Đang tải... (xem toàn văn)
BASIC MEMORY MANAGEMENT 4.2 SWAPPING 4.3 VIRTUAL MEMORY 4.4 PAGE REPLACEMENT ALGORITHMS 4.5 MODELING PAGE REPLACEMENT ALGORITHMS 4.6 DESIGN ISSUES FOR PAGING SYSTEMS 4.7 IMPLEMENTATION ISSUES 4.8 SEGMENTATION 4.9 RESEARCH ON MEMORY MANAGEMENT 4.10 SUMMARY
9 SECURITY 9.1 THE SECURITY ENVIRONMENT 9.2 BASICS OF CRYPTOGRAPHY 9.3 USER AUTHENTICATION 9.4 ATTACKS FROM INSIDE THE SYSTEM 9.5 ATTACKS FROM OUTSIDE THE SYSTEM 9.6 PROTECTION MECHANISMS 9.7 TRUSTED SYSTEMS 9.8 RESEARCH ON SECURITY 9.9 SUMMARY Goal Threat Data confidentiality Exposure of data Data integrity Tampering with data System availability Denial of service Fig. 9-1. Security goals and threats. E K E Encryption key Decryption key P P Plaintext in Plaintext out Encryption algorithm D K D Decryption algorithm Ciphertext C = E(P, K E ) P = D(C, K D ) DecryptionEncryption Fig. 9-2. Relationship between the plaintext and the ciphertext. Original document Original document Document compressed to a hash value Hash value run through D D(Hash) D(Hash) Signature block Hash (a) (b) Fig. 9-3. (a) Computing a signature block. (b) What the receiver gets. LOGIN: ken LOGIN: carol LOGIN: carol PASSWORD: FooBar INVALID LOGIN NAME PASSWORD: Idunno SUCCESSFUL LOGIN LOGIN: INVALID LOGIN LOGIN: (a) (b) (c) Fig. 9-4. (a) A successful login. (b) Login rejected after name is entered. (c) Login rejected after name and password are typed. LBL> telnet elxsi ELXSI AT LBL LOGIN: root PASSWORD: root INCORRECT PASSWORD, TRY AGAIN LOGIN: guest PASSWORD: guest INCORRECT PASSWORD, TRY AGAIN LOGIN: uucp PASSWORD: uucp WELCOME TO THE ELXSI COMPUTER AT LBL Fig. 9-5. How a cracker broke into a U.S. Dept. of Energy com- puter at LBL. Bobbie, 4238, e(Dog4238) Tony, 2918, e(6%%TaeFF2918) Laura, 6902, e(Shakespeare6902) Mark, 1694, e(XaB@Bwcz1694) Deborah, 1092, e(LordByron,1092) Fig. 9-6. The use of salt to defeat precomputation of encrypted passwords. 1. Challenge sent to smart card 3. Response sent back Remote computer Smart card 2. Smart card computes response Smart card reader Fig. 9-7. Use of a smart card for authentication. Spring Pressure plate Fig. 9-8. A device for measuring finger length. Login: Login: (a) (b) Fig. 9-9. (a) Correct login screen. (b) Phony login screen. [...]... with a trap door inserted Virtual address space 0xFFFF Main’s Stack pointer Virtual address space Virtual address space Stack Main’s local variables Main’s local variables Return addr local variables Return addr A s local variables SP B A s local variables SP B Buffer B Program Program Program (a) (b) (c) Fig 9- 11 (a) Situation when the main program is running (b) After the procedure A has been called... 1 A 4 Legend Object Read Write 3 2 1 Fig 9- 31 The Bell-La Padula multilevel security model Criterion Security policy Discretionary access control Object reuse Labels Label integrity Exportation of labeled information Labeling human readable output Mandatory access control Subject sensitivity labels Device labels Accountability Identification and authentication Audit Trusted path Assurance System architecture... Data 1 Code 1 Applet 1 (a) (b) Fig 9- 18 (a) Memory divided into 16-MB sandboxes (b) One way of checking an instruction for validity 0xFFFFFFFF Virtual address space Untrusted applet Sandbox Trusted applet Interpreter Web browser 0 Fig 9- 19 Applets can be interpreted by a Web browser Software vendor User Signature generation Applet Signature H = hash(Applet) Signature = encrypt(H) Signature verification... Plotter2 Domain1 Domain2 Domain3 Domain 1 2 3 Enter Read Read Write Execute Read Write Write Read Write Execute Write Write Fig 9- 24 A protection matrix with domains as objects Owner Process A File B F1 A: RW; B: A F2 User space ACL A: R; B:RW; C:R F3 C B:RWX; C: RX Fig 9- 25 Use of access control lists to manage file access Kernel space File Password Pigeon data Access control list tana, sysadm: RW bill,... infect(dp->d name); } closedir(dirp); /* dir processed; close and return */ Fig 9- 13 A recursive procedure that finds executable files on a UNIX system Virus Virus Executable program Executable program Starting address Virus Executable program Virus Virus Virus Header Header Header Header (a) (b) (c) (d) Fig 9- 14 (a) An executable program (b) With a virus at the front (c) With a virus at the end (d) With a virus... in gray First page (in memory) F A B A A A A A A A A A A A A A A (a) (b) A Second page (not in memory) Page boundary Fig 9- 12 The TENEX password problem (c) #include #include #include #include #include struct stat sbuf; /* for lstat call to see if file is sym link */ search(char *dir name) { DIR *dirp; struct dirent *dp; /* recursively search... Fig 9- 32 Orange Book security criteria The symbol X means that there are new requirements here The symbol → means that the requirements from the next lower category also apply here Client Server Collaborator Encapsulated server Kernel Kernel (a) (b) Covert channel Fig 9- 33 (a) The client, server, and collaborator processes (b) The encapsulated server can still leak to the collaborator via covert channels... spread over free space within the program Operating system Operating system Operating system Virus Virus Virus Sys call traps Disk vector Clock vector Printer vector Sys call traps Disk vector Clock vector Printer vector Sys call traps Disk vector Clock vector Printer vector (a) (b) (c) Fig 9- 15 (a) After the virus has captured all the interrupt and trap vectors (b) After the operating system has retaken... Compressed executable program Header Header Header Header Header (a) (b) (c) (d) (e) Fig 9- 16 (a) A program (b) An infected program (c) A compressed infected program (d) An encrypted virus (e) A compressed virus with encrypted compression code MOV A, R1 ADD B,R1 ADD C,R1 SUB #4,R1 MOV R1,X (a) MOV A, R1 NOP ADD B,R1 NOP ADD C,R1 NOP SUB #4,R1 NOP MOV R1,X (b) MOV A, R1 ADD #0,R1 ADD B,R1 OR R1,R1 ADD C,R1 SHL... monitor Trusted computing base Operating system kernel Fig 9- 29 A reference monitor Kernel space Objects Compiler Mailbox 7 Eric Read Execute Robert Read Execute Secret Read Execute Henry Objects Compiler Mailbox 7 Eric Read Write (a) Read Execute Henry Read Write Read Execute Read Write Robert Read Execute Read Secret (b) Fig 9- 30 (a) An authorized state (b) An unauthorized state Read Write Security level . (b) After the procedure A has been called. (c) Buffer overflow shown in gray. (a) First page (in memory) Second page (not in memory) Page boundary A A A A A A (b) B A A A A A (c) F A A A A A Fig addr (b) SP Virtual address space B Program (c) SP Virtual address space B A s local variables Buffer B Main’s local variables Return addr A s local variables Fig. 9-11. (a) Situation when the main program. SECURITY 9.9 SUMMARY Goal Threat Data confidentiality Exposure of data Data integrity Tampering with data System availability Denial of service Fig. 9-1. Security goals and threats. E K E Encryption