1 / 39

Security Measures in Modern Operating Systems

Explore the threats, cryptography basics, authentication methods, design principles, and virus classifications in modern operating systems like UNIX and Linux. Discover protection mechanisms, covert channels, trusted systems, and more.

cnorma
Download Presentation

Security Measures in Modern Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum IA 705, Prof. Brown, Spring 2003 Group E IA705, Spring 2003 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  2. Chapter 9, UNIX & LinuxModern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  3. Jose Paloschavez J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  4. The Security Environment • Threats • Intruders • Accidental Data Loss J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  5. Basics of Cryptography • Secret-Key Cryptography • Public-Key Cryptography • One-Way Functions • Digital Signatures J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  6. Authentication Using Passwords • Authentication Using Passwords • Authentication Using a Physical Object • Authentication Using Biometrics • Countermeasures J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  7. Matt Troxler J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  8. Attacks from the Inside • Trojan Horses • Login Spoofing • Logic Bombs • Trap Doors • Buffer Overflow J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  9. Design Principles for Security • Public Design - easier to service. • Default = Deny Access - easier to trace errors. • Check access occasionally, not just a login or file open procedure J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  10. Design Principles Cont’d • Minimal permissions for all users/processes. • Ease of use - difficult interfaces usually result in wide-open environments. • Keep it simple - Tight and efficient code is easy to review and lock down. J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  11. External Attacks (Viruses)How they function • “Dropper” tool is used to deploy a virus • Infected file is distributed (preferably publicly) • Users go get (or receive unknowingly) and install the infected file • Payload of the file runs, does whatever the virus does J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  12. Companion virus - runs in place of a legitimate file Executables - virus code imbeds itself in another .exe (overwriting) Parasitic viruses - overwriting, but the original files still work after infection. Cavity virus - virus embeds itself in unused portions of legit. files Memory Resident - Lives in memory, little disk activity Boot Sector - lives at the first sector of the HDD Device Driver - gets loaded as a legit. file in kernel mode Macro - attached to a file that appears innocent Source Code - requires some knowledge of programming Classifications of Viruses J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  13. How Viruses Spread • Downloads • Email • Storage Space (fixed or removable disks, memory, etc.) J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  14. Date hiding – Date disguising – Parent folder… Size hiding – Compression Bitwise hiding – Look for decryption routine/key Antivirus and Anti-Antivirus…and so on… Polymorphic – Look for morphing routine code Checksums – Delete or overwrite – Encrypt J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  15. Sandboxing Interpretation Code Java Security Securing Mobile Code J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  16. Protection Mechanisms • Protection Domains • Access Control Lists • Capabilities J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  17. Trusted Systems and Multilevel Security • Trusted Computing Base • Formal Models • Bell-La Padula Model • Biba Model • Orange Book J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  18. Covert Channels J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  19. Chapter 10, UNIX & LinuxModern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  20. Jim Boggs J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  21. History • UNICS • PDP-11 UNIX & Portable UNIX • Berkeley UNIX • Standard UNIX & POSIX • MINIX • Linux J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  22. Users User Interface Library Interface Utility Programs User Mode System Call Interface Standard Library Kernel Mode UNIX OS Hardware Overview of UNIXUNIX Goals & Interfaces • Goals • Handle Multiple Processes & Users • Design Principles • Interfaces J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  23. Overview of UNIXUNIX Shell & Utility Programs • Shell • Ordinary program providing command line interface • Standard input/output • Flexibility (wild cards, standard I/O,flags, pipes) • Shell Scripts • Utility Programs • File & Directory Commands • Filters • Development Tools & Text Processing • System Administration J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  24. Overview of UNIXKernel Structure • Simplified Kernel Drawing Here J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  25. Processes in UNIXConcepts and Process Management • Active Entities are Processes • Foreground & Background • Parent & Child • ID for Each • Single & Multiple Threads • Process Management System Calls • Means for Processes to Communicate • Based on POSIX • Examples J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  26. Processes in UNIXImplementation • Process Table • Scheduling Parameters • Memory Image • Signals • Miscellaneous • Use Structure • Machine Registers • System Call State • File Descriptor • Accounting • Kernel Stack J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  27. Processes in UNIXThreads • UNIX • Supported in Kernel, but Process-oriented • Difficult Thought Process in Using Multiple Threads • Fork & other Examples • Linux • Kernel-oriented • Clone • Detailed Sharing • Non-portability J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  28. Processes in UNIXScheduling • UNIX • Designed for Response to Interactive Processes • Process-oriented Queue Management • Get Processes Rapidly out of the Kernel • Linux • Thread-oriented • Classes of Linux Threads • Real-time FIFO • Real-time Round Robin • Timesharing J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  29. Processes in UNIXBooting UNIX • Get Kernel Running • Set Message Buffer • Allocate Kernel Data Structure • System Configuration (drivers) • Static Links • Dynamic Loads • Begin Process 0 • Init • Login J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  30. Memory Management in UNIXConcepts • Text Segment • Data Segment • Stack Segment • Space Saving Techniques • Shared Text Segments • Memory-mapped Files • No POSIX System Calls J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  31. Memory Management in UNIXImplementation in UNIX • Swapping • Early Concept • Moving Process from Memory to Disk • Moving Process from Disk to Memory • Paging • Entire Process Need Not be in Memory • Kernel and Paging Daemon • Replacement Algorithm J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  32. Memory Management in UNIXImplementation in Linux • Default Allocation to each Process • Copy-on-Write • Three-level Paging • Kernel is Never Paged Out • Buddy Algorithm J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  33. John Lagas J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  34. I/O in UNIXConcepts J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  35. J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  36. UNIX File SystemConcepts J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  37. J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  38. Security in UNIXConcepts J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

  39. J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 Spring 2003

More Related