INSE 6130 Operating System Security. Overview of Design Principles
|
|
- Gabriella Stephens
- 6 years ago
- Views:
Transcription
1 INSE 6130 Operating System Security Design Principles Prof. Lingyu Wang 1 Overview of Design Principles Design principles Time-proven guidelines For implementing security mechanisms/systems Rooted in simplicity and restriction Simplicity Less to go wrong; easier to check and use Restriction Information and privileges il 2 1
2 Overview of Design Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability 3 Principle of Least Privilege A subject should be given only those information/ privileges necessary to complete its task What rights to be given, when to give/revoke Difficulties: Require fine-grained access control Lack in standard UNIX security Principle does not apply to root (UNIX) and administrator (NT) The presence of root/administrator makes hacking a lot easier RBAC/TE can help to remove such difficulties 4 2
3 Principle of Least Privilege (Example) Facts about Windows architecture/messaging No restrictions on kernel mode processes Some interactive i services run in kernel mode Any application can send messages to those services Shatter Network Associates VirusScan v4.5.1 console running on Windows 2000 Professional as LocalSystem As guest, find an edit box within the console (get the handle, remove the limit) and paste shell codes into it Send the window a WM_TIMER message with second parameter being the address of our shell codes You get a shell running as LocalSystem 5 Principle of Fail-Safe Defaults Default action is to deny access, unless access privileges are granted explicitly to a subject Closed World If action fails, it should undo the actions before it terminates Help to tolerate mistakes/faults Example: SunOS shipped with + in /etc/hosts.equiv 6 3
4 Economy of Mechanism (K.I.S.S.) Keep security mechanisms as simple as possible Simpler design has less to go wrong, is easier to understand, follow, and manage On the contrary, complex mechanisms make more assumptions, which may not hold Example: two-step user input verification Everything should be made as simple as possible, but no simpler - Albert Einstein 7 Complete Mediation Check every access don t cache or rely on previous permissions The reason for relaxing this one is efficiency Example: Race Condition/TOCTTOU bug if (access(file, R_OK)!= 0) { exit(1); } point file to another file fd = open(file, O_RDONLY); // do something with fd
5 Open Design Security should not depend on secrecy of design or implementation Don t depend on the ignorance of the user - Security through obscurity Question: but hiding source code does seem to make attacks harder? Example: RC4, DES, 9 Separation of Privilege/Duty Require multiple conditions/subjects to grant privilege Example: the big red nuclear button Example: TA/student Example: in certain Unix, a user is allowed to change from his account to root if (1) he knows the root password, (2) the user is in the wheel group (GID = 0) 10 5
6 Least Common Mechanism Mechanisms/resources should not be shared Shared resources provide a channel along which information can flow Example: covert channels Two processes are prohibited from communicating with each other Percent of CPU used. To send a 1 bit, the first process uses 100% of the CPU; to send a 0 bit, it uses 0% of the CPU (i.e., idle) The other process sees how much of the CPU it can get 11 Psychological Acceptability Security mechanisms should not add to the difficulty of accessing resource Hide complexity introduced by security mechanisms Otherwise users will try to get around - problem Example: SSH, SSL 12 6
7 INSE 6130 Operating System Security UNIX Security Prof. Lingyu Wang 13 Overview User and Group File System 14 7
8 UID (user ID) UNIX represents each user by a UID A 16-bit integer, from 0 to All UNIX privileges are determined by the UID (sometimes the GID), not by user name Theoretically, a root whose UID is not 0 is not a root; any user whose UID is 0 is a root Linux UIDs between 0 and 499 are reserved for system functions E.g., root, daemon, uucp, mail, news Normal users UID start from 500, automatically assigned, but can be changed by root 15 /etc/passwd The mapping between usernames and UIDs is in the file /etc/passwd, e.g., root:x:0:0:root:/root:/bin/bash 0 t t /bi /b bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync foo:x:500:500:mr. Foo:/home/foo:/bin/bash username:x:uid:gid:full name:home dir:shell A critical file in terms of security UID=0 16 8
9 Users and Groups Every UNIX user belongs to one or more groups Each group also has a name and a GID GID values are also historically 16-bit integers Linux Private group: GID=CID (except some system users) Admins can create additional groups for easy access control E.g., project group A user can belong to multiple groups, but only one primary group (GID in /etc/passwd) 17 /etc/group Like /etc/passwd, but for groups root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon wheel:x:10:root,anne,chris,daniel,spanner,wojciech mail:x:12:mail foo:x:500:foo wheel group includes all admins Another critical file in terms of security wheel 18 9
10 Change Group You can switch to a group using newgrp Of which you are a member Effective until exit 19 The Superuser A special user in /etc/passwd with UID of 0, typically (but not necessarily) with the username root The superuser exerts nearly complete control over the OS Security restrictions, checks/warnings are bypassed for any program run by this user Stealing the root is the ultimate t goal of attackers 20 10
11 The Superuser (Cont d) The superuser account is not for casual use A violation of the least privilege principle Main security threat rm rf * Switch to root only when necessary using the command su (switch user) 21 Real and effective UIDs Real UID of a process UID of the user who spawns the process UID of the su ed user who spawns the process Effective UID Special SUID (explained later) process takes owner s UID E.g., root owns passwd, and only root can run passwd Each user needs to change his/her own password Set passwd as an SUID file 22 11
12 Set UID (SUID) Unprivileged users sometimes need to run tasks using superuser privileges passwd requires modifying /etc/passwd file root only How can a normal user changes own password? Run w/ the privilege of the owner of that program Non-SUID program: UID=UID of the user who runs it SUID program: Effective UID = owner s UID 23 Problems with SUID If you leave your terminal unattended, a malicious passerby can create a SUID shell % cp /bin/sh /tmp/suid-root-shell shell % chmod 4755 /tmp/ suid-root-shell suid-root-shell will run as root, no matter who runs it Find all SUID/SGID files: # find / \(-perm o -perm \) -type f -print Starts in the root directory (/) and looks for all files that match mode (SGID) or mode (SUID) The -type f option causes the search to be restricted to files The -print option causes the name of every matching file to be printed 24 12
13 Turning Off SUID While Mounting You don t want A user to mount a floppy disk containing SUID shell Mount a network file system with SUID shells You can turn off the SUID bit by specifying the nosuid option with the mount command To mount the file system athena in the /usr/athena directory on the host zeus: # /etc/mount -o nosuid zeus:/athena /usr/athena 25 Stealing Superuser! A wants root access from system admin B. A noticed that B had. at the beginning g of his search path B can set this by: PATH=.:$PATH A created an executable shell file named ls in the current directory: #!/bin/sh (#! indicates this is a shell script) cp /bin/sh./stuff/junk/.superdude (copy the shell) chmod 4555./stuff/junk/.superdude (SUID) rm -f $0 (delete this file) exec /bin/ls ${1+"$@"} (run the real ls) 26 13
14 Stealing Superuser! (Cont d) A then executed the following commands: % cd % chmod 700. (so B can t list unless as root) % touch./-f (so rm -f does not work) A approached B, "I have a funny file in my directory I can't seem to delete." B su to root, and goto A s directory, run ls He actually run the script ls A has created This creates a SUID shell that runs as root (no matter who runs it) 27 Restricting su On some versions of UNIX require users to be in the group wheel (GID=0) in order to su to root The /etc/group entry for wheel must be non-empty Some versions of su prompt users for their own passwords instead of root s No need to give out the superuser's password (simply put that user into the wheel group) Some versions of UNIX require that users specifically be given permission to su Like sudo (/etc/sudoers) 28 14
15 Overview User and Group File System 29 UNIX Directory Hierarchy For more details refer to:
16 The UNIX File System In UNIX, everything is a "file" including processes and network connections Directory contains file name, inode number Multiple file names can have the same inode number (links) The inode number points to an inode that contains all attributes (size, time modified, rights, etc.) except name of the file 31 The UNIX File System (Cont d) 32 16
17 I-node Details Each inode generally contains: The location of the item's contents on the disk, if any The item's type (e.g., file, directory, symbolic link) The item's size, in bytes, if applicable The time the file's inode was last modified (the ctime) The time the file's contents were last modified (the mtime) The time the file was last accessed (the atime) for read ( ), exec ( ), etc A reference count: the number of names the file has The file's owner (a UID) The file's group (a GID) The file's mode bits (also called file permissions or permission bits) 33 File Permissions File Type Contents t Meaning - Plain file d Directory c Character device (tty or printer) b Block device (usually disk or CD-ROM) l s Symbolic link (BSD or V.4) Socket (BSD or V.4) 34 17
18 Change File Permission Only owner or superuser can change chmod [-Rf] [agou][+-=][rwxst] filelist -R: recursively -f:no error reporting Whose privileges? Letter a g o u Meaning Modifies privileges for all users Modifies group privileges Modifies others' privileges Modifies the owner's privileges How to change the privileges? Symbol Meaning + Adds to the current privilege - Removes from the current privilege = Replaces the current privilege 35 Change File Permission Only owner or superuser can change chmod [-Rf] ][agou][+-=][rwxst] ] filelist Which privileges? Symbol Meaning r read w write x execution s SUID or SGID t sticky bit 36 18
19 chmod Relative Mode Add/remove a permission Everybody y in Sian s group has write permission: % ls -l notes -rw-r--r-- 1 sian biochem 4320 Feb 9 13:20 notes % chmod g+w notes % ls -l notes -rw-rw-r-- 1 sian biochem 4320 Feb 9 13:20 notes People not in her group can't readit: % chmod o-r notes % ls -l notes -rw-rw sian biochem 4320 Feb 9 13:20 notes 37 chmod Absolute Mode Specify new permissions w/ four-digit octal number For example, "-rwxr-x---" is 0750: 0400 Read by owner 0200 Write by owner 0100 Execute by owner 0040 Read by group 0010 Execute by group 0750 Result 0654 is: 6=4+2 read,write by owner 5=4+1 read/execute by group 4 read by other -rw-r-xr-- Octal Number Permission 4000 SUID 2000 SGID 1000 "Sticky bit" 0400 Read by owner 0200 Wit Write by owner 0100 Execute by owner 0040 Read by group 0020 Write by group 0010 Execute by group 38 19
20 Common Permission Settings Octal Number File Permission 0755 /bin/ls Anybody ycan copy or run the program; the file's owner can modify it 0711 $HOME A user's home directory; no other users on the system can display its contents, but can access files or subdirectories contained within the directory if they know the names of the files or directories 0700 $HOME Locks a user's home directory so that no other users on the system can access its contents, or the contents of any subdirectory 0600 /usr/mail/$user The user can read or write the contents of the mailbox, but no other users (except the superuser) may access it 0644 any file The file's owner can read or modify the file; everybody else can only read it 0664 groupfile The file's owner or anybody in the group can modify the file; everybody else can only read it 0666 writable Anybody can read or modify the file 0444 readable Anybody can read the file; only the superuser can modify it without changing the permissions 39 INSE 6130 Operating System Security Review Sample Questions, Q&A for Midterm Prof. Lingyu Wang 40 20
INSE 6130 Operating System Security
INSE 6130 Operating System Security Design Principles Prof. Lingyu Wang 1 1 Overview of Design Principles Design principles Time-proven guidelines For implementing security mechanisms/systems Rooted in
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service) a high-availability,
More informationUser Management. René Serral-Gracià Xavier Martorell-Bofill 1. May 26, Universitat Politècnica de Catalunya (UPC)
User Management René Serral-Gracià Xavier Martorell-Bofill 1 1 Universitat Politècnica de Catalunya (UPC) May 26, 2014 Lectures 1 System administration introduction 2 Operating System installation 3 User
More informationFiles (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1
Files (review) and Regular Expressions Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 11 and April 1) Files and Permissions Regular Expressions 2 Sobel, Chapter 6 160_pathnames.html
More informationOperating Systems Linux 1-2 Measurements Background material
Operating Systems Linux 1-2 Measurements Background material Introduction The Linux measurements were designed to allow you to have an impression about the administration of Linux severs along with providing
More informationPrivileges: who can control what
Privileges: who can control what Introduction to Unix May 24, 2008, Morocco Hervey Allen Goal Understand the following: The Unix security model How a program is allowed to run Where user and group information
More information5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9
File Security, Setting and Using Permissions Chapter 9 To show the three protection and security mechanisms that UNIX provides To describe the types of users of a UNIX file To discuss the basic operations
More informationbash startup files Linux/Unix files stty Todd Kelley CST8207 Todd Kelley 1
bash startup files Linux/Unix files stty Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 27 and April 10) bash startup files More Linux Files review stty 2 We customize our
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 1 September 2, 2008 1 Objectives Understand the basic principles of
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path TCP wrappers Race conditions NOTE: filenames may differ between OS/distributions
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Secure Design Principles OS Security Overview Lecture 2 September 4, 2012 1 Objectives Understand the basic principles of
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationUNIX File Hierarchy: Structure and Commands
UNIX File Hierarchy: Structure and Commands The UNIX operating system organizes files into a tree structure with a root named by the character /. An example of the directory tree is shown below. / bin
More informationCST8207: GNU/Linux Operating Systems I Lab Six Linux File System Permissions. Linux File System Permissions (modes) - Part 1
Student Name: Lab Section: Linux File System Permissions (modes) - Part 1 Due Date - Upload to Blackboard by 8:30am Monday March 12, 2012 Submit the completed lab to Blackboard following the Rules for
More informationCase Study: Access Control. Steven M. Bellovin October 4,
Case Study: Access Control Steven M. Bellovin October 4, 2015 1 Case Studies in Access Control Joint software development Mail Steven M. Bellovin October 4, 2015 2 Situations Small team on a single machine
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationCS 392/681 - Computer Security. Module 5 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 5 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm next Thursday!!! Read Chapter 2 and 15 of text 10/15/2002 Module 5 - Access Control
More informationOperating Systems. Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) alphapeeler.sf.net/pubkeys/pkey.htm
Operating Systems Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationIntroduction to Unix May 24, 2008
Introduction to Unix May 24, 2008 Exercises: Privileges REFERENCE Reference: Shah, Steve, "Linux Administration: A Beginner's Guide", 2nd. ed., Osborne press, New York, NY. If you look at files in a directory
More informationChapter 8: Security under Linux
Chapter 8: Security under Linux 8.1 File and Password security Linux security may be divided into two major parts: a) Password security b) File security 8.1.1 Password security To connect to a Linux system
More informationCase Studies in Access Control
Joint software development Mail 1 / 38 Situations Roles Permissions Why Enforce Access Controls? Unix Setup Windows ACL Setup Reviewer/Tester Access Medium-Size Group Basic Structure Version Control Systems
More informationEverything about Linux User- and Filemanagement
Everything about Linux User- and Filemanagement Lukas Prokop 20. April 2009 Inhaltsverzeichnis 1 Who I am 2 1.1 whoami..................................... 3 1.2 passwd......................................
More informationHardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system Controls
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationIntroduction to Systems Security
Introduction to Systems Security CIM3571 Dr. S.F. Wu (wusf@vtc.edu.hk, R323, x706) Continuous Assessment 50% Examination 50% Security and Threat There are three aspects of computer security: Confidentiality
More informationOperating System Security
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system
More informationINTRODUCTION TO LINUX
INTRODUCTION TO LINUX REALLY SHORT HISTORY Before GNU/Linux there were DOS, MAC and UNIX. All systems were proprietary. The GNU project started in the early 80s by Richard Stallman Goal to make a free
More informationCS 392/681 - Computer Security. Module 6 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 6 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm grades Thursday. Read Chapter 2 and 15 th of text Lab 4 postponed - due next week.
More informationBasic File Attributes
Basic File Attributes The UNIX file system allows the user to access other files not belonging to them and without infringing on security. A file has a number of attributes (properties) that are stored
More informationOperating system security
Operating system security Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline Access control models in operating systems: 1. Unix 2. Windows Acknowledgements: This
More informationfind Command as Admin Security Tool
find Command as Admin Security Tool Dr. Bill Mihajlovic INCS-620 Operating Systems Security find Command find command searches for the file or files that meet certain condition. like: Certain name Certain
More informationHands-on Keyboard: Cyber Experiments for Strategists and Policy Makers
Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers Review of the Linux File System and Linux Commands 1. Introduction Becoming adept at using the Linux OS requires gaining familiarity
More informationExercise Sheet 2. (Classifications of Operating Systems)
Exercise Sheet 2 Exercise 1 (Classifications of Operating Systems) 1. At any given moment, only a single program can be executed. What is the technical term for this operation mode? 2. What are half multi-user
More informationFiles and Directories
CSCI 2132: Software Development Files and Directories Norbert Zeh Faculty of Computer Science Dalhousie University Winter 2019 Files and Directories Much of the operation of Unix and programs running on
More informationUser Commands ls ( 1 )
NAME ls list contents of directory SYNOPSIS /usr/bin/ls [-aabccdffghillmnopqrrstux1@] [file...] /usr/xpg4/bin/ls [-aabccdffghillmnopqrrstux1@] [file...] DESCRIPTION For each file that is a directory, ls
More informationProgramming Project # 2. cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel)
Programming Project # 2 cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel) Background context Unix permissions model Prof Mitchell will cover during OS security (next week
More informationSecuring Unix Filesystems - When Good Permissions Go Bad
Securing Unix Filesystems - When Good Permissions Go Bad Introduction Unix has a very elegant and flexible permission system at the heart of its filesystem security. These permissions allow and/or disallow
More informationCSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions
CSE 390a Lecture 3 Multi-user systems; remote login; editors; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1
More informationChapter Two. Lesson A. Objectives. Exploring the UNIX File System and File Security. Understanding Files and Directories
Chapter Two Exploring the UNIX File System and File Security Lesson A Understanding Files and Directories 2 Objectives Discuss and explain the UNIX file system Define a UNIX file system partition Use the
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More information6.858 Lecture 4 OKWS. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS.
6.858 Lecture 4 OKWS Administrivia: Lab 1 due this Friday. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS. Privilege separation
More informationIS 2150 / TEL 2810 Information Security and Privacy
IS 2150 / TEL 2810 Information Security and Privacy James Joshi Professor, SIS Access Control OS Security Overview Lecture 2, Sept 6, 2016 1 Objectives Understand the basics of access control model Access
More informationcs642 /operating system security computer security adam everspaugh
cs642 computer security /operating system security adam everspaugh ace@cs.wisc.edu principles Principles of Secure Designs Compartmentalization / Isolation / Least privilege Defense-in-depth / Use more
More informationCapability and System Hardening
P a g e 1 Date Assigned: mm/dd/yyyy Date Due: mm/dd/yyyy by hh:mm Educational Objectives Capability and System Hardening This lab is designed to help you gain a better understanding of system hardening
More informationCSE 265: System and Network Administration
CSE 265: System and Network Administration User accounts The /etc/passwd file The /etc/shadow file Root powers Ownership of files and processes The superuser The /etc/group file Adding users Removing users
More informationUser Commands chmod ( 1 )
NAME chmod change the permissions mode of a file SYNOPSIS chmod [-fr] absolute-mode file... chmod [-fr] symbolic-mode-list file... DESCRIPTION The chmod utility changes or assigns the mode of a file. The
More informationWorking with Basic Linux. Daniel Balagué
Working with Basic Linux Daniel Balagué How Linux Works? Everything in Linux is either a file or a process. A process is an executing program identified with a PID number. It runs in short or long duration
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationUser accounts and authorization
User accounts and authorization Authentication vs authorization Authentication: proving the identity of someone Authorization: allowing a user to access certain resources 1 Government authorization documents
More informationOperating Systems. Copyleft 2005, Binnur Kurt
3 Operating Systems Copyleft 2005, Binnur Kurt Content The concept of an operating system. The internal architecture of an operating system. The architecture of the Linux operating system in more detail.
More informationCST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management
Student Name: YOUR NAME Lab Section: 011 012 013 or 014 Linux User and Group Management 1 Due Date - Upload to Blackboard by 8:30am Monday April 2, 2012 Submit the completed lab to Blackboard following
More informationOperating Systems 3. Operating Systems. Content. What is an Operating System? What is an Operating System? Resource Abstraction and Sharing
Content 3 Operating Systems The concept of an operating system. The internal architecture of an operating system. The architecture of the Linux operating system in more detail. How to log into (and out
More informationINF322 Operating Systems
Galatasaray University Computer Engineering Department INF322 Operating Systems TP01: Introduction to Linux Ozan Çağlayan ocaglayan@gsu.edu.tr ozancaglayan.com Fundamental Concepts Definition of Operating
More informationFind out where you currently are in the path Change directories to be at the root of your home directory (/home/username) cd ~
CIS 105 Working with directories You have using directories in a Windows environment extensively. Often in Windows we are calling them folders. They are important in order to organize our files. It is
More informationUNIT V. Dr.T.Logeswari. Unix Shell Programming - Forouzan
UNIT V UNIX SYSTEM COMMUNICATION Dr.T.Logeswari 1 Electronic mail or email is easiest way of communication on unix. Fast and cheap Used to exchange graphics, sound and video files 2 3 Elements of a communication
More informationInformation Security CS 526
Information Security CS 526 s Security Basics & Unix Access Control 1 Readings for This Lecture Wikipedia CPU modes System call Filesystem Permissions Other readings UNIX File and Directory Permissions
More informationBasic File Attributes
Basic File Attributes The UNIX file system allows the user to access other files not belonging to them and without infringing on security. A file has a number of attributes (properties) that are stored
More informationInformation System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)
Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationUser Accounts. The Passwd, Group, and Shadow Files
User Accounts The Passwd, Group, and Shadow Files We'll start with the passwd (pronounced "password") file, located at /etc/passwd. This file holds information about all of the user accounts on the system.
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 3: UNIX Operating System Organization Tian Guo CICS, Umass Amherst 1 Reminders Assignment 2 is due THURSDAY 09/24 at 3:45 pm Directions are on the website
More informationLab Authentication, Authorization, and Accounting
Objectives Given a scenario, select the appropriate authentication, authorization, or access control Install and configure security controls when performing account management, based on best practices
More informationPESIT Bangalore South Campus
INTERNAL ASSESSMENT TEST - 2 Date : 20/09/2016 Max Marks : 0 Subject & Code : Unix Shell Programming (15CS36) Section : 3 rd Sem ISE/CSE Name of faculty : Prof Ajoy Time : 11:30am to 1:00pm SOLUTIONS 1
More informationOverview LEARN. History of Linux Linux Architecture Linux File System Linux Access Linux Commands File Permission Editors Conclusion and Questions
Lanka Education and Research Network Linux Architecture, Linux File System, Linux Basic Commands 28 th November 2016 Dilum Samarasinhe () Overview History of Linux Linux Architecture Linux File System
More informationRace Condition Vulnerability Lab
Concordia Institute for Information Systems Engineering - INSE 6130 1 Race Condition Vulnerability Lab Copyright c 2006-2012 Wenliang Du, Syracuse University. The development of this document is funded
More informationAnswers to Even- Numbered Exercises
Answers to Even- 17 Numbered Exercises from page 1077 1. What option should you use with fsck if you want to review the status of your filesystems without making any changes to them? How does fsck determine
More informationLAB #7 Linux Tutorial
Gathering information: LAB #7 Linux Tutorial Find the password file on a Linux box Scenario You have access to a Linux computer. You must find the password file on the computer. Objective Get a listing
More informationCS 200. User IDs, Passwords, Permissions & Groups. User IDs, Passwords, Permissions & Groups. CS 200 Spring 2017
CS 200 User IDs, Passwords, Permissions & Groups 1 Needed to control access to sharepoints and their contents Because Macs & PCs now support multiple accounts, user IDs and passwords are also needed on
More informationCourse 144 Supplementary Materials. UNIX Fundamentals
Course 144 Supplementary Materials UNIX Fundamentals 1 Background to UNIX Command Fundamentals This appendix provides a overview of critical commands and concepts Prerequisite knowledge attendees should
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationPermissions and Links
Permissions and Links The root account Setuid and Setgid Permissions Setting Setuid and Setgid with chmod Directory Access Permissions Links o Two Types of Links o The ln command o Removing a link The
More informationFile Properties and Permissions
File Properties and Permissions Managing File Access in Linux Peter Perry July 2009 What is it about? Open a shell (terminal) and type ls -l You get quite a bit of information about each file. Tonight,
More informationCS246 Spring14 Programming Paradigm Notes on Linux
1 Unix History 1965: Researchers from Bell Labs and other organizations begin work on Multics, a state-of-the-art interactive, multi-user operating system. 1969: Bell Labs researchers, losing hope for
More informationCS/CIS 249 SP18 - Intro to Information Security
Lab assignment CS/CIS 249 SP18 - Intro to Information Security Lab #2 - UNIX/Linux Access Controls, version 1.2 A typed document is required for this assignment. You must type the questions and your responses
More informationlsx [ls_options ] [names]
NAME ls, lc, l, ll, lsf, lsr, lsx - list contents of directories SYNOPSIS ls [-abcdefgilmnopqrstuxacfhlr1] [names] lc [-abcdefgilmnopqrstuxacfhlr1] [names] l [ls_options ] [names] ll [ls_options ] [names]
More informationCIS Operating Systems File Systems Security. Professor Qiang Zeng Fall 2017
CIS 5512 - Operating Systems File Systems Security Professor Qiang Zeng Fall 2017 Previous class File and directory Hard link and soft link Mount Layered structure File system design Naïve: linked list
More informationOperating Systems, Unix Files and Commands SEEM
Operating Systems, Unix Files and Commands SEEM 3460 1 Major Components of Operating Systems (OS) Process management Resource management CPU Memory Device File system Bootstrapping SEEM 3460 2 Programs
More informationInformation System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)
Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationKeys and Passwords. Steven M. Bellovin October 17,
Keys and Passwords Steven M. Bellovin October 17, 2010 1 Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationTECH 4272 Operating Systems
TECH 4272 Lecture 3 2 Todd S. Canaday Adjunct Professor Herff College of Engineering sudo sudo is a program for Unix like computer operating systems that allows users to run programs with the security
More informationThe landscape. File hierarchy overview. A tree structure of directories The directory tree is standardized. But varies slightly among distributions
The landscape David Morgan File hierarchy overview A tree structure of directories The directory tree is standardized But varies slightly among distributions portions can spread across different partitions
More informationCptS 360 (System Programming) Unit 6: Files and Directories
CptS 360 (System Programming) Bob Lewis School of Engineering and Applied Sciences Washington State University Spring, 2019 Motivation Need to know your way around a filesystem. A properly organized filesystem
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX and Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service)
More informationSystem Programming. Introduction to Unix
Content : by Dr. B. Boufama School of Computer Science University of Windsor Instructor: Dr. A. Habed adlane@cs.uwindsor.ca http://cs.uwindsor.ca/ adlane/60-256 Content Content 1 Introduction 2 3 Introduction
More informationUNIX/Linux Auditing. Baccam Consulting, LLC Training Events
UNIX/Linux Auditing Baccam Consulting, LLC tanya@securityaudits.org Training Events www.securityaudits.org/events.html ***CISSP Course being offered April 25-April 29, 2016 Copyright 2005-2016, Baccam
More informationFilesystem Hierarchy and Permissions
and Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Multiuser and Server Operating System Linux systems are commonly used as a multi-user system E.g.
More informationIntroduction to Linux
Introduction to Operating Systems All computers that we interact with run an operating system There are several popular operating systems Operating Systems OS consists of a suite of basic software Operating
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationUser & Group Administration
User & Group Administration David Morgan Users useradd/userdel /home/ /etc/passwd is the user database /etc/shadow has passwords (relocated from passwd) /etc/group whoami su / sudo / SUID process
More informationCommands are in black
Starting From the Shell Prompt (Terminal) Commands are in black / +--------+---------+-------+---------+---------+------ +------ +------ +------ +------ +------ +-- Bin boot dev etc home media sbin bin
More information5/8/2012. Creating and Changing Directories Chapter 7
Creating and Changing Directories Chapter 7 Types of files File systems concepts Using directories to create order. Managing files in directories. Using pathnames to manage files in directories. Managing
More informationread: permitted to read the contents of directory ( view files and sub-directories in that directory ).
File permissions Three file permissions:- read: permitted to read the contents of file. write: permitted to write to the file. execute: permitted to execute the file as a program/script. Three directory
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationIntroduction. Let s start with the first set of slides
Tux Wars Class - 1 Table of Contents 1) Introduction to Linux and its history 2) Booting process of a linux system 3) Linux Kernel 4) What is a shell 5) Bash Shell 6) Anatomy of command 7) Let s make our
More informationMANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG
MANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG Terminals and keyboards have no uniform behavioral pattern. Terminal settings directly impact the keyboard operation.
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationUnix Basics. UNIX Introduction. Lecture 14
Unix Basics Lecture 14 UNIX Introduction The UNIX operating system is made up of three parts; the kernel, the shell and the programs. The kernel of UNIX is the hub of the operating system: it allocates
More informationminit Felix von Leitner September 2004 minit
minit Felix von Leitner felix-minit@fefe.de September 2004 minit What is this all about? This talk is about a new init program called minit. Several itches needed scratching: 1. Typical Linux distributions
More information