Operating System Security: Authentication, Attacks, and Countermeasures, Slides of Operating Systems

An overview of operating system security, focusing on authentication methods, standard security attacks, and countermeasures. Topics include passwords, secure passwords, authentication, masquerading attacks, and program threats such as Trojan horses, trap doors, stack and buffer overflow, and viruses. The document also covers system threats like worms and denial of service attacks, as well as threat monitoring and firewalls.

Typology: Slides

2019/2020

Uploaded on 06/05/2020

ehaab
ehaab 🇺🇸

4.2

(32)

275 documents

1 / 29

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
15.1 B. B. Karki, LSU
CSC 4103: Operating System
Security
Source: Operating System Concepts by Silberschatz, Galvin and Gagne.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d

Partial preview of the text

Download Operating System Security: Authentication, Attacks, and Countermeasures and more Slides Operating Systems in PDF only on Docsity!

Security

Source: Operating System Concepts by Silberschatz, Galvin and Gagne.

The Security Problem

 Security must consider external environment of the system, and protect it from:  Unauthorized access  Malicious modification or destruction  Accidental introduction of inconsistency.  Easier to protect against accidental than malicious misuse.  Security measures:  Physical  Human  Network  Operating system

Authentication

 To identify users and their programs and processes.  Passwords:  Most common approach to authenticating a user identify  User ID or account + password  Could be associated with each resource and each access right  System generated or user defined.  Password vulnerabilities:  Easy-to-guess  Exposure  shoulder surfing  network sniffing  written record  Illegal transfer

Secure Passwords

 Encrypted passwords  Use encrypt function to encode passwords.  One-time passwords  Use a pair set  system selects one part and user select the other  algorithmic password – function f(secret,seed)  Security ID based on hardware calculations.  Biometrics (to secure physical access)  Palm or hand-readers  Temperature map, finger length, finger width, line pattern  Finger prints are more accurate and of great potential use.

Program Threat – Trap Door

 Designer can leave a hole in software for its own use.  Specific user identifier or password that circumvents normal security procedures.  Could be included in a compiler.  Standard object code + trap door

Program Threat – Stack and Buffer Overflow

 Exploits a bug in a program  A lack of bound checking on the size of input being stored in a buffer array  Overflow an input field  An executable input string to load the code.  Overwrite the current return address on the stack with the address of exploit code loaded.  Overall effect is to give the intruder a shell with root privileges.

Program Threat - Viruses

 Fragment of code embedded in a legitimate program.  Examples: Michelangelo (1992), Mellisa (1999), Love bug (2000), MS-related viruses (2004).  Mainly affect microcomputer systems.  Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection.  Antivirus programs  Useful for known viruses.

System Threat - Worms

 Use spawn mechanism:  Spawns copies of itself using resources  Standalone program.  Internet worm  Morris’s worm released on 11/2/  Grappling hook (like a bootstrap) program uploads main worm program  Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs.  Once in place, the main worm discover user passwords.

System Threat – Denial of Service

 Disabling legitimate use of a system or facility.  Overload the targeted computer preventing it from doing any useful work.  Several partially started TCP sessions.

Threat Monitoring

 Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing.  Audit log – records the time, user, and type of all accesses to an object.  Scan the system periodically for security holes; done when the computer is relatively unused.

FireWall

 Networked computers are much more susceptible to security attacks than standalone systems.  A firewall is placed between trusted and untrusted hosts.  The firewall limits network access between these two security domains.  Firewall can separate a network into multiple domains.

Network Security Through Domain Separation Via Firewall

Auditing and Logging

 Security – relevant events are logged to an audit trail and then matched against attack signatures or analyzed for anomalous behavior.  UNIX uses syslog and swatch programs:  syslog creates audit trail and provide message dispatch facility.  syslog.conf (selector, action)swatch applies signature-based detection to audit trails and initiates responses.

Tripwire

 Checks if certain files and directories have been altered – e.g., password files.  tw.config enumerates the directories and files to be monitored for change, deletion or addition.  When run initially, Tripwire computes and stores a signature for each file or directory consisting of its monitored attributes. When run subsequently, recomputes the signature using new config and old data.  Attack events  Difference in signature  No signature in old database  No new signature.