Chapters 9 & 10, Modern Operating Systems by A. S. Tanenbaum IA 705, Prof. Brown, Spring 2003 Group E IA705, Spring 2003 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 1 Chapter 9, UNIX & Linux Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 2 Jose Paloschavez J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 3 The Security Environment Threats Security goals and threats J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 4 Intruders Common Categories 1. Casual prying by nontechnical users 2. Snooping by insiders 3. Determined attempt to make money 4. Commercial or military espionage J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 5 Accidental Data Loss Common Causes 1. Acts of God - fires, floods, wars 2. Hardware or software errors - CPU malfunction, bad disk, MSFT program bugs 3. Human errors - data entry, wrong backup disk J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 6 Basics of Cryptography Relationship between the plaintext and the ciphertext J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 7 Secret-Key Cryptography • Monoalphabetic substitution – each letter replaced by different letter Plaintext: ABCDEFGHI… Ciphertext: EQHOZGS EGSSTUT CAPITOL COLLEGE • Given the encryption key, – easy to find decryption key • Secret-key crypto called symmetric-key crypto J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 8 Public-Key Cryptography Private Key Mathematically Linked Key Pair Public Key • All users pick a public key/private key pair – publish the public key – private key not published • Public key is the encryption key – private key is the decryption key J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 9 One-Way Functions • Function such that given formula for f(x) – easy to evaluate y = f(x) • But given y – computationally infeasible to find x • Many names – Compression function, contraction function, message digest, fingerprint, cryptographic checksum or manipulation detection mode (MDC) J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 10 Digital Signatures • Signature is authentic • Signature is unforgeable • Signature is not reusable • Signature is unalterable • Signature cannot be repudiated J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 11 User Authentication Authentication must identify: 1. Something the user knows 2. Something the user has 3. Something the user is NOTE: This is done before user can use the system J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 12 Authentication Using Passwords LOGIN: jose PASSWORD: AuthEnt SUCCESSFULL LOGIN (a) LOGIN: bogs INVALID LOGIN NAME LOGIN (b) LOGIN: lagas PASSWORD: Iforgot INVALID LOGIN LOGIN: (c) (a) A successful login (b) Login rejected after name entered (c) Login rejected after name and password typed J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 13 Authentication Using Passwords Jose, 2918, b(13%%BeTWW2918) Matt, 9282, e(WonderDog9282), James, 9619, e(AxC@Oczw9619) John, 3168, e(MonkeyBusiness,3168) , , , Lewes, 1705, e(ShenTel,1705) Salt Password The use of salt to defeat precomputation of encrypted passwords J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 14 Improving Password Security 1. Password should be a minimum of, seven characters , lower case letters. 2. Passwords should contain both UPPER and 3. Passwords should contain at least one digit or, spec*al. , 4. Passwords should not be dictionary words, names, etc. 5. Passwords should be treated like a toothbrush, not shared. J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 15 Authentication Using a Physical Object • Magnetic cards – magnetic stripe cards – chip cards: stored value cards, smart cards J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 16 Authentication Using Biometrics A device for authenticating using iris J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 17 Matt Troxler J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 18 Attacks from the Inside • • • • • Trojan Horses Login Spoofing Logic Bombs Trap Doors Buffer Overflow J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 19 Design Principles for Security • Public Design - easier to service. • Default = Deny Access - easier to trace errors. • Check access occasionally, not just a login or file open procedure J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 20 Design Principles Cont’d. • Minimal permissions for all users/processes • Ease of use - difficult interfaces usually result in wide-open environments • Keep it simple - tight and efficient code is easy to review and lock down J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 21 External Attacks (Viruses) How they function • “Dropper” tool is used to deploy a virus • Infected file is distributed (preferably publicly) • Users go get (or receive unknowingly) and install the infected file • Payload of the file runs, does whatever the virus does J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 22 Classifications of Viruses • Companion virus - runs in place of a legitimate file • Executables - virus code imbeds itself in another .exe (overwriting) • Parasitic viruses overwriting, but the original files still work after infection. • Cavity virus - virus embeds itself in unused portions of legit. files • Memory Resident - Lives in memory, little disk activity • Boot Sector - lives at the first sector of the HDD • Device Driver - gets loaded as a legit. file in kernel mode • Macro - attached to a file that appears innocent • Source Code - requires some knowledge of programming J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 23 How Viruses Spread • Downloads • Email • Storage Space (fixed or removable disks, memory, etc.) J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 24 Antivirus and Anti-Antivirus… and so on… • Date hiding – Date disguising – Parent folder… • Size hiding – Compression • Bitwise hiding – Look for decryption routine/key Polymorphic – Look for morphing routine code Checksums – Delete or overwrite – Encrypt J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 25 Securing Mobile Code • Sandboxing • Interpretation • Code • Java Security J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 26 Protection Mechanisms • Protection Domains • Access Control Lists • Capabilities J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 27 Trusted Systems and Multilevel Security • • • • • • Trusted Computing Base Formal Models Bell-La Padula Model Biba Model Orange Book Covert Channels J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 28 Chapter 10, UNIX & Linux Modern Operating Systems by A. S. Tanenbaum Group E IA705, Spring 2003 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 29 Jim Boggs J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 30 History • • • • • • UNICS PDP-11 UNIX & Portable UNIX Berkeley UNIX Standard UNIX & POSIX MINIX Linux J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 31 Overview of UNIX UNIX Goals & Interfaces • Goals – Handle Multiple Processes & Users – Design Principles • Interfaces User Interface Library Interface System Call Interface Users Utility Programs Standard Library UNIX OS Hardware J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 User Mode Kernel Mode 32 Overview of UNIX UNIX Shell & Utility Programs • Shell – – – – Ordinary program providing command line interface Standard input/output Flexibility (wild cards, standard I/O,flags, pipes) Shell Scripts • Utility Programs – – – – File & Directory Commands Filters Development Tools & Text Processing System Administration J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 33 Overview of UNIX Kernel Structure Kernel structure graphic, copyright Prentice-Hall 2001, Modern Operating Systems, p. 688 J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 34 Processes in UNIX Concepts and Process Management • Active Entities are Processes – – – – Foreground & Background Parent & Child ID for Each Single & Multiple Threads • Process Management System Calls – Means for Processes to Communicate – Based on POSIX – Examples J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 35 Processes in UNIX Implementation • Process Table – – – – Scheduling Parameters Memory Image Signals Miscellaneous • Use Structure – – – – – Machine Registers System Call State File Descriptor Accounting Kernel Stack J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 36 Processes in UNIX Threads • UNIX – Supported in Kernel, but Process-oriented – Difficult Thought Process in Using Multiple Threads • Fork & other Examples • Linux – – – – Kernel-oriented Clone Detailed Sharing Non-portability J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 37 Processes in UNIX Scheduling • UNIX – Designed for Response to Interactive Processes – Process-oriented Queue Management – Get Processes Rapidly out of the Kernel • Linux – Thread-oriented – Classes of Linux Threads • Real-time FIFO • Real-time Round Robin • Timesharing J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 38 Processes in UNIX Booting UNIX • • • • Get Kernel Running Set Message Buffer Allocate Kernel Data Structure System Configuration (drivers) – Static Links – Dynamic Loads • Begin Process 0 • Init • Login J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 39 John Lagas J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 40 Unix Memory Management • Fundamental Concepts – Text – Data – Stack – Shared Text Segments – Memory-mapped files J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 41 Unix Memory Management • Memory Management System Calls – brk – mmap – unmap J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 42 Unix Memory Management • Implementation – Swapping – Paging – Page replacement algorithm • Two-handed • Clock – Memory Management under Linux • Buddy algorithm J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 43 Unix I/O • Fundamental concepts – Special files – Character special – Block special • Major and minor numbers – Networking • Sockets • TCP/UDP and IP J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 44 Unix I/O • System Calls J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 45 Unix I/O • Implementation – Ioctl • Device dependant • Device drivers – Streams J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 46 Unix File Systems • Fundamental Concepts – “Standard” directories • bin, dev, etc, sbin, lib, usr – path • absolute and relative – linking files – locking • Prevents overwrites – File descriptor and file handle • Descriptor is of type “int” • Handle is the “name of the file” J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 47 Unix File Systems • System Calls J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 48 Unix File Systems • Implementation – Superblock – Inodes – Inode table – What info to keep for a file? • • • • DAC MAC Access/mod/change times UID/GID J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 49 Unix File Systems • NFS – Architecture – Client-server • Makes remote file system appear local • Can cause system to “hang” – Implementation • Local is of type NFS • Remote is not relevant for the client – The server handles those details J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 50 Unix Security • Fundamental concepts – UID and GID • Mentioned above under File systems – DAC and mode bits • Extended mode bits – Superuser !!! Got root? • UID 0 • Only one per system, or game over… – EUID • Who are you running as??? • SETUID / SETGID J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 51 Unix Security • System Calls J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 52 Unix Security • Implementation – The devil is in the details – System files J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 53 Questions and Answers J. Paloschavez, M. Troxler, J. Boggs, J. Lagas Chapters 9 & 10 IA705 54