Operating System Security - Operating System - Lecture Slides, Slides of Computer Science

These are the Lecture Slides of Operating System which includes Environment, Fundamental Goal, Programs, Time Line, User Programs, Versus, Operating System, Running, Symmetric Multiprocessing etc.Key important points are: Operating System Security, Loscocco, Smalley, Modify a File, Read From, Video Camera, Connection, Discretionary Access Control, Identity, Ownership

Typology: Slides

2012/2013

Uploaded on 03/27/2013

ekana
ekana 🇮🇳

4

(44)

370 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Operating System Security
Docsity.com
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Operating System Security - Operating System - Lecture Slides and more Slides Computer Science in PDF only on Docsity!

Operating System Security

Docsity.com

Loscocco & Smalley (2001):

SE Linux

  • Example operating system operations
    • Modify a file, read from a video camera, wait for a connection on a socket, create a new process
  • Question: When should a process be allowed to perform certain operations?
  • Discretionary Access Control (DAC)
    • Decisions to allow/disallow operations based on user identity & ownership
  • Claim: this is insufficient when providing operating system security - Traditionally, with DAC, “every program executed by [a] user inherits all of the privileges associated with that user” (p. 1, ms.) Docsity.com

Policies vs. Mechanisms

  • Different types of organizations may have different types of security needs
  • Goals
    • Flexible support for security policies
    • Separate enforcement mechanisms-- mechanisms that enforce policy-- from policy itself
    • Individual organizations can create their own policies

Docsity.com

SE Linux

  • Security server & policy “programming” language - Security server: New kernel component
  • Mandatory Access Control (MAC) integrated into operations on 28 object classes, including - Processes - Files (and raw disks) - Sockets
  • Security ID’s (SID’s) are bound to every object
  • Permission checks are made between a source SID and a target SID - E.g., SID’s associated with a calling process and a file Docsity.com

Example: sendmail

  • Similarly, other system programs also run

with limited privileges allow sendmail_t etc_aliases_t:file { read write };

allow sendmail_t etc_mail_t:dir

{ read search add_name remove_name };

allow sendmail_t etc_mail_t:file

{ create read write unlink };

See also: http://world.std.com/~franl/worm.html Docsity.com

More sendmail privileges

allow sendmail_t smtp_port_t:tcp_socket name_bind;

allow sendmail_t mail_spool_t:dir

{ read search add_name remove_name };

allow sendmail_t mail_spool_t:file

{ create read write unlink };

allow sendmail_t mqueue_spool_t:dir

{ read search add_name remove_name };

allow sendmail_t mqueue_spool_t:file

{ create read write unlink }; Docsity.com