★ ★★ Chapter 7: OS Security ★★ Instructor: Hengming Zou, Ph.D. CLACKs n Pursuit of Absolute simplici求于至筍,归于永恒二
1 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity求于至简,归于永恒
斗 长 Content ¥斗 ★★ o The securityenvironment o Basics of cryptography o User authentication s Intrusions and attacks o Protection mechanisms o Trusted systems
2 Content The security environment Basics of cryptography User authentication Intrusions and attacks Protection mechanisms Trusted systems
斗 长 Hardware Reality ¥斗 ★★ o Collection of processor, memory, disks, network interfaces that can be used by anyone to do anything o Or could tum it off, leaving you with hardware thatwon't do anything for anyone
3 Hardware Reality Collection of processor, memory, disks, network interfaces that can be used by anyone to do anything Or could turn it off, leaving you with hardware that won’t do anything for anyone
斗 长 Security Goals and Threats ¥斗 ★★ Goal Threat Data Confidentiali Exposure of data Data Integrity Tampering with data Personal Privacy Misuse of data System Availability Denial of service Acts of god
4 Security Goals and Threats Goal Threat Data Confidentiality Exposure of data Data Integrity Tampering with data Personal Privacy Misuse of data System Availability Denial of service Acts of God
斗 长 Security Threats ¥斗 ★★ s Natural or man-made disasters fires, floods, earthquake, wars o Hardware or software errors CPU malfunction, bad disk program bugs s Human errors dataentry, wrong tape mounted o Attacks by intruders or adversaries This is where we will focus in this lecture
5 Security Threats Natural or man-made disasters – fires, floods, earthquake, wars Hardware or software errors – CPU malfunction, bad disk, program bugs Human errors – data entry, wrong tape mounted Attacks by intruders or adversaries – This is where we will focus in this lecture
斗 长 Intrusion motive ¥斗 ★★ o Casual prying by non-technical users o Snooping by insiders o Determined attemptto make money o Commercial or militaryespionage
6 Intrusion Motive Casual prying by non-technical users Snooping by insiders Determined attempt to make money Commercial or military espionage
斗 长 Some Example Attacks ¥斗 ★★ o Spoof identity pretend to send a message from your IP address s Man-in-the-middle attack Eavesdrop and delete the original message Insert new message that pretends to be from original sender Replayold messages
7 Some Example Attacks Spoof identity – pretend to send a message from your IP address Man-in-the-middle attack – Eavesdrop and delete the original message – Insert new message that pretends to be from original sender – Replay old messages
斗 长 Security Elements ¥斗 ★★ o Data security not viewed by unauthorized personnel data are not tampered o System security Systems do not do things not supposed to do
8 Security Elements Data security – not viewed by unauthorized personnel – data are not tampered System security – Systems do not do things not supposed to do
斗 长 Security Elements ¥斗 ★★ o Static security Data stored are not compromised Achieved by access control and cryptography o Dynamic security Data in transit is not compromised Achieved by secure communication
9 Security Elements Static security – Data stored are not compromised – Achieved by access control and cryptography Dynamic security – Data in transit is not compromised – Achieved by secure communication
斗 长 Secure communication ¥斗 ★★ o Confidentiali Attacker should not be able to understand data ≈ Authentication: Assure receiver that message is from the right sender s Freshness. Attacker should not be able to replay an old request o Availability No denial-of-service
10 Secure Communication Confidentiality: – Attacker should not be able to understand data Authentication: – Assure receiver that message is from the right sender Freshness: – Attacker should not be able to replay an old request Availability: – No denial-of-service