Date post: | 18-Dec-2015 |
Category: |
Documents |
View: | 216 times |
Download: | 2 times |
K. Salah Operating Systems 1
Module 6.0: Security and Protection
• Security must consider external environment of the system, and protect the system resources
• Intruders (crackers) attempt to breach security
• Threat is potential security violation
• Attack is attempt to breach security
• Attack can be accidental or malicious
• Easier to protect against accidental than malicious misuse
K. Salah Operating Systems 2
Security Violations
• Categories
– Breach of confidentiality
– Breach of integrity
– Breach of availability
– Theft of service
– Denial of service
• Methods
– Masquerading (breach authentication)
– Replay attack Message modification
– Man-in-the-middle attack
– Session hijacking
K. Salah Operating Systems 3
Standard Security Attacks
K. Salah Operating Systems 4
Security Measure Levels
• Security must occur at four levels to be effective:
– Physical
– Human Avoid social engineering, phishing, dumpster diving
– Operating System
– Network
• Security is as week as the weakest chain
K. Salah Operating Systems 5
Program Threats
• Trojan Horse– Code segment that misuses its environment
– Called “Trojan Horse”: In the story of Homer's Iliad, one army gave another a present of a wooden horse, army hidden inside. Trojan horse appears helpful, but really does something harmful.
Command.com del *.* A program that emulates a login prompt
– Exploits mechanisms for allowing programs written by users to be executed by other users
– Spyware, pop-up browser windows, covert channels
• Trap Door– Specific user identifier or password that circumvents normal security
procedures– Could be included in a compiler
• Logic Bomb– Program that initiates a security incident under certain circumstances
• Stack and Buffer Overflow– Exploits a bug in a program (overflow either the stack or memory buffers)
K. Salah Operating Systems 6
Worm and Viruses
Internet worm (Morris, 1988)
A worm is a self replicating program: Used rsh, finger, or sendmail May not do harm, but dragged down many machines. Virus and
Trojan horse do harms.
Viruses Actually inside a program (worm separate) Trojan horse does not spread, virus spreads usually through e-mail. Example:
add code to end of program Replace first line (``entry point'') with jump to this code, end of virus
jumps to real entry point Virus has control, tries to replicate, also does malicious things
Anti virus programs look for viruses (some use virtual memory!)
K. Salah Operating Systems 7
Program Threats (Cont.)
• Virus dropper inserts virus onto the system
• Many categories of viruses, literally many thousands of viruses– File– Boot– Macro
In word documents Designed to execute when the document is open
– Source code– Polymorphic– Encrypted– Stealth– Tunneling– Multipartite
Attacks executables and boot blended
– Armored Immune from detecting and reverse engineering Try to fool anti virus programs
K. Salah Operating Systems 8
A Boot-sector Computer Virus
K. Salah Operating Systems 9
System and Network Threats
• Worms – use spawn mechanism
• Internet worm
– Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs
– Grappling hook program uploaded main worm program
• Port scanning
– Automated attempt to connect to a range of ports on one or a range of IP addresses
• Denial of Service
– Overload the targeted computer preventing it from doing any useful work
– Distributed denial-of-service (DDOS) come from multiple sites at once
K. Salah Operating Systems 10
The Morris Internet Worm
K. Salah Operating Systems 11
BO AttackThe crown jewel of all attacks
How it works?
K. Salah Operating Systems 12
Encryption
• Encrypt clear text into cipher text.
• Properties of good encryption technique:
– Relatively simple for authorized users to encrypt and decrypt data.
– Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key.
– Extremely difficult for an intruder to determine the encryption key.
K. Salah Operating Systems 13
Symmetric Encryption
• Same key used to encrypt and decrypt
– E(k) can be derived from D(k), and vice versa
• DES is most commonly used symmetric block-encryption algorithm (created by US Govt)
– Encrypts a block of data at a time
• Triple-DES considered more secure
• Advanced Encryption Standard (AES), twofish up and coming
• RC4 is most common symmetric stream cipher, but known to have vulnerabilities
– Encrypts/decrypts a stream of bytes (i.e wireless transmission)
– Key is a input to psuedo-random-bit generator Generates an infinite keystream
K. Salah Operating Systems 14
Asymmetric Encryption
• Public-key encryption based on each user having two keys:
– public key – published key used to encrypt data.
– private key – key known only to individual user used to decrypt data.
• Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme.
– Most common is RSA block cipher
– Efficient algorithm for testing whether or not a number is prime
– No efficient algorithm is know for finding the prime factors of a number
K. Salah Operating Systems 15
Cryptography (Cont.)
• Note symmetric cryptography based on transformations, asymmetric based on mathematical functions
– Asymmetric much more compute intensive
– Typically not used for bulk data encryption
• The security of cryptosystem is a function of two things:
– The strength of the algorithm
– The length of the key: 32,64,112,128,256 64-bit takes 600,000 years to break on a supercomputer,
assuming the algorithm is unbreakable.
K. Salah Operating Systems 16
Authentication
Make sure user is who they say Typical approach: passwords Stored in encrypted file
anyone can see it supposedly won't help
Reality dictionary searchers encrypt and compare stupidity of users
Other types of Authentication ATM style
card + password Fingerprints, retina scan SecureIDs Signature analysis Digital Signature
K. Salah Operating Systems 17
Implementing Security Defenses
• Defense in depth is most common security theory – multiple layers of security
• Security policy describes what is being secured– Allow ftp or not– Password rules– Type of FW and IDS
• Pentesting and vulnerability assessment– Scans the system for well know security holes
Easy passwrods Anomalies such as long run programs or unknown daemon processes Improper protections or checksum of files (use tripwire)
• Intrusion detection endeavors to detect attempted or successful intrusions– Signature-based detection spots known bad patterns– Anomaly detection spots differences from normal behavior
Can detect zero-day attacks– False-positives and false-negatives a problem
• Auditing, accounting, and logging of all or specific system or network activities
K. Salah Operating Systems 18
Firewalling to Protect Systems and Networks
• A network firewall is placed between trusted and untrusted hosts– The firewall limits network access between these two security
domains
• Can be tunneled or spoofed– Tunneling allows disallowed protocol to travel within allowed
protocol (i.e. telnet inside of HTTP)– Firewall rules typically based on host name or IP address which
can be spoofed– Best way to do tunneling is through https
• Personal firewall is software layer on given host– Can monitor / limit traffic to and from the host
• Application proxy firewall understands application protocol and can control them (i.e. SMTP)
• System-call firewall monitors all important system calls and apply rules to them (i.e. this program can execute that system call)
K. Salah Operating Systems 19
Protection and Protection Domains
Specifically, how to protect files, CPU, etc.
Policy: what should be protected from whom
Mechanism: how does OS enforce policy
Protection Domains – Objects : things that need to be protected, files; for example, CPU, memory,
printer – Rights: permission to perform some operation on object – Domain: set of (object, rights) pairs
K. Salah Operating Systems 20
Protection Domains
Domain - a set of (object, rights) pairs
Protection matrix
• Maintaining such a matrix is a waste. Store by rows or by columns.
Read enter
Read
Write
write enter
write
Domain 1
2
3
File1 File2 Printer Domain2 Domain3
K. Salah Operating Systems 21
Domain Implementation
• System consists of 2 domains:
– User
– Supervisor
• UNIX
– Domain = user-id
– Domain switch accomplished via file system. Each file has associated with it a domain bit (setuid bit). When file is executed and setuid = on, then user-id is
set to owner of the file being executed. When execution completes user-id is reset.
K. Salah Operating Systems 22
Protection Mechanisms
Access Control Lists (By columns)
• an object maintains a list of granted domains
– File1: (Alice, student, R-X), (*, staff, RWX)
– In UNIX, a file has rwx for the owner, group, and others.
Capabilities (By rows)
• a domain maintains a list of accessible objects
– Domain1: (File1, R--), (Domain2, Enter)
K. Salah Operating Systems 23
Role-based Access Control (RBAC) in Solaris 10
A privilege is a right to execute system calls with specific options
User processes can run differently based
on the roles set.