Security - Computer Operating Systems - Lecture Slides, Slides of Operating Systems

These lecture slides are very easy to understand the computer operating system. The major points in these lecture slides are:Security, Security Services, Counter Security Attacks, Security Attack, Compromises, Security Mechanisms, Security of Information, Designed to Prevent, Detect or Recover, Authentication

Typology: Slides

2012/2013

Uploaded on 04/25/2013

baidehi
baidehi 🇮🇳

4.4

(14)

101 documents

1 / 46

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 22
Chapter 15: Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e

Partial preview of the text

Download Security - Computer Operating Systems - Lecture Slides and more Slides Operating Systems in PDF only on Docsity!

Lecture 22

Chapter 15: Security

Aspects of Security

• Security Services

– Enhance the security of data processing systems and

information transfers of an organization.

– Counter security attacks.

• Security Attack

– Action that compromises the security of information

owned by an organization.

• Security Mechanisms

– Designed to prevent, detect or recover from a security

attack.

Security Services

• Confidentiality

– Protection of data from unauthorized disclosure

• Integrity

– Assurance that data received is as sent by an

authorized entity

• Non-Repudiation

– Protection against denial by one of the parties in a

communication

Security Attacks

Information source

Information destination

Normal Flow

Denial of Service

Internet

Perpetrator Victim

ICMP echo (spoofed source address of victim) Sent to IP broadcast address ICMP echo reply

ICMP = Internet Control Message Protocol

Innocent reflector sites

Smurf Attack

1 SYN

10,000 SYN/ACKs – Victim is dead

Security Attacks

Information source

Information destination

Interception

Attack on confidentiality

(concealment of information)

Security Attacks

Information source

Information destination

Fabrication

Attack on authenticity

(identification and assurance of origin of information)

IP Address Spoofing

• IP addresses are filled in by the originating host

• Using source address for authentication

– r-utilities (rlogin, rsh, rhosts etc..)

  • Can A claim it is B to the

server S?

  • ARP Spoofing
  • Can C claim it is B to the

server S?

  • Source Routing

Internet

2.1.1.1 C

A 1.1.1.1^ 1.1.1.2 B

1.1.1.3 S

TCP Session Hijack

• When is a TCP packet valid?

– Address / Port / Sequence Number in window

• How to get sequence number?

– Sniff traffic

– Guess it

• Many earlier systems had predictable Initial Sequence

Number

• Inject arbitrary data to the connection

Security Attacks

Message interception

Traffic analysis

eavesdropping, monitoring transmissions

Passive attacks

Masquerade Denial of service

some modification of the data stream

Active attacks

Replay Modification of message contents

Cryptography as a Security Tool

• Broadest security tool available

– Source and destination of messages cannot be

trusted without cryptography

– Means to constrain potential senders ( sources )

and / or receivers ( destinations ) of messages

• Based on secrets ( keys )

Encryption

  • Encryption algorithm consists of
    • Set of K keys
    • Set of M Messages
    • Set of C ciphertexts (encrypted messages)
    • A function E : K → ( MC ). That is, for each kK , E ( k ) is a function for generating ciphertexts from messages. - Both E and E ( k ) for any k should be efficiently computable functions.
    • A function D : K → ( CM ). That is, for each kK , D ( k ) is a function for generating messages from ciphertexts. - Both D and D ( k ) for any k should be efficiently computable functions.
  • An encryption algorithm must provide this essential property: Given a ciphertext cC , a computer can compute m such that E ( k )( m ) = c only if it possesses D ( k ). - Thus, a computer holding D ( k ) can decrypt ciphertexts to the plaintexts used to produce them, but a computer not holding D ( k ) cannot decrypt ciphertexts. - Since ciphertexts are generally exposed (for example, sent on the network), it is important that it be infeasible to derive D ( k ) from the ciphertexts

Symmetric key cryptography

symmetric key crypto: Bob and Alice share know same (symmetric) key: K

  • e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
  • Q: how do Bob and Alice agree on key value?

ciphertext plaintext

K

A-B

encryption algorithm

decryption algorithm

A-B

K

A-B

plaintext

message, m K (m) A-B

K (m) A-B

m = K ( ) A-B