CMSC 414 Computer (and Network) Security

advertisement
CMSC 414
Computer and Network Security
Lecture 13
Jonathan Katz
Exam stats
 Median: 75
 Letter grades
– 85-100: A
– 65-85: B
– 50-65: C
– < 50: D/F
Memory Protection
Memory protection
 Usually think of multi-user security in terms of
files, but memory protection must also be done
– Behind the scenes…handled by OS automatically
 Enforce logical separation
– Users operate under the illusion that no other user’s
processes are running, and in fact are unable to access
objects outside some permitted domain
Memory protection
 “Fence”: restricts access to portions of memory
– Introduced in single-user systems to prevent
(accidental) destruction of OS code
 E.g., predefined memory address where OS
resides; users disallowed from modifying
– Can be enforced at the hardware level
 Drawbacks
– Fixed space allocated for OS
– What if OS is supposed to be “modifiable”?
– May waste space
Continued…
 Variation is to have a “fence register” which stores
the address of the protected portion of memory
– Allow easy “relocation” by simple addition (in
hardware)
– Protected portion can dynamically change
 More opportunity for security breaches…
Base/bounds registers
 Can have two registers: base register and bounds
register
– Memory access restricted to lie between these two
 Contents of these registers will be changed by the
OS, per-user, as part of context switching
 Can also have an additional base/bounds register
for each user, to logically separate instructions
from data
– Prevent accidental overwriting of executable code
Tagged architecture
 Base/bounds registers offer very course-grained
protection
– Also, have the restriction that different sections of
memory space must be contiguous
 Possible to improve this by tagging every, e.g.,
word of memory
– E.g., label each word read/write/execute
 Can be wasteful of memory…
 Requires changes at the hardware level
Segmentation
 Program components divided into logical segments (e.g.,
code of a single procedure; local variables)
 Each segment has a unique name; items in segment
addressed by (name, offset)
 Each segment may be stored anywhere in memory
– OS handles mapping; transparent to user
– Can implement diff. protection for each segment
– OS controls which programs have which entries in their segment
address tables
– Multiple users can potentially be given access to the same segment
– Complete mediation
Drawbacks of segmentation?
 Users can guess memory locations
 Users can generate (name, offset) where the offset
is larger than the segment size
– Can fix this by storing current segment length in the
segment address table, but this is inefficient
 Memory fragmentation
 Address table lookup can be slow
Paging
 Similar to segmentation, but with fixed-size segments
called pages
– Addressing via (page, offset)
 Avoids fragmentation problem…and “large offset” issue
 Programmer need not be aware of pages (in contrast to
segments, which were logical units)
 Drawbacks
– “Re-paging” causes potential security problems as data is shifted
from one page to another
– Can be difficult to describe desired protection, since pages are no
longer logical units
Combining the approaches
 Segmentation better for security; paging better for
efficiency
– Combine to get best of both
 Program divided into logical segments; each
segment broken into fixed-size pages
Network Security
Authentication: an Overview
Authentication
 Verifying the identity of another entity
– Computer authenticating to another computer
– Person authenticating to a local computer
– Person authenticating to a remote computer
 Two issues:
– How authentication information is stored (at both ends)
– Authentication protocol itself
Authentication
 Authentication may be based on
– What you know
– What you have
– What you are
– Examples?
 Can also consider two-factor authentication
 Mutual authentication vs. unidirectional
authentication
Authentication
 Important to be clear about what is being
authenticated
–
–
–
–
The user?
The machine?
The user’s role?
The data?
 What assumptions are being made?
– E.g., login on untrusted terminal
Attack taxonomy
 Passive attacks
 Active attacks
– Impersonation
– Man-in-the-middle
 Server compromise
 Different attacks may be easier/more difficult in
different settings
Address-based authentication
 Is sometimes used (e.g., unix)
 This is generally not very secure
– Relatively easy to forge source addresses of network
packets
Password-based protocols
 Password-based authentication
– Any system based on low-entropy shared secret (note:
different from book definitions!)
 Distinguish on-line attacks vs. off-line attacks
Password selection
 User selection of passwords is typically very weak
– Lower entropy password makes dictionary attacks
easier
 Typical passwords:
– Derived from account names or usernames
– Dictionary words, reversed dictionary words, or small
modifications of dictionary words
– Etc.
Better password selection
 Non-alphanumeric characters
 Longer phrases
 Can try to enforce good password selection…
 …but these types of passwords are difficult for
people to memorize and type!
From passwords to keys?
 Can potentially use passwords to derive symmetric
or public keys
 What is the entropy of the resulting key?
 Often allows off-line dictionary attacks on the
password
Download