Announcements - Operating Systems - Notes | CMSC 412, Study notes of Operating Systems

Material Type: Notes; Professor: Hollingsworth; Class: Operating Systems; Subject: Computer Science; University: University of Maryland; Term: Spring 2003;

Typology: Study notes

Pre 2010

Uploaded on 07/30/2009

koofers-user-hle
koofers-user-hle 🇺🇸

9 documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
CMSC 412 – S02 (lect 21)
Announcements
zReading Chapter 19
zMT#2 re-grade requests due by end of class
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Announcements - Operating Systems - Notes | CMSC 412 and more Study notes Operating Systems in PDF only on Docsity!

Announcements

z^

Reading Chapter 19

z^

MT#2 re-grade requests due by end of class

Computer Threat Model

z^

must consider acceptable risks– value of item to be protected– $2,000 of computer time to steal 50 cents of data

  • this is a sufficient deter someone•^ but

computers keep getting faster

z^

Basic Ideas:– confine access to only the highest level needed

  • run programs as root only if needed• don’t give system access to all users

Authentication (cont.)

z^

How does a user know what computer they are using?

z^

Need to have

mutual authentication

  • computer presents some information that only it could contain– example: Windows -- to login
    • user software can’t trap that information• assumes that the kernel itself is secure

z^

telephone example:– never give banking/credit card info over the phone unless you

placed the phone call• i.e. you use the telco namespace for authentication

Example (UNIX passwords)

z^

use a function that is hard to invert–

“easy” to compute f(x) given x– hard to compute x given f(x)– the function used is a variation on the DES algorithm

-^ changes selected items in the transformation matrix to preventhardware attacks -^

store only f(x) in the filesystem

z^

to login:–

user supplies a password x’– compute f(x’) and compare to f(x) z^

salt–

add an extra two characters to x so that the same x will producedifferent values on different machines z^

dictionary attach–

if its to easy to compute f(x)– can “guess” many passwords and try them out

Viruses

z^

Most common on systems with little security– easy to write to boot blocks, system software– never run untrusted software with special privileges– Don’t perform daily operations with root/system privileges

z^

Possible to write system independent viruses– MS Word virus

  • uses macros to call into the OS

Access Matrix

z^

Abstraction of protection for objects in a system.– Rows are domains (users or groups of users)– Columns are objects (files, printers, etc.)– Items are methods permitted by a domain on an objects

  • read, write, execute, print, delete, …

z^

Representing the Table– simple representation (dense matrix) is large– sparse representation possible: each non-zero in the matrix– observation: same column used frequently

  • represent groups of users with a name and just store that
    • create a default policy for some objects without a value z^

Revocation of access– when are access rights checked?– selective revocation vs. global

Capabilities

z^

Un-forgeable Key to access something

z^

Implementation: a string– I.e. a long numeric sequence for a copier)

z^

Implementation: A protected memory region

  • tag memory (or procedures) with access rights
    • example - x86 call gate abstraction
      • permit rights amplification