BASIC MEMORY MANAGEMENT 4.2 SWAPPING 4.3 VIRTUAL MEMORY 4.4 PAGE REPLACEMENT ALGORITHMS 4.5 MODELING PAGE REPLACEMENT ALGORITHMS 4.6 DESIGN ISSUES FOR PAGING SYSTEMS 4.7 IMPLEMENTATION ISSUES 4.8 SEGMENTATION 4.9 RESEARCH ON MEMORY MANAGEMENT 4.10 SUMMARY
Trang 19.7 TRUSTED SYSTEMS
9.8 RESEARCH ON SECURITY
9.9 SUMMARY
Trang 3Fig 9-2 Relationship between the plaintext and the ciphertext.
Trang 4document
Originaldocument
Documentcompressed
to a hashvalue
Hash valuerun through D
D(Hash)
D(Hash)
Signatureblock
Trang 5LOGIN: ken LOGIN: carol LOGIN: carol
PASSWORD: FooBar INVALID LOGIN NAME PASSWORD: Idunno
LOGIN:
Fig 9-4 (a) A successful login (b) Login rejected after name is entered (c) Login rejected after name and password are typed.
Trang 6WELCOME TO THE ELXSI COMPUTER AT LBL
Fig 9-5 How a cracker broke into a U.S Dept of Energy puter at LBL.
Trang 81 Challenge sent to smart card
3 Response sent back
Remotecomputer
Fig 9-7 Use of a smart card for authentication.
Trang 9Spring Pressure plate
Fig 9-8 A device for measuring finger length.
Trang 10Login: Login:
Fig 9-9 (a) Correct login screen (b) Phony login screen.
Trang 11while (TRUE) { while (TRUE) {
printf("login: "); printf("login: ");
get3string(name); get3string(name);
disable3echoing( ); disable3echoing( );
printf("password: "); printf("password: ");
get3string(password); get3string(password);
enable3echoing( ); enable3echoing( );
v = check3validity(name, password);v = check3validity(name, password);
if (v) break; if (v || strcmp(name, "zzzzz") == 0) break;
Trang 12Main’s local variables
Program (a)
Program Return addr
(b) SP
Virtual address space
B
Program (c) SP
Virtual address space
B
A’s local variables
Buffer B
Main’s local variables Return addr A’s local variables
Fig 9-11 (a) Situation when the main program is running (b)
After the procedure A has been called (c) Buffer overflow shown
in gray.
Trang 13(b)
BAAAAA
(c)
FAAAAA
Fig 9-12 The TENEX password problem.
Trang 14#include <sys/types.h> /*standard POSIX headers*/
dirp = opendir(dir3name); /*open this directory*/
if (dirp == NULL) return; /*dir could not be opened; forget it*/while (TRUE) {
dp = readdir(dirp); /*read next directory entry */
if (dp == NULL) { /*NULL means we are done*/
chdir (" "); /*go back to parent directory*/
break; /*exit loop*/
}
if (dp->d3name[0] == ’.’) continue; /*skip the and directories */
lstat(dp->d3name, &sbuf); /*is entry a symbolic link? */
if (S3ISLNK(sbuf.st3mode)) continue; /*skip symbolic links*/
if (chdir(dp->d3name) == 0) { /*if chdir succeeds, it must be a dir */search("."); /*yes, enter and search it*/
} else { /*no (file), infect it*/
if (access(dp->d3name,X3OK) == 0) /*if executable, infect it*/
Trang 15(c)
Executableprogram
Header
(d)Header
Virus
Virus Virus Virus Virus
Starting
address
Fig 9-14 (a) An executable program (b) With a virus at the front (c) With a virus at the end (d) With a virus spread over free space within the program.
Trang 16VirusSys call trapsDisk vectorClock vectorPrinter vector(b)
Operatingsystem
VirusSys call trapsDisk vectorClock vectorPrinter vector(c)
Fig 9-15 (a) After the virus has captured all the interrupt and trap vectors (b) After the operating system has retaken the printer interrupt vector (c) After the virus has noticed the loss of the printer interrupt vector and recaptured it.
Trang 17(c)
Decompressor Compressor Compressed executable program
Compressed executable program Header
(d)
Decryptor
Header
Encryptor Compressor
Encrypted Virus Decompressor
Compressed executable program
Encryptor Compressor
Encrypted Virus Decompressor
(e) Header
File is longer Virus Original size
Fig 9-16 (a) A program (b) An infected program.
(c) A compressed infected program (d) An encrypted virus (e) A compressed virus with encrypted compression code.
Trang 18MOV A,R1 MOV A,R1 MOV A,R1 MOV A,R1 MOV A,R1
SUB #4,R1 SUB #4,R1 SUB #4,R1 SUB #4,R1
MOV R5,Y MOV R5,Y
Fig 9-17 Examples of a polymorphic virus.
Trang 19Applet 2
Applet 1
MOV R1, S1SHR #24, S1CMP S1, S2TRAPNEJMP (R1)
Trang 21Software vendor
Signature generation
H = hash(Applet)Signature = encrypt(H)
Applet
Signature
User
AppletSignature
Internet
Signature verification
H1 = hash(Applet)H2 = decrypt(Signature)
Accept Applet if H1 = H2
Fig 9-20 How code signing works.
Trang 23Domain 1 Domain 2 Domain 3
File1[ R ]
File2 [ RW ]
File3 [ R ] File4 [ RW X ] File5 [ RW ]
Printer1 [ W ]
File6 [ RW X ] Plotter2 [ W ]
Fig 9-22 Three protection domains.
Trang 24Printer1 Plotter2 Domain
Read Write
Read Write Execute
Read Write Execute
Write
Write Write
Fig 9-23 A protection matrix.
Trang 25Domain2 Domain3 Domain1
Enter
Printer1 Plotter2 Domain
Read Write
Read Write Execute
Read Write Execute
Write
Write Write
Fig 9-24 A protection matrix with domains as objects.
Trang 26Fig 9-25 Use of access control lists to manage file access.
Trang 28F3
Userspace
Kernelspace
C-list
Fig 9-27 When capabilities are used, each process has a ity list.
Trang 29capabil-Server Object Rights f(Objects,Rights,Check)
Fig 9-28 A cryptographically-protected capability.
Trang 30User process
All system calls go through the reference monitor for security checking
Reference monitorTrusted computing baseOperating system kernel
Userspace
Kernelspace
Fig 9-29 A reference monitor.
Trang 31Compiler Mailbox 7
Objects
Secret Read
Execute
Read
Execute
Read Write Read
Execute
Read Write
Execute Read Execute
Read Write Read Read
Execute
Read Write
Eric Henry
Robert
Fig 9-30 (a) An authorized state (b) An unauthorized state.
Trang 322
6
4 3
Trang 33Exportation of labeled information X → → →
Design specification and verification X X X X
Security features user’s guide X → → → → →
Trang 34Fig 9-33 (a) The client, server, and collaborator processes.
(b) The encapsulated server can still leak to the collaborator via covert channels.
Trang 35Server unlocks file to send 0 Bit stream sent
Fig 9-34 A covert channel using file locking.
Trang 36(a) (b)
Fig 9-35 (a) Three zebras and a tree (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare.