Bugs, Buffer Overflow, Design Weaknesses - Operating Systems Design | CS 423, Study notes of Operating Systems

Material Type: Notes; Class: Operating Systems Design; Subject: Computer Science; University: University of Illinois - Urbana-Champaign; Term: Fall 2005;

Typology: Study notes

Pre 2010

Uploaded on 03/16/2009

koofers-user-1nb
koofers-user-1nb 🇺🇸

1

(1)

9 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Security – Part 3
Indranil Gupta
Lecture 39
Dec 2, 2005
CS423UG Operating Systems
CS 423UG - Operating Systems,
Indranil Gupta
2
Content
3 A’s (Golden A properties)
Security Flaws in Operating Systems
Attacks on O/S Security
Viruses and Worms
CS 423UG - Operating Systems,
Indranil Gupta
3
The 3 A’s
Authentication
Auditing
Authorization
CS 423UG - Operating Systems,
Indranil Gupta
4
1st A – Authentication
Alice is trying to log in. How does the
computer/system know it is actually Alice who is
trying to log in (and not the evil Zod)?
User Attributes: Something about the person –e.g.,
fingerprints, voice-prints, photographs, signatures.
User Possession: Something possessed by the
person – e.g., badges, id cards, keys.
User Knowledge: Something known by the person
e.g., passwords, lock combinations, mother-in-
law's maiden name.
CS 423UG - Operating Systems,
Indranil Gupta
5
One-Time Password
Extreme form of changing the passwords all the t ime
When one-time passwords are used, the us er gets a book
containing a list of passwords. Each login us es the next
password.
More elegant scheme by Leslie Lamport: us e one-way function
which has property: given x it is easy to find y = f(x), but given y
it is computationally infeasible to find x.
Protocol:
User picks a secret password ``s'' that he memorizes.
User picks an integer ``n'', which is how many one-time passwords
the algorithm is able to generate.
The first password is given by running the one-way function n
times:
The second password is give by running the one-way function n-1
times:
Note that given any password in the sequence, it is easy to
compute previous password, but impossible t o know the next
one in the sequence
CS 423UG - Operating Systems,
Indranil Gupta
6
Challenge-Response Authentication
New user provides a long list of questions
and answers which are securely stored.
When the user logs in, randomly a question
is asked and the server checks the answer.
Another variation
user picks an algorithm when signing up as a
user (e.g., ). When the user logs in, the server
sends the user an argument (e.g., 7), and the
user applies the agreed algorithms, and
responses (e.g., 49). The server applies the
algorithm as well as compares the answers.
pf3
pf4
pf5

Partial preview of the text

Download Bugs, Buffer Overflow, Design Weaknesses - Operating Systems Design | CS 423 and more Study notes Operating Systems in PDF only on Docsity!

Security – Part 3

Indranil GuptaLecture 39Dec 2, 2005

CS423UG Operating Systems

CS 423UG - Operating Systems,

Indranil Gupta

Content

3 A’s (Golden A properties)

Security Flaws in Operating Systems

Attacks on O/S Security

Viruses and Worms

CS 423UG - Operating Systems,

Indranil Gupta

The 3 A’s

Authentication

Auditing

Authorization

CS 423UG - Operating Systems,

Indranil Gupta

st

A – Authentication

Alice is trying to log in. How does the

computer/system know it is actually Alice who istrying to log in (and not the evil Zod)?

User Attributes

: Something about the person – e.g.,

fingerprints, voice-prints, photographs, signatures.

User Possession

: Something possessed by the

person – e.g., badges, id cards, keys.

User Knowledge

: Something known by the person

  • e.g., passwords, lock combinations, mother-in-law's maiden name.

CS 423UG - Operating Systems,

Indranil Gupta

One-Time Password



Extreme form of changing the passwords all the time



When one-time passwords are used, the user gets a bookcontaining a list of passwords. Each login uses the nextpassword.



More elegant scheme by Leslie Lamport: use one-way functionwhich has property: given x it is easy to find y = f(x), but given yit is computationally infeasible to find x.



Protocol:

User picks a secret password ``s'' that he memorizes.

User picks an integer ``n'', which is how many one-time passwordsthe algorithm is able to generate.

The first password is given by running the one-way function ntimes:

The second password is give by running the one-way function n-1times:



Note that given any password in the sequence, it is easy tocompute previous password, but impossible to know the nextone in the sequence

CS 423UG - Operating Systems,

Indranil Gupta

Challenge-Response Authentication

New user provides a long list of questionsand answers which are securely stored.

When the user logs in, randomly a questionis asked and the server checks the answer.

Another variation

user picks an algorithm when signing up as a

user (e.g., ). When the user logs in, the serversends the user an argument (e.g., 7), and theuser applies the agreed algorithms, andresponses (e.g., 49). The server applies thealgorithm as well as compares the answers.

CS 423UG - Operating Systems,

Indranil Gupta

Authentication Using a Physical Object



Magnetic cards

magnetic stripe cards

chip cards: stored value cards, smart cards

CS 423UG - Operating Systems,

Indranil Gupta

Authentication Using Biometrics

Use physical characteristics of the users thatare hard to forge for authentication, calledbiometrics.

Biometrics systems have two parts:enrollment and identification.

Fingerprint analysis

Retinal pattern analysis

Signature analysis

Voice biometrics

CS 423UG - Operating Systems,

Indranil Gupta

nd

A – Auditing

Auditing in computer systems involves immediatecomputer processing involving transactions thathave just occurred.

An

audit log

is a permanent record of important

events that occur within the system, producedautomatically when the events occur, and stored in aheavily protected area of the system.

Even if the system is compromised, the audit logmust remain intact.

Users should know of the existence of the audit log.That, in itself, is a significant deterrent.

The log is useless unless it is reviewed frequentlyand carefully, both periodically and at random times.

CS 423UG - Operating Systems,

Indranil Gupta

Internal Security and Security Kernels



To develop a highly secure system:

Ideally build the security into the design from the beginning.``Afterthought'' security measures don't work as well, but mostsystems today are built with performance in mind first.

Make the kernel of the operating system secure.

Implement critical security measures in the kernel.

Keep the kernel as small as possible (hard to do). It is easier tocheck it for flaws and to formally demonstrate its correctness.



Critical areas:

Access control

Logging

Monitoring

Management of central memory

Management of virtual storage

Management of the file system

CS 423UG - Operating Systems,

Indranil Gupta

Enhancing Security

More critical functions need to be implemented

in

hardware

, making them more secure and also

faster.

Penetrator entrapment

Systems should contain machinery to trap attempts atpenetration. This will tend to catch the less skilledpenetrators, and so is primarily a first line of defense.

Intruder detection

toolkits

Threshold values – e.g., discourage repeated loginattempts by setting a threshold on the number ofattempts allowed.

CS 423UG - Operating Systems,

Indranil Gupta

Security Flaws in Operating Systems



Authentication

E.g., a dummy program, pretending to be the signon program, asking forthe user's password and then storing it.



Line disconnect

When a line is disconnected with a user logged in over it, the system musteither log the user out, or at least put the line in a state in which the usermust re-authenticate his identity after reconnecting before proceeding withthe session.



Operator carelessness

E.g., tricking the operator into mounting a counterfeit operating systemdisk.



Residue

Interesting information often turns up in wastebaskets; use papershredders! Information is often left in central memory from a previous user,possibly a system routine; variables that contain sensitive informationshould be overwritten before being deallocated!



Shielding

One can inductively ``tap'' a cable, phone line, or in fact any wire overwhich information passes, without making physical connection to it.Electrical shielding can protect against this.



Passwords

Password guessing, etc.

CS 423UG - Operating Systems,

Indranil Gupta

Login Spoofing

(a) Correct login screen(b) Phony login screen

CS 423UG - Operating Systems,

Indranil Gupta

Logic Bombs

Company programmer writes program

potential to do harm

OK as long as he/she enters password daily

if programmer fired, no password and bombexplodes

If programmer is fired, he can blackmail company

CS 423UG - Operating Systems,

Indranil Gupta

Trap Doors

(a) Normal code.(b) Code with a trapdoor inserted

CS 423UG - Operating Systems,

Indranil Gupta

Other Inside Attacks on O/S Security

Asynchronism

One process modifies the arguments another process haspassed to an operating system procedure after they havebeen tested for validity but before they have been used.

Browsing

A user searches the system simply trying things, looking forprivileged information.

Between lines

A user taps into a line being used by an inactive but logged-in terminal.

Clandestine code

A patch is made to the system which, instead of or inaddition to doing what it is supposed to do, provides a holethat a penetrator can use later.

CS 423UG - Operating Systems,

Indranil Gupta

Other Inside Attacks on O/S Security

Denial of access

A user writes a program to deliberately crash the system, send it into an infinite loop, or otherwise disrupt use of it bylegitimate users.

Disconnected lines

A penetrator tries to find an incoming line that disconnectedwhile someone was logged in using it.

Masquerade

A penetrator assumes another user's identity, typically bystealing his password.

NAK attack (NAK=Negative Acknowledgment)

The system may be vulnerable when a running process isinterrupted.

A penetrator might be able to catch the system in anunprotected state during interruption, and thus seize control.

CS 423UG - Operating Systems,

Indranil Gupta

Network Security

External threat

code transmitted to target machine

code executed there, thus doing damage

Goals of virus writer

quickly spread virus to many machines

virus code should be difficult to detect

virus difficult to get rid of when found

Virus = program that can reproduce itself

attach its code to another program

additionally, do harm

CS 423UG - Operating Systems,

Indranil Gupta

Virus Damage Scenarios

Blackmail

Denial of service as long as virus runs

Permanently damage hardware

Target a competitor's computer

do harm

espionage

Intra-corporate dirty tricks

sabotage another corporate officer's files

CS 423UG - Operating Systems,

Indranil Gupta

How Viruses Work (1)

Virus written in assembly language

Inserted into another program

use tool called a “dropper”

Virus dormant until program executed

then infects other programs

eventually executes its “payload”

CS 423UG - Operating Systems,

Indranil Gupta

How Viruses Work (2)

Recursive procedure that finds

executable files on a UNIXsystem

Virus couldinfect them all

CS 423UG - Operating Systems,

Indranil Gupta

How Viruses Work (3)

a.

An executable program

b.

With a virus at the front

c.

With the virus at the end

d.

With a virus spread over free space within program

CS 423UG - Operating Systems,

Indranil Gupta

How Viruses Work (4)

a)

After virus has captured interrupt, trap vectors

b)

After OS has retaken printer interrupt vector

c)

After virus has noticed loss of printer interrupt vector and recaptured it

CS 423UG - Operating Systems,

Indranil Gupta

How Viruses Spread

Virus placed where likely to be copied

When copied

infects programs on hard drive, floppy

may try to spread over LAN

Attach to innocent looking email

when it runs, use mailing list to replicate