security in computing protection in general-purpose operating systems
TRANSCRIPT
Security in ComputingSecurity in Computing
Protection in General-Purpose Operating Systems
I.I. Object protectionObject protection
A. Memory protection1. Methods:
a) Fence – in single-user OS prevent faulty user program destroying resident OS; confine user program to one side of the boundary;
Fence implementation (1) – Fixed fence; OS resides in predefined memory space and user on another
Fence implementation (2) – Variable fence register (base register); contains address of the end of OS; cannot protect one user against another
Figure 4-1 Fixed Fence.
Figure 4-2 Variable Fence Register.
I.I. Object protectionObject protectionb) Relocation – OS size change overtime;
programs relocated to starting address by relocation factor
Fence register used as a hardware device; fence register contents added to program address
c) Base/Bounds Registers – needed for multiuser environment
Base register provides only lower bound (starting address)
Bound register provide upper address limit; each user program reside within base and bound addresses; OS employs context switching
Figure 4-3 Pair of Base/Bounds Registers.
I.I. Object protectionObject protectiond) Tags – needed because base/bounds
registers create an all or nothing for sharing data
A tagged architecture provides for one or more extra bits in each word of memory to identify access rights – R-W-RW-X
e) Segmentation – simply dividing a program into separate pieces with logical memory addressing
f) Paging – alternative to segmentation – program divided into equal pieces called pages and memory into equal sized units called page frames
Figure 4-5 Example of Tagged Architecture.
I.I. Object protectionObject protection
A. General control of access to objects1. Methods:
a) File Directory – mechanism for protecting objects (files) from users (subjects);
Every file has a unique owner who possesses controls access and revocation rights, including who else has what access
Each user has a file directory, which lists all the files which that user has access
Implemented by using one list per user, naming all the objects the user is allowed to access
Figure 4-10 Directory Access.
I.I. Object protectionObject protectionb) Alternative is Access Control List (ACL) –
differs from directory list – one access control list per object i.e. no need for an entry for the object in the individual directory of each user
c) Capability – OS hands some protection burden to user; ticketing system; lead to Kerberos system
Figure 4-12 Access Control List.
I.I. Object protectionObject protection2. Kerberos: – implements authentication
and access authorisation by means of ticketing capabilities; MS OS NT+
Secure with symmetric cryptography Uses authentication server (AS) and ticket-
granting server (TGS), both part of KDC User presents authentication credentials (e.g.
password) to AS and receives authentication ticket showing that he/she has passed
To access a resource (e.g. Printer) user sends ticket to TGS; TGS returns authorised ticket and another ticket to present to Printer for access
II.II. AuthenticationAuthenticationA. Based on
1. something you know Passwords, PIN numbers, mother’s
name etc.
2. something you have Identify badges, physical keys,
driver’s licence etc
3. something you are Biometrics – physical characteristics of
users, such as fingerprint, pattern of person’s voice or face (picture
II.II. AuthenticationAuthentication
B. Attacks on Passwords1. Try all possible passwords
(exhaustive or brute force attack)2. Try frequently used passwords
(probable passwords? Think of a work!)
3. Try passwords likely for the user4. Search for the system list of
passwords (plaintext or encrypted?)5. Ask the user!
Figure 4-15 Users’ Password Choices.
II.II. AuthenticationAuthenticationC. Authentication techniques
(discussed later) 1. challenge-response (e.g. one-time
password)2. Impersonation of login – one sided
D. Biometrics (authentication without passwords)
1. Identification (“this is Captain Cook”) Vs Authentication (“ I am Captain Cook, present my hand to prove it”
2. Acceptance – people find them intrusive
II.II. AuthenticationAuthentication3. processing speed – speed at which
recognition is done impacts on accuracy
4. “false positive or “false accept” (a reading that is accepted when it should be rejected) Vs “false negatives” or “false reject” (one that rejects when it should accept)