Chapter 15: Security. Chapter 15: Security

Similar documents
Chapter 15: Security. Operating System Concepts 8 th Edition,

The Security Problem

Language-Based Protection

Chapter 14: Security. Operating System Concepts Essentials 8 th Edition

Chapter 15: Security. Operating System Concepts 9 th Edition

19.1. Security must consider external environment of the system, and protect it from:

Security. Reading: Chapter 15, [OSC] (except Section 15.9)

Module 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Cryptographic Concepts

(2½ hours) Total Marks: 75

Overview. SSL Cryptography Overview CHAPTER 1

Encryption. INST 346, Section 0201 April 3, 2018

CS Computer Networks 1: Authentication

Chapter 19 Security. Chapter 19 Security

Most Common Security Threats (cont.)

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

e-commerce Study Guide Test 2. Security Chapter 10

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

System and Network Security

Distributed Systems. Lecture 14: Security. 5 March,

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Protection and Security. Sarah Diesburg Operating Systems CS 3430

14. Internet Security (J. Kurose)

Protection and Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Kurose & Ross, Chapters (5 th ed.)

Lecture 1 Applied Cryptography (Part 1)

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

KALASALINGAM UNIVERSITY

Cryptography (Overview)

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Network Security and Cryptography. 2 September Marking Scheme

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Security. Communication security. System Security

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

SE420 Software Quality Assurance

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Verteilte Systeme (Distributed Systems)

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

UNIT - IV Cryptographic Hash Function 31.1

David Wetherall, with some slides from Radia Perlman s security lectures.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

CSC 474/574 Information Systems Security

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

1.264 Lecture 28. Cryptography: Asymmetric keys

CPSC 467b: Cryptography and Computer Security

Computers and Security

Firewalls, Tunnels, and Network Intrusion Detection

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Chapter 9: Key Management

Cryptographic Checksums

CHAPTER 8 SECURING INFORMATION SYSTEMS

Security: Cryptography

CSC 8560 Computer Networks: Network Security

Network Security Issues and Cryptography

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Protection and Security

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

Information Security CS 526

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Introduction to Cryptography. Vasil Slavov William Jewell College

Computer Networks. Wenzhong Li. Nanjing University

Security Requirements

CSC 774 Network Security

CS 161 Computer Security

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Network Security and Cryptography. December Sample Exam Marking Scheme

Digital Certificates Demystified

Hacking Terminology. Mark R. Adams, CISSP KPMG LLP

Public Key Cryptography

CS 356 Internet Security Protocols. Fall 2013

Introduction and Overview. Why CSCI 454/554?

Distributed Systems Principles and Paradigms. Chapter 09: Security

CIS 4360 Secure Computer Systems Symmetric Cryptography

SMart esolutions Information Security

Internet and Intranet Protocols and Applications

CSC/ECE 774 Advanced Network Security

Transcription:

Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Firewalling to Protect Systems and Networks An Example: Windows XP 15.2 Silberschatz, Galvin and Gagne 2005 1

Objectives To discuss security threats and attacks To explain the fundamentals of encryption, authentication, and hashing To examine the uses of cryptography in computing To describe the various countermeasures to security attacks 15.3 Silberschatz, Galvin and Gagne 2005 The Security Problem Protection is strictly an internal problem: How do we provide controlled access to programs and data stored in a computer system? Security must consider external environment of the system, and protect the system resources from: unauthorized access. Intentional (malicious) modification or destruction. accidental introduction of inconsistency. Protection mechanisms work well only as long as the users conform to the intended use of and access to the system resources Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attacks can be accidental or malicious Easier to protect against accidental than malicious misuse 15.4 Silberschatz, Galvin and Gagne 2005 2

Security Violations Categories Breach of confidentiality: unauthorized reading of data Breach of integrity: unauthorized modification of data. Breach of availability: unauthorized destruction of data. Web-site defacement Theft of service: unauthorized use of resources. Install a daemon to act as a web server Denial of service: Preventing legitimate use of the system 15.5 Silberschatz, Galvin and Gagne 2005 Program Threats Trojan Horse It is a code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users A text-editor program, for example, may include code to search the file to be edited for certain keywords. If any are found, the entire file may be copied to a special area accessible to the creator of the text editor. a program that emulates a login program Spyware, pop-up browser windows, covert channels :capture information from the user's system and return it to a central site. Later used to send spam theft of service All due to violation of the principle of least privilege. a user may run with more privileges than necessary an operating system may allow by default more privileges than a normal user needs 15.6 Silberschatz, Galvin and Gagne 2005 3

Program Threats (contd( contd) Trap Door The designer of a program or system might leave a hole in the software that only she is capable of using (usually to bypass some normal check) Specific user identifier or password that circumvents normal security procedures Could be included in a compiler Generated in each code compiled!!!! Difficult to detect. Logic Bomb Program that initiates a security incident under certain circumstances (date, sequence of input, external trigger, etc) a piece of code written by one of a company s (currently employed) programmers and secretly inserted into the production operating system. If, for example, the logic bomb does not get fed its daily (or weekly or monthly, etc) password, so it goes off Difficult to detect. 15.7 Silberschatz, Galvin and Gagne 2005 Program Threats (Cont.) Viruses Code fragment embedded in legitimate program Very specific to CPU architecture, operating system, applications most disruptive security attack Usually borne via email or as a macro Visual Basic Macro to reformat hard drive Sub AutoOpen() Dim ofs Set ofs = CreateObject( Scripting.FileSystemObject ) vs = Shell( c:command.com /k format c:,vbhide) End Sub 15.8 Silberschatz, Galvin and Gagne 2005 4

Program Threats (contd( contd) Stack and Buffer Overflow most common way for an attacker outside the system, on a network or dial-up connection, to gain unauthorized access to the target system Might be used also by an authorized user to gain more privileged access Exploits a bug in a program (overflow either the stack or memory buffers) Programmers neglect input bound checking, so the attacker sends more data than the program was expecting Using trial and error (or inspecting the code), an attacker can do: 1. Overflow an input field, command-line argument, or input buffer until it writes into the stack. 2. Overwrite the current return address on the stack with the address of the exploit code loaded in step 1 3. Write a simple set of code for the next space in the stack that includes the commands that the attacker wishes to execute 15.9 Silberschatz, Galvin and Gagne 2005 Modified Shell Code An attacker could execute a buffer overflow attack. The goal is to replace the return address in the stack frame so that it now points to the code segment containing the attacking program. Consider this code #include <stdio.h> int main(int argc, char *argv[]) { execvp( \bin\sh, \bin \sh, NULL); return 0; } This code creates a shell process using the execvp() system call. If the program being attacked runs with system-wide permissions, this newly created shell will gain complete access to the system. 15.10 Silberschatz, Galvin and Gagne 2005 5

Hypothetical Stack Frame Before attack After attack 15.11 Silberschatz, Galvin and Gagne 2005 Buffer-Overflow:The Attack Using a debugger, the programmer then finds the address of buffer[0] in the stack That address is the location of the code the attacker wants executed the binary sequence of the attacker s code is appended with the necessary amount of NO-OP instructions to fill the stack frame up to the location of the return address Then, the location of buffer [0], the new return address, is added Finally, The attack is complete when the attacker gives this constructed binary sequence as input to the process The process then copies the binary sequence from argv [1] to position buffer [0] in the stack frame. Now, when control returns from main (), instead of returning to the location specified by the old value of the return address, we return to the modified shell code, which runs with the access rights of the attacked process! One solution to this problem is for the CPU to have a feature that disallows execution of code in a stack section of memory 15.12 Silberschatz, Galvin and Gagne 2005 6

System and Network Threats Abuse of services and network connections Worms use spawn mechanism; standalone program; degrade performance Internet worm Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs Grappling hook program uploaded main worm program Port scanning Automated attempt to connect to a range of ports on one or a range of IP addresses a means for a cracker to detect a system's vulnerabilities, then if exist to attack them. Nmap: a tool that determines what services are running on a host Denial of Service: not stealing info, but disrupting legitimate use of a system. Overload the targeted computer preventing it from doing any useful work frequently easier than breaking into a machine, and generally network based. Distributed denial-of-service (DDOS) come from multiple sites at once Here is a one-line program that used to wipe out any UNIX system: main() {while (1)fork();} 15.13 Silberschatz, Galvin and Gagne 2005 Cryptography as a Security Tool Broadest security tool available Source and destination of network messages cannot be trusted without cryptography In an isolated computer, the operating system can reliably determine the sender and recipient of all interprocess communication Means to constrain potential senders (sources) and / or receivers (destinations) of messages Based on secrets (keys) that is supposed to be known only by the sender and the receiver. keys are designed so that it is not computationally feasible to derive them from the messages they were used to generate or from any other public information Standard cryptographic practice is to assume that attacker knows the algorithm used to encipher the plaintext, but not the specific cryptographic key 15.14 Silberschatz, Galvin and Gagne 2005 7

Secure Communication over Insecure Medium 15.15 Silberschatz, Galvin and Gagne 2005 Encryption algorithm consists of Set of K keys Set of M Messages Encryption Set of C ciphertexts (encrypted messages) A function E : K (M C). That is, for each k K, E(k) is a function for generating ciphertexts from messages. Both E and E(k) for any k should be efficiently computable functions. A function D : K (C M). That is, for each k K, D(k) is a function for generating messages from ciphertexts. Both D and D(k) for any k should be efficiently computable functions. An encryption algorithm must provide this essential property: Given a ciphertext c C, a computer can compute m such that E(k)(m) = c only if it possesses D(k). Thus, a computer holding D(k) can decrypt ciphertexts to the plaintexts used to produce them, but a computer not holding D(k) cannot decrypt ciphertexts. Since ciphertexts are generally exposed (for example, sent on the network), it is important that it be infeasible to derive D(k) from the ciphertexts 15.16 Silberschatz, Galvin and Gagne 2005 8

Symmetric Encryption Same key used to encrypt and decrypt E(k) can be derived from D(k), and vice versa DES is most commonly used symmetric block-encryption algorithm (created by US Govt) Encrypts a block of data at a time (Block cipher) DES works by taking a 64-bit value and a 56-bit key and performing a series of transformations to that data Transformations algorithms can be known or unknown (S-box) cipher-block chaining: chunks are not just encrypted but also XORed with the previous ciphertext block before encryption Triple-DES considered more secure (DES repeated 3 times) two encryptions and one decryption, using two or three keys each time 15.17 Silberschatz, Galvin and Gagne 2005 Symmetric Encryption (contd( contd) Advanced Encryption Standard (AES) Replaces DES Compact and efficient. Uses 128, 192, 356 key lengths twofish fast, compact, and easy to implement. key length of up to 256 bits and works on 128-bit blocks RC4 is most common symmetric stream cipher, but known to have vulnerabilities Encrypts/decrypts a stream of bytes (i.e wireless transmission) Key is a input to psuedo-random-bit generator Generates an infinite keystream: an infinite set of keys that can be used for the input plaintext stream. 15.18 Silberschatz, Galvin and Gagne 2005 9

Asymmetric Encryption Uses different encryption and decryption keys Public-key encryption based on each user having two keys: public key published key used to encrypt data private key key known only to individual user used to decrypt data Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme Most common is RSA block cipher Efficient algorithm for testing whether or not a number is prime No efficient algorithm is know for finding the prime factors of a number 15.19 Silberschatz, Galvin and Gagne 2005 Asymmetric Encryption (Cont.) Formally, it is computationally infeasible to derive D(k d, N) from E(k e, N), and so E(k e, N) need not be kept secret and can be widely disseminated E(k e, N) (or just k e ) is the public key D(k d, N) (or just k d ) is the private key N is the product of two large, randomly chosen prime numbers p and q (for example, p and q are 512 bits each) Encryption algorithm is E(k e, N)(m) = m k e mod N, where k e satisfies k e k d mod (p 1)(q 1) = 1 The decryption algorithm is then D(k d, N)(c) = c k d mod N 15.20 Silberschatz, Galvin and Gagne 2005 10

Asymmetric Encryption Example For example. make p = 7and q = 13 We then calculate modulus N = 7 13 = 91 and (p 1)(q 1) = 72 We next select k e relatively prime to 72 and< 72, yielding 5 Finally,we calculate k d such that k e k d mod 72 = 1, yielding 29 We now have our keys Public key, k e, N = 5, 91 Private key, k d, N = 29, 91 Encrypting the message 69 with the public key results in the cyphertext 62 Cyphertext can be decoded with the private key Public key can be distributed in cleartext to anyone who wants to communicate with holder of public key 15.21 Silberschatz, Galvin and Gagne 2005 Example 2 Step 1. Pick two large primes p and q (really should be 150 digits or so) We pick 13 and 19. Calculate modulus N = p*q. N = 13*19 = 247. Step 2. Find e so that e is relatively prime to (p-1)*(q-1). For the above p and q, (p-1)*(q-1) = 12*18 = 216. I choose e = 11. (e, N) is the public key. So I let everyone know my public key is (11, 247) Step 3. Find private key. Find a number d so the e*d = 1 mod(p-1)*(q- 1). this means that 11*d = 1 mod 216. It turns out that d = 59 works. (11*59 = 649 and 649 divided by 216 is 3 with remainder 1) I keep my d = 59 secret! 15.22 Silberschatz, Galvin and Gagne 2005 11

Example 2 (contd( contd) Someone else wants to send me a message. The message is changed into a number (change to ASCII in hex, then compute in decimal), say m = 102. The sender encrypts m by the formula c = m e mod N. For this message, using my public key we need to compute c = 102 11 mod 247 computation: 102 1 = 102 mod 247 102 2 = 30 mod 247 102 4 = 30 2 = 159 mod 247 102 8 = 159 2 = 87 mod 247 102 11 = 102 8 * 102 2 * 102 1 = 87 * 30 * 102 = 201 mod 247 The encrypted message sent to me is c = 201. 15.23 Silberschatz, Galvin and Gagne 2005 Example 2 (contd( contd) Reading my message Use the formula m = c d mod N. I need to find m = 201 59 mod 247 computation: 201 1 = 201 mod 247 201 2 = 140 mod 247 201 4 = 1402 = 87 mod 247 201 8 = 872 = 159 mod 247 201 16 = 1592 = 87 mod 247 201 32 = 872 = 159 mod 247 201 59 = 201 32 * 201 16 * 201 8 * 201 2 * 201 1 = 159 * 87 * 159 * 140 * 201 mod 247 = 102 mod 247, so my message is 102 15.24 Silberschatz, Galvin and Gagne 2005 12

Encryption and Decryption using RSA Asymmetric Cryptography 15.25 Silberschatz, Galvin and Gagne 2005 Cryptography (Cont.) Note symmetric cryptography based on transformations, asymmetric based on mathematical functions Asymmetric much more compute intensive Typically not used for bulk data encryption Used for encryption of small amounts of data, authentication, confidentiality, and key distribution 15.26 Silberschatz, Galvin and Gagne 2005 13

Authentication Hash Functions Basis of authentication Creates small, fixed-size block of data (message digest, hash value) from m Hash Function H must be collision resistant on m Must be infeasible to find an m m such that H(m) = H(m ) If H(m) = H(m ), then m = m The message has not been modified Common message-digest functions include MD5, which produces a 128- bit hash, and SHA-1, which outputs a 160-bit hash Message digests are useful for detecting changed messages but are not useful as authenticators H(m) can be sent along with a message; but if H is known, then someone could modify m and recompute H(m), and the message modification would not be detected. Therefore, an authentication algorithm takes the message digest and encrypts it. 15.27 Silberschatz, Galvin and Gagne 2005 Authentication Algorithms - MAC Based on Symmetric encryption used in authentication algorithm a cryptographic checksum (message-authentication code MAC ) is generated from the message using a secret key. Simple example: MAC defines S(k)(m) = f (k, H(m)) Where f is a function that is one-way on its first argument k cannot be derived from f (k, H(m)) Because of the collision resistance in the hash function, reasonably assured no other message could create the same MAC A suitable verification algorithm is V(k)(m, a) ( f (k,m) = a) Note that k is needed to compute both S(k) and V(k), so anyone able to compute one can compute the other 15.28 Silberschatz, Galvin and Gagne 2005 14

Authentication Digital Signature Based on asymmetric keys and digital signature algorithm Authenticators produced are digital signatures In a digital-signature algorithm, computationally infeasible to derive S(k s ) from V(k v ) V is a one-way function Thus, k v is the public key and k s is the private key Consider the RSA digital-signature algorithm Similar to the RSA encryption algorithm, but the key use is reversed Digital signature of message S(k s )(m) = H(m) k s mod N The key k s again is a pair d, N, where N is the product of two large, randomly chosen prime numbers p and q Verification algorithm is V(k v )(m, a) (a k v mod N = H(m)) Where k v satisfies k v k s mod (p 1)(q 1) = 1 15.29 Silberschatz, Galvin and Gagne 2005 Authentication (Cont.) Encryption can prove the identity of the sender of a message, then why do we need separate authentication algorithms Fewer computations (except for RSA digital signatures) Authenticator usually shorter than message improves space use and transmission time efficiency. Sometimes want authentication but not confidentiality Signed patches et al Can be basis for non-repudiation Nonrepudiation assures that a person filling out an electronic form, for example, cannot deny that he did so. 15.30 Silberschatz, Galvin and Gagne 2005 15

Key Distribution Delivery of symmetric key is huge challenge Sometimes done out-of-band do not scale well Asymmetric keys can proliferate stored on key ring keys be exchanged in public One private key only for a user Even asymmetric key distribution needs care man-in-themiddle attack 15.31 Silberschatz, Galvin and Gagne 2005 Man-in in-the-middle Attack on Asymmetric Cryptography 15.32 Silberschatz, Galvin and Gagne 2005 16

Digital Certificates We need proof of who or what owns a public key, to mitigate the man-in-the-middle-attack use a digital certificate It is a public key digitally signed by a trusted party Trusted party receives proof of identification from entity and certifies that public key belongs to entity Certificate authority are trusted party their public keys included with web browser distributions They vouch for other authorities via digitally signing their keys, and so on 15.33 Silberschatz, Galvin and Gagne 2005 Encryption Example - SSL Insertion of cryptography at one layer of the ISO network model (the transport layer) SSL Secure Socket Layer (also called TLS) Cryptographic protocol that limits two computers to only exchange messages with each other Very complicated, with many variations Used between web servers and browsers for secure communication (credit card numbers) The server is verified with a certificate assuring client is talking to correct server Asymmetric cryptography used to establish a secure session key (symmetric encryption) for bulk of communication during session Communication between each computer then uses symmetric key cryptography 15.34 Silberschatz, Galvin and Gagne 2005 17

User Authentication Crucial to identify user correctly, as protection systems depend on user ID User identity most often established through passwords, can be considered a special case of either keys or capabilities Also can include something user has (card) and /or a user attribute (fingerprint) A password can be associated with each object or user. Passwords must be kept secret Frequent change of passwords Use of non-guessable passwords (can t help in brute force) Log all invalid access attempts Don t write it down!!! (especially if it is hard to remember) Don t share your ID with someone else Passwords may also either be encrypted or allowed to be used only once 15.35 Silberschatz, Galvin and Gagne 2005 Firewalling to Protect Systems and Networks A network firewall is placed between trusted and untrusted hosts The firewall limits network access between these two security domains Vulnerabilities: can be tunneled or spoofed Tunneling allows disallowed protocol to travel within allowed protocol (i.e. telnet inside of HTTP) Spoofed: an unauthorized host pretends to be an authorized host by meeting some authorization criterion. Firewall rules typically based on host name or IP address which can be spoofed Personal firewall is software layer on given host Can monitor / limit traffic to and from the host Application proxy firewall understands application protocol and can control them (i.e. SMTP) System-call firewall monitors all important system calls and apply rules to them (i.e. this program can execute that system call) 15.36 Silberschatz, Galvin and Gagne 2005 18

Network Security Through Domain Separation Via Firewall a network firewall can separate a network into multiple domains Un-trusted domain; DMZ Company\s computers Connections are allowed from the Internet to the DMZ computers And, from the company computers to the Internet but are not allowed from the Internet or DMZ computers to the company computers. 15.37 Silberschatz, Galvin and Gagne 2005 Example: Windows XP Security is based on user accounts Each user has unique security ID Login to ID creates security access token Includes security ID for user, for user s groups, and special privileges Every process gets copy of token System checks token to determine if access allowed or denied Uses a subject model to ensure access security. A subject tracks and manages permissions for each program that a user runs Each object in Windows XP has a security attribute defined by a security descriptor For example, a file has a security descriptor that indicates the access permissions for all users 15.38 Silberschatz, Galvin and Gagne 2005 19

End of Chapter 15 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback