Security & Protection

V.A.

CSED,TU

Protection & Security

Organized By: V.A.

VA.

CSED,TU

Disclaimer

This is NOT A COPYRIGHT MATERIAL

Content has been taken mainly from the following books:Operating Systems Concepts By Silberschatz & Galvin,

Operating systems By D M Dhamdhere, System Programming By John J Donovan

etc…

VA.

CSED,TU

Protection – Goals & Principle

Each Object has a Unique Name and can be accessed through a well-defined set of Operations.

Ensure that each Object is accessed correctly and only by those Processes that are allowed to do so.

Guiding Principle – Principle of Least Privilege Programs, users and systems should be given just enough privileges to

perform their tasks

VA.

CSED,TU

Domain Structure

Access-right = <object-name, rights-set>where rights-set is a subset of all valid operations that can be performed on the object.

Domain = Set of Access-Rights

Domain can be realized in variety of ways: Each User, Each Process and Each Procedure.

VA.

CSED,TU

Access Matrix

View Protection as a MATRIX (access matrix)

Rows represent Domains

Columns represent Objects

Access (i, j) is the Set Of Operations that a process executing in Domaini can invoke on Objectj

VA.

CSED,TU

Access Control Matrix

Access control matrix consists of triple parts such as subject, object, and access operation.

A SUBJECT is an Active Entity in a computer system such as User, Program, Process and Thread.

An OBJECT is a Passive Entity or System Resource such as File, Directory, Database Record and Printer.

In Access Control Matrix’s schema, the Subjects and Objects are placed in a table. Each row represents a Subject and each column represents an Object.

The data inside the table are Set Of Access Operations such as read, write, and execute. The access operations are responsible for interactions between subjects and objects.

VA.

CSED,TU

Access Matrix

VA.

CSED,TU

Use of Access Matrix

If a Process in Domain Di tries to do “op” on object Oj, then “op” must be in the ACCESS MATRIX.

Can be Expanded to DYNAMIC PROTECTION.

Operations to ADD, DELETE access rights. Special Access Rights:

Owner of Oi

Copy op from Oi to Oj

Control – Di can modify Dj access rights Transfer – Switch from domain Di to Dj

VA.

CSED,TU

Access Matrix – Showing Switch

VA.

CSED,TU

Role Based Access Control

VA.

CSED,TU

Sample Access Matrix

The Derivative forms of access control matrix such as Access Control List (ACL) and Capability List (C-list) are better applied.

VA.

CSED,TU

Access Control List

VA.

CSED,TU

ACL

When we look for Insurance Data we can write:

VA.

CSED,TU

C-List

VA.

CSED,TU

C-List

When we look for Alice’s C-list we can write:

VA.

CSED,TU

ACL vs CL

VA.

CSED,TU

Security

Security must consider External Environment of the System and protect the system resources

Intruders (crackers) attempt to breach security

THREAT is potential security violation

ATTACK is attempt to breach security

Attack can be accidental or malicious

Easier to protect against accidental than malicious misuse

VA.

CSED,TU

Security Violations

Categories

Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service

Methods

Masquerading (breach authentication) Replay attack

Message modification Man-in-the-middle attack Session hijacking

VA.

CSED,TU

Security Attacks

VA.

CSED,TU

Reference List

Operating Systems Concepts By Silberschatz & Galvin,

Operating systems By D M Dhamdhere,

System Programming By John J Donovan,

www.os-book.com

www.cs.jhu.edu/~yairamir/cs418/os2/sld001.htm

http://gaia.ecs.csus.edu/~zhangd/oscal/pscheduling.html

http://www.edugrid.ac.in/iiitmk/os/os_module03.htm

http://williamstallings.com/OS/Animations.html

etc…

Operating Systems Concepts By Silberschatz & Galvin,

Operating systems By D M Dhamdhere,

System Programming By John J Donovan,

www.os-book.com

www.cs.jhu.edu/~yairamir/cs418/os2/sld001.htm

http://gaia.ecs.csus.edu/~zhangd/oscal/pscheduling.html

http://www.edugrid.ac.in/iiitmk/os/os_module03.htm

http://williamstallings.com/OS/Animations.html

etc…

VA.

CSED,TU

Thnx…