PG
Uploaded byPrachi Gulihar
1,555 views

Protection in general purpose operating system

The document provides an overview of general purpose operating system protection. It discusses various file protection mechanisms including all-none protection, group protection, and individual permissions. It also covers user authentication methods such as passwords, biometrics, and one-time passwords. The document then examines security policies, models, and the design of trusted operating systems. It analyzes features like access control, identification, authentication, and auditing that are important for a trusted OS.

Technology
In this document
Powered by AI
See More

Introduction to protection in general purpose operating systems.

Structured outline covering file protection mechanics, user authentication, and designing trusted OS.

The primary goals of an OS include controlling shared access and providing interfaces with key security implications.

Details on file protection mechanisms, emphasizing group protection and individual permissions in Unix+ systems.

Discusses various user authentication methods, including passwords, two-factor authentication, and vulnerabilities.

Key components of trust in operating systems like policy, model, design, and assurance.

Classifies security policies, emphasizing military hierarchies of information sensitivity and compartmentalization.

Illustrates various security models, including Bell LaPadula for confidentiality and Biba for integrity.

Highlights design principles essential for a trusted OS including least privilege, complete mediation, and access control mechanisms.

Embed presentation

Protection in General Purpose Operating System Unit 4
Index • Overview • File protection mechanisms • User authentication • Designing Trusted OS • Security Policy • Models of Security • Trusted Operating System Design
Overview • An operating system has two goals: controlling shared access  implementing an interface to allow that access • Underneath those goals are support activities, including identification and authentication, naming, filing objects, scheduling, communication among processes, and reclaiming and reusing objects
Overview cont. • Operating system functions can be categorized as:  access control identity and credential management  information flow  audit and integrity protection • Each of these activities has security implications.
File Protection Mechanisms • Basic Forms of Protection All-None Protection Unacceptable for several reasons – Lack of trust – Too coarse – Rise of sharing – Complexity – File listings
Basic Forms of Protection (Cont’d) Group Protection – Focused on identifying groups of users who had some common relationship. – All authorized users are separated into groups. – A group may consist of several members working on a common project, a – department, a class, or a single user. – The basis for group membership is need to share. – A key advantage of the group protection approach is its ease of – implementation.
Basic Forms of Protection (Cont’d) • Group Protection (Cont’d) – Group affiliation: A single user cannot belong to two groups. – Multiple personalities: To overcome the one-person one-group restriction, certain people might obtain multiple accounts, permitting them, in effect, to be multiple users. – All groups: To avoid multiple personalities, the system administrator may decide that Tom should have access to all his files any time he is active. – Limited sharing: Files can be shared only within groups or with the world.
Basic Forms of Protection (Cont’d) • Individual Permissions – Persistent Permission – Temporary Acquired Permission • Unix+ operating systems provide an interesting permission scheme based on a three-level user-group- world hierarchy. • The Unix designers added a permission called set userid (suid) • Per-Object and Per-User Protection
User Authentication • Authentication mechanisms use any of three qualities to confirm a user's identity. – Something the user knows. Passwords, PIN numbers, passphrases, • a secret handshake, and mother's maiden name are examples of what a user may know. – Something the user has. Identity badges, physical keys, license, or a uniform are common examples of things people have that make them recognizable. – Something the user is. These authenticators, called biometrics, are based on a physical characteristic of the user,
User Authentication(cont’d) • Passwords as Authenticators – Use of Passwords – Passwords are mutually agreed-upon code words, assumed to be known – only to the user and the system. • Suffer from some difficulties of use: – Loss. Depending on how the passwords are implemented, it is possible that no one will be able to replace a lost or forgotten password – Use. Supplying a password for each access to a file can be inconvenient and time consuming. – Disclosure. If a password is disclosed to an unauthorized individual, the file becomes immediately accessible. – Revocation.
Passwords as Authenticators • Additional Authentication Information – Using additional authentication information is called multifactor authentication. – Two forms of authentication (which is known as two-factor authentication) are better than one, assuming of course that the two forms are strong. – But as the number of forms increases, so also does the inconvenience.
Passwords as Authenticators • Attacks on Passwords • Some ways you might be able to determine a user's password, in decreasing order of difficulty. – Try all possible passwords. – Try frequently used passwords. – Try passwords likely for the user. – Search for the system list of passwords. – Ask the user.
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems – E.g., WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams INVALID USER NAME / UNKNOWN USER ENTER USER NAME:
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) – An alternative arrangement of the login sequence is shown below. WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME:
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME: adams ENTER PASSWORD: johnq WELCOME TO THE XYZ COMPUTING SYSTEMS
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Exhaustive Attack – In an exhaustive or brute force attack, the attacker tries all possible passwords, usually in some automated fashion – Probable Passwords – Passwords Likely for a User
Passwords as Authenticators Attacks on Passwords (Cont’d) • password guessing steps: – no password – the same as the user ID. – is, or is derived from, the user's name – common word list (for example, "password," "secret," "private") plus common names and patterns (for example, "asdfg," "aaaaaa") – short college dictionary – complete English word list
Passwords as Authenticators • One-Time Passwords • Biometrics: Authentication Not Using Passwords • Identification vs Authentication • Much reliable, but less effective
Designing Trusted Operating Systems • An operating system is trusted if we have confidence that it provides these four services consistently and effectively – Policy - every system can be described by its requirements: statements of what the system should do and how it should do it. – Model - designers must be confident that the proposed system will meet its requirements while protecting appropriate objects and relationships.
Designing Trusted Operating Systems – Design - designers choose a means to implement it. – Trust - trust in the system is rooted in two aspects: • FEATURES - the operating system has all the necessary functionality needed to enforce the expected security policy. • ASSURANCE - the operating system has been implemented in such a way that we have confidence it will enforce the security policy correctly and effectively.
Trustworthy OS • An OS is trusted if it provides: – Memory protection – Generation object access control – User authentication • In a consistent and effective manner. • Why trusted OS, why not secure OS?
“Secure” Vs. “Trust” • .
Security Policies Security policy: statement of the security we expect the system to enforce. • Military Security Policy – Based on protecting classified information. – Each piece of information is ranked at a particular sensitivity level, such as unclassified, restricted, confidential, secret, or top secret. – The ranks or levels form a hierarchy, and they reflect an increasing order of sensitivity
Figure 1 Hierarchy of Sensitivities. Least Sensitive Military security policy
Figure 2 Compartments and Sensitivity Levels. Compartments in a Military security plicy.
Figure 3 Association of Information and Compartments. A single piece of information may belong to multiple compartments.
Terms • Information falls under different degrees of sensitivity: – Unclassified to top secret. – Each sensitivity is determined by a rank. E.g., unclassified has rank 0. • Need to know: enforced using compartments – E.g., a particular project may need to use information which is both top secret and secret. Solution; create a compartment to cover the information in both. – A compartment may include information across multiple sensitivity levels. • Clearance: A person seeking access to sensitive information must be cleared. Clearance is expressed as a combination: <rank; compartments>
Dominance relation • Consider subject s and an object o. – s <= o if an only if: • rank_s <= rank_o and • compartments_s subset compartments_o – E,g, a subject can read an object only if: • The clearance level of the subject is at least as high as that of the information and • The subject has a need to know about all compartments for which the information is classified. • E.g.information <secret, {Sweden}> can be read by someone with clearance: <top_secret, {Sweden}> and <secret , {Sweden}> but not by <top_secret, {Crypto}>
Figure 4 Commercial View of Sensitive Information. Commercial security policies What are some of the needs of a commercial policy?
Example: Chinese Wall Policy Addresses needs of commercial organizations: legal, medical, investment and accounting firms. Key protection: conflict of interest. Abstractions: Objects: elementary objects such as files. Company groups: at the next level, all objects concerning a particular company are grouped together. Conflict classes: all groups of objects for competing companies are clustered together.
Figure 5 Chinese Wall Security Policy. Chinese Wall Security Policy
Clark Wilson Model •Defines tuples for every operation <userID,transformationProcedure, {CDIs…}> • userID: person who can perform the operation. • transformationProcedure: performs only certain operations depending on the data. E.g., writeACheck if the data’s integrity is mainted. • CDIs: constrained data items: data items with certain attributes. E.g., when the receiving clerk sends the delivery form to the accounting clerk… the delivery form has been already “checked” by the receiving clerk. Think of these as “stamps” of approval.
Security Models While policies tell us what we want…. models tell us formally what conditions we need to enforce in order to achieve a policy. We study models for various reasons: (i) test a particular policy for completeness and consistency. (ii) Document a policy (iii) Help conceptualize and design an implementation (iv) Check whether an implementation meets its requirements.
Example models (i) Bell LaPadula Model: to enforce confidentiality. (ii) Biba Model: enforces integrity. To understand this, we study a structure called Lattice. lattice is a “partial - ordering of data” such that every data item has a least upper bound and the greatest lower bound. E.g., Military model is a lattice. E.g., <secret, {Sweden}> and <secret, {France}> have a least upper bound and a greatest lower bound. Figure 6 Sample Lattice.
Bell LaPadula Model for Confidentiality Tells us “what conditions” need to be met to satisfy confidentiality to implement multi-level security policies (e.g., military policies): Consider a security system with the following properties: (i) system contains a set of subjects S. (ii) a set of objects O. (iii) each subject s in S and each object o in O has a fixed security class (C(s), C(o)).  In military security examples of class: secret, top secret etc… (iv) Security classes are ordered by <= symbol.
Bell La Padula Model for Confidentiality Properties: • Simple security property: A subject s may have read access to an object o, only if C(o) <= C(s). • (* property) - A subject s who has read access to an object o, may have write access to an object p only if C(o) <= C(p).
Figure 8 Subject, Object, and Rights. Need for the two policies: Definition of subject, object and access rights. E.g., s can “r” or “read” object o.
Figure 7 Secure Flow of Information. Bell LaPadula; read down, write up.
Biba Model for Integrity. Bell LaPadula is only for confidentiality, how about integrity… come up with a policy.
Biba Model for Integrity. Simple policy: Subject s can modify (write) object o only if I(s) >= I(o). Here I is similar to C, except I is called Integrity class. Integrity *-Property: If subject s has read access to object o with integrity level I(o), s can have write access to object p only if I(o) >= I(p). Why is the second policy important?
Trusted OS Design • The policies tells us what we want. • The model tells us the properties needed to satisfy for the policies to succeed. • Next: designing an OS which is trusted. Trusted OS design principles- • Principle of least privilege • Economy of mechanism • Open design • Complete mediation • Permission based • Separation of privilege. • Least common mechanism • Ease of use.
Review: Overview of an Operating System’s Functions.
Figure 5-11 Security Functions of a Trusted Operating System.
Key Features of a Trusted OS • User identification and authentication (we already studied this). • Access control: • Mandatory • Discretionary • Role Based • Complete mediation. • Trusted path • Audit • Audit log reduction • Intrusion detection.

More Related Content

PPTX
Intrusion detection
byCAS
 
PPTX
Program security
byPrachi Gulihar
 
PDF
Web Security
byDr.Florence Dayana
 
PDF
Authentication techniques
byIGZ Software house
 
PPTX
IP Security
byKeshab Nath
 
PPT
Traditional symmetric-key cipher
byVasuki Ramasamy
 
PPSX
Intrusion detection system
bygaurav koriya
 
PPTX
CMACs and MACS based on block ciphers, Digital signature
byAdarsh Patel
 
Intrusion detection
byCAS
 
Program security
byPrachi Gulihar
 
Web Security
byDr.Florence Dayana
 
Authentication techniques
byIGZ Software house
 
IP Security
byKeshab Nath
 
Traditional symmetric-key cipher
byVasuki Ramasamy
 
Intrusion detection system
bygaurav koriya
 
CMACs and MACS based on block ciphers, Digital signature
byAdarsh Patel
 

What's hot

PPTX
Intruders
byALOK KUMAR
 
PDF
Intruders
byDr.Florence Dayana
 
PPTX
Threat Modeling And Analysis
byLalit Kale
 
PPTX
Database security
byBirju Tank
 
PPTX
User authentication
byCAS
 
PDF
Public key Infrastructure (PKI)
byVenkatesh Jambulingam
 
PDF
Electronic mail security
byDr.Florence Dayana
 
PPTX
Hash Function
byssuserdfb2da
 
PPT
Email security
byIndrajit Sreemany
 
PPTX
Steganography
byUttam Jain
 
PPT
Ch11 Basic Cryptography
byInformation Technology
 
PPTX
Block cipher modes of operation
byharshit chavda
 
PPT
Message authentication and hash function
byomarShiekh1
 
PPT
X.509 Certificates
bySou Jana
 
PPTX
Cryptography.ppt
bykusum sharma
 
PDF
Email security presentation
bySubhradeepMaji
 
PPTX
SSL
byBadrul Alam bulon
 
PPTX
RSA Algorithm
bySrinadh Muvva
 
PPTX
Elgamal &amp; schnorr digital signature scheme copy
byNorth Cap University (NCU) Formely ITM University
 
PPTX
distributed Computing system model
byHarshad Umredkar
 
Intruders
byALOK KUMAR
 
Intruders
byDr.Florence Dayana
 
Threat Modeling And Analysis
byLalit Kale
 
Database security
byBirju Tank
 
User authentication
byCAS
 
Public key Infrastructure (PKI)
byVenkatesh Jambulingam
 
Electronic mail security
byDr.Florence Dayana
 
Hash Function
byssuserdfb2da
 
Email security
byIndrajit Sreemany
 
Steganography
byUttam Jain
 
Ch11 Basic Cryptography
byInformation Technology
 
Block cipher modes of operation
byharshit chavda
 
Message authentication and hash function
byomarShiekh1
 
X.509 Certificates
bySou Jana
 
Cryptography.ppt
bykusum sharma
 
Email security presentation
bySubhradeepMaji
 
SSL
byBadrul Alam bulon
 
RSA Algorithm
bySrinadh Muvva
 
Elgamal &amp; schnorr digital signature scheme copy
byNorth Cap University (NCU) Formely ITM University
 
distributed Computing system model
byHarshad Umredkar
 

Similar to Protection in general purpose operating system

PPTX
Survey of file protection techniques
byPrachi Gulihar
 
PPT
Protection and Security in Operating Systems
byvampugani
 
PPTX
Security & protection in operating system
byAbou Bakr Ashraf
 
PDF
OPERATING SYSTEM SECURITY
byRohitK71
 
PPTX
Introduction to Computer Security
byKamal Acharya
 
PPTX
Security & Protection in Operating System
byMeghaj Mallick
 
PDF
Health Information Privacy and Security
byNawanan Theera-Ampornpunt
 
PDF
Information Security basic introduction by professor
byadityakatare35
 
PPT
access control configurations and principles
byAngieloBecenia1
 
PPT
20-security.ppt
byajajkhan16
 
PPTX
Dos unit 5
byJebasheelaSJ
 
PPTX
System Security
byReddhi Basu
 
PDF
information security introduction for campus students.pdf
byhailegebrielgeta6
 
PDF
Dieter_Gollmann_Wiley_Computer_Security.pdf
by238Tanisha
 
DOCX
Security policy case study
byashu6
 
PPT
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
PPTX
security in is.pptx
byselvapriyabiher
 
PPTX
Crypto passport authentication
byHarry Potter
 
PPT
Chapter Last.ppt
bymiki304759
 
PDF
ch15.pdf
bySami Mughal
 
Survey of file protection techniques
byPrachi Gulihar
 
Protection and Security in Operating Systems
byvampugani
 
Security & protection in operating system
byAbou Bakr Ashraf
 
OPERATING SYSTEM SECURITY
byRohitK71
 
Introduction to Computer Security
byKamal Acharya
 
Security & Protection in Operating System
byMeghaj Mallick
 
Health Information Privacy and Security
byNawanan Theera-Ampornpunt
 
Information Security basic introduction by professor
byadityakatare35
 
access control configurations and principles
byAngieloBecenia1
 
20-security.ppt
byajajkhan16
 
Dos unit 5
byJebasheelaSJ
 
System Security
byReddhi Basu
 
information security introduction for campus students.pdf
byhailegebrielgeta6
 
Dieter_Gollmann_Wiley_Computer_Security.pdf
by238Tanisha
 
Security policy case study
byashu6
 
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
security in is.pptx
byselvapriyabiher
 
Crypto passport authentication
byHarry Potter
 
Chapter Last.ppt
bymiki304759
 
ch15.pdf
bySami Mughal
 

More from Prachi Gulihar

PPTX
Computer security concepts
byPrachi Gulihar
 
PPTX
Security risk management
byPrachi Gulihar
 
PPTX
Administering security
byPrachi Gulihar
 
PPTX
Database security and security in networks
byPrachi Gulihar
 
PPTX
Control hijacking
byPrachi Gulihar
 
PPT
Elementary cryptography
byPrachi Gulihar
 
PPTX
Malicious software and software security
byPrachi Gulihar
 
PPTX
Basic web security model
byPrachi Gulihar
 
PPTX
Least privilege, access control, operating system security
byPrachi Gulihar
 
PPTX
Mobile platform security models
byPrachi Gulihar
 
PPTX
Network defenses
byPrachi Gulihar
 
PPTX
Exploitation techniques and fuzzing
byPrachi Gulihar
 
PPTX
Network protocols and vulnerabilities
byPrachi Gulihar
 
PPTX
Computation systems for protecting delimited data
byPrachi Gulihar
 
PPT
Information security introduction
byPrachi Gulihar
 
PPTX
Web application security part 01
byPrachi Gulihar
 
PPTX
Dealing with legacy code
byPrachi Gulihar
 
PPTX
The trusted computing architecture
byPrachi Gulihar
 
PPTX
Technology, policy, privacy and freedom
byPrachi Gulihar
 
PPTX
Web application security part 02
byPrachi Gulihar
 
Computer security concepts
byPrachi Gulihar
 
Security risk management
byPrachi Gulihar
 
Administering security
byPrachi Gulihar
 
Database security and security in networks
byPrachi Gulihar
 
Control hijacking
byPrachi Gulihar
 
Elementary cryptography
byPrachi Gulihar
 
Malicious software and software security
byPrachi Gulihar
 
Basic web security model
byPrachi Gulihar
 
Least privilege, access control, operating system security
byPrachi Gulihar
 
Mobile platform security models
byPrachi Gulihar
 
Network defenses
byPrachi Gulihar
 
Exploitation techniques and fuzzing
byPrachi Gulihar
 
Network protocols and vulnerabilities
byPrachi Gulihar
 
Computation systems for protecting delimited data
byPrachi Gulihar
 
Information security introduction
byPrachi Gulihar
 
Web application security part 01
byPrachi Gulihar
 
Dealing with legacy code
byPrachi Gulihar
 
The trusted computing architecture
byPrachi Gulihar
 
Technology, policy, privacy and freedom
byPrachi Gulihar
 
Web application security part 02
byPrachi Gulihar
 

Recently uploaded

PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
December Patch Tuesday
byIvanti
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 

Protection in general purpose operating system

  • 1.
    Protection in GeneralPurpose Operating System Unit 4
  • 2.
    Index • Overview • Fileprotection mechanisms • User authentication • Designing Trusted OS • Security Policy • Models of Security • Trusted Operating System Design
  • 3.
    Overview • An operatingsystem has two goals: controlling shared access  implementing an interface to allow that access • Underneath those goals are support activities, including identification and authentication, naming, filing objects, scheduling, communication among processes, and reclaiming and reusing objects
  • 4.
    Overview cont. • Operatingsystem functions can be categorized as:  access control identity and credential management  information flow  audit and integrity protection • Each of these activities has security implications.
  • 5.
    File Protection Mechanisms •Basic Forms of Protection All-None Protection Unacceptable for several reasons – Lack of trust – Too coarse – Rise of sharing – Complexity – File listings
  • 6.
    Basic Forms ofProtection (Cont’d) Group Protection – Focused on identifying groups of users who had some common relationship. – All authorized users are separated into groups. – A group may consist of several members working on a common project, a – department, a class, or a single user. – The basis for group membership is need to share. – A key advantage of the group protection approach is its ease of – implementation.
  • 7.
    Basic Forms ofProtection (Cont’d) • Group Protection (Cont’d) – Group affiliation: A single user cannot belong to two groups. – Multiple personalities: To overcome the one-person one-group restriction, certain people might obtain multiple accounts, permitting them, in effect, to be multiple users. – All groups: To avoid multiple personalities, the system administrator may decide that Tom should have access to all his files any time he is active. – Limited sharing: Files can be shared only within groups or with the world.
  • 8.
    Basic Forms ofProtection (Cont’d) • Individual Permissions – Persistent Permission – Temporary Acquired Permission • Unix+ operating systems provide an interesting permission scheme based on a three-level user-group- world hierarchy. • The Unix designers added a permission called set userid (suid) • Per-Object and Per-User Protection
  • 9.
    User Authentication • Authenticationmechanisms use any of three qualities to confirm a user's identity. – Something the user knows. Passwords, PIN numbers, passphrases, • a secret handshake, and mother's maiden name are examples of what a user may know. – Something the user has. Identity badges, physical keys, license, or a uniform are common examples of things people have that make them recognizable. – Something the user is. These authenticators, called biometrics, are based on a physical characteristic of the user,
  • 10.
    User Authentication(cont’d) • Passwordsas Authenticators – Use of Passwords – Passwords are mutually agreed-upon code words, assumed to be known – only to the user and the system. • Suffer from some difficulties of use: – Loss. Depending on how the passwords are implemented, it is possible that no one will be able to replace a lost or forgotten password – Use. Supplying a password for each access to a file can be inconvenient and time consuming. – Disclosure. If a password is disclosed to an unauthorized individual, the file becomes immediately accessible. – Revocation.
  • 11.
    Passwords as Authenticators •Additional Authentication Information – Using additional authentication information is called multifactor authentication. – Two forms of authentication (which is known as two-factor authentication) are better than one, assuming of course that the two forms are strong. – But as the number of forms increases, so also does the inconvenience.
  • 12.
    Passwords as Authenticators •Attacks on Passwords • Some ways you might be able to determine a user's password, in decreasing order of difficulty. – Try all possible passwords. – Try frequently used passwords. – Try passwords likely for the user. – Search for the system list of passwords. – Ask the user.
  • 13.
    Passwords as Authenticators •Attacks on Passwords (Cont’d) • Loose-Lipped Systems – E.g., WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams INVALID USER NAME / UNKNOWN USER ENTER USER NAME:
  • 14.
    Passwords as Authenticators •Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) – An alternative arrangement of the login sequence is shown below. WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME:
  • 15.
    Passwords as Authenticators •Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME: adams ENTER PASSWORD: johnq WELCOME TO THE XYZ COMPUTING SYSTEMS
  • 16.
    Passwords as Authenticators •Attacks on Passwords (Cont’d) • Exhaustive Attack – In an exhaustive or brute force attack, the attacker tries all possible passwords, usually in some automated fashion – Probable Passwords – Passwords Likely for a User
  • 17.
    Passwords as Authenticators Attackson Passwords (Cont’d) • password guessing steps: – no password – the same as the user ID. – is, or is derived from, the user's name – common word list (for example, "password," "secret," "private") plus common names and patterns (for example, "asdfg," "aaaaaa") – short college dictionary – complete English word list
  • 18.
    Passwords as Authenticators •One-Time Passwords • Biometrics: Authentication Not Using Passwords • Identification vs Authentication • Much reliable, but less effective
  • 19.
    Designing Trusted OperatingSystems • An operating system is trusted if we have confidence that it provides these four services consistently and effectively – Policy - every system can be described by its requirements: statements of what the system should do and how it should do it. – Model - designers must be confident that the proposed system will meet its requirements while protecting appropriate objects and relationships.
  • 20.
    Designing Trusted OperatingSystems – Design - designers choose a means to implement it. – Trust - trust in the system is rooted in two aspects: • FEATURES - the operating system has all the necessary functionality needed to enforce the expected security policy. • ASSURANCE - the operating system has been implemented in such a way that we have confidence it will enforce the security policy correctly and effectively.
  • 21.
    Trustworthy OS • AnOS is trusted if it provides: – Memory protection – Generation object access control – User authentication • In a consistent and effective manner. • Why trusted OS, why not secure OS?
  • 22.
  • 23.
    Security Policies Security policy:statement of the security we expect the system to enforce. • Military Security Policy – Based on protecting classified information. – Each piece of information is ranked at a particular sensitivity level, such as unclassified, restricted, confidential, secret, or top secret. – The ranks or levels form a hierarchy, and they reflect an increasing order of sensitivity
  • 24.
    Figure 1 Hierarchyof Sensitivities. Least Sensitive Military security policy
  • 25.
    Figure 2 Compartmentsand Sensitivity Levels. Compartments in a Military security plicy.
  • 26.
    Figure 3 Associationof Information and Compartments. A single piece of information may belong to multiple compartments.
  • 27.
    Terms • Information fallsunder different degrees of sensitivity: – Unclassified to top secret. – Each sensitivity is determined by a rank. E.g., unclassified has rank 0. • Need to know: enforced using compartments – E.g., a particular project may need to use information which is both top secret and secret. Solution; create a compartment to cover the information in both. – A compartment may include information across multiple sensitivity levels. • Clearance: A person seeking access to sensitive information must be cleared. Clearance is expressed as a combination: <rank; compartments>
  • 28.
    Dominance relation • Considersubject s and an object o. – s <= o if an only if: • rank_s <= rank_o and • compartments_s subset compartments_o – E,g, a subject can read an object only if: • The clearance level of the subject is at least as high as that of the information and • The subject has a need to know about all compartments for which the information is classified. • E.g.information <secret, {Sweden}> can be read by someone with clearance: <top_secret, {Sweden}> and <secret , {Sweden}> but not by <top_secret, {Crypto}>
  • 29.
    Figure 4 CommercialView of Sensitive Information. Commercial security policies What are some of the needs of a commercial policy?
  • 30.
    Example: Chinese WallPolicy Addresses needs of commercial organizations: legal, medical, investment and accounting firms. Key protection: conflict of interest. Abstractions: Objects: elementary objects such as files. Company groups: at the next level, all objects concerning a particular company are grouped together. Conflict classes: all groups of objects for competing companies are clustered together.
  • 31.
    Figure 5 ChineseWall Security Policy. Chinese Wall Security Policy
  • 32.
    Clark Wilson Model •Definestuples for every operation <userID,transformationProcedure, {CDIs…}> • userID: person who can perform the operation. • transformationProcedure: performs only certain operations depending on the data. E.g., writeACheck if the data’s integrity is mainted. • CDIs: constrained data items: data items with certain attributes. E.g., when the receiving clerk sends the delivery form to the accounting clerk… the delivery form has been already “checked” by the receiving clerk. Think of these as “stamps” of approval.
  • 33.
    Security Models While policiestell us what we want…. models tell us formally what conditions we need to enforce in order to achieve a policy. We study models for various reasons: (i) test a particular policy for completeness and consistency. (ii) Document a policy (iii) Help conceptualize and design an implementation (iv) Check whether an implementation meets its requirements.
  • 34.
    Example models (i) BellLaPadula Model: to enforce confidentiality. (ii) Biba Model: enforces integrity. To understand this, we study a structure called Lattice. lattice is a “partial - ordering of data” such that every data item has a least upper bound and the greatest lower bound. E.g., Military model is a lattice. E.g., <secret, {Sweden}> and <secret, {France}> have a least upper bound and a greatest lower bound. Figure 6 Sample Lattice.
  • 35.
    Bell LaPadula Modelfor Confidentiality Tells us “what conditions” need to be met to satisfy confidentiality to implement multi-level security policies (e.g., military policies): Consider a security system with the following properties: (i) system contains a set of subjects S. (ii) a set of objects O. (iii) each subject s in S and each object o in O has a fixed security class (C(s), C(o)).  In military security examples of class: secret, top secret etc… (iv) Security classes are ordered by <= symbol.
  • 36.
    Bell La PadulaModel for Confidentiality Properties: • Simple security property: A subject s may have read access to an object o, only if C(o) <= C(s). • (* property) - A subject s who has read access to an object o, may have write access to an object p only if C(o) <= C(p).
  • 37.
    Figure 8 Subject,Object, and Rights. Need for the two policies: Definition of subject, object and access rights. E.g., s can “r” or “read” object o.
  • 38.
    Figure 7 SecureFlow of Information. Bell LaPadula; read down, write up.
  • 39.
    Biba Model forIntegrity. Bell LaPadula is only for confidentiality, how about integrity… come up with a policy.
  • 40.
    Biba Model forIntegrity. Simple policy: Subject s can modify (write) object o only if I(s) >= I(o). Here I is similar to C, except I is called Integrity class. Integrity *-Property: If subject s has read access to object o with integrity level I(o), s can have write access to object p only if I(o) >= I(p). Why is the second policy important?
  • 41.
    Trusted OS Design •The policies tells us what we want. • The model tells us the properties needed to satisfy for the policies to succeed. • Next: designing an OS which is trusted. Trusted OS design principles- • Principle of least privilege • Economy of mechanism • Open design • Complete mediation • Permission based • Separation of privilege. • Least common mechanism • Ease of use.
  • 42.
    Review: Overview ofan Operating System’s Functions.
  • 43.
    Figure 5-11 SecurityFunctions of a Trusted Operating System.
  • 44.
    Key Features ofa Trusted OS • User identification and authentication (we already studied this). • Access control: • Mandatory • Discretionary • Role Based • Complete mediation. • Trusted path • Audit • Audit log reduction • Intrusion detection.