Operating System Security: Concepts and Techniques, Slides of Operating Systems

Download Operating System Security: Concepts and Techniques and more Slides Operating Systems in PDF only on Docsity!

Operating System Concepts – 9th^ Edition Silberschatz, Galvin and Gagne ©

OS Security

(Chapter 15)

Outline

 (^) Security Problem  (^) Security Violation Categories  (^) Security Violation Methods  (^) Program and network threats  (^) Security techniques  (^) Cryptography: a security tool

Security Violation Categories

 (^) Breach of confidentiality  (^) Unauthorized reading of data  (^) Breach of integrity  (^) Unauthorized modification of data  (^) Breach of availability  (^) Unauthorized destruction of data  (^) Theft of service  (^) Unauthorized use of resources  (^) Denial of service (DOS)  (^) Prevention of legitimate use

Security Violation Methods

 (^) Masquerading (breach authentication )  (^) Pretending to be an authorized user to escalate privileges  (^) Replay attack  (^) Data transmission is maliciously repeated  (^) Man-in-the-middle attack  (^) Intruder sits in data flow, masquerading as sender to receiver and vice versa  (^) Session hijacking  (^) Intercept an already-established session to bypass authentication

Security Measure Levels

 (^) Impossible to have absolute security, but make sufficiently high cost to deter most intruders  (^) Security must occur at four levels to be effective:  (^) Physical  (^) Data centers, servers, connected terminals  (^) Human  (^) Avoid social engineering , phishing ,  (^) Operating System  (^) Protection mechanisms, debugging  (^) Network  (^) Intercepted communications, interruption, DOS

Program Threats

 (^) Many variations, many names  (^) Trojan Horse  (^) malware which misleads users of its true intent  (^) Spyware , pop-up browser windows  (^) Trap Door  (^) Software bug or undocumented feature left intentionally by the programmer  (^) Can be used later to get access to the system  (^) Could be included in a compiler  (^) Difficult to detect

Network Threats

 Network threats involve the abuse of network services and connection

 Worm: a program that can replicate itself and send copies from

computer to computer across network connections.

 Port Scanning: aim at detecting system vulnerabilities to launch an

attack

 Denial of service: aim at disturbing the legitimate use of system

services

Security Techniques

 Authentication

 (^) process of verifying an identity claimed by a system entity

 Methods

 (^) Password based authentication  (^) Token based authentication  (^) Biometric authentication

Security Techniques …

 Virus Protection

 (^) Antivirus approach: use antivirus to protect the system  (^) Antivirus works in following steps  (^) Detect  (^) Identify  (^) removal

Cryptography as a Security Tool

 Constructing and analyzing protocols that prevent third

parties or the public from reading private messages  (^) Source and destination of messages on network cannot be trusted without cryptography  (^) a sender can encode its message so that only a computer with a certain key can decode the message  (^) enables a recipient of a message to verify that the message was created by whom

Encryption (Cont.)

Symmetric Encryption

 (^) Same key used to encrypt and decrypt  (^) Therefore k must be kept secret  (^) DES was most commonly used symmetric block-encryption algorithm (created by US Govt)  (^) Encrypts a block of data at a time  (^) Keys too short so now considered insecure

Asymmetric Encryption  (^) Public-key encryption based on each user having two keys:  (^) public key – published key used to encrypt data  (^) private key – key known only to individual user used to decrypt data

• Operating System Concepts – 9th Edition Silberschatz, Galvin and Gagne ©
  • End Chapter