Chapter 9, Security Modern Operating Systems by

Download Report

Transcript Chapter 9, Security Modern Operating Systems by 

Chapters 9 & 10,
Modern Operating Systems
by A. S. Tanenbaum
IA 705, Prof. Brown, Spring 2003
Group E
IA705, Spring 2003
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
1
Chapter 9, UNIX & Linux
Modern Operating Systems
by A. S. Tanenbaum
Group E
IA705, Spring 2003
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
2
Jose Paloschavez
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
3
The Security Environment
Threats
Security goals and threats
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
4
Intruders
Common Categories
1. Casual prying by nontechnical users
2. Snooping by insiders
3. Determined attempt to make money
4. Commercial or military espionage
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
5
Accidental Data Loss
Common Causes
1. Acts of God
-
fires, floods, wars
2. Hardware or software errors
-
CPU malfunction, bad disk, MSFT program bugs
3. Human errors
-
data entry, wrong backup disk
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
6
Basics of Cryptography
Relationship between the plaintext and the ciphertext
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
7
Secret-Key Cryptography
• Monoalphabetic substitution
– each letter replaced by different letter
Plaintext:
ABCDEFGHI…
Ciphertext: EQHOZGS EGSSTUT
CAPITOL COLLEGE
• Given the encryption key,
– easy to find decryption key
• Secret-key crypto called symmetric-key crypto
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
8
Public-Key Cryptography
Private Key
Mathematically
Linked
Key Pair
Public Key
• All users pick a public key/private key pair
– publish the public key
– private key not published
• Public key is the encryption key
– private key is the decryption key
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
9
One-Way Functions
• Function such that given formula for f(x)
– easy to evaluate y = f(x)
• But given y
– computationally infeasible to find x
• Many names
– Compression function, contraction function,
message digest, fingerprint, cryptographic
checksum or manipulation detection mode (MDC)
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
10
Digital Signatures
• Signature is authentic
• Signature is unforgeable
• Signature is not reusable
• Signature is unalterable
• Signature cannot be
repudiated
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
11
User Authentication
Authentication must identify:
1. Something the user knows
2. Something the user has
3. Something the user is
NOTE: This is done before user can use the
system
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
12
Authentication Using Passwords
LOGIN: jose
PASSWORD: AuthEnt
SUCCESSFULL LOGIN
(a)
LOGIN: bogs
INVALID LOGIN NAME
LOGIN
(b)
LOGIN: lagas
PASSWORD: Iforgot
INVALID LOGIN
LOGIN:
(c)
(a) A successful login
(b) Login rejected after name entered
(c) Login rejected after name and password typed
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
13
Authentication Using Passwords
Jose, 2918, b(13%%BeTWW2918)
Matt, 9282, e(WonderDog9282),
James, 9619, e(AxC@Oczw9619)
John, 3168, e(MonkeyBusiness,3168)
,
,
,
Lewes, 1705, e(ShenTel,1705)
Salt
Password
The use of salt to defeat precomputation of
encrypted passwords
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
14
Improving Password Security
1. Password should be a minimum of, seven characters
, lower case letters.
2. Passwords should contain both UPPER and
3. Passwords should contain at least one digit or, spec*al.
,
4. Passwords should not be dictionary words, names, etc.
5. Passwords should be treated like a toothbrush, not shared.
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
15
Authentication Using a Physical Object
• Magnetic cards
– magnetic stripe cards
– chip cards: stored value cards, smart cards
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
16
Authentication Using Biometrics
A device for authenticating using iris
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
17
Matt Troxler
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
18
Attacks from the Inside
•
•
•
•
•
Trojan Horses
Login Spoofing
Logic Bombs
Trap Doors
Buffer Overflow
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
19
Design Principles for Security
• Public Design - easier to service.
• Default = Deny Access - easier to trace
errors.
• Check access occasionally, not just a login
or file open procedure
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
20
Design Principles Cont’d.
• Minimal permissions for all users/processes
• Ease of use - difficult interfaces usually
result in wide-open environments
• Keep it simple - tight and efficient code is
easy to review and lock down
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
21
External Attacks (Viruses)
How they function
• “Dropper” tool is used to deploy a virus
• Infected file is distributed (preferably
publicly)
• Users go get (or receive unknowingly) and
install the infected file
• Payload of the file runs, does whatever the
virus does
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
22
Classifications of Viruses
• Companion virus - runs
in place of a legitimate
file
• Executables - virus code
imbeds itself in another
.exe (overwriting)
• Parasitic viruses overwriting, but the
original files still work
after infection.
• Cavity virus - virus
embeds itself in unused
portions of legit. files
• Memory Resident - Lives
in memory, little disk
activity
• Boot Sector - lives at the
first sector of the HDD
• Device Driver - gets
loaded as a legit. file in
kernel mode
• Macro - attached to a file
that appears innocent
• Source Code - requires
some knowledge of
programming
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
23
How Viruses Spread
• Downloads
• Email
• Storage Space (fixed or removable disks,
memory, etc.)
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
24
Antivirus and Anti-Antivirus…
and so on…
• Date hiding – Date
disguising – Parent
folder…
• Size hiding –
Compression
• Bitwise hiding –
Look for decryption
routine/key
Polymorphic
– Look for
morphing
routine code
Checksums
– Delete or
overwrite –
Encrypt
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
25
Securing Mobile Code
• Sandboxing
• Interpretation
• Code
• Java Security
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
26
Protection Mechanisms
• Protection Domains
• Access Control Lists
• Capabilities
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
27
Trusted Systems and Multilevel
Security
•
•
•
•
•
•
Trusted Computing Base
Formal Models
Bell-La Padula Model
Biba Model
Orange Book
Covert Channels
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
28
Chapter 10, UNIX & Linux
Modern Operating Systems
by A. S. Tanenbaum
Group E
IA705, Spring 2003
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
29
Jim Boggs
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
30
History
•
•
•
•
•
•
UNICS
PDP-11 UNIX & Portable UNIX
Berkeley UNIX
Standard UNIX & POSIX
MINIX
Linux
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
31
Overview of UNIX
UNIX Goals & Interfaces
• Goals
– Handle Multiple Processes & Users
– Design Principles
• Interfaces
User Interface
Library Interface
System Call Interface
Users
Utility Programs
Standard Library
UNIX OS
Hardware
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
User Mode
Kernel Mode
32
Overview of UNIX
UNIX Shell & Utility Programs
• Shell
–
–
–
–
Ordinary program providing command line interface
Standard input/output
Flexibility (wild cards, standard I/O,flags, pipes)
Shell Scripts
• Utility Programs
–
–
–
–
File & Directory Commands
Filters
Development Tools & Text Processing
System Administration
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
33
Overview of UNIX
Kernel Structure
Kernel structure graphic, copyright Prentice-Hall 2001, Modern Operating Systems, p. 688
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
34
Processes in UNIX
Concepts and Process Management
• Active Entities are Processes
–
–
–
–
Foreground & Background
Parent & Child
ID for Each
Single & Multiple Threads
• Process Management System Calls
– Means for Processes to Communicate
– Based on POSIX
– Examples
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
35
Processes in UNIX
Implementation
• Process Table
–
–
–
–
Scheduling Parameters
Memory Image
Signals
Miscellaneous
• Use Structure
–
–
–
–
–
Machine Registers
System Call State
File Descriptor
Accounting
Kernel Stack
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
36
Processes in UNIX
Threads
• UNIX
– Supported in Kernel, but Process-oriented
– Difficult Thought Process in Using Multiple Threads
• Fork & other Examples
• Linux
–
–
–
–
Kernel-oriented
Clone
Detailed Sharing
Non-portability
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
37
Processes in UNIX
Scheduling
• UNIX
– Designed for Response to Interactive Processes
– Process-oriented Queue Management
– Get Processes Rapidly out of the Kernel
• Linux
– Thread-oriented
– Classes of Linux Threads
• Real-time FIFO
• Real-time Round Robin
• Timesharing
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
38
Processes in UNIX
Booting UNIX
•
•
•
•
Get Kernel Running
Set Message Buffer
Allocate Kernel Data Structure
System Configuration (drivers)
– Static Links
– Dynamic Loads
• Begin Process 0
• Init
• Login
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
39
John Lagas
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
40
Unix Memory Management
• Fundamental Concepts
– Text
– Data
– Stack
– Shared Text Segments
– Memory-mapped files
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
41
Unix Memory Management
• Memory Management System Calls
– brk
– mmap
– unmap
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
42
Unix Memory Management
• Implementation
– Swapping
– Paging
– Page replacement algorithm
• Two-handed
• Clock
– Memory Management under Linux
• Buddy algorithm
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
43
Unix I/O
• Fundamental concepts
– Special files
– Character special
– Block special
• Major and minor numbers
– Networking
• Sockets
• TCP/UDP and IP
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
44
Unix I/O
• System Calls
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
45
Unix I/O
• Implementation
– Ioctl
• Device dependant
• Device drivers
– Streams
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
46
Unix File Systems
• Fundamental Concepts
– “Standard” directories
• bin, dev, etc, sbin, lib, usr
– path
• absolute and relative
– linking files
– locking
• Prevents overwrites
– File descriptor and file handle
• Descriptor is of type “int”
• Handle is the “name of the file”
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
47
Unix File Systems
• System Calls
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
48
Unix File Systems
• Implementation
– Superblock
– Inodes
– Inode table
– What info to keep for a file?
•
•
•
•
DAC
MAC
Access/mod/change times
UID/GID
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
49
Unix File Systems
• NFS
– Architecture
– Client-server
• Makes remote file system appear local
• Can cause system to “hang”
– Implementation
• Local is of type NFS
• Remote is not relevant for the client
– The server handles those details
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
50
Unix Security
• Fundamental concepts
– UID and GID
• Mentioned above under File systems
– DAC and mode bits
• Extended mode bits
– Superuser !!! Got root?
• UID 0
• Only one per system, or game over…
– EUID
• Who are you running as???
• SETUID / SETGID
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
51
Unix Security
• System Calls
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
52
Unix Security
• Implementation
– The devil is in the details
– System files
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
53
Questions and Answers
J. Paloschavez, M. Troxler, J. Boggs,
J. Lagas Chapters 9 & 10 IA705
54