Protection and Security

Protection
• Processes need to be protected from one
another’s activities.
• Processes must operate only on those
resources for which they have gained proper
authorization from the operating system.
• Refers to a mechanism for controlling the
access of programs, processes or users to the
resources defined by a computer system.
 Goals of protection
• To increase the reliability of any complex
system that makes use of shared resources.
• To prevent mischievous, intentional violation
of an access restriction by a user.
• To ensure that each program component
active in a system uses system resources only
in ways consistent with the stated policies for
the uses of these resources (reliable system).
 Goals of protection
• To provide means to distinguish between
authorized and unauthorized usage.
• To provide a mechanism for the enforcement
of the policies governing resource use.
• Mechanisms determine how something will
be done.
• Policies decide what will be done.
 Domain of protection
• A computer system consists of processes and
objects (both hardware and software).
• Each object has a unique name and it can be
accessed only through well-defined and
meaningful operations.
• Objects – abstract data types.
• Operations possible may depend on the
object.
• Only authorized access of resources by any
process.
 Domain of protection
• At any time, a process should be able to
access only those resources that it currently
requires to complete its task (need-to-know
principle).
• To limit the amount of damage a faulty
process can cause in the system.
 Protection domain
• Specifies the resources that a process may
access.
• A process operates within a protection
domain.
• Each domain defines a set of objects and the
types of operations that may be invoked on
each object.
• Access right – the ability to execute an
operation on an object.
• Domain – collection of access rights each of
which is an ordered pair <object-name, rights-
set>.
• Domains may share access rights.
• Association between a process and a domain
may be either static or dynamic.
• If static, modification of domain contents.
• If dynamic, domain switching.
 Realization of a domain
• Each user may be a domain (set of objects
that can be accessed depends on the user’s
identity).
• Each process may be a domain.
• Each procedure may be a domain (local
variables defined within the procedure).
 Access matrix
• Protection model can be viewed as a matrix.
• Provides mechanism for specifying a variety of
policies.
• Entry access(i,j) defines the set of operations
that a process executing in domain Di can
invoke on object Oj.
• Policy decisions involve which rights should be
included in the (i,j)th entry.
Access Matrix
 Access Matrix
• Provides an appropriate mechanism for
defining and implementing strict control for
both the static and dynamic association
between processes and domains.
• Controlling domain switching.
• Domain switching from domain Di to domain
Dj is allowed to occur iff the access right
switch belongs to access(i,j).
• To allow controlled change to the contents of
the access-matrix entries, three additional
operations are required :
1.copy
2.owner
3.control
• The copy right allows a process to copy some
rights from an entry in one column to another
entry in the same column (transfer, limited
copy).
• The owner right allows for the addition of new
rights and removal of some rights.
• The copy and owner rights allow a process to
change the entries in a column.
• To change the entries in a row, control right.
• The control right is applicable to only domain
objects.
• If access(i,j) includes the control right, then a
process executing in domain Di can remove
any access right from row j.
• copy and owner rights provide a mechanism
to limit the propagation of access rights but
they do not provide appropriate tools for
preventing the propagation of information.
• Confinement problem – guaranteeing that no
information initially held in an object can
migrate outside of its execution environment.
• Unsolvable problem.
 Security
• Measure of confidence that the integrity of a
system and its data will be preserved.
• Requires an adequate protection system and
consideration of the external environment
within which the system operates.
 Authentication
• Ensures and confirms a user’s identity.
• Based on user possession(card), user
knowledge(password), user attribute
(fingerprint, signature).
• Password vulnerabilities – difficulty of keeping
a password secret.
 Password vulnerabilities
• Password can be compromised by -
 guessing it (intruder having user’s information or brute
force).
 exposure (visual or electronic monitoring).
 Visual monitoring – shoulder surfing.
 Network sniffing.
 Hard-to-remember or long passwords.
 human nature.
• System-generated passwords or user-selected
passwords.
• Occasional checking of passwords by site
administrators.
• Password aging.
• Change of password for each session.
• Encrypted passwords – Given a value x, it is
easy to compute the function value f(x) but
the reverse is impossible.
• Flaw that the system no longer has control
over the passwords.
 One-time passwords
• To prevent improper authentication due to
password exposure.
• Use of set of paired passwords.
• Use of algorithmic passwords –
 system and the user share a secret and seed.
 f(secret, seed).
 Seed is a random number or alphanumeric sequence
and is the authentication challenge from the computer.
 Threats
• Trojan Horse - traps user login credentials and
stores them to send to malicious user who can
later on login to computer and can access
system resources.
• Trap door - If a program which is designed to
work as required has a security hole in its
code and perform illegal action without
knowledge of user then it is called to have a
trap door.
 Threats
• Worm – a process that creates multiple copies
of itself.
• Virus – a fragment of code embedded in a
legitimate program.
• Self-replicating, designed to infect other
programs.