Security and Protection

Security and ProtectionMotivation of securityA computer system can be anything you can think of, such as shared system, a web server, a bank ATM, a cable etc. So, we need to define security policies for each of the computer system to make it safe. for example in shared system, only an authorized user should be able to login and for payment protocol that will ensure fee payments for clients accessing a web pageOS security environmentOS provide secure environment to all the processes and applications that are based on it.When a set of tasks are given to the OS to be executed, OS analyze different aspects of securityOS security environment involves several aspects such as:Security goalsOS security environment componentsEnvironment considerationGoals of the securityBefore defining the goals we should know the following points

To thoroughly determine what is to be protectedTo identify how much protection is important or neededWhat are the harms, if security is penetrated or broken

Goals of the securitySome crucial security goals are:Identify the assets to be required: what are the critical security assets to be secured like any important information in a file stored in computer systemConfidentiality of information: Confidentialityis a set of rules or a promise that limits access or places restrictions on certain types ofinformation.Integrity of system: It means unauthorized users should not be able to modify the resource of a computer systemAvailability of system: Availabilityis the probability that a system will work as when required during the period of a mission.Components of OS security environmentIn general, an OS security environment comprises the following three layers

Service layerFiles layerMemory layerComponents of OS security environmentService layer: It has numerous effective feature:Authenticating usersProviding remote access to computer systemsPerforming administrative jobDetermining password protection strategiesFiles layer: Two main operation of file layer are:File sharing File permissionMemory layer: memory layer is the hardware component of a computer system, which stores data on the memoryOS security Environment considerationsThreats: are commonly in the form of internet attacks, physical attacks, masquerading etc. a threat may be a machine, a networking device or a human being.Intruders: are human being who try to access a computer system by stealing usernames and passwords of a legitimate usersAccidental data loss: refers to the loss of data saved on disk which may be inaccessible due to physical damage or any information overwritten accidentlyOS security Design principlesSome of the important ones are:

Security attackVirusWormsTrojan horseSecurity attacksFollowing is the list of some common types of attackWorms: refers to malicious program that can copy themselves and use network to send copies of themselves to other computersMalware: refers to malicious software that is designed to interrupt on-going computer operations, collect private information, and gain unauthorized access to your system resourceSpyware: refers to a type of malicious software that is installed on a users computer to monitor and gather information about his or her activities on that computerSpamming: refers to the act of posting bulk messages to several users simultaneously by a known or unknown sourceVirus: refers to the program that can replicate themselves and damage the data, .exe files, operating system and installed softwarePhishing: refers to a technique of obtaining personal information such as login name, password and credit card details through email and instant messagingDos: refers to a type of attack that consumes all the resources of your computer. Example: flooding the computer with junk mailsTrojan horse: refers to the destructive program that pretends to be harmless application but actually causes damage to the executable files on the computerVirusVirus is a harmful program that starts creating copies of itself on enter in a computerA computer virus cannot travel on its own and need to be attached with some other program or executable to move from one computer to anotherTypes of virusFile infectors: They infect program filesBoot sector viruses: They infect the files of operating system such as window 7Macro viruses: They infect data filesBasic characteristics of virusIt has the ability to replicate itselfIt has the ability to attach itself to another programIt needs an external action to activate itselfE-mail attachment, games and animations are examples of programs that generally carry viruses from one computer to anotherSymptoms of virus attacksComputer begins to run slowlyUnknown files or sub-directories are createdThe volume label of your hard disk changes mysteriouslyUnusual message and graphics appear on the computer screenHardware device begin to exhibit unusual behaviorHow computer viruses spread?A computer virus spreads from one computer to another in the following ways:Executed an infected files on the computerUsing infected external storage devices, such as CD, pen driveOpening infected e-mail attachmentsDownloading infected files and gaming software from the internetSurfing suspicious websites on the internetHow a computer virus works?/life cycle of a virus

After a virus attaches to an executable file, its life cycle beginsFollowing are the stages in the life cycles of the virus:Creation: represents the stage when a virus is first createdReplication: represents the stage when the virus creates new copies of itselfActivation: represents the stage in which the virus is triggered and starts causing damage to your computerLife cycle of virusDiscovery: represents the stage when virus is detected and isolatedAssimilation: represents the stage when the developers of anti-virus software modify their software so that it can detect the new virusEradication: represents the last stage when the updated anti-virus software is made available to users, they install it on their computers to remove the virusDamage caused by virusDestroy your file allocation table, this may eventually corrupt the entire file systemDeleting and removing files and program from your hard diskcreating duplicate files, thereby reducing the available space on your hard diskPreventing a virus attackAvoid the temptation to open email attachment and downloads from unreliable sourcesInstall only licensed softwareInstall reliable anti-virus scanning softwareScan files downloaded from the internet or the other external sources

WormsA computer worm is a self replicating program that uses the network to send its copy from one computer to another. Computer worms spread much more rapidly than computer virusesWorms use portions of an operating system, which are automatic and usually work in backgroundExamples of worms are sasser worm, blaster worm etc.

Basic characteristics of wormsAble to replicate itselfDoes not require other program to host itAble to replicate itself across network links

How worms spread?Worms are capable of moving and spreading themselves without the use of other program or involvement of a user by network

Damage caused by wormsIt generate system management problems. SomeWorms can also install trojan horse and other virus that cause harm to the computerTrojan horseTrojan horse refers to the term that comes from the greek story of the trojan warsA trojan horse are unauthorized programs placed inside a legitimate applicationFeatures of trojan horseAn attacker uses a trojan horse to illegitimately get access to a computer and view secret information such as password and harm the computerTrojan are generally downloaded with some other programs or application

Trojan horseTrojan horse is a complete program on its own and does not need any host program to attach itself toTrojan horses does not replicate themselvesExample: Diwali executable application, which when executed, displays the figure of goddess Laxmi and a caption saying Happy Diwali however, in background, malicious code could be deleting files or performing other harmful action in the computerTypes of trojan horseRemote access trojan (RAT)Backdoor trojans (backdoors)IRC trojanUser authenticationIn a secure system, OS determines the authentication of a user.Reason for authentication are as follows:Access control: computers need to control access to computer logins, updates, or restricted databasesAuthorization: transaction such as electronic payments need the user to be authorized to avoid fake transactionAuditing: it is sometimes useful to record the operations done by user even if no controls are in place. Such logs facilitate accountabilityAuthenticationAuthentication techniques are used to verify identity of users. The authentication of authorized users prevents unauthorized users from gaining access to corporate information systemAuthentication mechanism also prevent the authorized users from accessing the information that they are not authorized to viewData authentication means providing data integrity as well as that have been received from the individual who claimed to supply this informationauthorizationAuthorization is the procedure of controlling the access of authenticated users to the system users.An authorization system provides each user with exactly those rights granted to them by the administrator

Password based authenticationPassword is a front line protection against the unauthorized access (intruders) to the systemA password authenticate the identifier and provides security to the systemPassword vulnerability: password are more common and are easily guessed. The intruders always use a trail and error methodSome techniques that makes the task of guessing a password difficult as follows:Longer passwordsSalting the password tableSystem assistance in password selectionEncrypted passwords: instead of storing the name and passwords in plain text form, they are encrypted and stored in cipher text form in the tableOne time passwords: password sniffing problem is solved by one time passwords. In this method, the password is different in each instance. One time passwords are among the only ways to prevent improper authentication due to password exposurePassword selection strategies:User educationComputer generated passwordReactive password crackingProactive password crackingProtection mechanismProtection mechanism are implemented in operating system to support various security policiesComputer system consists of various hardware and software resource, called the objectsHardware: CPU, main memory, keyboard, mouseSoftware: processes, files, databases, semaphoreObjects must be protected from users/processes/programAccess rights define how various users/processes/programs can access various objectsProtection domainProtection domain is a collection of access rightsA protection state can be conceptualized as an access matrix.Each access rights in a protection domain are represented as an order pair with fields for the object name and its corresponding privilegesA domain is a set of (object, rights) pair.At every instant of time, each process runs in some protection domainProcesses can also move from one domain to other domain during executionProtection domain structureAccess-right = where rights-set is a subset of all valid operations that can be performed on the object Domain = set of access-rights

Protection domainThe rules for domain switching are highly system dependentEach file management system has its own method to control file access. The four most commonly used method are as follows:Access control matrixAccess control listsLock word controlAccess control matrixAccess control matrix is easy to implement.Access matrix contains rows and columnsRow is represented by domains and column is represented by objectsEach entry in the matrix consists of a set of access rightsAccess(i, j) is the set of operations that a process executing in Domaini can invoke on ObjectjThe intersection of the row and column contains the access rights for that user/process/program to that object32Access matrixDomain/objectSorting.cPayroll.cAbc.txtMaths.xlxSal.docPay.xlsprinterDomain1Read, writeRead, write, executeWriteDomain2ReadRead, write, execute

writedomain3ReadWriteRead, write, execute

Implementation of access matrixAccess control matrix is implemented by using four different methods:Global tableAccess list for objectsCapability listLock key mechanismGLOBAL TABLE

Global table: global table consists of three parameters i.e. Before performing operation on an object by the user in particular domain, global table is searched for the triples < domain, object, right set >If this is found, operation is successful otherwise error condition is generatedDrawback: global table cannot keep in main memory because of its large sizeAccess control listAccess control list is the modification of access control matrix.It maintains a record of only those entries that specify an access rightsEach object has a security attribute that identifies its access control listWhen subject send request for accessing an object, the operating system searches the access control list for that object to find any privileges for that user/process/programAccess control listEach column = Access-control list for one object Defines who can perform what operation

Domain 1 = Read, WriteDomain 2 = ReadDomain 3 = Read Each Row = Capability List (like a key)For each domain, what operations allowed on what objectsObject F1 ReadObject F4 Read, Write, ExecuteObject F5 Read, Write, Delete, Copy

Access control listFig: access matrixWe can express the same access constraints given in the above matrix with the by attaching the following ACCESS CONTROL LISTS to the four files shown:aaa -- Alice:R/W, Bob:R, Carol:Rbbb -- Alice:R, Bob:R/W, Carol:R, Dave:R/Wccc -- Alice:R, Carol:R/W, Dave:R/Wddd -- Bob:R, Carol:R, Dave:R

Capability listIf we can represent the access matrix using access control lists, one per column of the matrix, we can also do the same thing using rows.each row of the access matrix as a capability list Instead of object based, capability list is domain basedThus we have all access rights of one user together. Each pair consisting of an object name and the access rights to that object is called an accesscapability.These are stored in a data structure called acapability list

Capability listFig: access matrixThe corresponding capability list representation of this access matrix is:Alice -- aaa:R/W, bbb:R, ccc:RBob -- aaa:R, bbb:R/W, ddd:RCarol -- aaa:R, bbb:R, ccc:R/W, ddd:RDave -- bbb:R/W, ccc:R/W, ddd:R

Lock key mechanismCompromise between access lists and capability listsEach object has list of unique bit patterns, called locksEach domain as list of unique bit patterns called keysProcess in a domain can only access object if domain has key that matches one of the locks