Uploaded by AbuTv

COMPUTER SECURITY

advertisement
JIGJIGA UNIVERSITY
INSTITUTE OF TECHNOLOGY
SCHOOL OF COMPUTING
DEPARTMENT OF COMPUTER SCIENCE
Course Title: Computer Security
Presented by
Names
Mahamed Abdinasir Yusuf
Mahamed Abdirisak Ahmed
Nimo Tahir Mohamed
Aneb Hussien Ahmed
Abdiwahid Hassan Abdinor
Guided by
IdNo
R/5184/10
R/5203/10
R/5240/10
R/5074/10
R/5381/10
Instructor: Hashim Abdi
Contents
Chapter 4
4. Security in conventional operating systems
4.1 Memory, time, file, object protection requirements and
techniques
4.1.1 How to protect memory of one process from
another?
4.1.2 Memory Segmentation
4.1.3 Paged virtual memory
4.2 One Time passwords
SECURITY IN CONVENTIONAL
Jun - 2021 2
1
Contents
4.3 Protection in contemporary operating systems
4.4 Identification and authentication
4.4.1 Identification goals
4.4.2 Authentication requirements
4.4.3 Human authentication
4.4.3.1 Something You Are
4.4.3.2 Something You Know
4.4.4 Machine authentication
5. References
SECURITY IN CONVENTIONAL
Jun - 2021 3
2
Chapter 4
4. Security in conventional operating systems
 OS security refers to specified steps or measures used to protect the
OS from threats, viruses, worms, malware or remote hacker
intrusions. OS security encompasses all preventive-control
techniques, which safeguard any computer assets capable of being
stolen, edited or deleted if OS security is compromised.
 OS security encompasses many different techniques and methods
which ensure safety from threats and attacks. OS security allows
different applications and programs to perform required tasks and stop
unauthorized interference
SECURITY IN CONVENTIONAL
Jun- 2021
4
3
Chapter 4
 Security refers to providing a protection system to computer system resources
such as CPU, memory, disk, software programs and most importantly
data/information stored in the computer system. If a computer program is run
by an unauthorized user, then he/she may cause severe damage to computer
or data stored in it. So a computer system must be protected against
unauthorized access, malicious access to system memory, viruses, worms
etc.
 Operating system security (OS security) is the process of ensuring OS
integrity, confidentiality and availability. OS security refers to specified steps or
measures used to protect the OS from threats, viruses, worms, malware or
remote hacker intrusions. OS security encompasses all preventive-control
techniques, which safeguard any computer assets capable of being stolen,
edited or deleted if OS security is compromised.
SECURITY IN CONVENTIONAL
Jun- 2021
5
3
Chapter 4
OS security may be approached in many ways, including
adherence to the following:
Performing regular OS patch updates
Installing updated antivirus engines and software
Scrutinizing all incoming and outgoing network traffic through
a firewall
Creating secure accounts with required privileges only (i.e.,
user management)
SECURITY IN CONVENTIONAL
Jun- 2021
6
3
Chapter 4
4.1 Memory, time, file, object protection requirements and
techniques
 Memory protection is a way to control memory access rights on a
computer, and is a part of most modern instruction set
architectures and operating systems. The main purpose of memory
protection is to prevent a process from accessing memory that has not
been allocated to it. This prevents a bug or malware within a process
from affecting other processes, or the operating system itself.
Protection may encompass all accesses to a specified area of
memory, write accesses, or attempts to execute the contents of the
area.
SECURITY IN CONVENTIONAL
Jun- 2021
7
3
Chapter 4
 Memory Protection: One of the important aspects of Operating system
security is Memory Protection. Memory provides powerful indirect way
for an attacker to circumvent security mechanism, since every piece of
information accessed by any program will need to reside in memory at
some point in time, and hence may potentially be accessed in the
absence of memory protection mechanisms.
 Memory protection is a way for controlling memory usage on a
computer, and is core to virtually every operating system. The main
purpose of memory protection is to prevent a process running on an
operating system from accessing the memory of other processes, or is
used by the OS kernel.
SECURITY IN CONVENTIONAL
Jun- 2021
8
3
Chapter 4
4.1.1 How to protect memory of one process from another?
 The virtual memory mechanism supported on most OSes ensures that the
memory of different processes are logically disjoint. The virtual addresses,
which are logical addresses, are transformed into a physical memory address
using address translation hardware. To speed up translation, various caching
mechanisms are utilized.
1. First, most L1 processor caches are based on virtual addresses, so cache
accesses don't need address translation.
2. Next, the paging hardware uses cache-like mechanisms (TLBs) to avoid
performing bounds checks on every virtual access. In order to secure the
virtual address translation mechanism, it is important to ensure that
processes cannot tamper with the address translation mechanisms.
SECURITY IN CONVENTIONAL
Jun- 2021
9
3
Chapter 4
4.1.3 Paged virtual memory
 In paging the memory address space or segment is divided into equalsized blocks] called pages. Using virtual memory hardware, each page
can reside in any location at a suitable boundary of the computer's
physical memory, or be flagged as being protected. Virtual memory
makes it possible to have a linear virtual memory address space and to
use it to access blocks fragmented over physical memory address
space.
 Most computer architectures which support paging also use pages as
the basis for memory protection.
SECURITY IN CONVENTIONAL
Jun- 2021 10
3
Chapter 4
4.2 One Time passwords
 One-time passwords provide additional security along with normal
authentication.
 In One-Time Password system, a unique password is required every
time user tries to login into the system.
 Once a one-time password is used, then it cannot be used again.
 Program Threats
 Operating system's processes and kernel do the designated task as
instructed.
 If a user program made these process do malicious tasks, then it is
known as Program Threats.
SECURITY IN CONVENTIONAL
Jun- 2021 11
3
Chapter 4
 System Threats
 System threats refers to misuse of system services and network
connections to put user in trouble.
 System threats can be used to launch program threats on a
complete network called as program attack.
 System threats creates such an environment that operating system
resources/ user files are misused
SECURITY IN CONVENTIONAL
Jun- 2021 12
3
Chapter 4
4.3 Protection in contemporary operating systems
 Protection in contemporary in operating system refers to a
mechanism which controls the access of programs, processes, or users
to the resources defined by a computer system. We can take protection
as a helper to multi programming operating system, so that many users
might safely share a common logical name space such as directory or
files.
Need of Protection:
 To prevent the access of unauthorized users and
 To ensure that each active programs or processes in the system uses
resources only as the stated policy,
 To improve reliability by detecting latent errors.
SECURITY IN CONVENTIONAL
Jun- 2021 13
3
Chapter 4
Role of Protection:
 The role of protection is to provide a mechanism that implement policies which
defines the uses of resources in the computer system. Some policies are
defined at the time of design of the system, some are designed by
management of the system and some are defined by the users of the system to
protect their own files and programs.
 Every application has different policies for use of the resources and they may
change over time so protection of the system is not only concern of the
designer of the operating system. Application programmer should also design
the protection mechanism to protect their system against misuse.
 Policy is different from mechanism. Mechanisms determine how something will
be done and policies determine what will be done. Policies are changed over
time and place to place. Separation of mechanism and policy is important for
the flexibility of the system.
SECURITY IN CONVENTIONAL
Jun- 2021 14
3
Chapter 4
4.4 Identification and authentication
 Identification is the ability to identify uniquely a user of a system or an
application that is running in the system. "Who are you?" – Users supply
information to identify themselves, such as name, username, and user ID.
Supplying identification information does not prove that the user is who he says
he is.
 Authentication is the ability to prove that a user or application is genuinely
who that person or what that application claims to be. "Prove your
identification" – The user verifies her identity. Some examples of authentication
mechanisms are user-selected passwords, system-generated passwords,
passphrases, question-and-answer passwords, tokens, and various biometrics
characteristics. For most systems, identification and authentication are the first
line of defense to prevent unauthorized users from entering the system.
SECURITY IN CONVENTIONAL
Jun- 2021 15
3
Chapter 4
4.4.1 Identification goals
 Identification occurs when a user (or any subject) claims or professes
an identity. This can be accomplished with a username, a process ID, a
smart card, or anything else that can uniquely identify a subject.
Security systems use this identity when determining if a subject can
access an object.
 Many information systems involve data about people. In order reliably to
associate data with particular individuals, it is necessary that an effective and
efficient identification scheme be established and maintained. There is
remarkably little in the information technology literature concerning human
identification. Seeks to overcome that deficiency by undertaking a survey of
human identity and human identification.
SECURITY IN CONVENTIONAL
Jun- 2021 16
3
Chapter 4
4.4.2 Authentication requirements
 In the context of communications across a network, the following attacks can be
identified:
1. Disclosure: Release of message contents to any person or process not possessing the
appropriate cryptographic key.
2. Traffic analysis: Discovery of the pattern of traffic between parties. In a connectionoriented application, the frequency and duration of connections could be determined.
In either a connection-oriented or connectionless environment, the number and length
of messages between parties could be determined.
3. Masquerade: Insertion of messages into the network from a fraudulent source. This
includes the creation of messages by an opponent that are purported to come from an
authorized entity. Also included are fraudulent acknowledgments of message receipt
or non-receipt by someone other than the message recipient.
SECURITY IN CONVENTIONAL
Jun- 2021 17
3
Chapter 4
4. Content modification: Changes to the contents of a message,
including insertion, deletion, transposition, and modification.
5. Sequence modification: Any modification to a sequence of messages
between parties, including insertion, deletion, and reordering.
6. Timing modification: Delay or replay of messages. In a connectionoriented application, an entire session or sequence of messages could
be a replay of some previous valid session, or individual messages in
the sequence could be delayed or replayed. In a connectionless
application, an individual message (e.g., datagram) could be delayed or
replayed.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by destination.
SECURITY IN CONVENTIONAL
Jun- 2021 18
3
Chapter 4
4.4.3 Human authentication
People aren't computers. They don't have the computational or storage
capacity. So the mechanisms to authenticate humans are considerably
different from the mechanisms to authenticate machines. (Though they
both have in common the notion of secrets.)
 Something you know: you demonstrate knowledge of secret, e.g.,
password
 Something you have: you demonstrate possession of object, e.g.,
prox card
 Something you are: you demonstrate some feature of yourself, e.g.,
fingerprint
SECURITY IN CONVENTIONAL
Jun- 2021 19
3
Chapter 4
4.4.3.1 Something You Are
 "Something you are" is authentication based on biometrics. Biometrics are
a measurement of your physical or behavioral traits, e.g., your fingerprint,
face, iris, retina, hands, or DNA. To be usable for authentication, a
biometric must be (i) an identifier within the population; (ii) invariant over
time (N.B., kids' fingerprints change); difficult to spoof (proof of life?); and
easy to measure.
 Biometric measurement suffers from the problems of false
positives and false negatives, so biometric authentication mechanisms can
incorrectly accept or incorrectly reject an authentication request. Which is
better depends on context. And both are bad: on commercial flights, a false
negative or false positive rate of just 1% could have serious consequences.
SECURITY IN CONVENTIONAL
Jun- 2021 20
3
Chapter 4
4.4.3.2 Something You Know
 "Something you know" is authentication based on a human's knowledge
of a secret. The secret is usually a PIN (short numeric code), password
(short string), or passphrase (longer string). I'll write "password" from
now on, but everything we talk about is relevant to all three.
 Passwords have a life cycle:
 Create: user chooses password
 Store: system stores password with user identifier
 Use: user supplies password to authenticate
 Change (Recover/Reset): user forgets; wants or needs to change
SECURITY IN CONVENTIONAL
Jun- 2021 21
3
Chapter 4
4.4.4 Machine authentication
 Machine authentication is the authorization of an automated human-tomachine or machine-to-machine (M2M) communication through
verification of a digital certificate or digital credentials.
 Machine authentication is used to authorize machine interactions on
both wired and wireless networks to enable computers and other
machines to interact and exchange information autonomously. The
processes of machine authentication can be performed by simple
devices such as sensors and meters in infrastructure.
.
SECURITY IN CONVENTIONAL
Jun- 2021 22
3
Chapter 4
5. References
 Operating systems concept 9Th edition
 A security guide security system design and equipment selection and
installation
 Operating system security tutorials point
 Operating system security 6Th edition by willan Stallings
 Security ordinary operating systems
 Operating system security rules
 Operating system security –research gate
 Operating system security |sematic. Scholar
 Operating system security –Andrew.cmd.ed
 System protection operating systems-geeks for geeks
SECURITY IN CONVENTIONAL
Jun- 2021 23
3
24
Download