Lecture Operating system - Chapter 9: Security has contents: The security environment, basics of cryptography, user authentication, attacks from inside the system, attacks from outside the system, protection mechanisms, trusted systems.
Trang 2The Security Environment
Threats
Security goals and threats
Trang 5Basics of Cryptography
Relationship between the plaintext and the ciphertext
Trang 12Authentication Using Passwords
• How a cracker broke into LBL
– a U.S. Dept. of Energy research lab
Trang 14Authentication Using a Physical Object
• Magnetic cards
– magnetic stripe cards– chip cards: stored value cards, smart cards
Trang 15Authentication Using Biometrics
A device for measuring finger length
Trang 18Login Spoofing
(a) Correct login screen
(b) Phony login screen
Trang 20Trap Doors
(a) Normal code.
(b) Code with a trapdoor inserted
Trang 23Famous Security Flaws
The TENEX – password problem
Trang 32Antivirus and AntiAntivirus Techniques
(a) A program (b) Infected program (c) Compressed infected program (d) Encrypted virus
(e) Compressed virus with encrypted compression code
Trang 33Antivirus and AntiAntivirus Techniques
Examples of a polymorphic virusAll of these examples do the same thing
Trang 36Mobile Code (1) Sandboxing
(a) Memory divided into 1MB sandboxes
(b) One way of checking an instruction for validity
Trang 37Mobile Code (2)
Applets can be interpreted by a Web browser
Trang 38Mobile Code (3)
How code signing works
Trang 40Java Security (2)
Examples of specified protection with JDK 1.2
Trang 41Protection Mechanisms
Protection Domains (1)
Examples of three protection domains
Trang 42Protection Domains (2)
A protection matrix
Trang 43Protection Domains (3)
A protection matrix with domains as objects
Trang 44Access Control Lists (1)
Use of access control lists of manage file access
Trang 45Access Control Lists (2)
Two access control lists
Trang 46Capabilities (1)
Each process has a capability list
Trang 48Trusted Systems
Trusted Computing Base
A reference monitor
Trang 49Formal Models of Secure Systems
(a) An authorized state(b) An unauthorized state
Trang 50Multilevel Security (1)
The BellLa Padula multilevel security model
Trang 53Orange Book Security (2)
Trang 54covert channels
Trang 55Covert Channels (2)
A covert channel using file locking