Upload
neylan
View
50
Download
3
Embed Size (px)
DESCRIPTION
Protection and Security. Daniel Fernandez Student Presentation. Outline. Protection Goals Principle of least privilege and protection mechanisms Protection domains Access Matrix and Access Control Formal methods of a Protection system Security components and threats Summary. Protection. - PowerPoint PPT Presentation
Citation preview
Protection and Security
Daniel Fernandez
Student Presentation
1CS5204 – Operating Systems
Protection and Security
Outline
Protection Goals Principle of least privilege and protection
mechanisms Protection domains Access Matrix and Access Control Formal methods of a Protection system Security components and threats Summary
CS5204 – Operating Systems 2
Protection and Security
Protection
Goals: Prevent mischievous, intentional violation of an
access restriction by a user. Ensure each active program component uses
system resources only in ways consistent with policies.
Improve reliability Provide a mechanism for enforcement of policies governing
resource use.
CS5204 – Operating Systems 3
Protection and Security
Principles of Protection Principle of least privilege
Dictates that programs, users, and even systems be given just enough privileges to perform their tasks.
Failure or compromise of a component does minimum damage and allows recovery from damage. Ex: security guard with a passkey
Separate user accounts (RBAC). Provides mechanisms to enable privileges when
needed and remove when not needed. Does not always provide a more secure environment.
Example: Windows 2000
CS5204 – Operating Systems 4
Protection and Security
Protection Mechanisms
Mechanism Description
No Protection Sensitive procedures run at separate times.
Isolation Each process runs separately from others.
Share all or nothing Object declared public or private.
Share via access limitation
OS checks permissibility of each access by user.
Share via dynamic capabilities
Dynamic creation of sharing rights for objects.
Limit use of an object
Limits access as well as use of object.
CS5204 – Operating Systems 5
• Policies and Mechanisms – Different things!• Separation of policies and mechanism
Protection and Security
Protection Domain Structure
The set of access rights is the domain. Access right = <object-name, rights-set>
Rights-set is a set of all valid operations that can be performed on an object.
Need-to-know principle Static and dynamic associations.
CS5204 – Operating Systems 6
Protection and Security
Domain Example: Unix
Domain is associated with the user. Domain switching requires changing user ID
temporarily: An owner identification and a domain bit (setuid bit) are associated
with each file. When setupid is on, and a user executes that file, the user ID is set to
that of the owner of the file; when setupid is off, user ID does not change.
Example: User A executes file owned by user B, whose setuid is off, the userID of the process is set to A. If setuid is on, the userID is set to B.
Userful when an otherwise priveleged facility needs to be made available to general users.
CS5204 – Operating Systems 7
Protection and Security
Access Matrix
Consists of sets of objects (O) and subjects (S).
r(s, o) belongs to set of rights (R).
CS5204 – Operating Systems 8
From: “Protection in Operating Systems”, Harrison and Ruzzo, 1976.
Protection and Security
Implementation of Access Matrix
Two most used approaches: Access Control Lists
Capability Lists
CS5204 – Operating Systems 9
Objects (Files)
Users File1 File2 File3
user1 RWX RX RW
user2 --- RWX R
R (Read)W (Write)X (Execute)
Users
user1 File1:RWX File2:RX File3:RW
user2 File1:--- File2:RWX File3:R
Protection and Security
Access Control
Role-Based Access Control (RBAC). Revolves around privileges, where a privilege is the right
to execute a system call or use a system option.
CS5204 – Operating Systems 10
Protection and Security
Formal Protection System Model
Configuration of protection system: (S, O, P) P = access matrix
P[s,o] = subset of generic rights, R Consists of 1)R and 2)commands
CS5204 – Operating Systems 11
command a(X1, X2,…,Xk) if r1 in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ….. rm in (Xsm, Xom) then op1
op2
…. opn
end
or if m is zero,
command a(X1, X2,…,Xk) op1
op2
…. opn
end
Protection and Security
Formal Protection System Model(cont.)
(S, O, P) op(S’, O’, P’) Examples:
1) Process creates new file:
Rule:
op = create object o’
o’ not in O, S’ = S, O’ = O U{o’}
command CREATE(process, file)
create object file
enter own into (process, file)
end
2) Owner revokes another subject’s access rights to file:
Rule:
op = delete r from (s,o)
S = S’, O = O’, and P’[s, o] = P[s, o] – {r}
command REMOVEr(owner, exfriend, file)
if own in (owner, file) and
r in (exfriend, file)
then delete r from (exfriend, file)
end
CS5204 – Operating Systems 12
Protection and Security
Language-Based Protection
Protection systems focused also on functional nature of an access to an object.
Polices vary depending on the application. Applications designers user protection as a tool,
as well. Protection in Java
Java virtual machine (JVM) has many built-in protection mechanisms. JVM may be from different sources and not be equally trusted. As a
result, protection in all areas of the JVM is necessary. JVM assigns a loaded class to a protection domain.
CS5204 – Operating Systems 13
Protection and Security
What is Security in an Operating System
Security in an operating system resolves around 4 elements: Confidentiality Integrity Availability Authenticity
Security Threats Interception Interruption Modification Fabrication
Protection is internal problem. Security is external.
CS5204 – Operating Systems 14
Protection and Security
Implementing Security Defenses
Security Policy Vulnerability Assessment Intrusion Detection Virus Protection Auditing, Accounting, and Logging
CS5204 – Operating Systems 15
Protection and Security
Spyware
Description: Malware that is loaded onto a PC without owner’s knowledge. Runs in background doing things behind owner’s back. Gathers info from owner and communicates it back to its distant
master.
Actions against Spyware Anti-spyware programs (Spybot, Ad-aware, Spyware Doctor). Security practices to prevent infection.
Avoid using Internet Explorer. Use firewalls to block certain websites. Surf and download more safely
May require reinstallation of operating system.
CS5204 – Operating Systems 16
Protection and Security
Summary
Protection Internal problem Role of protection is to provide a mechanism for enforcement of
policies. Protection domain specifies the resources that a process may access. Access matrix is representation of protection domains model.
Security External problem Systems have to protect against threats in the form of interception,
interruption, modification, and fabrication. Security defenses to fight off threats.
CS5204 – Operating Systems 17