![Page 1: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/1.jpg)
Computer Security
Patricia RoyManatee Community College, Venice,
FL©2008, Prentice Hall
Chapters 14 and 15
Operating Systems:Internals and Design Principles, 6/E
William Stallings
![Page 2: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/2.jpg)
Computer Security Concepts
• Confidentiality– Data confidentiality– Privacy
• Integrity– Data integrity– System integrity
• Availability
![Page 3: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/3.jpg)
The Security Requirements Triad
![Page 4: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/4.jpg)
Additional Concepts
• Authenticity: verification, trusted source
• Accountability: e.g., trace security breach to a responsible party
![Page 5: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/5.jpg)
Disclosure
![Page 6: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/6.jpg)
Deception
![Page 7: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/7.jpg)
Disruption
![Page 8: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/8.jpg)
Usurpation
![Page 9: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/9.jpg)
Scope of System Security
![Page 10: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/10.jpg)
Assets
![Page 11: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/11.jpg)
Intruders
• Masquerader: non-authorized user exploiting authorized user’s account
• Misfeasor: legitimate user - non-authorized access to resources
• Clandestine user: seizing supervisory control for evasion
![Page 12: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/12.jpg)
Hacker
![Page 13: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/13.jpg)
Criminals
![Page 14: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/14.jpg)
Insiders
![Page 15: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/15.jpg)
Malware
• Parasitic (needs host – virus, logic bomb, backdoor) or self-contained (worm, bot)
• Replicate (virus, worm) or do not (activated by trigger – logic bomb, backdoor, bot)
![Page 16: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/16.jpg)
Backdoor
• Trapdoor
• Secret entry point to avoid usual security access procedure
• Useful for programmers debugging – maintenance hook
![Page 17: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/17.jpg)
Logic Bomb
• Embedded into legitimate program
• Explodes when certain conditions are met– Presence or absence of certain files– Particular day of the week– Particular user running application
![Page 18: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/18.jpg)
Trojan Horse
• Useful program that contains hidden code that when invoked performs some unwanted or harmful function
• Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly– User may set file permission so everyone has
access– login
![Page 19: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/19.jpg)
Mobile Code
• Transmitted from remote system to local system
• Executed on local system without the user’s explicit instruction
![Page 20: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/20.jpg)
Multiple-Threat Malware
• Multipartite virus infects in multiple ways
• Blended attack uses multiple methods
• Ex: Nimda has worm, virus, and mobile code characteristics
![Page 21: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/21.jpg)
Parts of Virus
• Infection mechanism
• Trigger
• Payload
![Page 22: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/22.jpg)
Virus Stages
• Dormant phase– Virus is idle
• Propagation phase– Virus places an identical copy of itself into
other programs or into certain system areas on the disk
22
![Page 23: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/23.jpg)
Virus Stages
• Triggering phase– Virus is activated to perform the function for
which it was intended– Caused by a variety of system events
• Execution phase– Function is performed
23
![Page 24: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/24.jpg)
Simple Virus
![Page 25: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/25.jpg)
Compression Virus
![Page 26: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/26.jpg)
Virus Classification by Target
• Boot sector infector: spreads when booting
• File infector: infects executable files
• Macro virus: Platform independent– Most infect Microsoft Word documents– Infect documents, not executable portions of
code– Easily spread– File system access controls are of limited use
in preventing spread
![Page 27: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/27.jpg)
Virus Classification by Concealment Strategy
• Encrypted virus– Random encryption key encrypts remainder of
virus
• Stealth virus– Hides itself from detection of antivirus
software, e.g., by compression
![Page 28: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/28.jpg)
Virus Classification by Concealment Strategy (2)
• Polymorphic virus– Mutates with every infection– Conceals ``signature’’
• Metamorphic virus– Mutates with every infection– Rewrites itself completely after every iteration– Might change behavior
![Page 29: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/29.jpg)
E-Mail Viruses
• Attachment
• Open e-mail
• Uses e-mail software to replicate
![Page 30: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/30.jpg)
Worms
• Use network connections to spread form system to system
• Electronic mail facility– A worm mails a copy of itself to other systems
30
![Page 31: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/31.jpg)
Worms
• Remote execution capability– A worm executes a copy of itself on another
system
• Remote log-in capability– A worm logs on to a remote system as a user
and then uses commands to copy itself from one system to the other
![Page 32: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/32.jpg)
Bots
• Zombie or drone
• Program secretly takes of another Internet-attached computer
• Launch attacks that are difficult to trace to bot’s creator
• Collection of bots is a botnet
• Spamming, sniffing traffic, keylogging, manipulating polls, distributed denial-of-service
![Page 33: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/33.jpg)
Rootkit
• Set of programs installed on a system to maintain administrator (or root) access to that system
• Hides its existence
![Page 34: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/34.jpg)
System Call Table Modification by Rootkit
![Page 35: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/35.jpg)
Authentication
• Basis for most type of access control and accountability
• Identification step
• Verification step
![Page 36: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/36.jpg)
Password-Based Authentication
• ID– Determines if use authorized to access
system– Determines privileges for user– Discretionary access control
![Page 37: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/37.jpg)
UNIX Password Scheme
![Page 38: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/38.jpg)
UNIX Password Scheme
![Page 39: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/39.jpg)
Famous Security Flaws
The TENEX – password problem
(a) (b) (c)
![Page 40: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/40.jpg)
Token-Based Authentication
• User posses object
• Memory cards
• Smart cards
![Page 41: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/41.jpg)
Biometrics - Cost versus Accuracy
![Page 42: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/42.jpg)
Access Control
• Discretionary access control– Based on identity of requestor, might enable
other entity to access resource
• Mandatory access control– Based on comparing security labels with
security clearances
• Role-based access control– Based on roles user has in system
![Page 43: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/43.jpg)
Extended Access Control Matrix
![Page 44: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/44.jpg)
Organization of the Access Control Function
![Page 45: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/45.jpg)
Users, Roles, and Resources
![Page 46: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/46.jpg)
Access Control Matrix Representation of RBAC
![Page 47: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/47.jpg)
Access Control Matrix Representation of RBAC
![Page 48: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/48.jpg)
Intrusion Detection
• Classification: Host-based and Network-based
• Components:– Sensors: Collect data– Analyzers– User interface
![Page 49: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/49.jpg)
Profiles of Behavior of Intruders and Authorized Users
![Page 50: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/50.jpg)
Host-Based IDSs
• Anomaly detection– Collection of data relating to behavior of
legitimated users over time
• Signature detection– Define set of rules or attack patters
![Page 51: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/51.jpg)
Audit Records
• Native audit records– Operating system accounting software
• Detection-specific audit records– Generate audit records required by the IDS
![Page 52: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/52.jpg)
Antivirus Approaches
• Detection
• Identification
• Removal
![Page 53: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/53.jpg)
Antivirus and Anti-Antivirus Techniques
(a) A program(b) Infected program(c) Compressed infected program(d) Encrypted virus(e) Compressed virus with encrypted compression code
![Page 54: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/54.jpg)
Generic Decryption
• CPU emulator
• Virus signature scanner
• Emulation control module
![Page 55: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/55.jpg)
Digital Immune System
![Page 56: Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,](https://reader031.vdocuments.mx/reader031/viewer/2022012918/5515d35f550346cf6f8b4726/html5/thumbnails/56.jpg)
Behavior-Blocking Software Operation