Chapter 14a: Security I
Operating System Concepts Essentials – 2nd Edition
Silberschatz, Galvin and Gagne ©2013
Chapter 14: Security
 The Security Problem
 Program Threats
 System and Network Threats
Operating System Concepts Essentials – 2nd Edition
14.2
Silberschatz, Galvin and Gagne ©2013
Objectives
 Discuss security threats and attacks
 Explain fundamentals of encryption, authentication,
and hashing
 Examine uses of cryptography in computing
 Describe various countermeasures to security attacks
Operating System Concepts Essentials – 2nd Edition
14.3
Silberschatz, Galvin and Gagne ©2013
The Security Problem
 Secure : resources used and accessed as intended
under all circumstances

Unachievable
 Intruders (crackers) attempt to breach security
 Threat is potential security violation
 Attack is attempt to breach security
 Attack can be accidental or malicious
 Easier to protect against accidental than malicious
Operating System Concepts Essentials – 2nd Edition
14.4
Silberschatz, Galvin and Gagne ©2013
Security Violation Categories
 Breach of confidentiality

Unauthorized reading of data
 Breach of integrity

Unauthorized modification of data
 Breach of availability

Unauthorized destruction of data
Operating System Concepts Essentials – 2nd Edition
14.5
Silberschatz, Galvin and Gagne ©2013
Security Violation Categories
 Theft of service

Unauthorized use of resources
 Denial of service (DOS)

Prevention of legitimate use
Operating System Concepts Essentials – 2nd Edition
14.6
Silberschatz, Galvin and Gagne ©2013
Security Violation Methods
 Masquerading (breach authentication)

Pretending to be authorized user to escalate privileges
 Replay attack

Valid network communication repeated

e.g., bank transaction
Operating System Concepts Essentials – 2nd Edition
14.7
Silberschatz, Galvin and Gagne ©2013
Security Violation Methods
 Man-in-the-middle attack

Intruder sits in data flow, masquerading as sender to
receiver and vice versa
 Session hijacking

Intercept an already-established session to bypass
authentication
Operating System Concepts Essentials – 2nd Edition
14.8
Silberschatz, Galvin and Gagne ©2013
Standard Security Attacks
Operating System Concepts Essentials – 2nd Edition
14.9
Silberschatz, Galvin and Gagne ©2013
Standard Security Attacks
Operating System Concepts Essentials – 2nd Edition
14.10
Silberschatz, Galvin and Gagne ©2013
Security Measure Levels
 Impossible to have absolute security,

make cost to perpetrator sufficiently high to deter
most intruders
 Security is as weak as the weakest link in the chain
 But can too much security be a problem?
Operating System Concepts Essentials – 2nd Edition
14.11
Silberschatz, Galvin and Gagne ©2013
Security Measure Levels
 Security must occur at four levels:

Physical
 Data

centers, servers, connected terminals
Human
 Avoid

social engineering, phishing, dumpster diving
Operating System
 Protection

mechanisms, debugging
Network
 Intercepted
communications, interruption, DOS
Operating System Concepts Essentials – 2nd Edition
14.12
Silberschatz, Galvin and Gagne ©2013
Chapter 14: Security
 The Security Problem
 Program Threats
 System and Network Threats
Operating System Concepts Essentials – 2nd Edition
14.13
Silberschatz, Galvin and Gagne ©2013
Program Threats
 Many variations, many names
 Trojan Horse

Code segment that misuses its environment

Exploits mechanisms that allow programs written by
users to be executed by other users
 E.g.,

Spyware, pop-up browser windows
~80% of spam delivered by spyware-infected systems
Operating System Concepts Essentials – 2nd Edition
14.14
Silberschatz, Galvin and Gagne ©2013
Program Threats
 Trap Door

Specific user identifier or password that circumvents
normal security procedures

Could be included in compiler
 Logic Bomb

Program initiates security incident under certain
circumstances
Operating System Concepts Essentials – 2nd Edition
14.15
Silberschatz, Galvin and Gagne ©2013
Program Threats (Cont.)
 Stack and Buffer Overflow

Exploits a bug in program
 E.g.,
overflow stack or memory buffers

Failure to check bounds on inputs, arguments

Write past arguments on stack
... into the return address on stack

Routine returns from call, returns to hacked address
 Points
to malicious code loaded onto stack
Operating System Concepts Essentials – 2nd Edition
14.16
Silberschatz, Galvin and Gagne ©2013
Layout of Typical Stack Frame
Operating System Concepts Essentials – 2nd Edition
14.17
Silberschatz, Galvin and Gagne ©2013
Modified Shell Code
#include <stdio.h>
int main(int argc, char *argv[])
{
execvp(‘‘\bin\sh’’,‘‘\bin
\sh’’, NULL);
return 0;
}
Operating System Concepts Essentials – 2nd Edition
14.18
Silberschatz, Galvin and Gagne ©2013
Hypothetical Stack Frame
Before attack
Operating System Concepts Essentials – 2nd Edition
After attack
14.19
Silberschatz, Galvin and Gagne ©2013
Great Programming Required?
 Buffer overflow can be disabled by

Disabling stack execution

Adding bit to page table to indicate “non-executable”
 Available in SPARC and x86

Still have security exploits
Operating System Concepts Essentials – 2nd Edition
14.20
Silberschatz, Galvin and Gagne ©2013
Program Threats (Cont.)
 Viruses

Code fragment embedded in legitimate program

Self-replicating, infects other computers

Specific to CPU architecture, OS, applications

Usually borne via email or as macro
 E.g.,
Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS = CreateObject(’’Scripting.FileSystemObject’’)
vs = Shell(’’c:command.com /k format c:’’,vbHide)
End Sub
Operating System Concepts Essentials – 2nd Edition
14.21
Silberschatz, Galvin and Gagne ©2013
Program Threats (Cont.)
 Virus dropper inserts virus onto system
 Many categories of viruses:

File / parasitic

Boot / memory

Macro

Source code

Polymorphic to avoid having a virus signature

Encrypted

Stealth

Tunneling

Multipartite

Armored
Operating System Concepts Essentials – 2nd Edition
14.22
Silberschatz, Galvin and Gagne ©2013
Program Threats (Cont.)
 File / parasitic

Appends itself to end of program file (parasite)

After execution, returns control to original program
 Difficult
to detect!
 Boot / memory

Infects boot sector on disk

Runs on boot (before OS loaded)
 Macro

Written in high-level language

E.g., Visual Basic Macro in MS Word, Excel
Operating System Concepts Essentials – 2nd Edition
14.23
Silberschatz, Galvin and Gagne ©2013
Program Threats (Cont.)
 Source code

Looks for source code files on system

Modifies source code to execute virus
 Polymorphic

Changes virus signature each time it’s installed

Difficult to detect
 Encrypted

Decrypted before executed

Difficult to detect
Operating System Concepts Essentials – 2nd Edition
14.24
Silberschatz, Galvin and Gagne ©2013
Program Threats (Cont.)
 Stealth

Modify parts of system used to detect it

E.g., modify system calls
 Tunneling

Virus installs itself in interrupt-handler chain

Also device drivers

Bypasses detection
Operating System Concepts Essentials – 2nd Edition
14.25
Silberschatz, Galvin and Gagne ©2013
Program Threats (Cont.)
 Multipartite

Infects multiple parts of the system
 Armored

Difficult to unravel / understand
Operating System Concepts Essentials – 2nd Edition
14.26
Silberschatz, Galvin and Gagne ©2013
The Threat Continues
 Attacks still common, still occurring
 Moved from science experiments to cyber-terrorism

Target specific companies, governments

Botnets as tool for spam and DDOS delivery

Keystroke logger grab passwords, credit card
numbers
Operating System Concepts Essentials – 2nd Edition
14.27
Silberschatz, Galvin and Gagne ©2013
Chapter 14: Security
 The Security Problem
 Program Threats
 System and Network Threats
Operating System Concepts Essentials – 2nd Edition
14.28
Silberschatz, Galvin and Gagne ©2013
System and Network Threats
 Some systems “open” rather than secure by default

Reduce attack surface

Harder to use, more knowledge needed to administer
Operating System Concepts Essentials – 2nd Edition
14.29
Silberschatz, Galvin and Gagne ©2013
System and Network Threats
 Network threats harder to detect, prevent

Protection systems weaker

More difficult to have shared secret to base access

No physical limits once system attached to Internet
 Or

on network with system attached to Internet
Determining location of connecting system difficult
 IP
address is only knowledge
Operating System Concepts Essentials – 2nd Edition
14.30
Silberschatz, Galvin and Gagne ©2013
System and Network Threats (Cont.)
 Worms – use spawn mechanism; standalone
program
 Internet worm

Exploited UNIX networking features (remote access)
and bugs in finger and sendmail programs

Exploited trust-relationship mechanism used by rsh to
access friendly systems without use of password
Operating System Concepts Essentials – 2nd Edition
14.31
Silberschatz, Galvin and Gagne ©2013
System and Network Threats (Cont.)
 Internet worm (cont.)

Grappling hook program uploaded main worm
 99

lines of C
Hooked system then uploaded main code
 Tried
to attack connected systems
 Tried
to break into other users accounts on local system
via password guessing
Operating System Concepts Essentials – 2nd Edition
14.32
Silberschatz, Galvin and Gagne ©2013
The Morris Internet Worm
Operating System Concepts Essentials – 2nd Edition
14.33
Silberschatz, Galvin and Gagne ©2013
System and Network Threats (Cont.)
 Port scanning

Automated attempt to connect to range of ports
 On
one or range of IP addresses

Detect OS and version running on system

Detect answering service protocol
 Attacks

known services + vulnerabilities
Frequently launched from zombie systems
 Decreases

traceability
nmap program scans all ports in given IP range
Operating System Concepts Essentials – 2nd Edition
14.34
Silberschatz, Galvin and Gagne ©2013
System and Network Threats (Cont.)
 Denial of Service

Overload targeted computer
 Prevent
it from doing any useful work

Distributed denial-of-service (DDOS) come from
multiple sites at once

Consider web site traffic
 Popular
vs. target?

Accidental – CS students writing bad fork() code

Purposeful – extortion, punishment
Operating System Concepts Essentials – 2nd Edition
14.35
Silberschatz, Galvin and Gagne ©2013
Sobig.F Worm
 Disguised as photo uploaded to adult newsgroup

Via account created with stolen credit card
 Targeted Windows systems
 Had own SMTP engine to mail itself as attachment to
everyone in infected system’s address book
 Disguised with innocuous subject lines, looking like it
came from someone known
 Attachment was executable program that created
WINPPR23.EXE in default Windows system
directory

Also modified Windows registry
Operating System Concepts Essentials – 2nd Edition
14.36
Silberschatz, Galvin and Gagne ©2013
End of Chapter 14a
Operating System Concepts Essentials – 2nd Edition
Silberschatz, Galvin and Gagne ©2013