Systems Security & Audit Operating Systems security
Jan 11, 2016
Systems Security & Audit
Operating Systems security
Contents
Review on objective of operating system Things to protect and protection methods Trusted Operating System Protection of memory Protection of other objects
Function of Operation System
Control the use of resources of the computerCPU timeMemory I/O File storage
CPU time
Fair use No hogging by single process (multi-
processing) Managed by a scheduler
Memory
Assign sufficient memory to run the program Return memory to OS after use Managed by programmer and later the
memory manager (part of OS)
Objects that are protected
Memory Sharable I/O devices, e.g. disks Serially reusable I/O devices, e.g. printers Sharable programs and procedures Sharable data
Process
A program in execution Requires CPU time and memory (address
space) to run Address space contains program code,
program’s data, and stack System calls are required to run the program
Memory protection
Fence
Relocation
Base/Bounds Register
Tagged architecture
Segmentation
Paging
Segregation of memory: Fence
Memory
System Memory
User memory
Example: DOS
Memory
System Memory
User memory
00000
FFFFF
AFFFF
00010Interrupt Vectors
COM files have fixed starting address
Memory
00000
00010
COM file1
I normally start here
COM file2
I am OK.This is mystarting point
COM files have fixed starting address
Memory
00000
00010
COM file3
COM file2
Oops! I cannotrun
EXE files areRELOCATABLE
Memory
00000
00010
COM file3
EXE file1
I can startanywhere
Base and Bound Register
UserMemory
Application1
Base Address
Bound Address
I cannot go over this address
Application2
I am safehere
Data
Tagged architecture
Tag
Machine Word
I have thedata address
I know whocan access this
address
Segmentation
Memory
Segment 1
Segment 2
Segment 3
We haveDifferentSegment no.
Our addressStart fromzero
The CPU hasA no. of segment registers
Segment of a process
Text (code)
Stack
Data
Room for growthMemoryassigned
Paging
We are fixedsize
We are virtualmemory
Paging
Technique used in virtual memory system to give a linear addressing space
Pages are of fixed size The actual storage location may be in
physical memory or in the hard disk MMU maps virtual memory to physical
memory using page tables
Paging
Can run program that is too big to fit into the physical memory
Make programming easier as memory is assigned by MMU
The programmer (instructions he wrote) cannot access the physical memory directly
So MORE SAFE
Operation System Layered system
Instructions have different privilege Operating system structured in layers More structure means better management
and better protection, but less efficient
Layer system
Layer 0: Processor allocation Layer 1: Memory management Layer 2: Process communication Layer 3: Input/output management Layer 4: User programs
Ring system: Pentium
Ring O: Kernel Ring 1: System calls Ring 2: Shared library Ring 3: User program
Kernel
The core of the OS that manage the CPU, memory and I/O service
Security kernel
The place where the security mechanism and policies are applied
It prevents unauthorized access to system resources
It implements the Reference Monitor concept
Kernel
Part of the OS that performs the lowest level functions such as Synchronization Interprocess communication Message parsing Interrupt handling
Separate Security KernelLevel
1. Hardware
2. Security KernelAccess controlAuthentication
3. Operating SystemResource allocationSharingHardware interactions
4. User tasks
Intel Premium Chip Ring Structure
Protection of shared objects
No protection Isolation Share via access limitation (ACL)
Refer Bell La Padula model Share by capabilities Limited use of an object (permissions) Process execution domain
Namespace Share all or share nothing (declared public or
private)
File protection
Each file has a name and its data, the attributes. The attribute can be a protection field or a password
File system such as NTFS can provide DACL to each individual file
Encryption can also be applied to files
Access Control Matrix
Operation System
Accounts Program
Accounting Data
Audit Trail
Sam
(Sysop)rwx rwx rw r
Alice
(Mgr)rx x rx -
Bob
(Auditor)rx r r r
Access Control List
Operation System
Accounts Program
Accounting Data
Audit Trail
Sam
(Sysop)rwx rwx rw r
Alice
(Mgr)rx x rx -
Bob
(Auditor)rx r r r
Capacity
Operation System
Accounts Program
Accounting Data
Audit Trail
Sam(Sysop)
rwx rwx rw r
Alice(Mgr)
rx x rx -
Bob(Auditor)
rx r r r
ACL of Unix
Owner, Group, World Read, Write, Execute Example
drwxrwxrwx Alice Accounts -rw-r----- Alice Accounts
ACL of Windows
Many defined groups including everyone Finer division of privilege:
Take ownership List folder content Delete etc.
Use of domains and trust Groups policy to associate with sites,
domains, and operating units in Active Directory
Well-formed Transaction
Operation System
Accounts Program
Accounting Data
Audit Trail
Sam(Sysop)
rwx rwx r r
Alice(Mgr)
rx x - -
Accounts Program
rx r rw w
Bob(Auditor)
rx r r r
Well-formed Transaction
Access Triple of User Program File
Refer the Clark Wilson model
Access Control Model
ReferenceMonitor
Subject
Principal
Request Object
Access Control Model
Principals The user or machine that has a name and a SID The local user is Machine\principal The domain user is Domain\Principal
Subject A program with a user identity
Request Set of operations: read/write/execute/append/erase
Object Resources, memory, files, registry, printer
Windows authorization model
Access Token
Security credentials of subjects
Virtualization
A virtual machine is a collection of real or simulated hardware facilities: a CPU that runs an instructor set, an amount of addressable memory space, and some I/O devices. This enables programs designed for that CPU be executed on the host computer.
Virtualization
It provides another layer of control between the OS and the application programs in the computer system. Thus fault in one virtual machine does not affect the operation of another virtual machine, and the whole system.
It is a sandbox for insecure operation
Reading
Security in Computing Chapter 6