370 likes | 759 Views
Chapter 4 – Protection in General Purpose Operating Systems. Protection features provided by general-purpose operating systems—protecting memory, files, and the execution environment Controlled access to objects User authentication. Protected Objects and Methods of Protections.
E N D
Chapter 4 – Protection in General Purpose Operating Systems • Protection features provided by general-purpose operating systems—protecting memory, files, and the execution environment • Controlled access to objects • User authentication
Protected Objects and Methods of Protections • 1rst OS were simple utilities – executives • Multiprogramming OS required monitors which oversaw each program’s execution • Protected objects • Memory • Sharable I/O devices (disks) • Serially reusable devices (printers) • Shareable programs & subprocedures • Networks • Shareable Data
Security Methods of Operating Systems • Physical Separation (different processes use different objects) • Temporal Separation (processes executed at different times) • Logical Separation (process appears to be alone) • Cryptographic Separation (processes conceal data and computations)
Security Methods of Operating Systems • Want to be able to share resources without compromising security • Do not protect • Isolate different processes • Share all or nothing • Share via access limitation (granularity) • Share by capabilities • Limit use of an object
Memory & Address Protection • Fence – confines user to one side of boundary • Use predefined memory addresses • Can protect OS, but not one user from another • Relocation – changes all addresses of program using offset • Base/Bounds Registers • Uses variable fence register (base register) to provide lower bound • Uses bounds register for upper address
Memory & Address Protection • Tagged Architecture • Every word of machine memory has extra bits to indicate access rights (expensive) • Segmentation (program divided into pieces) • Each segment has name & offset • Each address reference is checked for protection • Different classes of data can be assigned different levels of protection • Users can share access to segments • User cannot access an unpermitted segment • Paging (program uses equal sized “pages”; memory divided into equal sized page frames)
Control of Access to General Objects • Memory • File/data set • Program in memory • Directory of files • Hardware device • Data structure (stack) • Operating system table • Instructions (privileged) • Passwords / user authentication mechanism • Protection mechanism
Goals in protecting objects • Check every access • Enforce least privilege • Verify acceptable usage
Directory mechanism • Each user (subject) has a file directory, which lists all files accessible by user • List can become too large if many shared objects • Cannot revoke rights of everyone to an object • File names for different owners may be different
Access Control List • One list for each object with list showing all subjects & their access rights • Can use wildcards to limit size of ACL • Access Control Matrix • Rows for subjects • Columns for objects • Sparse matrix of triples <subjects, objects, rights>
Capability • Unforgeable token that gives possessor rights to an object • Predecessor of Kerberos • Can propagate capabilities to other subjects • Capabilities must be stored in inaccessible memory
Procedure-Oriented Access Control • Procedure that controls access to objects including what subjects can do to objects
File Protection Mechanisms • All-None Protection • Lack of trust • All or nothing • Timesharing issues • Complexity • File listings
File Protection Mechanisms • Group Protection • User cannot belong to two groups • Forces one person to be multiple users • Forces user to be put into all groups • Files can only be shared within groups
File Protection Mechanisms • Single Permissions • Password/Token for each file • Can be lost • Inconvenient • Must be protected (if changed, must notify all users) • Temporary Acquired Permission • UNIX’s set userid (suid)
User Authentication • Something the user knows(password, PIN, passphrase, mother’s maiden name) • Something the user has(ID, key, driver’s license, uniform) • Something the user is(biometrics)
Use of Passwords • Mutually agreed-upon code words, assumed known only to user and system • First line of defense • Loose-Lipped Systems • WELCOME TO XYZ COMPUTING • ENTER USER ID: summers • INVALID USER NAME • ENTER USER ID:
Attack on Passwords • Ask the user • Search for the system list of passwords • Find a valid user ID • Create a list of possible passwords (encrypt if needed) • Rank the passwords from high to low probability • Try each password • If attempt fails, try again (don't exceed password lockout)
Attack on Passwords • Exhaustive Attack (brute-force) • 18,278 passwords of 3 letters or less • 1 password / millisecond would take 18 seconds (8 minutes for 4 letters, 3.5 hours for 5 letters) • Probable passwords (dictionary attack) • 80,000 word dictionary would take 80 seconds • Expanded “dictionary”
Attack on Passwords • UK Study (http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/?related) • 50% passwords were family names • Celebrities/soccer stars – 9% each • Pets – 8% • 10% reflect a fantasy • Only 10% use cryptic combinations
Attack on Passwords • Look on desk… • Try no password • Try user ID • Try user’s name • Common words (password, private, secret) • Short dictionary • Complete English word list • Common non-English dictionaries • Dictionary with capitalization and substitutions (0 for o and 1 for i) • Brute force (lowercase alphabet) • Brute force (full character set)
Attack on Passwords • Plaintext System Password List (MS Windows) • Encrypted Password List – 1-way (/etc/passwd) • Shadow Password List (/etc/shadow) • Salt – 12-bit number formed from system time and process id; concatenated to password
Password Selection Criteria • Use characters other than A-Z • Choose long passwords • Avoid names and words • Choose unlikely password • Change password regularly (don’t reuse) • Don’t write it down • Don’t tell anyone • http://www.mit.edu/afs/sipb/project/doc/passwords/passwords.html • One-time passwords
Authentication • Should be slow (5-10 seconds) • Should only allow a limited # of failures (e.g. 3) • Challenge-Response Systems • Impersonation of Login • Authentication Other than Passwords