0% found this document useful (0 votes)

52 views

Security: Tanenbaum & Bo, Modern Operating Systems:4th Ed., (C) 2013 Prentice-Hall, Inc. All Rights Reserved

Uploaded by

Ali Çakıcı

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

52 views

Security: Tanenbaum & Bo, Modern Operating Systems:4th Ed., (C) 2013 Prentice-Hall, Inc. All Rights Reserved

Uploaded by

Ali Çakıcı

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 54

Security

Chapter 9

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
The Security Environment
Threats

Figure 9-1. Security goals and threats.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Can We Build Secure Systems?

Two questions concerning security:

1.Is it possible to build a secure computer
system?
2.If so, why is it not done?

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Trusted Computing Base

Figure 9-2. A reference monitor.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Protection Domains (1)

Figure 9-3. Three protection domains.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Protection Domains (2)

Figure 9-4. A protection matrix.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Protection Domains (3)

Figure 9-5. A protection matrix with domains as objects.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Access Control Lists (1)

Figure 9-6. Use of access control lists to manage file access.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Access Control Lists (2)

Figure 9-7. Two access control lists.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Capabilities (1)

Figure 9-8. When capabilities are used, each

process has a capability list.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Capabilities (2)

Figure 9-9. A cryptographically protected capability.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Capabilities (3)
Examples of generic rights:
1.Copy capability: create new capability for same
object.
2.Copy object: create duplicate object with new
capability.
3.Remove capability: delete entry from C-list; object
unaffected.
4.Destroy object: permanently remove object and
capability.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Formal Models of Secure Systems

Figure 9-10. (a) An authorized state.

(b) An unauthorized state.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Multilevel Security
Bell-LaPadula Model
Bell-LaPadula Model rules for information flow:
1.The simple security property
– Process running at security level k can read only
objects at its level or lower
2.The * property
– Process running at security level k can write only
objects at its level or higher

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Bell-LaPadula Model

Figure 9-11. The Bell-LaPadula multilevel security model.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
The Biba Model
To guarantee the integrity of the data:
1.The simple integrity principle
– process running at security level k can write only
objects at its level or lower (no write up).
2.The integrity * property
– process running at security level k can read only
objects at its level or higher (no read down).

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Covert Channels (1)

Figure 9-12. (a) The client, server, and collaborator processes.

(b) The encapsulated server can still leak to the collaborator
via covert channels.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Covert Channels (2)

Figure 9-13. A covert channel using file locking.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Steganography

Figure 9-14. (a) Three zebras and a tree. (b) Three zebras, a tree,
and the complete text of five plays by William Shakespeare.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Basics of Cryptography

Figure 9-15. Relationship between the

plaintext and the ciphertext.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Secret-Key Cryptography

An encryption algorithm in which each letter is

replaced by a different letter.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Digital Signatures

Figure 9-16. (a) Computing a signature block.

(b) What the receiver gets.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication (1)
Methods of authenticating users when they
attempt to log in based on one of three
general principles:
1.Something the user knows.
2.Something the user has.
3.Something the user is.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication (2)

Figure 9-17. (a) A successful login. (b) Login rejected after name is
entered. (c) Login rejected after name and password are typed.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
UNIX Password Security

Figure 9-18. The use of salt to defeat

precomputation of encrypted passwords.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Challenge-Response Authentication
Questions should be chosen so that the user
does not need to write them down.
Examples:
1.Who is Marjolein’s sister?
2.On what street was your elementary school?
3.What did Mrs. Ellis teach?

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication Using a
Physical Object

Figure 9-19. Use of a smart card for authentication.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Authentication Using Biometrics

Figure 9-20. A device for measuring finger length.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Buffer Overflow Attacks

Figure 9-21. (a) Situation when the main program is running. (b) After
the procedure A has been called.
(c) Buffer overflow shown in gray.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Avoiding Stack Canaries

Figure 9-22. Skipping the stack canary: by modifying len first, the attack is
able to bypass the canary and modify the return address directly.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Code Reuse Attacks

Figure 9-23. Return-

oriented programming:
linking gadgets
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Format String
Attacks

Figure 9-24. A format string attack.

By using exactly the right number
of %08x, the attacker can use the
first four characters of the format
string as an address.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Command Injection Attacks

Figure 9-25. Code that might lead to

a command injection attack.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Back Doors

Figure 9-26. (a) Normal code.

Figure 9-27. (a) Correct login screen. (b) Phony login screen.

Figure 9-28. A recursive procedure that finds

Figure 9-29. (a) An executable program. (b) With a virus at the front. (c)
With a virus at the end. (d) With a virus spread over free space within
the program.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Boot Sector Viruses

Figure 9-30. (a) After the virus has captured all the interrupt
and trap vectors. (b) After the operating system has retaken
the printer interrupt vector. (c) After the virus has noticed the
loss of the printer interrupt vector and recaptured it.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Actions Taken by Spyware (1)
1. Change the browser’s home page.
2. Modify the browser’s list of favorite
(bookmarked) pages.
3. Add new toolbars to the browser.
4. Change the user’s default media player.
5. Change the user’s default search engine.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Actions Taken by Spyware (2)
6. Add new icons to the Windows desktop.
7. Replace banner ads on Web pages with those
the spyware picks.
8. Put ads in the standard Windows dialog
boxes
9. Generate a continuous and unstoppable
stream of pop-up ads.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Types of Rootkits (1)
Five kinds of rootkits – issue is where
do they hide?
1.Firmware rootkit
2.Hypervisor rootkit
3.Kernel rootkit
4.Library rootkit
5.Application rootkit

Figure 9-31. Five places a rootkit can hide.

Figure 9-32. A simplified view of a hardware firewall

Figure 9-33. (a) A program. (b) An infected program. (c) A compressed

infected program. (d) An encrypted virus.
(e) A compressed virus with encrypted compression code.
Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Virus Scanners (2)

Figure 9-34. Examples of a polymorphic virus.

Figure 9-35. How code signing works.

Figure 9-36. The operation of a jail.

Figure 9-38. (a) Memory divided into 16-MB sandboxes.

Figure 9-39. Applets can be interpreted by a Web browser.

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Java Security (1)
Checks on applets include:
1.Does applet attempt to forge pointers?
2.Does it violate access restrictions on private-class
members?
3.Does it try to use variable of one type as another?
4.Does it generate stack overflows or underflows?
5.Does it illegally convert variables of one type to
another?

Figure 9-40. Some examples of protection

Chapter 9

Computer-Controlled Systems: Theory and Design, Third Edition
From Everand
Computer-Controlled Systems: Theory and Design, Third Edition
Karl J Åström
3/5 (1)
CLASS-7 - Computer - CH-3 - Computer Virus - Answer Key of Book
100% (2)
CLASS-7 - Computer - CH-3 - Computer Virus - Answer Key of Book
10 pages
Roblox Methods
No ratings yet
Roblox Methods
3 pages
Building A Key-Logger With Deep Learning and N-L-P
No ratings yet
Building A Key-Logger With Deep Learning and N-L-P
50 pages
Lesson 2 Online Safety, Security, Ethics, and Etiquette
82% (11)
Lesson 2 Online Safety, Security, Ethics, and Etiquette
30 pages
Passwordless Authentication: How To Get Started On Your Passwordless Journey
No ratings yet
Passwordless Authentication: How To Get Started On Your Passwordless Journey
12 pages
Security: Modern Operating Systems
No ratings yet
Security: Modern Operating Systems
61 pages
Chapter09 Security
No ratings yet
Chapter09 Security
54 pages
Modern Operating Systems, 2nd Edition, Chapter 9 course slides
No ratings yet
Modern Operating Systems, 2nd Edition, Chapter 9 course slides
25 pages
Chapter01 Introduction PDF
No ratings yet
Chapter01 Introduction PDF
47 pages
MOS-3e-01 (Introduction) PDF
No ratings yet
MOS-3e-01 (Introduction) PDF
33 pages
Operating Systems Virtualisation Security v1.0.1
No ratings yet
Operating Systems Virtualisation Security v1.0.1
50 pages
CSC205_SESSION_03
No ratings yet
CSC205_SESSION_03
9 pages
Secure Software Notes On Operating Systems
No ratings yet
Secure Software Notes On Operating Systems
6 pages
System Security
No ratings yet
System Security
115 pages
Cybersecurity 5
No ratings yet
Cybersecurity 5
34 pages
Lecture 09
No ratings yet
Lecture 09
42 pages
Modern Operating Systems, 2nd Edition, Chapter 11 course slides
No ratings yet
Modern Operating Systems, 2nd Edition, Chapter 11 course slides
59 pages
Operating Systems and Security
No ratings yet
Operating Systems and Security
47 pages
Operating System SecurityWA
No ratings yet
Operating System SecurityWA
7 pages
OS-M5-S6
No ratings yet
OS-M5-S6
15 pages
Chapter 3 Operating Systems Security1
No ratings yet
Chapter 3 Operating Systems Security1
25 pages
2677x CH09 NAGINPPT
No ratings yet
2677x CH09 NAGINPPT
26 pages
42725
No ratings yet
42725
47 pages
Karthik Dit
No ratings yet
Karthik Dit
11 pages
Sub B Operating B Systems A New Approach
No ratings yet
Sub B Operating B Systems A New Approach
8 pages
Lecture 11
No ratings yet
Lecture 11
25 pages
System Security
No ratings yet
System Security
120 pages
Chapter 09
100% (2)
Chapter 09
56 pages
Case Study 2: Windows Vista: Modern Operating Systems
No ratings yet
Case Study 2: Windows Vista: Modern Operating Systems
59 pages
FOC4
No ratings yet
FOC4
17 pages
CH 9 - Embedded Operating Systems - The Hidden Threat
No ratings yet
CH 9 - Embedded Operating Systems - The Hidden Threat
51 pages
CHAPTER 1
No ratings yet
CHAPTER 1
43 pages
Rootkit modeling and experiments under Linux
No ratings yet
Rootkit modeling and experiments under Linux
21 pages
CSS 214 Os-6 2021
No ratings yet
CSS 214 Os-6 2021
25 pages
Chapter 4 - Operation System Security - 1
No ratings yet
Chapter 4 - Operation System Security - 1
46 pages
Operating System Chapter 6 - MA
No ratings yet
Operating System Chapter 6 - MA
36 pages
Chap 7
No ratings yet
Chap 7
4 pages
Operating System Security 2008
100% (11)
Operating System Security 2008
236 pages
OS - Operating System
No ratings yet
OS - Operating System
39 pages
WINSEM2024-25_BCSE317L_TH_VL2024250501939_2025-01-21_Reference-Material-I
No ratings yet
WINSEM2024-25_BCSE317L_TH_VL2024250501939_2025-01-21_Reference-Material-I
83 pages
Toward Least-Privilege Isolation For Software
No ratings yet
Toward Least-Privilege Isolation For Software
159 pages
06 - Protection - Security
No ratings yet
06 - Protection - Security
50 pages
Chapter05 Input Output
No ratings yet
Chapter05 Input Output
57 pages
Operating System Security - Paul Hopkins, CGI
No ratings yet
Operating System Security - Paul Hopkins, CGI
8 pages
Endpoint Security
No ratings yet
Endpoint Security
160 pages
Lecture 5 Designing Trusted OS
No ratings yet
Lecture 5 Designing Trusted OS
27 pages
Chapter 2
No ratings yet
Chapter 2
29 pages
Scientific Applications of Computers L3 3 March 2024
No ratings yet
Scientific Applications of Computers L3 3 March 2024
27 pages
Week 3 Lec 6 is Lgu Template
No ratings yet
Week 3 Lec 6 is Lgu Template
16 pages
Lec 11
No ratings yet
Lec 11
26 pages
Operating System 2
No ratings yet
Operating System 2
6 pages
CH 9
No ratings yet
CH 9
54 pages
Operating Systems Security
No ratings yet
Operating Systems Security
39 pages
Topic_3-Endpoint Security Concepts
No ratings yet
Topic_3-Endpoint Security Concepts
48 pages
CH 04
No ratings yet
CH 04
29 pages
Protection & Security of Operating Systems
No ratings yet
Protection & Security of Operating Systems
12 pages
Topic 4 - Windows Security
No ratings yet
Topic 4 - Windows Security
45 pages
Security
No ratings yet
Security
36 pages
A Guide to Kernel Exploitation Enrico Perla - The ebook is ready for download with just one simple click
100% (4)
A Guide to Kernel Exploitation Enrico Perla - The ebook is ready for download with just one simple click
49 pages
M6 Guide
No ratings yet
M6 Guide
12 pages
Tanenbaum & Bos, Modern Operating Systems: 4th Ed., Global Edition (C) 2015 Pearson Education Limited. All Rights Reserved
No ratings yet
Tanenbaum & Bos, Modern Operating Systems: 4th Ed., Global Edition (C) 2015 Pearson Education Limited. All Rights Reserved
47 pages
Threat Modeling: Designing for Security
From Everand
Threat Modeling: Designing for Security
Adam Shostack
4.5/5 (5)
C Programming for the Pc the Mac and the Arduino Microcontroller System
From Everand
C Programming for the Pc the Mac and the Arduino Microcontroller System
Peter D Minns
No ratings yet
C# Programming Illustrated Guide For Beginners & Intermediates: The Future Is Here! Learning By Doing Approach
From Everand
C# Programming Illustrated Guide For Beginners & Intermediates: The Future Is Here! Learning By Doing Approach
William Sullivan
No ratings yet
Multiple Processor Systems
No ratings yet
Multiple Processor Systems
50 pages
Deadlocks: Tanenbaum & Bo, Modern Operating Systems:4th Ed., (C) 2013 Prentice-Hall, Inc. All Rights Reserved
No ratings yet
Deadlocks: Tanenbaum & Bo, Modern Operating Systems:4th Ed., (C) 2013 Prentice-Hall, Inc. All Rights Reserved
31 pages
Virtualization and The Cloud
100% (1)
Virtualization and The Cloud
21 pages
File Systems: Tanenbaum & Bo, Modern Operating Systems:4th Ed., (C) 2013 Prentice-Hall, Inc. All Rights Reserved
No ratings yet
File Systems: Tanenbaum & Bo, Modern Operating Systems:4th Ed., (C) 2013 Prentice-Hall, Inc. All Rights Reserved
49 pages
Check Point Secure Gateway R80 10 RSA SecurID Access
No ratings yet
Check Point Secure Gateway R80 10 RSA SecurID Access
28 pages
Incidentrequest Closed Monthly Aug
No ratings yet
Incidentrequest Closed Monthly Aug
305 pages
Seminar Web Application Security
No ratings yet
Seminar Web Application Security
30 pages
Owasp Standards PDF
No ratings yet
Owasp Standards PDF
4 pages
86400s Ending 20191220 PDF
No ratings yet
86400s Ending 20191220 PDF
1 page
Offensive Security: Penetration Test Report For PWK Internal Labs
No ratings yet
Offensive Security: Penetration Test Report For PWK Internal Labs
24 pages
Login
No ratings yet
Login
2 pages
Non Repudiation
No ratings yet
Non Repudiation
19 pages
Cyber Crime & IT Fraud: Could Your Organisation Survive If It Lost $20,000? $50,000? or $1 Million Overnight?
No ratings yet
Cyber Crime & IT Fraud: Could Your Organisation Survive If It Lost $20,000? $50,000? or $1 Million Overnight?
19 pages
SSO Portal To System
No ratings yet
SSO Portal To System
12 pages
A Survey On Identity and Access Manageme PDF
No ratings yet
A Survey On Identity and Access Manageme PDF
6 pages
Computer & Internet Crime: KT44103 Ethics and Law in ICT Sem 1: 2021/2020
No ratings yet
Computer & Internet Crime: KT44103 Ethics and Law in ICT Sem 1: 2021/2020
29 pages
US Army Doc On Syrian Electronic Army
100% (1)
US Army Doc On Syrian Electronic Army
13 pages
Password Security: How Passwords Are Cracked..
No ratings yet
Password Security: How Passwords Are Cracked..
1 page
Isrm PDF
No ratings yet
Isrm PDF
4 pages
A10 Training 05 HTTPS
No ratings yet
A10 Training 05 HTTPS
11 pages
Hacking
0% (1)
Hacking
18 pages
FortiGate Essentials Quiz #1
100% (2)
FortiGate Essentials Quiz #1
2 pages
SANGFOR - NGAF - V8.0.5 - WAF Configuration Guide
No ratings yet
SANGFOR - NGAF - V8.0.5 - WAF Configuration Guide
25 pages
Vulnerability Disclosure Debate
No ratings yet
Vulnerability Disclosure Debate
6 pages
1 Active Directory
No ratings yet
1 Active Directory
6 pages
10 Basic of Information Security12
No ratings yet
10 Basic of Information Security12
62 pages
Prop. Kaltim Undangan Sosialisasi Asesmen
No ratings yet
Prop. Kaltim Undangan Sosialisasi Asesmen
12 pages
SSH Tunneling Control: SSH Decryption To Prevent Non SSH Applications Bypass Firewall
No ratings yet
SSH Tunneling Control: SSH Decryption To Prevent Non SSH Applications Bypass Firewall
7 pages
IS632 Chapter 4 Test Bank
No ratings yet
IS632 Chapter 4 Test Bank
4 pages