure 9-10. (a) An authorized state.


(b) An unauthorized state.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Multilevel Security
Bell-LaPadula Model
Bell-LaPadula Model rules for information flow:
1.The simple security property
– Process running at security level k can read only
objects at its level or lower
2.The * property
– Process running at security level k can write only
objects at its level or higher

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Bell-LaPadula Model

Figure 9-11. The Bell-LaPadula multilevel security model.


Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
The Biba Model
To guarantee the integrity of the data:
1.The simple integrity principle
– process running at security level k can write only
objects at its level or lower (no write up).
2.The integrity * property
– process running at security level k can read only
objects at its level or higher (no read down).

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Covert Channels (1)

Figure 9-12. (a) The client, server, and collaborator processes.


(b) The encapsulated server can still leak to the collaborator
via covert channels.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Covert Channels (2)

Figure 9-13. A covert channel using file locking.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Steganography

Figure 9-14. (a) Three zebras and a tree. (b) Three zebras, a tree,
and the complete text of five plays by William Shakespeare.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Basics of Cryptography

Figure 9-15. Relationship between the


plaintext and the ciphertext.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Secret-Key Cryptography

An encryption algorithm in which each letter is


replaced by a different letter.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Digital Signatures

Figure 9-16. (a) Computing a signature block.


(b) What the receiver gets.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication (1)
Methods of authenticating users when they
attempt to log in based on one of three
general principles:
1.Something the user knows.
2.Something the user has.
3.Something the user is.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication (2)

Figure 9-17. (a) A successful login. (b) Login rejected after name is
entered. (c) Login rejected after name and password are typed.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
UNIX Password Security

Figure 9-18. The use of salt to defeat


precomputation of encrypted passwords.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Challenge-Response Authentication
Questions should be chosen so that the user
does not need to write them down.
Examples:
1.Who is Marjolein’s sister?
2.On what street was your elementary school?
3.What did Mrs. Ellis teach?

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication Using a
Physical Object

Figure 9-19. Use of a smart card for authentication.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication Using Biometrics

Figure 9-20. A device for measuring finger length.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Buffer Overflow Attacks

Figure 9-21. (a) Situation when the main program is running. (b) After
the procedure A has been called.
(c) Buffer overflow shown in gray.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Avoiding Stack Canaries

Figure 9-22. Skipping the stack canary: by modifying len first, the attack is
able to bypass the canary and modify the return address directly.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Code Reuse Attacks

Figure 9-23. Return-


oriented programming:
linking gadgets
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Format String
Attacks

Figure 9-24. A format string attack.


By using exactly the right number
of %08x, the attacker can use the
first four characters of the format
string as an address.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Command Injection Attacks

Figure 9-25. Code that might lead to


a command injection attack.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Back Doors

Figure 9-26. (a) Normal code.


(b) Code with a back door inserted.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Login Spoofing

Figure 9-27. (a) Correct login screen. (b) Phony login screen.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Executable Program Viruses (1)

Figure 9-28. A recursive procedure that finds


executable files on a UNIX system.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Executable Program Viruses (2)

Figure 9-28. A recursive procedure that finds


executable files on a UNIX system.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Executable Program Viruses (3)

Figure 9-29. (a) An executable program. (b) With a virus at the front. (c)
With a virus at the end. (d) With a virus spread over free space within
the program.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Boot Sector Viruses

Figure 9-30. (a) After the virus has captured all the interrupt
and trap vectors. (b) After the operating system has retaken
the printer interrupt vector. (c) After the virus has noticed the
loss of the printer interrupt vector and recaptured it.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Actions Taken by Spyware (1)
1. Change the browser’s home page.
2. Modify the browser’s list of favorite
(bookmarked) pages.
3. Add new toolbars to the browser.
4. Change the user’s default media player.
5. Change the user’s default search engine.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Actions Taken by Spyware (2)
6. Add new icons to the Windows desktop.
7. Replace banner ads on Web pages with those
the spyware picks.
8. Put ads in the standard Windows dialog
boxes
9. Generate a continuous and unstoppable
stream of pop-up ads.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Types of Rootkits (1)
Five kinds of rootkits – issue is where
do they hide?
1.Firmware rootkit
2.Hypervisor rootkit
3.Kernel rootkit
4.Library rootkit
5.Application rootkit

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Types of Rootkits (2)

Figure 9-31. Five places a rootkit can hide.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Firewalls

Figure 9-32. A simplified view of a hardware firewall


protecting a LAN with three computers
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Virus Scanners (1)

Figure 9-33. (a) A program. (b) An infected program. (c) A compressed


infected program. (d) An encrypted virus.
(e) A compressed virus with encrypted compression code.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Virus Scanners (2)

Figure 9-34. Examples of a polymorphic virus.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Code Signing

Figure 9-35. How code signing works.


Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Jailing

Figure 9-36. The operation of a jail.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Model-Based Intrusion Detection

Figure 9-37. (a) A program. (b) System call graph for (a).
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Sandboxing

Figure 9-38. (a) Memory divided into 16-MB sandboxes.


(b) One way of checking an instruction for validity.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Interpretation

Figure 9-39. Applets can be interpreted by a Web browser.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Java Security (1)
Checks on applets include:
1.Does applet attempt to forge pointers?
2.Does it violate access restrictions on private-class
members?
3.Does it try to use variable of one type as another?
4.Does it generate stack overflows or underflows?
5.Does it illegally convert variables of one type to
another?

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Java Security (2)

Figure 9-40. Some examples of protection


that can be specified with JDK 1.2.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
End

Chapter 9

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

You might also like