Safe Sharing

• Protecting a single computer with one user is easy

– Prevent everybody else from having access
– Encrypt all data with a key only one person knows
• Sharing resources safely is hard
Operating System Security – Preventing some people from reading private data
(e.g. grades)
– Prevent some people from using too many
resources (e.g. disk space)
– Prevent some people from interfering with other
programs (e.g. inserting key strokes / modifying
displays)

1 2

The Security Problem

Confidentiality • System is secure if resources used and

accessed are as intended under all
“ Keeping information Secret (or)
circumstances
Hiding the information”
– Unachievable
E
• Intruders (crackers / Hackers) attempt to
INT GRITY
“ Changes need to be done
breach security
by the authorized user ” • Threat is potential security violation
• Attack is attempt to breach security
Availability
• Attack can be accidental or malicious
“ Available all the time
to the authorized user ”
• Easier to protect against accidental than
malicious misuse

Com plete Cybersecurity Professional Certificate Program Sateesh K um ar Peddoju, © 2020

3 3

3 4

1
 Security Violation Categories Malware

• Breach of confidentiality
– Unauthorized reading of data Malicious Software
• Breach of integrity (Malware)
Virus
– Unauthorized modification of data ü Computer program that is Spyware
attached to a executable file
• Breach of availability ü Needs users action
ü Secretly gathers the information
about the user activities
ü Downloads, Emails, Pen drives etc,.
– Unauthorized destruction of data Trojan Horse

• Theft of service ü Harmful software that looks legitimate

ü Not only stealing sensitive data but
also gives access to unauthorized
– Unauthorized use of resources users to the system
Ransomware
• Denial of service (DOS) Worm ü Attacker encrypts the victim’s
ü No need of users involvement files and asks for ransom
– Prevention of legitimate use

Com plete Cybersecurity Professional Certificate Program

Sateesh K um ar Peddoju, © 2020
6 6

5 6

Snooping

Confidentiality
“ Keeping information Secret (or) Hiding the
information”

1.
Confidentiality Message

Reads
Alice Bob
Attacks: Snooping, and Traffic Analysis

Internet
Leak

Eve
Question: How do you think attacker read/leak the messages ?
Confidentiality
“ Keeping information Secret (or) Hiding the Question: How do you think message can be kept confidential?
information”

Com plete Cybersecurity Professional Certificate Program Sateesh K um ar Peddoju, © 2020 Com plete Cybersecurity Professional Certificate Program Sateesh K um ar Peddoju, © 2020
7 7 8 8

7 8

2
 Traffic Analysis

Confidentiality
“ Keeping information Secret (or) Hiding the
information”

2.
Encrypted Message
Integrity

Reads
Alice Bob Attacks: Replaying, Alteration/Modification, Masquerading, and Repudiation

Original
Analysis Message

Eve

Question: How do you think message can be kept confidential? Integrity

“ Changes need to be done by an authorized user”

Com plete Cybersecurity Professional Certificate Program Com plete Cybersecurity Professional Certificate Program
Sateesh K um ar Peddoju, © 2020 Sateesh K um ar Peddoju, © 2020
9 9 10 10

9 10

Replaying Alteration

E E
INT GRITY INT GRITY
100$ to Eve Bank
10$ 100$ Bank

Change
Capture

to Eve

Alice
Alice
to Eve
to Eve

100$
to Eve

100$
100$
100$
Eve
Replaying Eve
Integrity Integrity
“ Changes need to be done by an authorized user” “ Changes need to be done by an authorized user”

Com plete Cybersecurity Professional Certificate Program Sateesh K um ar Peddoju, © 2020 Com plete Cybersecurity Professional Certificate Program Sateesh K um ar Peddoju, © 2020
11 11 12 12

11 12

3
Masquerading Repudiation

E E
I am Alice INT GRITY 100$ to Bob Bank INT GRITY

Alice
Alice Bob

Bob

Eve

Integrity Integrity
“ Changes need to be done by an authorized user” “ Changes need to be done by an authorized user”

Com plete Cybersecurity Professional Certificate Program Com plete Cybersecurity Professional Certificate Program
Sateesh K um ar Peddoju, © 2020 Sateesh K um ar Peddoju, © 2020
13 13 14 14

13 14

Repudiation

E 3.
INT GRITY
Availability
I 100$
didn’ttoSend
Bob Bank

Alice
Attacks: Denial of Service

Bob

Integrity Availability
“ Changes need to be done by an authorized user” “ Available all the time to the authorized user”

Com plete Cybersecurity Professional Certificate Program Sateesh K um ar Peddoju, © 2020 Com plete Cybersecurity Professional Certificate Program Sateesh K um ar Peddoju, © 2020
15 15 16 16

15 16

4
Denial of Service Security Measure Levels

• Impossible to have absolute security, but make cost to

perpetrator sufficiently high to deter most intruders
• Security must occur at four levels to be effective:
– Physical
• Data centers, servers, connected terminals
100$ Bank
– Human

Stop
Alice • Avoid social engineering, phishing, dumpster diving
– Operating System
• Protection mechanisms, debugging
Eve – Network
Availability
“ Available all the time to the authorized user”
• Intercepted communications, interruption, DOS
• Security is as weak as the weakest link in the chain
• But can too much security be a problem?
Com plete Cybersecurity Professional Certificate Program
Sateesh K um ar Peddoju, © 2020
17 17

17 18

Secure Operating Systems Basic Design Principles

Basic Features of a Multiprogramming OS
• Least privilege - fewest possible privileges for user.
– Authentication of users.
– Protection of memory. • Economy of mechanism - small, simple, straight forward.
– File and I/O device access control.
• Open design
– Allocation and access control to general objects.
– Enforcement of sharing. • Complete mediation - check every access
– Guarantee of fair service. • Permission based - default is denial of access.
– Interprocess communication and synchronization.
• Separation of privilege - no single super user.
• Basic Considerations
– Security must be considered in every aspect of the • Least common mechanism - avoid shared objects.
design of operating systems.
• Easy to use.
– It is difficult to add on security features.

19 20

5
 Security Kernel Why is security hard?
• Responsible for implementing the security mechanisms of
the entire operating system. • Security slows things down
• Security gets in the way
• Provides the security interfaces among the hardware, the • Security adds no value if there are no attacks
operating system, and the other parts of the computing • Only the government used to pay for security
system. – The Internet made us all potential victims

• Implementation of a security kernel:

– May degrade system performance (one more layer).
– May be large.
– No guarantees.

21 22

Trusted Computing Base (TCB) Security Techniques

• Authentication – identifying users and programs

• Think carefully about what you are trusting with your information
• Authorization – determining what access users and
– if you type your password on a keyboard, you’re trusting:
• the keyboard manufacturer programs have to things
• your computer manufacturer – Complete mediation: check every access to every
• your operating system protected object
• the password library
• the application that’s checking the password • Auditing – record what users and programs are doing
– TCB = set of components (hardware, and software) that you for later analysis
trust your secrets with.

23 24

6
 Authentication Aside on Encryption
• How does a computer know who I am? • Encryption: takes a key and data and creates ciphertext
– User name / password – {Attack at dawn}key=h8JkS! = 29vn&#9njs@a
• How do it store the password? • Decryption: takes cipertext and a key and recovers data
• How do it check the password? – {29vn&#9njs@a}key=h8JkS! = Attack at dawn
• How secure is a password? – Without key, can’t convert data into ciphertext or vice-versa
– Public/Private Keys
– Biometrics • Hashing: takes data and creates a fixed-size fingerprint, or hash
• What does the computer do with this information? – H(Attack at Dawn) = 183870
– Assign you an identifier – H(attack at dawn) = 465348
• Unix: 32 bit number stored in process structure – Can’t determine data from hash or find two pieces of data
with same hash
• Windows NT: 27 byte number, stored in an access token
in kernel

25 26

Storing passwords More Storing Passwords

• Unix-style password file
• CTSS (1962): password file
– Password file not protected, because information
Bob: 14: “12.14.52” in it can’t be used to logon
David: 15: “allison”
Mary: 16: “!ofotc2n” • Windows-NT style password file
• Unix (1974): encrypt passwords with passwords – Contains MD4 hash of passwords
Bob: 14: S6Uu0cYDVdTAk – Hash must be protected because it can be used to
log on
K=[0]allison David: 15: J2ZI4ndBL6X.M
• Hidden from users
Mary: 16: VW2bqvTalBJKg
• Encrypted by random key
• Unix (1979): salted passwords • Physical security required

Bob: 14: S6Uu0cYDVdTAk: 45

K=[0]allison392 David: 15: J2ZI4ndBL6X.M: 392
Mary: 16: VW2bqvTalBJKg: 152

27 28

7
 Authorization Access Control Lists
• How does the system know what I’m allowed to do? • Representation used in Windows NT, Unix for files
– Authorization matrix: • Stored on each file / directory
• Objects = things that can be accessed
• Subjects = things that can do the accessing (users or Bob Read, Write,
programs) Delete
Students Read
Everyone Read
Alice Bob Carl
/etc Read Read Read Unix:
Write Fixed set of permissions (read,write,delete)
Three sets of subjects (owner, group, world)
/homes Read Read Read
Windows NT
Write Write Write
Arbitrary number of entries
/usr None None Read
16 permissions per object

31 32

Capabilities Which one is better

• Once granted, can be used to get access to an object • ACLs:
• Implemented as a protected pointer – Can have large numbers of objects
1 Used in Unix, Windows NT for files, – Easy to grant access to many objects at once
User
2 sockets, kernel objects – Require expensive operation on every access
program
3 Capability obtained after ACL check • Capabilities
Kernel – Hard to manage huge number of capabilities
Boundary – They have to come from somewhere
– They are fast to use (just pointer dereferences)
• Most systems use both
– ACLs for opening an object (e.g. fopen())
– Capabilities for performing operations (e.g. read())
Capability
List
1 2 3 4 5 6

33 34

8
 Modern security problems Integrity
• Confinement • Compromise of integrity equal to compromise of privacy
– How do I run code that I don’t trust?
• E.g. RealPlayer, Flash
– How do I restrict the data it can communicate? • Integrity threats:
– What if trusted code has bugs? – Change permissions to allow modification/reading
• E.g. Internet Explorer
• Concepts:
– Change password file
– Least Privilege: programs should only run with the minimal – Change device / interface configurations
amount of privilege necessary – Move files
• Solutions:
– Replace system programs with substitutes
– Restricted contexts - let the user divide their identity
– ActiveX – make code writer identify self
– Replace log files with sanitized versions
– Java – use a virtual machine that intercepts all calls
– Binary rewriting - modify the program to force it to be safe • 95% of UNIX security incidents result of misconfiguration

37 38

Integrity Protection Strategies Prevention Strategies

• Software Controls:
• Prevention – File permissions
• Detection – Directory permissions
• Recovery – Restrictions on root access
• Low-level operating system controls:
– Immutability - only change in single-user mode
– append - only add to file, except single-user mode
• Hardware controls:
– Read-only file systems (CD ROM, WORM)
– Write-protect options

39 40

9
 Detection Strategies Recovery Strategies
• Comparison copies:
– On read-only media • Restore from backup - Rollback (Data Loss)
– On standard media, remote storage • If data problem, may be able to replay
– Large space, slow, expensive
changes - Selective Rollback (some data
• Metadata: loss)
– Stored list of files
– Path to files
• If specific changes found - correct - Roll
– Modification times
forward
– Easy to fool • In general -- the more detection and
• Digital Signature prevention, the easier the recovery
– Encrypt with private key of modifier
– Fast, small, hard to fool, requires extra work

41 42

Auditing

• Installing security protection is only a beginning

• Need to monitor systems

End of Security
• Monitoring methods: Audits and Logs
– Audit - active scanning of current state of system
– Log - record of actions taken in operation of system

• Audits often use logs, and do more

43 45

10
 What we have done so far !
1. Course content (Syllabus)
– Completed + Advanced
– Books (Ref. Galvin)
– Extra references (material)
2. Remember: OS (CoA), DAA, DS, Programming
3. Teaching & Learning
– PPT (Ref. Galvin + Improvements + Detailed Discussions)

Wrap - up –
–
Tutorials (Important topics)
Reading Notes / Assignments (Advanced topics) (not forced this time).
– Quizzes (complex problems)
– MTE (much more complex problems)
– Project (not too tough, easy with a team)
• Better Experience of the concepts
– Evaluation: Fair, Balanced, and Open
4. Participation
– Excellent (cooperation, interaction, discussions)
5. Attendance
6. Personal Interactions
7. Fair & Impartial to everyone

46 47

Some tips for ETE !

Weightages
• Available for discussions and doubts clarifications
• Project Evaluation:
– May 14 – 15, 2025. (or Appointment based)
• ETE format:
– Format: Descriptive (Approx. 30%) and Numerical & Logical
(Approx. 70%) (any other suggestions???)
– Syllabus: Complete, with little more weightage for recent
topics (as we have covered Process Management in MTE)
– Complexity: Medium to High (Time consuming) (Accuracy
and Preciseness is important) (However, not too far away
from Book centric problems, except 1 or 2).
• Quiz: Best 3 out of 4 (or Best 3 out of 3) • Usual Practice: Mixer of assignments, advanced topics (descriptive
mostly), numerical problems, basic topics, etc.
• Attendance: Pro-rata. (with limit up to 75%, rest all will get zero) – Without calculators (Not allowed during exam)
– Any other points to be covered???

48 49

11
 THANK YOU

T
E BES
TH
ALL
e e sh
-S a t

50

12