slide 14-1 copyright © 2004 pearson education, inc. operating systems: a modern perspective,...
TRANSCRIPT
![Page 1: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/1.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-1
Copyright © 2004 Pearson Education, Inc.
![Page 2: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/2.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-2
Copyright © 2004 Pearson Education, Inc.
14Protectionand Security
![Page 3: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/3.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-3
Copyright © 2004 Pearson Education, Inc.
Allowing Only Authorized Access
UnauthorizedAccess
AuthorizedAccess
AuthenticationAuthorization
SecureEntity
Subject
Subject
![Page 4: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/4.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-4
Copyright © 2004 Pearson Education, Inc.
Policy & Mechanism
• Protection mechanisms are tools used to implement security policies– Authentication– Authorization– Cryptography
• A security policy reflects an organization’s strategy for authorizing access to the computer’s resources only to authenticated parties– Accountants have access to payroll files– OS processes have access to the page table– Client process has access to information provided by a
server
![Page 5: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/5.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-5
Copyright © 2004 Pearson Education, Inc.
Cryptographically Protected Information
SecureElement
SecureElement
Secure Environment Secure Environment
Secure Container
![Page 6: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/6.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-6
Copyright © 2004 Pearson Education, Inc.
Windows 2000 Logon
Security Reference Monitor(SRM)
Security Reference Monitor(SRM)
NetlogonNetlogon
ActiveDirectory
ActiveDirectory
LSA*Server
LSA*Server
SAM**Server
SAM**Server
Local Security Authority Subsystem(Lsass)
* Local Security Authority** Security Accounts Manager (SAM)
SAMSAMActiveDirectory
ActiveDirectory
LSAPolicy
LSAPolicy
Winlogonprocess
Winlogonprocess
User Space
Supervisor Space
Authentic.Authentic.
Network
![Page 7: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/7.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-7
Copyright © 2004 Pearson Education, Inc.
Security Goals
Resource X
Resource W
Resource Y
Resource ZProcess A
Process B
Process C
• Authentication• Authorization
read
read/write read
read/write
Machine X
Machine Y
![Page 8: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/8.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-8
Copyright © 2004 Pearson Education, Inc.
Authentication
• User/process authentication– Is this user/process who it claims to be?
• Passwords
• More sophisticated mechanisms
• Authentication in networks– Is this computer who it claims to be?
• File downloading
• Obtaining network services
• The Java promise
![Page 9: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/9.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-9
Copyright © 2004 Pearson Education, Inc.
Authorization
• Is this user/process allowed to access the resource under the current policy?
• What type of access is allowable?– Read– Write– Execute– Append
![Page 10: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/10.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-10
Copyright © 2004 Pearson Education, Inc.
Lampson’s Protection Model
• Active parts (e.g., processes)– Operate in different domains– Subject is a process in a domain
• Passive parts are called objects• Want mechanism to implement different
security policies for subjects to access objects– Many different policies must be possible– Policy may change over time
![Page 11: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/11.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-11
Copyright © 2004 Pearson Education, Inc.
A Protection System
Subjects
XS
Objects
•S desires access to X
![Page 12: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/12.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-12
Copyright © 2004 Pearson Education, Inc.
A Protection System
Subjects
XS
Objects
ProtectionState
•S desires access to X•Protection state reflects current ability to access X
![Page 13: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/13.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-13
Copyright © 2004 Pearson Education, Inc.
A Protection System
Subjects
XS
Objects
ProtectionState
StateTransition•S desires access to X
•Protection state reflects current ability to access X•Authorities can change
![Page 14: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/14.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-14
Copyright © 2004 Pearson Education, Inc.
A Protection System
Subjects
XS
Objects
ProtectionState
StateTransition
Rules
•S desires access to X•Protection state reflects current ability to access X•Authorities can change•What are rules for changing authority?
![Page 15: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/15.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-15
Copyright © 2004 Pearson Education, Inc.
A Protection System
Subjects
XS
Objects
ProtectionState
StateTransition
Rules
Policy
•S desires access to X•Protection state reflects current ability to access X•Authorities can change•What are rules for changing authority?•How are the rules chosen?
![Page 16: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/16.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-16
Copyright © 2004 Pearson Education, Inc.
Protection System Example
S X
•S desires access to X
![Page 17: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/17.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-17
Copyright © 2004 Pearson Education, Inc.
Protection System Example
S
X
Access matrix
S X
•S desires access to X•Captures the protection state
![Page 18: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/18.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-18
Copyright © 2004 Pearson Education, Inc.
Protection System Example
S
X
Access matrix
SAccess
authentication
(S,
, X)
X
•S desires access to X•Captures the protection state•Generates an unforgeable ID
![Page 19: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/19.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-19
Copyright © 2004 Pearson Education, Inc.
Protection System Example
S
X
SAccess
authenticationMonitor
(S,
, x)
X
•S desires access to X•Captures the protection state•Generates an unforgeable ID•Checks the access against the protection state
![Page 20: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/20.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-20
Copyright © 2004 Pearson Education, Inc.
Protection State Example
S1
S2
S3
S1 S2 S3 F1 F2 D1 D2
control
control
control
blockwakeupowner
controlowner
stop
delete executeowner
owner update owner seek*
read*write*
seek owner
![Page 21: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/21.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-21
Copyright © 2004 Pearson Education, Inc.
A Protection System
Subjects
XS
Objects
ProtectionState
StateTransition
Rules
Policy
Handling state changes
![Page 22: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/22.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-22
Copyright © 2004 Pearson Education, Inc.
Policy Rules Example
S1
S2
S3
S1 S2 S3 F1 F2 D1 D2
control
control
control
blockwakeupowner
controlowner
stop
delete executeowner
owner update owner seek*
read*write*
seek owner
Rule Command by S0 Authorization Effect1 transfer(|*) to (S, X) *A[S0, X] A[S, X] = A[S, X]{|*}2 grant(|*) to (S, X) ownerA[S0, X] A[S, X] = A[S, X]{|*}3 delete from (S, X) controlA[S0, S] A[S, X] = A[S, X]-{}
orownerA[S0, X]
Rules for a Particular Policy
![Page 23: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/23.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-23
Copyright © 2004 Pearson Education, Inc.
Protection Domains
• Lampson model uses processes and domains -- how is a domain implemented?– Supervisor/user hardware mode bit– Software extensions -- rings
• Inner rings have higher authority– Ring 0 corresponds to supervisor mode– Rings 1 to S have decreasing protection, and
are used to implement the OS– Rings S+1 to N-1 have decreasing protection,
and are used to implement applications
![Page 24: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/24.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-24
Copyright © 2004 Pearson Education, Inc.
Protection Domains (cont)• Ring crossing is a domain change• Inner ring crossing rights amplification
– Specific gates for crossing– Protected by an authentication mechanism
• Outer ring crossing uses less-protected objects– No authentication– Need a return path– Used in Multics and Intel 80386 (& above)
hardware
![Page 25: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/25.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-25
Copyright © 2004 Pearson Education, Inc.
A Two-level Domain Architecture
Supv
User
![Page 26: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/26.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-26
Copyright © 2004 Pearson Education, Inc.
The General Ring Architecture
R0
R1
R2
…
Ri
…
![Page 27: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/27.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-27
Copyright © 2004 Pearson Education, Inc.
Implementing the Access Matrix• Usually a sparse matrix
– Too expensive to implement as a table– Implement as a list of table entries
• Column oriented list is called an access control list (ACL)– List kept at the object– UNIX file protection bits are one example
• Row oriented list is a called a capability list– List kept with the subject (i.e., process)– Kerberos ticket is a capability– Mach mailboxes protected with capabilities
![Page 28: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/28.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-28
Copyright © 2004 Pearson Education, Inc.
Access Control Lists Derived from an Access Matrix
Res
ourc
e D
escr
ipto
r
S
X
X
X
X
X
X
• Store the Access Matrix by columns
• Each ACL is kept at the object
• UNIX file protection bits are one example
• Windows resource managers also use ACLs for protection
Res
ourc
e D
escr
ipto
r
Res
ourc
e D
escr
ipto
r
![Page 29: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/29.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-29
Copyright © 2004 Pearson Education, Inc.
Capability Lists Derived from an Access Matrix
• Store the Access Matrix by rows
• List kept with the subject (i.e., process)
• Examples– Ticket to a concert
– Kerberos ticket
– Mach mailboxes
S
X
S
S
S
Process Descriptor
Process Descriptor
Process Descriptor
S
S
![Page 30: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/30.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-30
Copyright © 2004 Pearson Education, Inc.
More on Capabilities
• Provides an address to object from a very large address space
• Possession of a capability represents authorization for access
• Implied properties:– Capabilities must be very difficult to guess– Capabilities must be unique and not reused– Capabilities must be distinguishable from
randomly generated bit patterns
![Page 31: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/31.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-31
Copyright © 2004 Pearson Education, Inc.
Cryptography
• Information can be encoded using a key when it is written (or transferred) -- encryption
• It is then decoded using a key when it is read (or received) -- decryption
• Very widely used for secure network transmission
![Page 32: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/32.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-32
Copyright © 2004 Pearson Education, Inc.
More on Cryptography
plaintext ciphertext
encryption
decryption
![Page 33: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/33.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-33
Copyright © 2004 Pearson Education, Inc.
More on Cryptography
plaintext plaintextEncryptEncrypt DecryptDecrypt
Ke Kd
C = EKe(plaintext)
![Page 34: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/34.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-34
Copyright © 2004 Pearson Education, Inc.
More on Cryptography
plaintext EncryptEncrypt DecryptDecrypt
Ke Kd
C = EKe(plaintext)
InvaderInvaderSide information plaintext
plaintext
![Page 35: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/35.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-35
Copyright © 2004 Pearson Education, Inc.
Cryptographic Systems
Cryptographic Systems
Conventional Systems Modern Systems
Private Key Public Key
•Ke and Kd are essentially the same
•Ke and Kd are private
•Ke is public•Kd is private
![Page 36: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/36.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-36
Copyright © 2004 Pearson Education, Inc.
KerberosAuthentication
Server
Client
Server
![Page 37: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/37.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-37
Copyright © 2004 Pearson Education, Inc.
KerberosAuthentication
Server
Client
Server
Client ID
Session Key
Session Key
Encrypted for clientEncrypted for server
Ticket
![Page 38: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/38.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-38
Copyright © 2004 Pearson Education, Inc.
KerberosAuthentication
Server
Client
Server
Client ID
Session Key
Session Key
Encrypted for clientEncrypted for server
Ticket Session Key
![Page 39: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/39.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-39
Copyright © 2004 Pearson Education, Inc.
KerberosAuthentication
Server
Client
Server
Client ID
Session Key
Session Key
Encrypted for clientEncrypted for server
Ticket
Client ID
Session Key
Ticket
Session Key
Client ID
Session Key
![Page 40: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/40.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-40
Copyright © 2004 Pearson Education, Inc.
The DES AlgorithmPlainText
PlainText
64-bit Block64-bit Block
64-bit Block64-bit Block
Lj-1Lj-1 Rj-1
Rj-1
IPIP
ff Kj = (K, j)
Rj-1Rj-1Rj-1
Rj-1
64-bit Block64-bit Block
64-bit Block64-bit Block
IP-1IP-1
![Page 41: Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5](https://reader035.vdocuments.mx/reader035/viewer/2022062404/551c49e0550346a5458b49a7/html5/thumbnails/41.jpg)
Operating Systems: A Modern Perspective, Chapter 5
Slide 14-41
Copyright © 2004 Pearson Education, Inc.
A Digital Rights Management System
InTransit
Raw
Consumable
Serve
Translate
Distribute
ContentRepository
Playback
RightsEditor
Query
Rights
Publisher
Consumer
AP
I
API
Admin
Distributor, etcStyleEditor
Style
Server
Client
•Other parties may contribute to rights spec