Operating system chapter 16

صفحه 1:
Security Chapter 16 

صفحه 2:
Computer System ‘Computer System sensitive es ‘ust be secure (le security) co” ata must be securely transmit Unrogh networks eaatwork security) رک امد ‎‘st be contrelled‏ مک هه ‎representing users‏ تسج ‎recess tote computer ‎facility must be controlled (user authentication) ‎Gsers making requests ‎Figure 16.1 Scope of System Security [MAEK87] 

صفحه 3:
Types of Threats ° Interruption ~ An asset of the system is destroyed of becomes unavailable or unusable ~ Attack on availability ~ Destruction of hardware ~ Cutting of a communication line ~ Disal 6 ‏دحج‎ nagement syste 0 (b) Interruption 3 

صفحه 4:
Types of Threats ° Interception ~ An unauthorized party gains access to an asset ~ Attack on confidentiality ~ Wiretapping to capture data ina network - ‏ححخححم ازم111‎ rr programs (e) Interception 

صفحه 5:
Types of Threats ° Modification - An unauthorized party not only gains access but tampers with an asset ~ Attack on integrity - Changing values in a data file - Altering a program so that it performs differently ~ Modifying the content of messages being transmitted in ¢ (a) Modification 

صفحه 6:
Types of Threats ° Fabrication ~ An unauthorized party inserts counterfeit objects into the system ~ Attack on authenticity ~ Insertion of spurious messages in a network ~ Additian of rararde to a file (©) Fabrication 

صفحه 7:
Computer System Assets ° Hardware ~ Threats include accidental and deliberate damage ° Software ~ Threats include deletion, alteration, damage ~ Backups of the most recent versions can maintain high availability 

صفحه 8:
Computer System Assets ° Data ~ Involves files ~ Security concerns fro availability, secrecy, and integrity ~ Statistical analysis can lead to determination of individual information which threatens privacy 

صفحه 9:
Computer System Assets * Communication Lines and Networks - Passive Attacks ~ Learn or make use of information from the system but does not affect system resources ~ Traffic analysis * Encryption masks the contents of what is transferred so even if obtained by someone, they would be unable to extract information 

صفحه 10:
Computer System Assets * Communication Lines and Networks - Passive Attacks ~ Release of message contents for a telephone conversion, an electronic mail message, and a transferred file are 10 

صفحه 11:
Computer System Assets * Communication Lines and Networks - Passive Attacks ~ Traffic analysis » Encryption masks the contents of what is transferred so even if obtained by someone, thev would be unable to extract information 11 (by Traffe analysis 

صفحه 12:
Computer System Assets * Communication Lines and Networks - Active Attacks ~ Masquerade takes place when one entity pretends to be a different entity Allee 12 

صفحه 13:
Computer System Assets * Communication Lines and Networks - Active Attacks ~ Replay involves the passive capture of a data unit and its subsequent retransmission to produce an 13 

صفحه 14:
Computer System Assets * Communication Lines and Networks - Active Attack ~ Modification of messages means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produ 14 {e) Moiteation of messages 

صفحه 15:
Computer System Assets * Communication Lines and Networks - Active Attacks ~ Denial of service prevents or inhibits the normal use or management of communications facilities “4 messages ob (@ Denied of service 

صفحه 16:
Protection ° No protection ~ Sensitive procedures are run at separate times ° Isolation ~ Each process operates separately from other processes with no sharing or communication 16 

صفحه 17:
Protection ° Share all or share nothing ~ Owner of an object declares it public or private ° Share via access limitation ~ Operating system checks the permissibility of each access by a specific user to a specific object ~- Operating system acts as the guard 

صفحه 18:
Protection ° Share via dynamic capabilities ~ Dynamic creation of sharing rights for objects ° Limit use of an object ~ Limit not just access to an object but also the use to which that object may be put ~ Example: a user may be able to derive statistical summaries but not to determine specific data values 18 

صفحه 19:
Protection of Memory ° Security ° Correct functioning of the various processes that are active 

صفحه 20:
User-Oriented Access Control ° Referred as authentication * Log on ~ Requires both a user identifier (ID) and a password ~ System only allows users to log on if the ID is known to the system and password. associated with the ID is correct - Users can reveal their password to others either intentionally or accidentally ~ Hackers are skillful at guessing passwords ~ ID/password file can be obtained 20 

صفحه 21:
Data-Oriented Access Control ° Associated with each user, there can bea profile that specifies permissible operations and file accesses ° Operating system enforces these rules ° Database management system controls access to specific records or portions of records 

صفحه 22:
Access Matrix ° Subject ~ An entity capable of accessing objects ° Object ~ Anything to which access is controlled ° Access rights ~ The way in which an object is accessed by a subject 

صفحه 23:
Access Matrix File2 File3_— Filed Account 1 Account 2 ‘Own 3 8 R w R | Inquiry | Inquiry 8 Debit | Credit ‘Own 8 0 R Inquiry a Debit (a) Access matrix User A User B User © 

صفحه 24:
Access Control List ° Matrix decomposed by columns ° For each object, an access control list gives users and their permitted access rights 

صفحه 25:
Access Control List File] OE 9 ۳9 Ww ‏مداد‎ LE 0 0 0 w ۳ ۲ 4 8 | 0۳ 3 w (b) Access control lists for files of part (a) 

صفحه 26:
Capability Tickets ° Decomposition of access matrix by rows ° Specifies authorized objects and operations for a user 

صفحه 27:
Capability Tickets ‎fea]‏ سح يمن سم | ‎1 ‎w ‎ ‏5ب ] ‎ ‎ ‎(c) Capability lists for files of part (a) ‎ ‎ ‎ ‎ 

صفحه 28:
Intrusion Techniques » Objective of intruder is the gain access to the system or to increase the range of privileges accessible on a system ° Protected information that an intruder acquires is a password 

صفحه 29:
Techniques for Learning Passwords ° Try default password used with standard accounts shipped with system ° Exhaustively try all short passwords ۰ Try words in dictionary or a list of likely passwords * Collect information about users and use these items as passwords 29 

صفحه 30:
Techniques for Learning Passwords ° Try users’ phone numbers, social security numbers, and room numbers ° Try all legitimate license plate numbers for this state ° Use a Trojan horse to bypass restrictions on access ° Tap the line between a remote user and the host system 

صفحه 31:
ID Provides Security * Determines whether the user is authorized to gain access to a system ۰ Determines the privileges accorded to the user ~ Superuser enables file access protected by the operating system. ~ Guest or anonymous accounts have more limited privileges than others ° ID is used for discretionary access control ~ Auser may grant permission to files to others by ID 31 

صفحه 32:
UNIX Password Scheme Password File cerypt(3) User id salt output 

صفحه 33:
UNIX Password Scheme Password File erypt(3) User id salt output encrypted password aor compare (b) Verifying a password 

صفحه 34:
Password Selection Strategies ° Computer generated passwords ~ Users have difficulty remembering them ~ Need to write it down ~ Have history of poor acceptance 

صفحه 35:
Password Selection Strategies ° Reactive password checking strategy ~ System periodically runs its own password cracker to find guessable passwords ~ System cancels passwords that are guessed and notifies user ~ Consumes resources to do this ~ Hacker can use this on their own machine with a copy of the password file 

صفحه 36:
Password Selection Strategies ° Proactive password checker ~ The system checks at the time of selection if the password is allowable ~ With guidance from the system users can select memorable passwords that are difficult to guess 

صفحه 37:
efile of peal ot aoe ur intruder behav ‏تام‎ overlap in observe for expected behavior swveragebehuvior average behavior Measurable behavior of intruder ‏و‎ user Parameter Figure 16.7 Profiles of Behavior of Intruders and Authorized Users 37 

صفحه 38:
Intrusion Detection ° Assume the behavior of the intruder differs from the legitimate user * Statistical anomaly detection ~ Collect data related to the behavior of legitimate users over a period of time ~ Statistical tests are used to determine if the behavior is not legitimate behavior 38 

صفحه 39:
Intrusion Detection ° Rule-based detection ~ Rules are developed to detect deviation from previous usage pattern ~ Expert system searches for suspicious behavior 

صفحه 40:
Intrusion Detection ° Audit record ~ Native audit records ° All operating systems include accounting software that collects information on user activity ~ Detection-specific audit records * Collection facility can be implemented that generates audit records containing only that information required by the intrusion detection system 40 

صفحه 41:
Malicious Programs * Those that need a host program ~ Fragments of programs that cannot exist independently of some application program, utility, or system program ° Independent ~ Self-contained programs that can be scheduled and run by the operating system 

صفحه 42:
42 

صفحه 43:
Trapdoor ° Entry point into a program that allows someone who is aware of trapdoor to gain access ° Used by programmers to debug and test programs ~ Avoids necessary setup and authentication ~ Method to activate program if something wrong with authentication procedure 43 

صفحه 44:
Logic Bomb ° Code embedded in a legitimate program that is set to “explode” when certain conditions are met ~ Presence or absence of certain files ~ Particular day of the week ~ Particular user running application 

صفحه 45:
Trojan Horse ° Useful program that contains hidden code that when invoked performs some unwanted or harmful function * Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly ~ User may set file permission so everyone has access 

صفحه 46:
Virus ° Program that can “infect” other programs by modifying them ~ Modification includes copy of virus program ~ The infected program can infect other programs 

صفحه 47:
Worms ° Use network connections to spread form system to system ° Electronic mail facility - Aworm mails a copy of itself to other systems * Remote execution capability - A worm executes a copy of itself on another system * Remote log-in capability ~ A worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other 47 

صفحه 48:
Zombie ° Program that secretly takes over another Internet-attached computer ° It uses that computer to launch attacks that are difficult to trace to the zombie’s creator 

صفحه 49:
Virus Stages ° Dormant phase ~ Virus is idle ° Propagation phase ~ Virus places an identical copy of itself into other programs or into certain system areas on the disk 

صفحه 50:
Virus Stages ° Triggering phase ~ Virus is activated to perform the function for which it was intended ~ Caused by a variety of system events ° Execution phase ~ Function is performed 

صفحه 51:
Types of Viruses ° Parasitic ~ Attaches itself to executable files and replicates ~ When the infected program is executed, it looks for other executables to infect ° Memory-resident ~ Lodges in main memory as part of a resident system program - Once in memory, it infects every program that executes 51 

صفحه 52:
Types of Viruses ° Boot sector ~ Infects boot record ~ Spreads when system is booted from the disk containing the virus ° Stealth ~ Designed to hide itself form detection by antivirus software 

صفحه 53:
Types of Viruses ° Polymorphic ~ Mutates with every infection, making detection by the “signature” of the virus impossible ~ Mutation engine creates a random encryption key to encrypt the remainder of the virus ٠ The key is stored with the virus 53 

صفحه 54:
Macro Viruses ° Platform independent ~ Most infect Microsoft Word documents ° Infect documents, not executable portions of code ° Easily spread 

صفحه 55:
Macro Viruses * Amacro is an executable program embedded in a word processing document or other type of file e Autoexecuting macros in Word ~ Autoexecute » Executes when Word is started ~ Automacro » Executes when defined event occurs such as opening or closing a document ~ Command macro ° Executed when user invokes a command (e.g., File Save) ۳ 

صفحه 56:
Antivirus Approaches ° Detection ° Identification ° Removal 

صفحه 57:
Generic Decryption * CPU emulator ~ Instructions in an executable file are interpreted by the emulator rather than the processor ° Virus signature scanner ~ Scan target code looking for known virus signatures * Emulation control module ~ Controls the execution of the target code 57 

صفحه 58:
Digital Immune System ° Developed by IBM ° Motivation has been the rising threat of Internet-based virus propagation ~ Integrated mail systems ~ Mobile-program system 

صفحه 59:
Vine ‏اسل _ا م‎ Virus tient ‏اما‎ ire Analysis Machine ‏عن‎ ‏مسد‎ ‎‘eat ‎een sate 7 sat ‏ا‎ Machine ۳7۳ User Figure 169 Digital Immune System = 1 1 Pes 

صفحه 60:
E-mail Virus ° Activated when recipient opens the e-mail attachment ° Activated by opening an e-mail that contains the virus ° Uses Visual Basic scripting language ۰ Propagates itself to all of the e- mail addresses known to the infected host 

صفحه 61:
Trusted Systems ° Multilevel security ~ Information organized into levels ~ No read up * Only read objects of a less or equal security level ~ No write down * Only write objects of greater or equal security level 61 

صفحه 62:
62 Figure 16.10 Reference Monitor Concept Subjects 

صفحه 63:
Trojan Horse Defense جعت و Data file 

صفحه 64:
Trojan Horse Defense "CPEITOKS" Data file 

صفحه 65:
Trojan Horse Defense "CPELT0KS" Data file 

صفحه 66:
Trojan Horse Defense CPEITOKS" Data file 

صفحه 67:
Windows 2000 Security ° Access Control Scheme ~ Name/password ~ Access token associated with each process object indicating privileges associated with a user 

صفحه 68:
Access Token ° Security ID ~ Identifies a user uniquely across all the machines on the network (logon name) ° Group SIDs ~ List of the groups to which this user belongs * Privileges ~ List of security-sensitive system services that this user may call 68 

صفحه 69:
Access token ° Default owner - 11 this process creates another object, this field specifies who is the owner ° Default ACL ~ Initial list of protections applied to the objects that the user creates 

صفحه 70:
Security Descriptor Flags ~ Defines type and contents of a security descriptor Owner ~ Owner of the object can generally perform any action on the security descriptor System Access Control List (SACL) ~ Specifies what kinds of operations on the object should generate audit messages Discretionary Access Control List (DACL) ~ Determines which users and groups can access this object for which operations 70 

صفحه 71:
71 1 111 1111111111111111 سس تحص ۳ Speciic aces pes ‏ع ید‎ Access System Security ‘Maximum allowed wre 16.13 Access Mask اله معت سأ ‎Generis Execute‏ | ‎Generis Waite‏ ‎Generis Read‏