Operating Systems Concepts LECTURE 42,43 – SECURITY Security Security is a measure of the system's ability to resist unauthorized usage while still providing its services to legitimate users. Security can be characterized as a system providing confidentiality, integrity, availability. Confidentiality is the property that data or services are protected from unauthorized access. Integrity is the property that data or services are being delivered as intended. Availability is the property that the system will be available for legitimate use. The Security Problem System secure if resources used and accessed as intended under all circumstances Unachievable Intruders (Hackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious misuse Threats Threat is a possible security violation Sharing and Protection are requirements of modern Computing, but they imply contradictory goals. More sharing gives rise to more possibility of security threats, or penetration, thus requiring higher protection. When the personal computers (PC) were designed, it was intended strictly for individual use. This is the reason why MS-DOS was not very strong in the Security/Protection areas. It did not have to protect the data files of one user from the possibility of penetration or misuse by another user, as no two users were expected to use the same machine simultaneously. Hence, in the PC environment, in the earlier days, the only way data could be protected was by locking the room physically where the PC and floppy disks were kept. Today a number of PCs are being networked together for sharing of data and programs, a need has arisen to have better and stricter control over the protection aspects. Categories of Threats Breach of confidentiality Breach of integrity Unauthorized destruction of data Theft of service Unauthorized modification of data Breach of availability Unauthorized reading of data Unauthorized use of resources Denial of service (DOS) Prevention of legitimate use Some ways of penetrating a system An intruder may guess or steal somebody else’s password and then use it. An intruder may use the vendor-supplied password, which is expected to be used for the purpose of system generation and maintenance by only the system administrators. An intruder may find out the password by trial and error method. It is fairly well known that many users generally use names, initials, or some other common identifiers as passwords. If a user logs on to a terminal and then goes off for a cup of coffee, an intruder can use that terminal to access, or modify, sensitive and confidential information. An intruder can write a dummy login program to fool the user. The intruder, in this case, can write a program to throw a screen, prompting for the username and the password in the same way that the operating system would do. When a user keys in the username and password for logging in, this dummy program collects this information for the use by the intruder later on. It may then terminate after throwing back some misleading message like “system down…” This collected information is used for future intrusion. This is a form of “chameleons”. Types of Threats Active Threat Security incidents that results in damage to systems, data, infrastructure or facilities. They may also result in a loss of data. Passive Threat Security incidents that do not alter a system but are intended to gather data or execute transactions. In many cases, they are more difficult to detect as they may have few side effects. Specific Types of Threats Types of Threats Examples Effects PHYSICAL THREATS Fire, flood etc: Sabotage Machine faults Loss of availability of Machine and/or data ACCIDENTAL ERROR Programmer error, User or operator error Corruption to data MALICIOUS MISUSE Viruses, worms, Trojan Horses corruption or Destruction of Software Corruption of data and soft ware, Loss of availability of Hardware Accidental Error There exists the truism that the Simple errors, of which every one is guilty from time to time, tend to increases in their gravity when occurring in a computer system. The case of deletion of a file, for example, is often quite disproportionate the consequences of selecting the wrong file. The most dangerous type of error concerns the invalid updating of files whose contents are not utilized for sometime. It is difficult to counter these dangers by other than general backup and recovery procedures. Malicious Misuse Any form of tampering of the computer system which includes penetration, Trojan horses, viruses and any form of illegal alteration of the computer system that is specifically designed to damage, disrupt, steal, or in general inflict some other "bad" or illegitimate action on data, hosts, or networks. Malware Perhaps the most sophisticated types of threats to computer systems are presented by programs that exploit vulnerabilities in computing systems. Such threats are referred to as malicious software, or malware. Software designed to cause damage Or use up the resources of a target computer. Some malware is parasitic Contained within other software Some malware is self-replicating, others require some other means to propagate Backdoor Trapdoor Secret entry point Useful for programmers debugging But allows unscrupulous programmers to gain unauthorized access. Logic Bomb Explodes when certain conditions are met Presence or absence of certain files Particular day of the week Particular user running application Trojan Horse Useful program that contains hidden code that when invoked performs some unwanted or harmful function Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly User may set file permission so everyone has access Virus Software that “infects” other software by modifying them Modification includes An infection mechanism Trigger Payload Virus Stages During its lifetime, a typical virus goes through the following four phases: Dormant phase Propagation phase Triggering phase Execution phase 16 Virus Propagation There are five well-known methods by which a virus can infect other programs. These are discussed as under Append: In this method, the viral code appends itself to the unaffected program. Replace: In this case, the viral code replaces the original executable program completely or partially. Insert: In this case, the viral code is inserted in the body of an executable code to carry out some undesirable action. Delete: In this case, the viral code deletes some code from the executable program. Redirect: This is an advanced approach employed by the authors of sophisticated viruses. The normal control flow of a program is changed to execute some other (normally viral) code, which could exist as an appended potion of an otherwise normal program. This mode is quite common. Contd. Virus Classification There is no simple or universally agreed upon classification scheme for viruses, It is possible to classify a virus by a number of means including By target By Concealment strategy by Target Boot sector infector File infector Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus Infects files that the operating system or shell consider to be executable Macro virus Infects files with macro code that is interpreted by an application Platform independent Mostly infect Microsoft Word documents Infect documents, not executable portions of code Easily spread File system access controls are of limited use in preventing spread by Concealment Strategy Encrypted virus Stealth virus Hides itself from detection of antivirus software Polymorphic virus Random encryption key encrypts remainder of virus Mutates with every infection Metamorphic virus Mutates with every infection Rewrites itself completely after every iteration Worms Replicates itself Use network connections to spread form system to system 22 Worm Propagation Electronic mail facility Remote execution capability A worm mails a copy of itself to other systems A worm executes a copy of itself on another system Remote log-in capability A worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other Thank You!