500 likes | 717 Views
CS543 – Operating Systems. Class 7 Slides. Professor Mike Kain. Tonight’s Topics. Homework #3 grades in process. Homework #4 due March 10 th , 2014 at 11:59pm Final will be online from Saturday, March 15 th at midnight to Friday, March 21 st at 11:59pm. Review
E N D
CS543 – Operating Systems Class 7 Slides Professor Mike Kain CS543 - Class #7
Tonight’s Topics • Homework #3 grades in process. • Homework #4 due March 10th, 2014 at 11:59pm • Final will be online from Saturday, March 15th at midnight to Friday, March 21st at 11:59pm. • Review • Files & File Systems (Chapters 10-13) • Major topics tonight: • Chapter 14: Protection • Chapter 15: Security • Chapter 16: Virtual Machines (start if there is time) CS543 - Class #7
Review: Files & File Systems • These four chapters walked you through understanding of storage and storage management. • Chapter 10 started you about taking the raw disk and how we represent data on the disk. • Major concepts: • Different types of media (tape/disk) • Disk formatting / organization • Disk scheduling & algorithms • Disk boot / system startup • Not covered: Swap / RAID CS543 - Class #7
Review: Files & File Systems, slide 2 • Chapter 11 continued to the concepts of files and directories • Major concepts: • Files – attributes and structure • File operations (read/write, delete/truncate/seek) • Access types • Volume types and structure • Directories & types (single/multiple/hierarchy) • Access Control • Permissions / access • POSIX / additional groups • Remote file systems CS543 - Class #7
Review: Files & File Systems, files demo • Different types of files and file systems • Windows • Linux • iOS (iFunBox) • MCP (picture) CS543 - Class #7
Review: Files & File Systems, slide 3 • Chapter 12 continued to the concepts of file systems • Major concepts: • File systems and control blocks • Implementation choices • Allocation approaches • Contiguous, indexed, random • Free space management • Compaction • Performance • Blocking CS543 - Class #7
Review: I/O Systems • Chapter 13 completed the pictures with the concepts of how the kernel is organized to perform I/O. • Major concepts: • Hardware architecture / device drivers • Interrupts and structure • Direct Memory Access (DMA) • Devices and their characteristics • Block • Character • Others (Network) • Synchronous and asynchronous I/O • I/O as part of the Kernel • STREAMS CS543 - Class #7
Chapter 14: Protection • Let’s now answer the questions about: • Who owns what resources? • How do we ensure that the right users access the right resources? • So, let’s answer two big questions: • Who is the entity/person trying to access the resource? • IDENTITY (AUTHENTICATION) • How do we control what they can reference? • ACCESS CONTROL (AUTHORIZATION) • Entire concept is called “Identity and Access Management” (IAM) CS543 - Class #7
Identity • We need to be able to identify each “user” in a computer system • User can be: • Actual person • Process or application running on their behalf • A system process running on behalf of the kernel • The operating system must provide APIs (system calls) for programs/applications for users to validate their identity • This identity can be represented in many ways in the OS • UserID (e.g. 100) • Username (e.g. “mkain” or “root”) • GUID (e.g. S-1-5-1-2888339015-3964262102-579-64843-1000) CS543 - Class #7
Identity: Validation • In order for someone to prove that they have the identity they can present one OR MORE “credentials” • Many methods • Password • Strength (we’ll talk about this more later) • Special Token (given earlier to you) • Biometric • Certificate / SmartCard • Some authentications require more than one credential • “Two-Factor Authentication” • E.g. Driver’s License and Major Credit card • Sometimes it is dependent (buying gas example) CS543 - Class #7
Identity: Scope • Your identity and credentials are valid for a domain • Book uses “protection domain” • You’ll also see a “realm” as the same idea • This domain may be: • A program or application • E.g. Login to Drexel Learn • One computer • Login to your own VM (os is only valid for that) • More than one computer • For example, DrexelConnect or AppleID • Your login is good throughout all applications • Your Drexel student number is also an identity CS543 - Class #7
Identity: Other identities • Most operating systems have the ability to change your identity • Must prove that you have the credentials to do so • Also, must be allowed to do so (e.g. /etc/sudoers) • Concept of “effective” identity • Sometimes it is the real identity • Sometimes it is the assumed identity • Can be done at the command level or assigned by a program • Examples of command level • Su / sudo in UNIX CS543 - Class #7
Identity: Other identities, slide 2 • Ability to change via programmatic methods • Setuid() and setgid() calls/bits in UNIX • If assigned to the program, the effective user/group of when the program is running is the owner/owner’s group rather than the actual user • -rwsr-sr-x mkain users March 2 22:13 test • When would this be good? When would it be bad? • Other OSes have similar functionality • TASKING, PU in MCP CS543 - Class #7
Identity: Federated identity • Domains may trust each other (to some degree) • One identity may be mapped or accepted into another protection domain • Example – Driver’s Licenses / Passports • Validation of credential and method of presentation (physical vs digital) • May require secondary identification • Example – Mapped privileges • Drexel “identity” is accepted at UPenn with “guest” privileges • Can also have “anonymous” access if granted • Example – FTP (just enter your email address) CS543 - Class #7
Identity: Within a domain • May have a central validation server which all computers/applications ask for certification • System call is distributed to central service via network • Authentication is to central server and this process returns a token/cookie which can then be used as a “identity” • Example: Drexel Connect • Example: Kerberos • Token/cookie could have a time limit or restricted domain as well. • What do we have in the physical world? (hint: hotel) CS543 - Class #7
Protection: Principle of Least Privilege • Everyone should only have the privileges that they need in order to do their job • Easy in principle to do, tough in practice • Most access control methods in operating systems are for convenience, not for security • Groups • Roles (more about them later) • Management overhead • No real practical way to determine what privileges are needed over time as application / requirements change. • Theoretical goal! CS543 - Class #7
Access Control: Access Matrix • In a theoretical world, we can document all of the domains and all of the objects of our computer • Domains are the rows • Objects are the columns • Privileges are in the intersection • From the textbook CS543 - Class #7
Access Control: Access Matrix, slide 2 • Can duplicate domains and assign/remove privileges in columns depending on who you are (copy, owner) • Theoretical - • Domains don’t usually share privileges (unique to domain) • Domains don’t usually share resources (ids, etc.) • For example, • Drexel Learn is one application in the Drexel Domain • You have privileges there (submit papers, etc.) which don’t really map to other environments CS543 - Class #7
Access Control: Object control • Usually the object has the privileges attached (easier to administer and share ownership than system-wide list) • ACCESS CONTROL LIST (ACL) • Details what identities can do what access • For example, • Read / write / search / execute • Windows ACL / MCP guardfile • POSIX defines a “owner”/”group”/”world” model for access of all files (all objects are files) • -rwxr-x—x mkain users Feb 27 09:55 /somefile • Commands to change privileges – but limited to those with the permission to do so (usually the owner) CS543 - Class #7
Access Control: Special Privileges • Most operating systems have special privileges which allow all or higher access than the identity • Done as a user attribute or hard coded • Example – Linux systems • “root” EUID 0/EGID 0 on Linux systems • Example - MCP • User attributes which can offer all or some elevated privileges • PU (Privileged User) • SECADMIN • Granulated Privileges (READ, WRITE, CHANGE) • Can also be assigned to a program. CS543 - Class #7
Access Control: Groups • Allow system administrators to group users together into one or more logical groups of users • Example – “users” • Depending on operating system, a user can be in one or more groups simultaneously • Linux – one at a time (can change egid) • Windows – multiple (Administrators, Domain Administrators, Power Users) • MCP – SUPPLEMENTALGROUPS • Access control then is a match of the program’s ACL and the groups of the identity – highest privileges are assumed CS543 - Class #7
Access Control: Role Based Access Control • Groups suffer from a significant management overhead • Adding users to groups • Deleting users from groups • RBAC allows system administrators to define a set of privileges per domain/realm • “WithdrawMoney”, “ApproveMortgage” • Then group them into “roles” • BANKTELLER • MANAGER • VICEPRESIDENT • Assign the identity to the role(think of it as giving a ring of keys) • Example CS543 - Class #7
Access Control: Other topics • Revocation – how do I take away privileges? When? • Can I get them back? • System-based access control • Capability systems • Compiler-based systems • sub-object-based access control • Each object / code segment has a privilege with it • Calling sequence also checks privileges as object is called • Example - Java JVM methods/classes CS543 - Class #7
Chapter 15: Security • This chapter is about the integrity of the system and operating system • Some is dependent on the system architecture and the decisions made by the OS • Android is “open”, not “safe” • But what are we looking for here? CS543 - Class #7
Security: Six Goals of Security (really 7) • Authentication / Verification (we covered this already) • Access Control (this too) • Availability • The ability for the operating system and its services to be able to be always be ready • Confidentiality • Only the people who need to access a resource can • Data Integrity • Data cannot be changed without notice • Non-Repudiation • Transactions can only occur once and either party cannot prove otherwise – think bank transaction or returning something twice to the store CS543 - Class #7
Security: The secret seventh goal • TRUST • In order for the users to use the computer system for anything useful, they must be able to trust its use • This also usually involves logging of all actions into a central repository (log, audit log, etc.) • Trusted timestamp • Cannot be modified by anyone • Only written by programs, not directly by users • Windows Event Logs • Linux logs • MCP Sumlog / Securitylog • ioS? CS543 - Class #7
Security: Attacks • What problems can be done on an operating system? • Any problem that goes against one or more goals of security • One of the major goals – integrity! • Memory integrity • Ensuring that the memory of the system and process is exactly what we expect • Don’t the access methods help us here? CS543 - Class #7
Security: Attacks on integrity, slide 2 • Buffer Overflow • Overwriting outside of assigned memory areas • Stack • Code / Data • Stack “canaries” should help • Logical memory access should protect? • Virus • Attack from network to system service to infect system • Logic bomb • Bad code put in by disgruntled programmer • Are there any “gruntled” programmers? CS543 - Class #7
Security: Attacks on integrity, slide 3 • Network Attacks • Port scanning • Fingerprinting of system • Denial of Service (DoS) • Distributed Denial of Service (DDoS) • Amplification Attacks • These are also against Availability • File System Attacks • MBR viruses • Boot Files CS543 - Class #7
Security: Attacks on identity • Masquerade attacks (I’m really him) • Stolen credentials • Discovered / hacked credentials / weak or no passwords) • Elevated privilege attacks • Getting “root” or other higher privileges on a system CS543 - Class #7
Security: Confidentiality • Most of this involves encryption and key management • In theory, it’s supposed to make it easier to keep things secret • But is tough to get right and must have interaction from the OS to help. CS543 - Class #7
Security: Cryptography • The “hard math” behind security • Only good if done right! • This will be a primer in the building blocks than you can use in networking, not the underlying math. • Three basic parts of cryptography • Keys • Encryption algorithms • Hash / message digest CS543 - Class #7
Security: Keys • Basically “random” bits of information which are shared to parameterize other mechanisms • The longer the better! (car key example) • Since you can try all possible combinations (brute force attack) • But longer keys take longer to process! • A “shared secret” that only the sender and receiver(s) should know. • How do we create a shared secret? CS543 - Class #7
Security: Types of keys • Two major categories of keys • Symmetric • Asymmetric • Symmetric = one key (the same) at sender and receiver • Problem is to send the key from sender to receiver without anyone else finding out • Common algorithms: DES (56-bits – OLD!) 3DES (168 bits), AES (128, 192, or 256 bits) CS543 - Class #7
Security: Asymmetric keys • Two keys – mathematical “inverses” of each other • Public key – distributed freely • Private key – protected by sender • Can be used to talk to others easily or to prove sender’s identity • Slower than symmetric keys, but easier to distribute. • Talk to me = send you my public key • Validate me = decode with my public key and get what I expect CS543 - Class #7
Security: Asymmetric keys, slide 2 • RSA (Rivest, Shamir, Adelman) • Choose two large prime numbers p & q such that the product is n • Find a number e that is relatively prime to (p-1)(q-1) • The public key consists of {e,n}, • The private key consists of {d,n} • Encrypt C = Pemod n, decrypt P = Cd mod n. • Recommend at least 1024 bit keys (or longer) to stop brute force attacks • Other algorithms: • Diffie-Hellman, Elliptic Curves, etc. CS543 - Class #7
Security: How keys are used • Usually asymmetric keys are used to: • Distribute symmetric keys • Validate endpoints, either by: • Encrypting something known to be decrypted by your public key • Or decrypting something encrypted by your public key which is retrieved from somewhere else • For example: SSL/TLS handshake • More about its use later on tonight CS543 - Class #7
Security: Encryption algorithms • Take a “block” of data (called input) and a key and mathematically compute the output. • Block size determines the type of “cipher” • Block size of 1 = “Stream” cipher • Each byte encrypted separately • Examples: RC2, RC4. • Extremely weak because each byte can be decrypted without any other information, but fast. CS543 - Class #7
Security: Block ciphers • Block sizes of more than 1 are called “block” ciphers • Examples: • DES (Digital Encryption Standard) • 3DES (DES three times using different keys) • Block = 8 bytes • AES (Advanced Encryption Standard) • Block = 16 bytes • Others: • Elliptic Curves CS543 - Class #7
Security: Block modes • Control output and input modes • ECB = Electronic Code Book (e.g. simple) • CBC = Cycle Block Chaining • Output of previous encryption is used as IV for next. • GCM (Galois Counter Mode) • For Tape encryption • XTS (CipherText Stealing Mode) • For Disk encryption (P1619) CS543 - Class #7
Security: Hashes / Message Digests • Cryptographic “checksum” • “one-way” function which for each data, a unique constant value is computed • Hashes are broken by showing that two different data inputs hash to the same constant value. • Examples: • MD5 (128 bits output) • SHA-1 (160 bits) • SHA-256, SHA-384, SHA-512 • Can also be combined for strength – MD5() concatenated with SHA1(). • Are these really useful? CS543 - Class #7
Security: HMACs • These are “keyed” hashes, in which in addition to the input data, a key is also input • Stronger than regular hashes • Example: • HMAC-SHA1, etc. CS543 - Class #7
Security: Digital Signatures • Digital signatures • Validates sender • Ensures that the message was not changed in transit. • Where would we use these? CS543 - Class #7
Security: Digital Certificates (X.509 – RFC 5280) • Binds a public key to an identity • Public key is described with identifiers (OIDs) to describe the “Subject” and “Issuer” • CN (Common Name) = http://www.ebay.com • O (Organization) • C (Country) • Etc. • Document is digitally signed by an issuer (Certificate Authority) • Must trust Certificate Authority in order to trust identity. CS543 - Class #7
Security: Digital Certificates, slide 2 • How do we verify? • Do we get the same certificate from different people? • Who do we trust? • A different point of view • Convergencehttp://convergence.io/ CS543 - Class #7
Security: How do we use these? • Operating systems have these built in • Code Signing • Encrypted File Systems • Storage of Passwords • Hashed, not stored in cleartext • Network protection • SSL / TLS • SSH • IPSec • Identity Management • Certificates • Two Factor Authentication • Others! CS543 - Class #7
Security: Getting it right • System Policy / Security Policy • Inbuilds this into the OS to what should be done so that it can be replicated among systems. • Penetration testing (pen test) validate that a system is correct and not vulnerable. • Architecture • Configuration • But what is the “normal” operation of the system and what is the “abnormal” operation? CS543 - Class #7
Security: Big Picture • Links for tonight • HP updates – none for you! • http://www.networkworld.com/news/2014/021214-hp-says-security-updates-not-278681.html • Secure storage for apps • http://www.networkworld.com/news/2014/011614-starbucks-vows-to-beef-up-277803.html • NSA Hacking tools • http://www.networkworld.com/news/2014/011614-nsa-hacking-tools-will-find-277771.html CS543 - Class #7
Start to prepare for final • The final will be the same format as the midterm • A number of essay questions that you have to elaborate as to your mastery of the concepts • Will ask you more than what we go over in class and will ask you to apply your knowledge into different areas • Know the major concepts well! And be able to apply and fill in with examples • You’ll have the same four hours to complete the examination. • Significant points will be deducted for turning it in over that timeframe. CS543 - Class #7
For next week • Homework #4 due March 10th, at 11:59pm Eastern. • One more lecture (March 10th) to go over case studies and review the whole semester. • Final will be online from Saturday, March 15th at midnight until Friday, March 21st at 11:59pm (same times as last time) • Please evaluate the course (and us) at http://cci.drexel.goaefis.net/ • Bring good questions for class next week! CS543 - Class #7