Security: Understanding Different Types of Threats and Attacks in Computer Systems, Slides of Operating Systems

An overview of various security issues and attacks in computer systems. It covers program threats, system and network threats, and cryptography as a security tool. The document also discusses user authentication and implementing security defenses, including firewalls and computer-security classifications. Real-world examples, such as the morris internet worm, are used to illustrate these concepts.

Typology: Slides

2012/2013

Uploaded on 04/24/2013

banamala
banamala 🇮🇳

4.4

(19)

114 documents

1 / 26

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
15: Security 1
OPERATING SYSTEMS
SECURITY
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a

Partial preview of the text

Download Security: Understanding Different Types of Threats and Attacks in Computer Systems and more Slides Operating Systems in PDF only on Docsity!

15: Security 1

OPERATING SYSTEMS

SECURITY

15: Security 2

SECURITY

In This Chapter:

  • The Security Problem
  • Program Threats
  • System and Network Threats
  • Cryptography as a Security Tool
  • User Authentication
  • Implementing Security Defenses
  • Firewalling to Protect Systems and Networks
  • Computer-Security Classifications
  • An Example: Windows XP

15: Security 4

SECURITY (^) Security Issues

Trojan Horse: A piece of code that misuses its environment. The program seems

innocent enough, however when executed, unexpected behavior occurs.

Trap Doors: Inserting a method of breaching security in a system. For instance,

some secret set of inputs to a program might provide special privileges.

Threat monitoring: Look for unusual activity. Once access is gained, how do you identify

someone acting in an unusual fashion?

Audit Log: Record time, user, and type of access on all objects. Trace problems

back to source.

Worms Use spawning mechanism; standalone programs.

Internet Worm: In the Internet worm, Robert Morse exploited UNIX networking features

(remote access) as well as bugs in finger and sendmail programs. Grappling hook program uploaded main worm program.

Viruses Fragment of code embedded in a legitimate program. Mainly effects

personal PC systems. These are often downloaded via e-mail or as active components in web pages.

Firewall A mechanism that allows only certain traffic between trusted and un-

trusted systems. Often applied to a way to keep unwanted internet traffic away from a system.

15: Security 5

SECURITY

ATTACK METHODS:

Attacks on a distributed system include:

  • Passive wiretapping. ( unauthorized interception/reading of messages )
  • Active wiretapping:

Modification Changing a portion of the message.

Spurious messages Introducing bogus messages with valid addresses and consistency criteria.

Site impersonation Claiming to be some other logical node.

Replay of previous transmission - repeating previous valid messages. (for example, authorization of cash withdrawal.)

Typical Security Attacks

15: Security 7

SECURITY

ATTACK METHODS:

  • Trojan Horse
    • Code segment that misuses its environment
    • Exploits mechanisms for allowing programs written by users to be

executed by other users

  • Spyware, pop-up browser windows, covert channels
  • Trap Door
  • Specific user identifier or password that circumvents normal security

procedures

  • Could be included in a compiler
  • Logic Bomb
  • Program that initiates a security incident under certain circumstances
  • Stack and Buffer Overflow
  • Exploits a bug in a program (overflow either the stack or memory buffers)

Typical Security Attacks

15: Security 8

SECURITY

Example of Buffer Overflow Waiting To Happen:

#include < stdio.h >

#define BUFFER SIZE 256

int main(int argc, char *argv[])

char buffer[BUFFER SIZE];

int other_data;

if (argc < 2)

return -1;

else {

strcpy(buffer,argv[1]);

return 0;

Typical Security Attacks

15: Security 10

SECURITY

A Boot Sector Virus

Typical Security Attacks

15: Security 11

SECURITY

System And Network Threats

  • Worms – use spawn mechanism; standalone program
  • Internet worm
    • Exploited UNIX networking features (remote access) and bugs in finger and

sendmail programs. (See next slide)

  • Grappling hook program uploaded main worm program
  • Port scanning
  • Automated attempt to connect to a range of ports on one or a range of IP

addresses

  • Denial of Service
    • Overload the targeted computer preventing it from doing any useful work
    • Distributed denial-of-service (DDOS) come from multiple sites at once

Typical Security Attacks

15: Security 13

SECURITY

DEFINITIONS:

Encryption:

C = E( M, Ke )

E = Encyphering Algorithm

M = Message - plain text

Ke = Encryption key

C = Cyphered text

Decryption:

M = D( C, Kd )

D = Decyphering Algorithm

Kd = Decryption key

Cryptography

15: Security 14

SECURITY

DEFINITIONS:

Cryptosystems are either Conventional or Public Key

  • Conventional is symmetric; Ke = Kd , so the key must be kept secret. Algorithms are simple to describe, but complex in the number of operations.
  • Public key is asymmetric; Ke != Kd , so Ke can be made public. Kd is secret and can't easily be derived from Ke.

Security against attack is either:

  • Unconditionally secure - Ke can't be determined regardless of available computational power.
  • Computationally secure: - calculation of Kd is economically unfeasible ( it would overwhelm all available computing facilities.)

The only known unconditionally secure system in common use!

  • Involves a random key that has the same length as the plain text to be encrypted.
  • The key is used once and then discarded. The key is exclusively OR'd with the message to produce the cypher.
  • Given the key and the cypher, the receiver uses the same method to reproduce the message.

Cryptography

15: Security 16

The general principle is this:

1. Any RECEIVER A uses an algorithm to calculate an encryption key KEa and

a decryption key KDa.

2. Then the receiver PUBLICIZES KEa to anyone who cares to hear. But the

receiver keeps secret the decryption key KDa.

3. User B sends a message to A by first encrypting that message using the

publicized key for that receiver A, KEa.

4. Since only A knows how to decrypt the message, it's secure.

SECURITY Public Key Cryptosystems

Public Key Repository

KEa

KEb

KEc

15: Security 17

To be effective, a system must satisfy the following rules:

a) Given plaintext and ciphertext, the problem of determining the keys is

computationally complex.

b) It is easy to generate matched pairs of keys Ke, Kd that satisfy the property

D( E( M, Ke ), Kd ) = M.

This implies some sort of trapdoor, such that Ke and Kd can be calculated

from first principles, but one can't be derived from the other.

c) The encryption and decryption functions E and D are efficient and easy to use.

d) Given Ke , the problem of determining Kd is computationally complex.

What is computationally difficult? Problems that can't easily be calculated in a finite time. Examples include: factoring the product of two very large prime numbers; the knapsack problem. These problems are NP complete - solution times are exponential in the size of the sample.

SECURITY (^) Public Key Cryptosystems

15: Security 19

AN EXAMPLE:

  1. Two large prime numbers p and q are selected using some efficient test for primality. These numbers are secret:
  2. The product n = p * q is computed.
  3. The number Kd > max( p, q ) is picked at random from the set of integers that are relatively prime to and less than L(n) = ( p - 1 ) ( q - 1).
  4. The integer Ke , 0 < Ke < L(n) is computed from L(n) and Kd such that Ke * Kd = 1 (mod L(n)).

SECURITY (^) Public Key Cryptosystems

Let p = 3, q = 11

n = 3 * 11 = 33.

L(n) = ( p - 1 ) ( q - 1 ) = 20. Choose Kd > 11 and prime to 20. Choose Kd = 13.

0 < Ke < 20 Ke = 17. (since 17 * 13 = 221 = 1 ( mod 20 ) )

15: Security 20

AN EXAMPLE:

Separate the text to be encoded into chunks with values 0 - ( n - 1 ).

SECURITY (^) Public Key Cryptosystems

In our example, we'll use < space = 0, A = 1, B = 2, C = 3, D = 4, E = 5 >.

Then " B A D B E E " --> "21 04 00 25 05"

21 ^ 17 ( mod 33 ) = 21. 21 ^ 13 ( mod 33 ) = 21. 04 ^ 17 ( mod 33 ) = 16. 16 ^ 13 ( mod 33 ) = 04. 00 ^ 17 ( mod 33 ) = 00. 00 ^ 13 ( mod 33 ) = 00. 25 ^ 17 ( mod 33 ) = 31. 31 ^ 13 ( mod 33 ) = 25. 05 ^ 17 ( mod 33 ) = 14. 14 ^ 13 ( mod 33 ) = 05.

This whole operation works because, though n and Ke are known, p and q are not

public. Thus Kd is hard to guess.

[Note: recently a 100 digit number was successfully factored into two prime numbers.]