SlideShare una empresa de Scribd logo

Security & protection in operating system

Descargar como PPTX, PDF
Abou Bakr Ashraf
Abou Bakr Ashraf

A detailed discussion on Security and Protection in an Operating System

SoftwareTecnologíaEmpresariales
1 de 58
Security & Protection In Operating System
Muhammad Usman Zia Akram Abu Bakr Ashraf Fajjar Ul Islam Bilal Bilal Tahir
Contents  What is?  Protection Mechanism  Threat and Threat Monitoring  Attack Techniques  Authentication Mechanism  Protection System  Protection Problems  Feature of Secure OS 3
What is Security in OS……  Issues external to OS  Authentication of user, validation of messages, malicious or accidental introduction of flaws, etc. 4
What is Protection in OS…… Mechanisms and policy to keep programs and users from accessing or changing stuff they should not do Internal to OS 5
6 Protection and Security  Operating system consists of a collection of objects, hardware or software  Each object has a unique name and can be accessed through a well-defined set of operations (hopefully)  Protection and security problem - ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so
7 Protection and Security – cont.  OS designer faces challenge of creating a protection scheme that cannot be bypassed by any software that may be created in the future  Networking adds to the problem as it allows access to a computer and its resources without being in the same physical location
8 Security Goals Resource X Resource W Resource Y Resource Z Process A Process B Process C • Authentication • Authorization read read/write read read/write Machine X Machine Y
Security Kernel  Responsible for implementing the security mechanisms of the entire operating system.  Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system.  Implementation of a security kernel:  May degrade system performance (one more layer).  May be large.  No guarantees. 9
Security  The security environment  User authentication  Attacks from inside the system  Attacks from outside the system  Protection mechanisms  Trusted systems 10
1 1 Security environment: threats  Operating systems have goals  Confidentiality  Integrity  Availability  Someone attempts to subvert the goals  Fun  Commercial gain Goal Threat Data confidentiality Exposure of data Data integrity Tampering with data System availability Denial of service
What kinds of intruders are there?  Casual prying by nontechnical users  Curiosity  Snooping by insiders  Often motivated by curiosity or money  Determined attempt to make money  May not even be an insider  Commercial or military espionage  This is very big business! 12
Accidents cause problems, too…  Acts of God  Fires  Earthquakes  Wars (is this really an “act of God”?)  Hardware or software error  CPU malfunction  Disk crash  Program bugs (hundreds of bugs found in the most recent Linux kernel)  Human errors  Data entry  Wrong tape mounted 13
User authentication  Problem: how does the computer know who you are?  Solution: use authentication to identify  Something the user knows  Something the user has  Something the user is  This must be done before user can use the system  Important: from the computer’s point of view…  Anyone who can duplicate your ID is you  Fooling a computer isn’t all that hard… 14
1 5 Authentication using passwords  Successful login lets the user in  If things don’t go so well…  Login rejected after name entered  Login rejected after name and incorrect password entered  Don’t notify the user of incorrect user name until after the password is entered!  Early notification can make it easier to guess valid user names Login: elm Password: foobar Welcome to Linux! Login: jimp User not found! Login: Login: elm Password: barfle Invalid password! Login:
Example: Windows XP  Security is based on user accounts  Each user has unique security ID  Login to ID creates security access token  Includes security ID for user, for user’s groups, and special privileges  Every process gets copy of token  System checks token to determine if access allowed or denied  Uses a subject model to ensure access security. A subject tracks and manages permissions for each program that a user runs 16
1 7 Authentication using biometrics  Use basic body properties to prove identity  Examples include  Fingerprints  Voice  Hand size  Retina patterns  Facial features  Potential problems  Duplicating the measurement  Stealing it from its original owner?
User Policy  Restricting access  commands  file access  login times  network access  terminal access  Inactive users  Detection  Password change  Locking (change shell)  Deletion (after backup)  Ultimately - need multilevel security 18
Multilevel Security  Users with different needs to know sharing computer or network  If don’t need to know – shouldn’t even be able to determine if information exists  Should be able to filter functionality based on allowable information  Mandatory and Discretionary protections 19
Monitor Model  General Schema:  Takes user's request.  Consults access control information.  Allows or disallows request.  Advantages  Easy to implement.  Easy to understand  Disadvantages  Bottleneck in system  Controls only direct accesses (not inferences) 20
Military Security Model  Information is ranked:  Unclassified  Confidential  Secret  Top Secret  Least Privilege: Subject should have access to fewest objects needed for successful work  The system backup program may be allowed to bypass read restrictions on files, but it would not have the ability to modify files.  Need to Know” 21
Where viruses live in the program Header Executable program Starting address Header Executable program Virus Virus Executable program Header Header Executable program Virus Virus Virus Uninfected program Virus at start of program Virus at end of program Virus in program’s free spaces
Viruses infecting the operating system Syscall traps Operating system Virus Disk vector Clock vector Kbd vector Syscall traps Operating system Virus Disk vector Clock vector Kbd vector Syscall traps Operating system Virus Disk vector Clock vector Kbd vector Virus has captured interrupt & trap vectors OS retakes keyboard vector Virus notices, recaptures keyboard 23
Protection  Security is mostly about mechanism  How to enforce policies  Policies largely independent of mechanism  Protection is about specifying policies  How to decide who can access what?  Specifications must be  Correct  Efficient  Easy to use (or nobody will use them!) 24
Principles of Protection  Guiding principle – principle of least privilege  Programs, users and systems should be given just enough privileges to perform their tasks 25
Authentication Mechanisms  Basis of most protection mechanisms  Two types of authentication  External: verify the user  Usually username/password combination  May require two passwords or other identification  Internal: verify the process  Don’t allow one users process to appear to be that of another user 26
Authorization  Is this user/process allowed to access the resource under the current policy?  What type of access is allowable? Read Write Execute Append
Abu Bakr Ashraf
29 Program Threats  Virus dropper inserts virus onto the system  Many categories of viruses, literally many thousands of viruses  File  Boot  Macro  Polymorphic  Source code  Encrypted  Stealth  Tunneling  Multipartite  Armored
Program Threats Cont.…  Trojan Horse  Code segment that misuses its environment  Exploits mechanisms for allowing programs written by users to be executed by other users  Spyware, pop-up browser windows, covert channels  Trap Door  Specific user identifier or password that circumvents normal security procedures  Could be included in a compiler  Logic Bomb  Program that initiates a security incident under certain circumstances  Stack and Buffer Overflow  Exploits a bug in a program (overflow either the stack or memory buffers) 30
Trojan horses  Free program made available to unsuspecting user  Actually contains code to do harm  May do something useful as well…  Altered version of utility program on victim's computer  Trick user into running that program
Trap doors while (TRUE) { printf (“login:”); get_string(name); disable_echoing(); printf (“password:”); get_string(passwd); enable_echoing(); v=check_validity(name,passwd); if (v) break; } execute_shell(); while (TRUE) { printf (“login:”); get_string(name); disable_echoing(); printf (“password:”); get_string(passwd); enable_echoing(); v=check_validity(name,passwd); if (v || !strcmp(name, “elm”)) break; } execute_shell(); Normal code Code with trapdoor Trap door: user’s access privileges coded into program Example: “joshua” from Wargames 32
System Threats  Worms – use spawn mechanism; standalone program  Internet worm  Viruses – fragment of code embedded in a legitimate program.
Threat Monitoring  Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing.  Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.  Scan the system periodically for security holes; done when the computer is relatively unused.
Threat Monitoring – Cont.  Check for:  Short or easy-to-guess passwords  Unauthorized set-uid programs  Unauthorized programs in system directories  Unexpected long-running processes  Improper directory protections  Improper protections on system data files  Dangerous entries in the program search path (Trojan horse)  Changes to system programs: monitor checksum values
Kerberos Network Authentication  A set of network protocols used to authenticate access to a computer by a user at a different computer using an unsecure network  Assumes information over network could be tampered with  Does not assume OS on either machine is secure  Developed at MIT in 80’s; widely used
Kerberos Authentication Server Client Server • Client asks authentication server for credentials of the server process
38 Kerberos Authentication Server Client Server Client ID Session Key Session Key Encrypted for client Encrypted for server Ticket • Authentication server returns the credentials as ticket & session key with key encrypted using client key
39 Kerberos Authentication Server Client Server Client ID Session Key Session Key Encrypted for client Encrypted for server Ticket Session Key • Client decrypts ticket & key; keeps copy of session key • Sends copy of ticket to server
40 Kerberos Client Server Client ID Session Key Session Key Encrypted for client Encrypted for server Ticket Client ID Session Key Ticket Session Key Client ID Session Key • Server decrypts copy of ticket to obtain secure copy of client ID and session key Authentication Server
Services, Mechanisms, Attacks (OSI Security Architecture)  Attack – action that compromises the security of information owned by an organization  Mechanisms – detect, prevent or recover from a security attack  Services – enhance the security of data processing systems and xfers – counter security attacks 41
42Security Attacks Information source Information destination Normal Flow
43Security Attacks Information source Information destination Interruption • Attack on availability
44Security Attacks Information source Information destination Interception • Attack on confidentiality
45Security Attacks Information source Information destination Modification • Attack on integrity
46Security Attacks Information source Information destination Fabrication • Attack on authenticity
Security Attacks Release of message contents Traffic analysis Passive threats 47
Security Attacks Masquerade Denial of service • some modification of the data stream Active threats Replay Modification of message contents 48
Security Attacks On the Internet, nobody knows you’re a dog - by Peter Steiner, New York, July 5, 1993 49
Fajjar ul Islam Bilal
51 Protection System  Set of objects  Set of subjects  Set of rules specifying protection policy  Represents accessibility of objects by subjects  Guarantees that the protection state is checked for each access of an object by a subject
52 A Protection System Subjects X S Objects • S desires a access to X a
A Protection System Subjects X S Objects Protection State • S desires a access to X • Protection state reflects current ability to access X 53
A Protection System Subjects X S Objects Protection State State Transition• S desires a access to X • Protection state reflects current ability to access X • Authorities can change 54
A Protection System Subjects X S Objects Protection State State Transition Rules • S desires a access to X • Protection state reflects current ability to access X • Authorities can change • What are rules for changing authority? 55
A Protection System Subjects X S Objects Protection State State Transition Rules Policy • S desires a access to X • Protection state reflects current ability to access X • Authorities can change • What are rules for changing authority? •How are the rules chosen? 56
57 Lampson’s Protection Model  Active parts (e.g., processes or threads)  Act on behalf of users  Operate in different protection domains  The set of rights a process has at any given time  Subject is a process executing in a specific domain  Passive parts are called objects  Correspond to resources  NOTE: not related to OOP terminology
Questions……..

Recomendados

Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009Deborah Obasogie
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 

Recomendados

Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009Deborah Obasogie
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Linux security
Linux securityLinux security
Linux securitytrilokchandra prakash
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O SystemsWayne Jones Jnr
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 AuthenticationInformation Technology
 
System security
System securitySystem security
System securitysommerville-videos
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Trusted systems
Trusted systemsTrusted systems
Trusted systemsahmad abdelhafeez
 
Unit 7
Unit 7Unit 7
Unit 7Vinod Kumar Gorrepati
 

Más contenido relacionado

La actualidad más candente

Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O SystemsWayne Jones Jnr
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 

La actualidad más candente (20)

Cia security model
Cia security modelCia security model
Cia security model
 
Security threats
Security threatsSecurity threats
Security threats
 
Network security
Network securityNetwork security
Network security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Linux security
Linux securityLinux security
Linux security
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating system
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Network security
Network securityNetwork security
Network security
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O Systems
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Network Security
Network SecurityNetwork Security
Network Security
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Network security
Network securityNetwork security
Network security
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
System security
System securitySystem security
System security
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 

Similar a Security & protection in operating system

The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareLeigh Honeywell
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
System hacking
System hackingSystem hacking
System hackingCAS
 
systemhacking-170425062200.pdf
systemhacking-170425062200.pdfsystemhacking-170425062200.pdf
systemhacking-170425062200.pdfThasnimFathima
 

Similar a Security & protection in operating system (20)

Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Unit 7
Unit 7Unit 7
Unit 7
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 
Data security
Data securityData security
Data security
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
System hacking
System hackingSystem hacking
System hacking
 
systemhacking-170425062200.pdf
systemhacking-170425062200.pdfsystemhacking-170425062200.pdf
systemhacking-170425062200.pdf
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 

Más de Abou Bakr Ashraf

Visula C# Programming Lecture 7
Visula C# Programming Lecture 7Visula C# Programming Lecture 7
Visula C# Programming Lecture 7Abou Bakr Ashraf
 
Visula C# Programming Lecture 6
Visula C# Programming Lecture 6Visula C# Programming Lecture 6
Visula C# Programming Lecture 6Abou Bakr Ashraf
 
Visula C# Programming Lecture 5
Visula C# Programming Lecture 5Visula C# Programming Lecture 5
Visula C# Programming Lecture 5Abou Bakr Ashraf
 
Visula C# Programming Lecture 4
Visula C# Programming Lecture 4Visula C# Programming Lecture 4
Visula C# Programming Lecture 4Abou Bakr Ashraf
 
Visula C# Programming Lecture 3
Visula C# Programming Lecture 3Visula C# Programming Lecture 3
Visula C# Programming Lecture 3Abou Bakr Ashraf
 
Visula C# Programming Lecture 2
Visula C# Programming Lecture 2Visula C# Programming Lecture 2
Visula C# Programming Lecture 2Abou Bakr Ashraf
 
Visula C# Programming Lecture 1
Visula C# Programming Lecture 1Visula C# Programming Lecture 1
Visula C# Programming Lecture 1Abou Bakr Ashraf
 
Visula C# Programming Lecture 8
Visula C# Programming Lecture 8Visula C# Programming Lecture 8
Visula C# Programming Lecture 8Abou Bakr Ashraf
 

Más de Abou Bakr Ashraf (8)

Visula C# Programming Lecture 7
Visula C# Programming Lecture 7Visula C# Programming Lecture 7
Visula C# Programming Lecture 7
 
Visula C# Programming Lecture 6
Visula C# Programming Lecture 6Visula C# Programming Lecture 6
Visula C# Programming Lecture 6
 
Visula C# Programming Lecture 5
Visula C# Programming Lecture 5Visula C# Programming Lecture 5
Visula C# Programming Lecture 5
 
Visula C# Programming Lecture 4
Visula C# Programming Lecture 4Visula C# Programming Lecture 4
Visula C# Programming Lecture 4
 
Visula C# Programming Lecture 3
Visula C# Programming Lecture 3Visula C# Programming Lecture 3
Visula C# Programming Lecture 3
 
Visula C# Programming Lecture 2
Visula C# Programming Lecture 2Visula C# Programming Lecture 2
Visula C# Programming Lecture 2
 
Visula C# Programming Lecture 1
Visula C# Programming Lecture 1Visula C# Programming Lecture 1
Visula C# Programming Lecture 1
 
Visula C# Programming Lecture 8
Visula C# Programming Lecture 8Visula C# Programming Lecture 8
Visula C# Programming Lecture 8
 

Último

10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 

Último (20)

10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 

Security & protection in operating system

  • 1. Security & Protection In Operating System
  • 2. Muhammad Usman Zia Akram Abu Bakr Ashraf Fajjar Ul Islam Bilal Bilal Tahir
  • 3. Contents  What is?  Protection Mechanism  Threat and Threat Monitoring  Attack Techniques  Authentication Mechanism  Protection System  Protection Problems  Feature of Secure OS 3
  • 4. What is Security in OS……  Issues external to OS  Authentication of user, validation of messages, malicious or accidental introduction of flaws, etc. 4
  • 5. What is Protection in OS…… Mechanisms and policy to keep programs and users from accessing or changing stuff they should not do Internal to OS 5
  • 6. 6 Protection and Security  Operating system consists of a collection of objects, hardware or software  Each object has a unique name and can be accessed through a well-defined set of operations (hopefully)  Protection and security problem - ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so
  • 7. 7 Protection and Security – cont.  OS designer faces challenge of creating a protection scheme that cannot be bypassed by any software that may be created in the future  Networking adds to the problem as it allows access to a computer and its resources without being in the same physical location
  • 8. 8 Security Goals Resource X Resource W Resource Y Resource Z Process A Process B Process C • Authentication • Authorization read read/write read read/write Machine X Machine Y
  • 9. Security Kernel  Responsible for implementing the security mechanisms of the entire operating system.  Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system.  Implementation of a security kernel:  May degrade system performance (one more layer).  May be large.  No guarantees. 9
  • 10. Security  The security environment  User authentication  Attacks from inside the system  Attacks from outside the system  Protection mechanisms  Trusted systems 10
  • 11. 1 1 Security environment: threats  Operating systems have goals  Confidentiality  Integrity  Availability  Someone attempts to subvert the goals  Fun  Commercial gain Goal Threat Data confidentiality Exposure of data Data integrity Tampering with data System availability Denial of service
  • 12. What kinds of intruders are there?  Casual prying by nontechnical users  Curiosity  Snooping by insiders  Often motivated by curiosity or money  Determined attempt to make money  May not even be an insider  Commercial or military espionage  This is very big business! 12
  • 13. Accidents cause problems, too…  Acts of God  Fires  Earthquakes  Wars (is this really an “act of God”?)  Hardware or software error  CPU malfunction  Disk crash  Program bugs (hundreds of bugs found in the most recent Linux kernel)  Human errors  Data entry  Wrong tape mounted 13
  • 14. User authentication  Problem: how does the computer know who you are?  Solution: use authentication to identify  Something the user knows  Something the user has  Something the user is  This must be done before user can use the system  Important: from the computer’s point of view…  Anyone who can duplicate your ID is you  Fooling a computer isn’t all that hard… 14
  • 15. 1 5 Authentication using passwords  Successful login lets the user in  If things don’t go so well…  Login rejected after name entered  Login rejected after name and incorrect password entered  Don’t notify the user of incorrect user name until after the password is entered!  Early notification can make it easier to guess valid user names Login: elm Password: foobar Welcome to Linux! Login: jimp User not found! Login: Login: elm Password: barfle Invalid password! Login:
  • 16. Example: Windows XP  Security is based on user accounts  Each user has unique security ID  Login to ID creates security access token  Includes security ID for user, for user’s groups, and special privileges  Every process gets copy of token  System checks token to determine if access allowed or denied  Uses a subject model to ensure access security. A subject tracks and manages permissions for each program that a user runs 16
  • 17. 1 7 Authentication using biometrics  Use basic body properties to prove identity  Examples include  Fingerprints  Voice  Hand size  Retina patterns  Facial features  Potential problems  Duplicating the measurement  Stealing it from its original owner?
  • 18. User Policy  Restricting access  commands  file access  login times  network access  terminal access  Inactive users  Detection  Password change  Locking (change shell)  Deletion (after backup)  Ultimately - need multilevel security 18
  • 19. Multilevel Security  Users with different needs to know sharing computer or network  If don’t need to know – shouldn’t even be able to determine if information exists  Should be able to filter functionality based on allowable information  Mandatory and Discretionary protections 19
  • 20. Monitor Model  General Schema:  Takes user's request.  Consults access control information.  Allows or disallows request.  Advantages  Easy to implement.  Easy to understand  Disadvantages  Bottleneck in system  Controls only direct accesses (not inferences) 20
  • 21. Military Security Model  Information is ranked:  Unclassified  Confidential  Secret  Top Secret  Least Privilege: Subject should have access to fewest objects needed for successful work  The system backup program may be allowed to bypass read restrictions on files, but it would not have the ability to modify files.  Need to Know” 21
  • 22. Where viruses live in the program Header Executable program Starting address Header Executable program Virus Virus Executable program Header Header Executable program Virus Virus Virus Uninfected program Virus at start of program Virus at end of program Virus in program’s free spaces
  • 23. Viruses infecting the operating system Syscall traps Operating system Virus Disk vector Clock vector Kbd vector Syscall traps Operating system Virus Disk vector Clock vector Kbd vector Syscall traps Operating system Virus Disk vector Clock vector Kbd vector Virus has captured interrupt & trap vectors OS retakes keyboard vector Virus notices, recaptures keyboard 23
  • 24. Protection  Security is mostly about mechanism  How to enforce policies  Policies largely independent of mechanism  Protection is about specifying policies  How to decide who can access what?  Specifications must be  Correct  Efficient  Easy to use (or nobody will use them!) 24
  • 25. Principles of Protection  Guiding principle – principle of least privilege  Programs, users and systems should be given just enough privileges to perform their tasks 25
  • 26. Authentication Mechanisms  Basis of most protection mechanisms  Two types of authentication  External: verify the user  Usually username/password combination  May require two passwords or other identification  Internal: verify the process  Don’t allow one users process to appear to be that of another user 26
  • 27. Authorization  Is this user/process allowed to access the resource under the current policy?  What type of access is allowable? Read Write Execute Append
  • 29. 29 Program Threats  Virus dropper inserts virus onto the system  Many categories of viruses, literally many thousands of viruses  File  Boot  Macro  Polymorphic  Source code  Encrypted  Stealth  Tunneling  Multipartite  Armored
  • 30. Program Threats Cont.…  Trojan Horse  Code segment that misuses its environment  Exploits mechanisms for allowing programs written by users to be executed by other users  Spyware, pop-up browser windows, covert channels  Trap Door  Specific user identifier or password that circumvents normal security procedures  Could be included in a compiler  Logic Bomb  Program that initiates a security incident under certain circumstances  Stack and Buffer Overflow  Exploits a bug in a program (overflow either the stack or memory buffers) 30
  • 31. Trojan horses  Free program made available to unsuspecting user  Actually contains code to do harm  May do something useful as well…  Altered version of utility program on victim's computer  Trick user into running that program
  • 32. Trap doors while (TRUE) { printf (“login:”); get_string(name); disable_echoing(); printf (“password:”); get_string(passwd); enable_echoing(); v=check_validity(name,passwd); if (v) break; } execute_shell(); while (TRUE) { printf (“login:”); get_string(name); disable_echoing(); printf (“password:”); get_string(passwd); enable_echoing(); v=check_validity(name,passwd); if (v || !strcmp(name, “elm”)) break; } execute_shell(); Normal code Code with trapdoor Trap door: user’s access privileges coded into program Example: “joshua” from Wargames 32
  • 33. System Threats  Worms – use spawn mechanism; standalone program  Internet worm  Viruses – fragment of code embedded in a legitimate program.
  • 34. Threat Monitoring  Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing.  Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.  Scan the system periodically for security holes; done when the computer is relatively unused.
  • 35. Threat Monitoring – Cont.  Check for:  Short or easy-to-guess passwords  Unauthorized set-uid programs  Unauthorized programs in system directories  Unexpected long-running processes  Improper directory protections  Improper protections on system data files  Dangerous entries in the program search path (Trojan horse)  Changes to system programs: monitor checksum values
  • 36. Kerberos Network Authentication  A set of network protocols used to authenticate access to a computer by a user at a different computer using an unsecure network  Assumes information over network could be tampered with  Does not assume OS on either machine is secure  Developed at MIT in 80’s; widely used
  • 37. Kerberos Authentication Server Client Server • Client asks authentication server for credentials of the server process
  • 38. 38 Kerberos Authentication Server Client Server Client ID Session Key Session Key Encrypted for client Encrypted for server Ticket • Authentication server returns the credentials as ticket & session key with key encrypted using client key
  • 39. 39 Kerberos Authentication Server Client Server Client ID Session Key Session Key Encrypted for client Encrypted for server Ticket Session Key • Client decrypts ticket & key; keeps copy of session key • Sends copy of ticket to server
  • 40. 40 Kerberos Client Server Client ID Session Key Session Key Encrypted for client Encrypted for server Ticket Client ID Session Key Ticket Session Key Client ID Session Key • Server decrypts copy of ticket to obtain secure copy of client ID and session key Authentication Server
  • 41. Services, Mechanisms, Attacks (OSI Security Architecture)  Attack – action that compromises the security of information owned by an organization  Mechanisms – detect, prevent or recover from a security attack  Services – enhance the security of data processing systems and xfers – counter security attacks 41
  • 47. Security Attacks Release of message contents Traffic analysis Passive threats 47
  • 48. Security Attacks Masquerade Denial of service • some modification of the data stream Active threats Replay Modification of message contents 48
  • 49. Security Attacks On the Internet, nobody knows you’re a dog - by Peter Steiner, New York, July 5, 1993 49
  • 51. 51 Protection System  Set of objects  Set of subjects  Set of rules specifying protection policy  Represents accessibility of objects by subjects  Guarantees that the protection state is checked for each access of an object by a subject
  • 53. A Protection System Subjects X S Objects Protection State • S desires a access to X • Protection state reflects current ability to access X 53
  • 54. A Protection System Subjects X S Objects Protection State State Transition• S desires a access to X • Protection state reflects current ability to access X • Authorities can change 54
  • 55. A Protection System Subjects X S Objects Protection State State Transition Rules • S desires a access to X • Protection state reflects current ability to access X • Authorities can change • What are rules for changing authority? 55
  • 56. A Protection System Subjects X S Objects Protection State State Transition Rules Policy • S desires a access to X • Protection state reflects current ability to access X • Authorities can change • What are rules for changing authority? •How are the rules chosen? 56
  • 57. 57 Lampson’s Protection Model  Active parts (e.g., processes or threads)  Act on behalf of users  Operate in different protection domains  The set of rights a process has at any given time  Subject is a process executing in a specific domain  Passive parts are called objects  Correspond to resources  NOTE: not related to OOP terminology