CMSC 414
Computer and Network Security
Lecture 13
Jonathan Katz
Exam stats
Median: 75
Letter grades
– 85-100: A
– 65-85: B
– 50-65: C
– < 50: D/F
Memory Protection
Memory protection
Usually think of multi-user security in terms of
files, but memory protection must also be done
– Behind the scenes…handled by OS automatically
Enforce logical separation
– Users operate under the illusion that no other user’s
processes are running, and in fact are unable to access
objects outside some permitted domain
Memory protection
“Fence”: restricts access to portions of memory
– Introduced in single-user systems to prevent
(accidental) destruction of OS code
E.g., predefined memory address where OS
resides; users disallowed from modifying
– Can be enforced at the hardware level
Drawbacks
– Fixed space allocated for OS
– What if OS is supposed to be “modifiable”?
– May waste space
Continued…
Variation is to have a “fence register” which stores
the address of the protected portion of memory
– Allow easy “relocation” by simple addition (in
hardware)
– Protected portion can dynamically change
More opportunity for security breaches…
Base/bounds registers
Can have two registers: base register and bounds
register
– Memory access restricted to lie between these two
Contents of these registers will be changed by the
OS, per-user, as part of context switching
Can also have an additional base/bounds register
for each user, to logically separate instructions
from data
– Prevent accidental overwriting of executable code
Tagged architecture
Base/bounds registers offer very course-grained
protection
– Also, have the restriction that different sections of
memory space must be contiguous
Possible to improve this by tagging every, e.g.,
word of memory
– E.g., label each word read/write/execute
Can be wasteful of memory…
Requires changes at the hardware level
Segmentation
Program components divided into logical segments (e.g.,
code of a single procedure; local variables)
Each segment has a unique name; items in segment
addressed by (name, offset)
Each segment may be stored anywhere in memory
– OS handles mapping; transparent to user
– Can implement diff. protection for each segment
– OS controls which programs have which entries in their segment
address tables
– Multiple users can potentially be given access to the same segment
– Complete mediation
Drawbacks of segmentation?
Users can guess memory locations
Users can generate (name, offset) where the offset
is larger than the segment size
– Can fix this by storing current segment length in the
segment address table, but this is inefficient
Memory fragmentation
Address table lookup can be slow
Paging
Similar to segmentation, but with fixed-size segments
called pages
– Addressing via (page, offset)
Avoids fragmentation problem…and “large offset” issue
Programmer need not be aware of pages (in contrast to
segments, which were logical units)
Drawbacks
– “Re-paging” causes potential security problems as data is shifted
from one page to another
– Can be difficult to describe desired protection, since pages are no
longer logical units
Combining the approaches
Segmentation better for security; paging better for
efficiency
– Combine to get best of both
Program divided into logical segments; each
segment broken into fixed-size pages
Network Security
Authentication: an Overview
Authentication
Verifying the identity of another entity
– Computer authenticating to another computer
– Person authenticating to a local computer
– Person authenticating to a remote computer
Two issues:
– How authentication information is stored (at both ends)
– Authentication protocol itself
Authentication
Authentication may be based on
– What you know
– What you have
– What you are
– Examples?
Can also consider two-factor authentication
Mutual authentication vs. unidirectional
authentication
Authentication
Important to be clear about what is being
authenticated
–
–
–
–
The user?
The machine?
The user’s role?
The data?
What assumptions are being made?
– E.g., login on untrusted terminal
Attack taxonomy
Passive attacks
Active attacks
– Impersonation
– Man-in-the-middle
Server compromise
Different attacks may be easier/more difficult in
different settings
Address-based authentication
Is sometimes used (e.g., unix)
This is generally not very secure
– Relatively easy to forge source addresses of network
packets
Password-based protocols
Password-based authentication
– Any system based on low-entropy shared secret (note:
different from book definitions!)
Distinguish on-line attacks vs. off-line attacks
Password selection
User selection of passwords is typically very weak
– Lower entropy password makes dictionary attacks
easier
Typical passwords:
– Derived from account names or usernames
– Dictionary words, reversed dictionary words, or small
modifications of dictionary words
– Etc.
Better password selection
Non-alphanumeric characters
Longer phrases
Can try to enforce good password selection…
…but these types of passwords are difficult for
people to memorize and type!
From passwords to keys?
Can potentially use passwords to derive symmetric
or public keys
What is the entropy of the resulting key?
Often allows off-line dictionary attacks on the
password