Introduction to Computer Security

Transcription

1 Introduction to Computer Security Instructor: Mahadevan Gomathisankaran CSCE 4550/5550, Fall 2009 Lecture 17 1

2 Mid Term Mean = 32.64, Median = CSCE 4550/5550, Fall 2009 Lecture 17 2

3 Using GDB CSCE 4550/5550, Fall 2009 Lecture 17 3

4 Using GDB CSCE 4550/5550, Fall 2009 Lecture 17 4

5 Using GDB CSCE 4550/5550, Fall 2009 Lecture 17 5

6 Using GDB CSCE 4550/5550, Fall 2009 Lecture 17 6

7 Using GDB CSCE 4550/5550, Fall 2009 Lecture 17 7

8 Assignment 3 Fermat s Little theorem DES difference table for(inp1=0;inp1<64;inp1++) { for(inp2=0;inp2<64;inp2++) { if(inp1 == inp2) break; inpdiff = inp1 ^ inp2; outdiff = sbox1[inp1] ^ sbox1[inp2]; //printf("inpdiff: %d, outdiff: %d ",inpdiff,outdiff); } } diffcount[inpdiff & 0x3F][outdiff & 0xF]++; CSCE 4550/5550, Fall 2009 Lecture 17 8

9 Assignment 3 DES Complementation property CSCE 4550/5550, Fall 2009 Lecture 17 9

10 Assignment 3 CSCE 4550/5550, Fall 2009 Lecture 17 10

11 Controls Against Program Threats Developmental methods Software Engineering Operating System Administrative CSCE 4550/5550, Fall 2009 Lecture 17 11

12 Developmental methods S/w Eng. Requirements Analysis System Design SDLC WATERFALL MODEL Program Design Coding SDLC Collaborative work teams Reviews Documentation Configuration Management Project Management Unit and Integration Testing System Testing Acceptance Testing Maintenance CSCE 4550/5550, Fall 2009 Lecture 17 12

13 Controls Against Program Threats Modularity Dividing a task into subtasks Provides ease of program development and security Should be single purpose, small, simple and independent, loosely coupled Encapsulation Isolating one component from the others Easy to trace faults Information Hiding Each component hides its implementation and design details from others CSCE 4550/5550, Fall 2009 Lecture 17 13

14 Controls Against Program Threats Mutual Suspicion procedure A suspects procedure B changes the content of array List procedure A { array List[5]={1, 2, 3, 4, 5} call B(List) } procedure B { } CSCE 4550/5550, Fall 2009 Lecture 17 14

15 Controls Against Program Threats Confinement Limit the access rights of a non trustworthy program. Genetic Diversity Provide services from different providers so as to generate diversity and hence more secure components. e.g. Morris virus ran on Unix and Code Red ran on Windows OSs CSCE 4550/5550, Fall 2009 Lecture 17 15

16 Controls Against Program Threats Techniques to build solid software Peer Reviews: Sharing a product with colleagues to test its correctness Review Walk-through Inspection Hazard Analysis: Set of systematic techniques intended to expose potentially hazardous system states. Hazard and Operability Studies: Structured Analysis Technique for process control and chemical plant industries. Failure Modes and Effects Analysis: Bottom-up technique applied at the system component level. Fault Tree Analysis: A top-down technique that begins with a postulated hazardous system malfunction CSCE 4550/5550, Fall 2009 Lecture 17 16

17 Controls Against Program Threats Testing: Making the product failure free or fault tolerant. Good design Prediction Static Analysis: Examine the system s design and code to check for security flaws before the system is up and running. Control flow structure Data flow structure Data structure Configuration management Analysis of mistakes CSCE 4550/5550, Fall 2009 Lecture 17 17

18 Protections of OS Protection Features of General OS Protecting memories Protecting files Protecting execution environment Controlled access to objects User authentication CSCE 4550/5550, Fall 2009 Lecture 17 18

19 Operating System Basics An operating system is a software that manages and controls the operation of a computer system. Controls access to resources so that access is stable, fair, and secure Operating Environment vs. Operating System CSCE 4550/5550, Fall 2009 Lecture 17 19

20 Operating System Basics A running system consists of Subjects (or Users): Entities that perform actions Examples: Users (Alice, Bob, ), the system itself, processes Objects: Entities that actions are performed upon Examples: Memory, files, printers, I/O devices, network, programs, sharable programs and data CSCE 4550/5550, Fall 2009 Lecture 17 20

21 Historical O.S. Evolution Generation 0 (1940 s): No O.S. Users had full access to machine and hand-coded machine language Generation 1 (1950 s): O.S. to help consolidate common functions (loaders, ) Batch processing still one user at a time O.S. protects user from self and cleaned up between jobs Generation 2 (Early 1960 s): Multiprocessing/Multiuser systems O.S. must coordinate access to shared resources O.S. protects one user from other users! CSCE 4550/5550, Fall 2009 Lecture 17 21

22 Historical O.S. Evolution Generation 3 (Mid 1960 s to Mid 1970 s): Emergence of general purpose systems (IBM System/360, ) Hardware abstraction became prevalent Generation 4 (Mid-1970 s to present): Networks become integral network O.S. concepts Personal computer development follows same timeline, but later (and faster): Generation 0 Early to Mid 1970 s Generation 1 (CP/M, DOS, ) Mid 1970 s to Late 1980 s Generation 2/3 (OS/2, Windows NT, ) Late 1980 s to Early 1990 s Generation 4 (Welcome to the Internet!) Mid 1990 s to present CSCE 4550/5550, Fall 2009 Lecture 17 22

23 Protected Objects and Methods of Protection First OSs: Executives Served to one programmer at a time Provided smooth transition among users Linkers and loaders for relocation easy access to compilers and assemblers automatic loading of subprograms from libraries Multiuser OSs: Monitors Interleave access to the resources of a single computing system Scheduling Sharing Parallel use protection against other users CSCE 4550/5550, Fall 2009 Lecture 17 23

24 Security Methods of OSs Separation: Keeping user A s objects separate from user B s objects Physical separation Temporal separation Logical separation Cryptographic separation CSCE 4550/5550, Fall 2009 Lecture 17 24

25 Modes of Sharing Do not protect Isolate Share all or nothing Share via access limitation Share by capabilities Limit use of an object CSCE 4550/5550, Fall 2009 Lecture 17 25

26 Fence Fence: Introduced in single-user OSs to prevent a faulty user program from interfering with the OS. Ensures to keep users at one side of a boundary. Fixed Fence: CSCE 4550/5550, Fall 2009 Lecture 17 26

27 Fence Fixed Fence: Fence is a predefined memory address User stays at one side, OS resides on the other side of the fence Too restrictive - waste of memory - no flexibility to grow beyond CSCE 4550/5550, Fall 2009 Lecture 17 27

28 Fence Variable Fence Register: Contains the address of the end of OS Position of the fence could be changed When data modification address is generated by a program, the address is compared with the fence address to protect OS area One-way protection only! CSCE 4550/5550, Fall 2009 Lecture 17 28

29 Relocation If OSs were fixed size then programs would start at a fixed address This way it would guarantee not to interfere with the OS code But in real world this is not possible Use relocation: Add relocation factor to each program address Relocation factor: starting address of program Use of fence register as a h/w relocation device Relocates the address Guarantees no one can access a location lower than the fence address. CSCE 4550/5550, Fall 2009 Lecture 17 29

30 Base/Bounds Registers Pair of base/bounds registers Variable fence register used as Base register, i.e. lower bound Bounds register = upper address limit Protects modification of user A s program address by user B. Context switching must change contents of base/bounds registers each time users are changed CSCE 4550/5550, Fall 2009 Lecture 17 30

31 Base/Bounds Registers 2 pairs of base/bounds registers A pair of base/bounds registers can only protect against other users A user error might cause subscript errors or executable instructions of the user s program Use of 2 pairs of base/bounds registers - one pair for instructions - one pair for data space CSCE 4550/5550, Fall 2009 Lecture 17 31

32 Tagged Architecture Every word of memory has tag bits associated with it Can only be set by OS Consecutive locations can be assigned different access rights With a few extra tag bits different data classes (numeric, char, address, pointer, etc.) can be separated and assigned different access rights CSCE 4550/5550, Fall 2009 Lecture 17 32

33 Segmentation Mechanism: Divide programs into logical pieces, i.e. segments Single procedure code Data of an array Dta collection used by a module OS maintains segment address table with <name, offset> name: the unique identifier name for the segment offset: the location within the segment Same access for different segments User s program does not know the true address address hiding OS can place and move any segment at any location even during execution A segment can be removed from man memory if not being used OS can do security check on every address request CSCE 4550/5550, Fall 2009 Lecture 17 33

34 Segmentation Advantages of Segmentation Security check on each address reference Different levels of protection is possible for different classes of data items Multiple users can share access to same segment with different access rights A user cannot generate an address or access to a segment that is not permitted Problems with Segmentation: Exceeding segment size can be exploited as a security hole Efficiency (overhead) OS lookup slow Segment names difficult to encode Fragmentation of main memory CSCE 4550/5550, Fall 2009 Lecture 17 34

35 Segmentation CSCE 4550/5550, Fall 2009 Lecture 17 35

36 Segmentation CSCE 4550/5550, Fall 2009 Lecture 17 36

37 Paging Mechanism: Divide programs into equal pieces called pages and memory into equal sized page frames OS maintains page translation table with the addressing <page, offset> Advantages of Paging: User is freed from worrying about page boundaries All pages are same size, hence fixes fragmentation Problems with Paging Can t associate access controls No unity to page CSCE 4550/5550, Fall 2009 Lecture 17 37

38 Paging CSCE 4550/5550, Fall 2009 Lecture 17 38

39 Paged Segmentation Idea: Combine paging with segmentation to eliminate the problems and take advantages of the both schemes Paging provides implementation efficiency Segmentation provides logical protection CSCE 4550/5550, Fall 2009 Lecture 17 39

40 Paged Segmentation CSCE 4550/5550, Fall 2009 Lecture 17 40