Operating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
|
|
- Bernice Phelps
- 6 years ago
- Views:
Transcription
1 Operating System Security Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
2 Hw1 grades out this Friday Announcement Travel: out of town for a meeting next Tuesday Attack/Defense presentation Rachael Stempfley, Peter Price, Alex Van Brunt Move to Thursday (we are going to have two presentations)? Our guest speaker and TA will be here Topic: Deception-Based Defenses May or may not have quiz (not graded) 2
3 What does Operating System do Manages all the resource in a computer (including processor, memory, i/o devices) Provides an interface between the hardware and application software
4 Trusted Computer System Evalua3on Criteria (TCSEC) is a US Department of Defense (DoD) standard that sets basic requirements for assessing the effec:veness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensi:ve or classified informa:on. The Orange Book From wikipedia.com
5 Tagged architecture for memory protection In i960mx the memory subsystem was made 33-bits wide for a 32-bit word and a "tag" bit to indicate protected memory (popular in 1990s for embedded systems) IBM System/38 from Wikipedia.com Available in August 1979
6 Tagged Architecture To have fine-grained data protection Protect some values but not all To be able to modify the protection E.g., first allow write, then read-only Base/bound registers are all-or-nothing Tagged architecture: Every word of memory has one or more extra bits to identify the access rights to that word Access bits set only by privileged instructions Bits are tested when an instruction accesses that location Can have a few more tag bits for different classes of data, etc Used in IBM system/38 & Burroughs; compatibility issues with other OS codel From Pfleeger & Pfleeger
7 Advanced security models for the confidentiality and integrity of files
8 Slides credit to Ethan L. Miller and Scott A. Brandt ACCESS CONTROL
9 Protection Domains Three protection domains Each lists objects with permitted operations Domains can share objects & permissions Objects can have different permissions in different domains There need be no overlap between object permissions in different domains How can this arrangement be specified more formally? File1 [R] File2 [RW] File3 [R] File4 [RWX] File5 [RW] Printer [W] File3 [W] Screen1 [W] Mouse [R] Domain 1 Domain 2 Domain 3 9
10 Access Matrix Domain File1 File2 File3 File4 File5 Printer1 Mouse 1 Read Read Write 2 Read Read Write Execute Read Write Write 3 Write Write Read Each domain has a row in the matrix Each object has a column in the matrix Entry for <object,column> has the permissions Who s allowed to modify the protection matrix? What changes can they make? How is this implemented efficiently? 10
11 Representing the protection matrix Need to find an efficient representation of the protection matrix (also called the access matrix) Most entries in the matrix are empty! Compress the matrix by: Associating permissions with each object à access control list Associating permissions with each domain à capabilities How is this done, and what are the tradeoffs?
12 Each object has a list List has Protection domain o User name o Group of users o Other Access rights o Read o Write o Execute (?) o Others? Access control lists File1 elm: <R,W> znm: <R> root: <R,W,X> File2 elm: <R,X> uber: <R,W> root: <R,W> all: <R> No entry for domain => no rights for that domain Operating system checks permissions when access is needed 12
13 Access control lists in the real world Unix file system Access list for each file has exactly three domains on it o User (owner) o Group o Others Rights: read, write, execute AFS (Andrew File System) for client/server systems Access lists only apply to directories Files inherit rights from the directory are in Access list may have many entries on it with possible rights: o read, write, lock (for files in the directory) o lookup, insert, delete (for the directories themselves), o administer (ability to add or remove rights from the ACL) 13
14 Capabilities Each process has a capability list List has one entry per object the process can access Object name Object permissions Objects not listed are not accessible How are these secured? Kept in kernel Cryptographically secured Process A File1: <R,W> File2: <R> File3: <R,W,X> Process B File2: <R,W> File4: <R,W,X> File7: <W> File9: <R,W> 14
15 Protecting the access matrix: summary OS must ensure that the access matrix isn t modified (or even accessed) in an unauthorized way Access control lists Reading or modifying the ACL is a system call OS makes sure the desired operation is allowed Capability lists Similar to ACLs: reading and modification done by OS Can be handed to processes and verified cryptographically later on May be better for widely distributed systems where capabilities can t be centrally checked 15
16 SECURITY MODELS 16
17 Multi-Level Security (MLS) Military security policy is based on protec:ng classified informa:on Hierarchy of Sensi:vity ranks
18 Compartments and Sensitivity ranks project Least Sensi:ve Compartments may not be hierarchical 18
19 Need-to-know Rule In Military Security Policy <rank, compartments> class or classification of information A clearance is an indication that a person is trusted to access data up to some rank E.g., secret clearance Dominance relation between subjects and objects s dominates o (denoted by s o) s has a need to know all the compartments for which o is classified For subject s and object o, s o if and only if rank s rank o and compartments o compartments s e.g.,top secret > secret A subject s can read an object o if s dominates o
20 Bell-LaPadula confidentiality model (BLP) Biba integrity model
21 Bell-LaPadula Model read down/write up Security levels arranged in linear ordering Top Secret: highest Secret Confidential Unclassified: lowest Levels consist of security clearance L(s) Objects have security classification L(o) security level subject object Top Secret Tamara Personnel Files Secret Samuel Files Confidential Claire Activity Logs Unclassified Alice Telephone Lists Tamara can read all files Claire cannot read Personnel or Files Alice can only read Telephone Lists
22 Reading/Writing Information Information flows up, not down Reads up disallowed, reads down allowed Subject s can read object o iff, L(o) L(s) and s has permission to read o (aka simple security condition) No reads up rule Writes up allowed, writes down disallowed *-Property Subject s can write object o iff L(s) L(o) and s has permission to write o. (aka *-property) No writes down rule
23 Bell-La Padula in Process Management Processes, objects have security level Simple security property Process at level k can only read objects at levels k or lower * property Process at level k can only write objects at levels k or higher These prevent information from leaking from higher levels to lower levels E 6 3 C 4 D A writes 4 B 2 1 A 23
24 Basic Security Theorem in BLP model If a system is ini:ally in a secure state, and every transi:on of the system sa:sfies the simple security condi:on, and the *-property, then every state of the system is secure
25 Biba multilevel integrity model Principles to guarantee integrity of data Simple integrity principle A process can write only objects at its security level or lower No way to plant fake information at a higher level The integrity * property A process can read only objects at its security level or higher Prevent someone from getting information from above and planting it at their level Biba is in direct conflict with Bell-La Padula Difficult to implement both at the same time! 25
26 Biba Integrity Model Bell-La Padula model (read-down/write-up) Biba (read-up/write-down) dual of BLP model Subject cannot corrupt data in a higher level Subject cannot be corrupted by data with a lower level 1. s S can read o O iff i(s) i(o) 2. s S can write to o O iff i(o) i(s) 3. s 1 S can execute s 2 S iff i(s 2 ) i(s 1 ) i is integrity level
27 Key Points MAC vs. DAC (mandatory access control vs. discretionary access control) Confidentiality models restrict flow of information Bell-LaPadula models multilevel security Cornerstone of much work in computer security BLP model is generally believed to be very restrictive Integrity policies deal with trust As trust is hard to quantify, hard to evaluate completely Look for assumptions and trusted users to find possible weak points Clark-Wilson (will discuss later in the course) focuses on separation of duty and transactions
28 Computer Virus Theory and Experiments by Fred Cohen J. of Virology 1987 Virus Detec:on is Undecidable That is, they (USC) told me everything I needed to know all the way down to the bolom.''
29 How to prevent computer viruses from spreading? l In order for users of a system to be able to share informa:on, there must be a path through which informa:on can flow from one user to another. BLP model (write-up, read-down) allows virus to spread across mul:ple security levels
30 Isola:onism If there is no sharing, then no dissemination of information across information boundaries Thus, a virus cannot spread outside a single partition. - However, isolationism is unacceptable if we wish to benefit from the work of others.
31 l Partition models and flow models Partition model -- partitions of a system into isolated subsystems - Resulting in closed subsets - e.g., Biba integrity model (read-up/write-down) - Biba: no user at a given integrity level can read an object of lower integrity or write an object of higher integrity. l Flow model no par::on, but limit the extend over which a virus can spread - flow distance policy keeps track of the distance (number of sharings) over which data has flowed - e.g., with transi:vity limited to a distance of 1, it is safe to share informa:on with any user you trust without having to worry about whether that user has incorrectly trusted another user. - e.g., user A can only be allowed to access informa:on wrilen by users (B and C) or (B and D), but not informa:on wrilen by B, C, or D alone. Useful to enforce cer:fica:on of informa:on by B, before C or D can pass it to A.
32 Experiments with computer viruses l First test on VAX 11/750 system - the name virus was thought of by Len Adleman. - Virus prepends program 'vd' l Second test on Univac On a Bell-LaPadula based system Adleman - demonstrated the ability to cross user boundaries and move from a given security level to a higher security level - no system flaws involved in this activity - (supporting the Biba model will help with the file integrity and isolation)
Security Models Trusted Zones SPRING 2018: GANG WANG
Security Models Trusted Zones SPRING 2018: GANG WANG Access Control Slides credit to Ethan L. Miller and Scott A. Brandt Protection Domains Three protection domains Each lists objects with permitted operations
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationCCM Lecture 12. Security Model 1: Bell-LaPadula Model
CCM 4350 Lecture 12 Security Model 1: Bell-LaPadula Model Why Security Models? When we have implemented a security policy, do we know that it will (and can) be enforced? E.g., if policies get too intricate,
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationPolicy, Models, and Trust
Policy, Models, and Trust 1 Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact with the system, Objects:the informational and
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationComplex Access Control. Steven M. Bellovin September 10,
Complex Access Control Steven M. Bellovin September 10, 2013 1 Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationCIS433/533 - Introduction to Computer and Network Security. Access Control
CIS433/533 - Introduction to Computer and Network Security Access Control Professor Butler Winter 2011 Computer and Information Science Trusted Computing Base The trusted computing base is the infrastructure
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 11 - Access Control October 10, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Access Control System Protection Domain What can be accessed by a process Default
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationAccess Control Part 3 CCM 4350
Access Control Part 3 CCM 4350 Today s Lecture Repetition of Structuring Access Control Fresh up notions of Partial Orders Again Example of Groups ordering for VSTa- Microkernel abilities as Motivation
More informationCSE361 Web Security. Access Control. Nick Nikiforakis
CSE361 Web Security Access Control Nick Nikiforakis nick@cs.stonybrook.edu Access Control: introduction How do we protect our confidential data from unauthorized usage? Two important cases: An attacker
More informationAccess Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationAccess Control. Chester Rebeiro. Indian Institute of Technology Madras
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Subjects : User/ process/ applica5on Read/Write/
More informationIntrusion Detection Types
Intrusion Detection Continued Tom Longstaff SM Software Engineering Institute Pittsburgh PA 1521 The is sponsored by the Advanced Research Projects Agency (ARPA). The Software Engineering Institute is
More informationLecture 4: Bell LaPadula
CS 591: Introduction to Computer Security Lecture 4: Bell LaPadula James Hook Objectives Introduce the Bell LaPadula framework for confidentiality policy Discuss realizations of Bell LaPadula References:
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationP1_L6 Mandatory Access Control Page 1
P1_L6 Mandatory Access Control Page 1 We discussed access control in the last lesson. But that was only one kind of access control called discretionary access control, or DAC. That allows you to decide
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationCS 392/ CS Computer Security. Nasir Memon Polytechnic University Module 7 Security Policies
CS 392/ CS 681 - Computer Security Nasir Memon Polytechnic University Module 7 Security Policies Course Logistics Security Week Questions about Midterm grading Read parts of chapters 4, 5, 6 and 7. Homework
More informationSecurity Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008
Security Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008 Page 1 Outline Security terms and concepts Security policies Basic concepts Security policies for real systems Page
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More information8.3 Mandatory Flow Control Models
8.3 Mandatory Flow Control Models Mingsen Xu Advanced Operating System 2011-10-26 Outline Mandatory Flow Control Models - Information Flow Control - Lattice Model - Multilevel Security Model - Bell-Lapadula
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationSELinux. Don Porter CSE 506
SELinux Don Porter CSE 506 MAC vs. DAC By default, Unix/Linux provides Discretionary Access Control The user (subject) has discretion to set security policies (or not) Example: I may chmod o+a the file
More informationPríprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku
Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné
More informationComputer Security. 02. Operating System Access Control. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 02. Operating System Access Control Paul Krzyzanowski Rutgers University Spring 2018 February 17, 2018 CS 419 2018 Paul Krzyzanowski 1 Protection is essential to security Protection The
More informationUnix, History
Operating systems Examples from Unix, VMS, Windows NT on user authentication, memory protection and file and object protection. Trusted Operating Systems, example from PitBull Unix, History Unix, History
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationA Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationCSE509: (Intro to) Systems Security
CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Integrity Policies Hybrid Policies 2005-12 parts by Matt Bishop, used with permission Integrity Policies: Overview Requirements Very different than
More informationChapter 7: Hybrid Policies
Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Slide #7-1 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines
More informationSystem design issues
System design issues Systems often have many goals: - Performance, reliability, availability, consistency, scalability, security, versatility, modularity/simplicity Designers face trade-offs: - Availability
More informationChapter 4: Access Control
(DAC) Chapter 4: Comp Sci 3600 Security Outline (DAC) 1 2 (DAC) 3 4 5 Attribute-based control (DAC) The prevention of unauthorized use of a resource, including the prevention of use of a resource in an
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationComputer Security Operating System Security & Access Control. Dr Chris Willcocks
Computer Security Operating System Security & Access Control Dr Chris Willcocks Lecture Content Access Control ACMs ACLs Introduction to *NIX security - we ll cover this more due to server popularity -
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationAccess Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy
Access Control: enacting a security policy Access Control COMP 435 Fall 2017 Prof. Cynthia Sturton Which users can access which resources and with which rights 2 Access Control: enacting a security policy
More informationCCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson
CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall, Clark Wilson Introduction Bell-LaPadula model designed to capture a specific military security policy. At one time treated as the model of security.
More informationAccess Control and Protection
Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More information? Resource. Outline. Lecture 9: Access Control and Operating System Security. Access control. Access control matrix. Two implementation concepts
Outline Lecture 9: Access Control and Operating System Security ECE1776 David Lie Access Control Matrix, ACL, Capabilities Multilevel security (MLS) OS Mechanisms Multics Ring structure Unix File system,
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More informationAccess Control. Tom Chothia Computer Security, Lecture 5
Access Control Tom Chothia Computer Security, Lecture 5 The Crypto Wars 1993-1996: Clipper chip considered in US congress and rejected. Due partly to Matt Blaze s analysis and strongly attack by John Kerry
More informationFormal methods and access control. Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8
Formal methods and access control Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8 Today s topics: Access control basics Model Matrix and protection states Access control
More informationLecture 21. Isolation: virtual machines, sandboxes Covert channels. The pump Why assurance? Trust and assurance Life cycle and assurance
Lecture 21 Isolation: virtual machines, sandboxes Covert channels Detection Mitigation The pump Why assurance? Trust and assurance Life cycle and assurance May 17, 2013 ECS 235B Spring Quarter 2013 Slide
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationIssues of Operating Systems Security
ECAI 2007 - International Conference Second Edition Electronics, Computers and Artificial Intelligence 29 th 30 th June, 2007, Piteşti, ROMÂNIA Issues of Operating Systems Security Academy of Economic
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationChapter 18: Evaluating Systems
Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation Criteria FIPS 140 Common Criteria SSE-CMM Slide #18-1 Overview Goals Why evaluate? Evaluation criteria TCSEC (aka Orange Book) FIPS
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Final
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Final PRINT your name:, (last) SIGN your name: (first) PRINT your Unix account name: PRINT your TA s name: You may consult any books, notes,
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationAnnouncements. is due Monday April 1 needs to include a paragraph write-up about the results of using the two different scheduling algorithms
Announcements Reading Chapter 11 (11.1-11.5) Programming Project #3 is due Monday April 1 needs to include a paragraph write-up about the results of using the two different scheduling algorithms Midterm
More informationIntegrity Policies. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Integrity Policies Murat Kantarcioglu Requirements of Policies for Commercial Applications [Lipner 1982] 1. Users will not write their own
More informationStorage and File Hierarchy
COS 318: Operating Systems Storage and File Hierarchy Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Storage hierarchy File system
More informationCOS 318: Operating Systems
COS 318: Operating Systems File Systems: Abstractions and Protection Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics What s behind
More informationAccess Control Lists. Don Porter CSE 506
Access Control Lists Don Porter CSE 506 Background (1) ò If everything in Unix is a file ò Everything in Windows is an object ò Why not files? ò Not all OS abstractions make sense as a file ò Examples:
More informationDion Model. Objects and their classification
Dion Model (1981) Proposed as a mandatory policy which protects the secrecy and integrity together. Combines the principles of the BLP and Biba models (strict consistency policy) No discretionary policy
More informationAccess Control Part 1 CCM 4350
Access Control Part 1 CCM 4350 Overview of Access Control Lectures Three Lectures on Access Control following D. Gollmann. Computer Security. Wiley: Chapter 4. Part 1: Authorisation and Access Operation
More informationSecurity Basics. Ruby B. Lee Princeton University HotChips Security Tutorial August
Security Basics Ruby B. Lee Princeton University HotChips Security Tutorial August 10 2014 Outline What is Security Threat Model Security Design Methodology Security Policies Access Control AuthenGcaGon
More informationAsbestos Operating System
Asbestos Operating System Presented by Sherley Codio and Tom Dehart This Talk Recap on Information Flow Asbestos Overview Labels Special Rules Discretionary Contamination Declassification/Decontamination
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationSecure Server Project. Xen Project Developer Summit 2013 Adven9um Labs Jason Sonnek
Secure Server Project Xen Project Developer Summit 2013 Adven9um Labs Jason Sonnek 1 Outline I. Mo9va9on, Objec9ves II. Threat Landscape III. Design IV. Status V. Roadmap 2 Mo9va9on In a nutshell: Secure
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationP1L5 Access Control. Controlling Accesses to Resources
P1L5 Access Control Controlling Accesses to Resources TCB sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationFall 2014:: CSE 506:: Section 2 (PhD) Securing Linux. Hyungjoon Koo and Anke Li
Securing Linux Hyungjoon Koo and Anke Li Outline Overview Background: necessity & brief history Core concepts LSM (Linux Security Module) Requirements Design SELinux Key elements Security context: identity
More informationINF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control
INF3510 Information Security University of Oslo Spring 2018 Lecture 9 Identity Management and Access Control University of Oslo Spring 2018 Outline Identity and access management concepts Identity management
More informationVerifiable Security Goals
C H A P T E R 5 Verifiable Security Goals 57 In this chapter, we examine access control models that satisfy the mandatory protection system of Definition 2.4 in Chapter 2. A mandatory protection system
More informationWorking Book Title: INFORMATION SYSTEM SECURITY: a management challenge. CHAPTER 3: Designing Technically Secure IS: formal models
Author: Dhillon Working Book Title: INFORMATION SYSTEM SECURITY: a management challenge Version: 1 Date: October 27, 2003 SECTION 2: The Technical System CHAPTER 3: Designing Technically Secure IS: formal
More information