Uploaded by ubbi1235

Lecture 42,43

advertisement
Operating Systems
Concepts
LECTURE 42,43 – SECURITY
Security

Security is a measure of the system's ability to resist unauthorized usage
while still providing its services to legitimate users.

Security can be characterized as a system providing confidentiality,
integrity, availability.

Confidentiality is the property that data or services are protected from
unauthorized access.

Integrity is the property that data or services are being delivered as intended.

Availability is the property that the system will be available for legitimate use.
The Security Problem

System secure if resources used and accessed as intended under all
circumstances

Unachievable

Intruders (Hackers) attempt to breach security

Threat is potential security violation

Attack is attempt to breach security

Attack can be accidental or malicious

Easier to protect against accidental than malicious misuse
Threats

Threat is a possible security violation

Sharing and Protection are requirements of modern Computing, but they imply
contradictory goals. More sharing gives rise to more possibility of security
threats, or penetration, thus requiring higher protection. When the personal
computers (PC) were designed, it was intended strictly for individual use. This is
the reason why MS-DOS was not very strong in the Security/Protection areas. It
did not have to protect the data files of one user from the possibility of
penetration or misuse by another user, as no two users were expected to use
the same machine simultaneously. Hence, in the PC environment, in the earlier
days, the only way data could be protected was by locking the room
physically where the PC and floppy disks were kept. Today a number of PCs
are being networked together for sharing of data and programs, a need has
arisen to have better and stricter control over the protection aspects.
Categories of Threats

Breach of confidentiality


Breach of integrity


Unauthorized destruction of data
Theft of service


Unauthorized modification of data
Breach of availability


Unauthorized reading of data
Unauthorized use of resources
Denial of service (DOS)

Prevention of legitimate use
Some ways of penetrating a system

An intruder may guess or steal somebody else’s password and then use it.

An intruder may use the vendor-supplied password, which is expected to be used for the
purpose of system generation and maintenance by only the system administrators.

An intruder may find out the password by trial and error method. It is fairly well known that
many users generally use names, initials, or some other common identifiers as passwords.

If a user logs on to a terminal and then goes off for a cup of coffee, an intruder can use
that terminal to access, or modify, sensitive and confidential information.

An intruder can write a dummy login program to fool the user. The intruder, in this case,
can write a program to throw a screen, prompting for the username and the password in
the same way that the operating system would do. When a user keys in the username
and password for logging in, this dummy program collects this information for the use by
the intruder later on. It may then terminate after throwing back some misleading message
like “system down…” This collected information is used for future intrusion. This is a form of
“chameleons”.
Types of Threats

Active Threat


Security incidents that results in damage to systems, data, infrastructure or
facilities. They may also result in a loss of data.
Passive Threat

Security incidents that do not alter a system but are intended to gather data or
execute transactions. In many cases, they are more difficult to detect as they
may have few side effects.
Specific Types of Threats
Types of Threats
Examples
Effects
PHYSICAL THREATS
Fire, flood etc: Sabotage
Machine faults
Loss of availability of
Machine and/or data
ACCIDENTAL ERROR
Programmer error, User
or operator error
Corruption to data
MALICIOUS MISUSE
Viruses, worms, Trojan
Horses corruption or
Destruction of Software
Corruption of data and soft
ware, Loss of availability of
Hardware
Accidental Error

There exists the truism that the Simple errors, of which every one is guilty
from time to time, tend to increases in their gravity when occurring in a
computer system. The case of deletion of a file, for example, is often quite
disproportionate the consequences of selecting the wrong file.

The most dangerous type of error concerns the invalid updating of files
whose contents are not utilized for sometime. It is difficult to counter these
dangers by other than general backup and recovery procedures.
Malicious Misuse

Any form of tampering of the computer system which includes
penetration, Trojan horses, viruses and any form of illegal alteration of the
computer system that is specifically designed to damage, disrupt, steal, or
in general inflict some other "bad" or illegitimate action on data, hosts, or
networks.
Malware


Perhaps the most sophisticated types of threats to computer systems are
presented by programs that exploit vulnerabilities in computing systems.

Such threats are referred to as malicious software, or malware.

Software designed to cause damage

Or use up the resources of a target computer.
Some malware is parasitic


Contained within other software
Some malware is self-replicating, others require some other means to
propagate
Backdoor

Trapdoor

Secret entry point

Useful for programmers debugging

But allows unscrupulous programmers to gain unauthorized access.
Logic Bomb

Explodes when certain conditions are met

Presence or absence of certain files

Particular day of the week

Particular user running application
Trojan Horse

Useful program that contains hidden code that when invoked performs
some unwanted or harmful function

Can be used to accomplish functions indirectly that an unauthorized user
could not accomplish directly

User may set file permission so everyone has access
Virus

Software that “infects” other software by modifying them

Modification includes

An infection mechanism

Trigger

Payload
Virus Stages

During its lifetime, a typical virus goes through the following four phases:

Dormant phase

Propagation phase

Triggering phase

Execution phase
16
Virus Propagation
There are five well-known methods by which a virus can infect other programs. These are
discussed as under

Append: In this method, the viral code appends itself to the unaffected program.

Replace: In this case, the viral code replaces the original executable program
completely or partially.

Insert: In this case, the viral code is inserted in the body of an executable code to carry
out some undesirable action.

Delete: In this case, the viral code deletes some code from the executable program.

Redirect: This is an advanced approach employed by the authors of sophisticated viruses.
The normal control flow of a program is changed to execute some other (normally viral)
code, which could exist as an appended potion of an otherwise normal program. This
mode is quite common.
Contd.
Virus Classification

There is no simple or universally agreed upon classification scheme for
viruses,

It is possible to classify a virus by a number of means including

By target

By Concealment strategy
by Target

Boot sector infector


File infector


Infects a master boot record or boot record and spreads when a system is booted from the disk containing
the virus
Infects files that the operating system or shell consider to be executable
Macro virus

Infects files with macro code that is interpreted by an application

Platform independent

Mostly infect Microsoft Word documents

Infect documents, not executable portions of code

Easily spread

File system access controls are of limited use in preventing spread
by Concealment
Strategy

Encrypted virus


Stealth virus


Hides itself from detection of antivirus software
Polymorphic virus


Random encryption key encrypts remainder of virus
Mutates with every infection
Metamorphic virus
Mutates with every infection
 Rewrites itself completely after every iteration

Worms

Replicates itself

Use network connections to spread form system to system
22
Worm Propagation

Electronic mail facility


Remote execution capability


A worm mails a copy of itself to other systems
A worm executes a copy of itself on another system
Remote log-in capability

A worm logs on to a remote system as a user and then uses commands to copy
itself from one system to the other
Thank You!
Download