1.23k likes | 2.65k Views
Protection and Security. Daniel Fernandez Student Presentation. Outline. Protection Goals Principle of least privilege and protection mechanisms Protection domains Access Matrix and Access Control Formal methods of a Protection system Security components and threats Summary. Protection.
E N D
Protection and Security Daniel Fernandez Student Presentation CS5204 – Operating Systems
Outline Protection Goals Principle of least privilege and protection mechanisms Protection domains Access Matrix and Access Control Formal methods of a Protection system Security components and threats Summary CS5204 – Operating Systems
Protection • Goals: • Prevent mischievous, intentional violation of an access restriction by a user. • Ensure each active program component uses system resources only in ways consistent with policies. • Improve reliability • Provide a mechanism for enforcement of policies governing resource use. CS5204 – Operating Systems
Principles of Protection • Principle of least privilege • Dictates that programs, users, and even systems be given just enough privileges to perform their tasks. • Failure or compromise of a component does minimum damage and allows recovery from damage. • Ex: security guard with a passkey • Separate user accounts (RBAC). • Provides mechanisms to enable privileges when needed and remove when not needed. • Does not always provide a more secure environment. • Example: Windows 2000 CS5204 – Operating Systems
Protection Mechanisms • Policies and Mechanisms – Different things! • Separation of policies and mechanism CS5204 – Operating Systems
Protection Domain Structure • The set of access rights is the domain. • Access right = <object-name, rights-set> • Rights-set is a set of all valid operations that can be performed on an object. • Need-to-know principle • Static and dynamic associations. CS5204 – Operating Systems
Domain Example: Unix • Domain is associated with the user. • Domain switching requires changing user ID temporarily: • An owner identification and a domain bit (setuid bit) are associated with each file. • When setupid is on, and a user executes that file, the user ID is set to that of the owner of the file; when setupid is off, user ID does not change. • Example: User A executes file owned by user B, whose setuid is off, the userID of the process is set to A. If setuid is on, the userID is set to B. • Userful when an otherwise priveleged facility needs to be made available to general users. CS5204 – Operating Systems
Access Matrix • Consists of sets of objects (O) and subjects (S). • r(s, o) belongs to set of rights (R). From: “Protection in Operating Systems”, Harrison and Ruzzo, 1976. CS5204 – Operating Systems
Implementation of Access Matrix R (Read) W (Write) X (Execute) • Two most used approaches: • Access Control Lists • Capability Lists CS5204 – Operating Systems
Access Control • Role-Based Access Control (RBAC). • Revolves around privileges, where a privilege is the right to execute a system call or use a system option. CS5204 – Operating Systems
Formal Protection System Model command a(X1, X2,…,Xk) if r1 in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ….. rm in (Xsm, Xom) then op1 op2 …. opn end command a(X1, X2,…,Xk) op1 op2 …. opn end or if m is zero, • Configuration of protection system: (S, O, P) • P = access matrix • P[s,o] = subset of generic rights, R • Consists of 1)R and 2)commands CS5204 – Operating Systems
Formal Protection System Model(cont.) • (S, O, P) op(S’, O’, P’) • Examples: • 1) Process creates new file: Rule: op = create object o’ o’ not in O, S’ = S, O’ = O U{o’} command CREATE(process, file) create object file enter own into (process, file) end • 2) Owner revokes another subject’s access rights to file: Rule: op = delete r from (s,o) S = S’, O = O’, and P’[s, o] = P[s, o] – {r} command REMOVEr(owner, exfriend, file) if own in (owner, file) and r in (exfriend, file) then delete r from (exfriend, file) end CS5204 – Operating Systems
Language-Based Protection • Protection systems focused also on functional nature of an access to an object. • Polices vary depending on the application. • Applications designers user protection as a tool, as well. • Protection in Java • Java virtual machine (JVM) has many built-in protection mechanisms. • JVM may be from different sources and not be equally trusted. As a result, protection in all areas of the JVM is necessary. • JVM assigns a loaded class to a protection domain. CS5204 – Operating Systems
What is Security in an Operating System • Security in an operating system resolves around 4 elements: • Confidentiality • Integrity • Availability • Authenticity • Security Threats • Interception • Interruption • Modification • Fabrication • Protection is internal problem. Security is external. CS5204 – Operating Systems
Implementing Security Defenses Security Policy Vulnerability Assessment Intrusion Detection Virus Protection Auditing, Accounting, and Logging CS5204 – Operating Systems
Spyware • Description: • Malware that is loaded onto a PC without owner’s knowledge. • Runs in background doing things behind owner’s back. • Gathers info from owner and communicates it back to its distant master. • Actions against Spyware • Anti-spyware programs (Spybot, Ad-aware, Spyware Doctor). • Security practices to prevent infection. • Avoid using Internet Explorer. • Use firewalls to block certain websites. • Surf and download more safely • May require reinstallation of operating system. CS5204 – Operating Systems
Summary • Protection • Internal problem • Role of protection is to provide a mechanism for enforcement of policies. • Protection domain specifies the resources that a process may access. • Access matrix is representation of protection domains model. • Security • External problem • Systems have to protect against threats in the form of interception, interruption, modification, and fabrication. • Security defenses to fight off threats. CS5204 – Operating Systems