operatingsystem《操作系统》ch15-security.ppt

《operatingsystem《操作系统》ch15-security.ppt》由会员分享，可在线阅读，更多相关《operatingsystem《操作系统》ch15-security.ppt（43页珍藏版）》请在三一办公上搜索。

1、Chapter 15:Security,Chapter 15:Security,The Security ProblemProgram ThreatsSystem and Network ThreatsCryptography as a Security ToolUser AuthenticationImplementing Security DefensesFirewalling to Protect Systems and NetworksComputer-Security ClassificationsAn Example:Windows XP,Objectives,To discuss

2、 security threats and attacksTo explain the fundamentals of encryption,authentication,and hashingTo examine the uses of cryptography in computingTo describe the various countermeasures to security attacks,The Security Problem,Security must consider external environment of the system,and protect the

3、system resourcesIntruders(crackers)attempt to breach securityThreat is potential security violationAttack is attempt to breach securityAttack can be accidental or maliciousEasier to protect against accidental than malicious misuse,Security Violations,CategoriesBreach of confidentialityBreach of inte

4、grityBreach of availabilityTheft of serviceDenial of serviceMethodsMasquerading(breach authentication)Replay attackMessage modificationMan-in-the-middle attackSession hijacking,Standard Security Attacks,Security Measure Levels,Security must occur at four levels to be effective:PhysicalHumanAvoid soc

5、ial engineering,phishing,dumpster divingOperating SystemNetworkSecurity is as week as the weakest chain,Program Threats,Trojan HorseCode segment that misuses its environmentExploits mechanisms for allowing programs written by users to be executed by other usersSpyware,pop-up browser windows,covert c

6、hannelsTrap DoorSpecific user identifier or password that circumvents normal security proceduresCould be included in a compilerLogic BombProgram that initiates a security incident under certain circumstancesStack and Buffer OverflowExploits a bug in a program(overflow either the stack or memory buff

7、ers),C Program with Buffer-overflow Condition,#include#define BUFFER SIZE 256int main(int argc,char*argv)char bufferBUFFER SIZE;if(argc 2)return-1;else strcpy(buffer,argv1);return 0;,Layout of Typical Stack Frame,Modified Shell Code,#include int main(int argc,char*argv)execvp(binsh,bin sh,NULL);retu

8、rn 0;,Hypothetical Stack Frame,Before attack,After attack,Program Threats(Cont.),VirusesCode fragment embedded in legitimate programVery specific to CPU architecture,operating system,applicationsUsually borne via email or as a macroVisual Basic Macro to reformat hard driveSub AutoOpen()Dim oFSSet oF

9、S=CreateObject(Scripting.FileSystemObject)vs=Shell(c:/k format c:,vbHide)End Sub,Program Threats(Cont.),Virus dropper inserts virus onto the systemMany categories of viruses,literally many thousands of virusesFileBootMacroSource codePolymorphicEncryptedStealthTunnelingMultipartiteArmored,A Boot-sect

10、or Computer Virus,System and Network Threats,Worms use spawn mechanism;standalone programInternet wormExploited UNIX networking features(remote access)and bugs in finger and sendmail programsGrappling hook program uploaded main worm programPort scanningAutomated attempt to connect to a range of port

11、s on one or a range of IP addressesDenial of ServiceOverload the targeted computer preventing it from doing any useful workDistributed denial-of-service(DDOS)come from multiple sites at once,The Morris Internet Worm,Cryptography as a Security Tool,Broadest security tool availableSource and destinati

12、on of messages cannot be trusted without cryptographyMeans to constrain potential senders(sources)and/or receivers(destinations)of messagesBased on secrets(keys),Secure Communication over Insecure Medium,Encryption,Encryption algorithm consists ofSet of K keysSet of M MessagesSet of C ciphertexts(en

13、crypted messages)A function E:K(MC).That is,for each k K,E(k)is a function for generating ciphertexts from messages.Both E and E(k)for any k should be efficiently computable functions.A function D:K(C M).That is,for each k K,D(k)is a function for generating messages from ciphertexts.Both D and D(k)f

14、or any k should be efficiently computable functions.An encryption algorithm must provide this essential property:Given a ciphertext c C,a computer can compute m such that E(k)(m)=c only if it possesses D(k).Thus,a computer holding D(k)can decrypt ciphertexts to the plaintexts used to produce them,bu

15、t a computer not holding D(k)cannot decrypt ciphertexts.Since ciphertexts are generally exposed(for example,sent on the network),it is important that it be infeasible to derive D(k)from the ciphertexts,Symmetric Encryption,Same key used to encrypt and decryptE(k)can be derived from D(k),and vice ver

16、saDES is most commonly used symmetric block-encryption algorithm(created by US Govt)Encrypts a block of data at a timeTriple-DES considered more secureAdvanced Encryption Standard(AES),twofish up and comingRC4 is most common symmetric stream cipher,but known to have vulnerabilitiesEncrypts/decrypts

17、a stream of bytes(i.e wireless transmission)Key is a input to psuedo-random-bit generatorGenerates an infinite keystream,Asymmetric Encryption,Public-key encryption based on each user having two keys:public key published key used to encrypt dataprivate key key known only to individual user used to d

18、ecrypt dataMust be an encryption scheme that can be made public without making it easy to figure out the decryption schemeMost common is RSA block cipherEfficient algorithm for testing whether or not a number is primeNo efficient algorithm is know for finding the prime factors of a number,Asymmetric

19、 Encryption(Cont.),Formally,it is computationally infeasible to derive D(kd,N)from E(ke,N),and so E(ke,N)need not be kept secret and can be widely disseminatedE(ke,N)(or just ke)is the public keyD(kd,N)(or just kd)is the private keyN is the product of two large,randomly chosen prime numbers p and q(

20、for example,p and q are 512 bits each)Encryption algorithm is E(ke,N)(m)=mke mod N,where ke satisfies kekd mod(p1)(q 1)=1The decryption algorithm is then D(kd,N)(c)=ckd mod N,Asymmetric Encryption Example,For example.make p=7and q=13We then calculate N=713=91 and(p1)(q1)=72We next select ke relative

21、ly prime to 72 and 72,yielding 5Finally,we calculate kd such that kekd mod 72=1,yielding 29We how have our keysPublic key,ke,N=5,91Private key,kd,N=29,91 Encrypting the message 69 with the public key results in the cyphertext 62Cyphertext can be decoded with the private keyPublic key can be distribu

22、ted in cleartext to anyone who wants to communicate with holder of public key,Encryption and Decryption using RSA Asymmetric Cryptography,Cryptography(Cont.),Note symmetric cryptography based on transformations,asymmetric based on mathematical functionsAsymmetric much more compute intensiveTypically

23、 not used for bulk data encryption,Authentication,Constraining set of potential senders of a messageComplementary and sometimes redundant to encryptionAlso can prove message unmodifiedAlgorithm componentsA set K of keysA set M of messagesA set A of authenticatorsA function S:K(M A)That is,for each k

24、 K,S(k)is a function for generating authenticators from messagesBoth S and S(k)for any k should be efficiently computable functionsA function V:K(M A true,false).That is,for each k K,V(k)is a function for verifying authenticators on messagesBoth V and V(k)for any k should be efficiently computable f

25、unctions,Authentication(Cont.),For a message m,a computer can generate an authenticator a A such that V(k)(m,a)=true only if it possesses S(k)Thus,computer holding S(k)can generate authenticators on messages so that any other computer possessing V(k)can verify themComputer not holding S(k)cannot gen

26、erate authenticators on messages that can be verified using V(k)Since authenticators are generally exposed(for example,they are sent on the network with the messages themselves),it must not be feasible to derive S(k)from the authenticators,Authentication Hash Functions,Basis of authenticationCreates

27、 small,fixed-size block of data(message digest,hash value)from mHash Function H must be collision resistant on mMust be infeasible to find an m m such that H(m)=H(m)If H(m)=H(m),then m=mThe message has not been modifiedCommon message-digest functions include MD5,which produces a 128-bit hash,and SHA

28、-1,which outputs a 160-bit hash,Authentication-MAC,Symmetric encryption used in message-authentication code(MAC)authentication algorithmSimple example:MAC defines S(k)(m)=f(k,H(m)Where f is a function that is one-way on its first argumentk cannot be derived from f(k,H(m)Because of the collision resi

29、stance in the hash function,reasonably assured no other message could create the same MAC A suitable verification algorithm is V(k)(m,a)(f(k,m)=a)Note that k is needed to compute both S(k)and V(k),so anyone able to compute one can compute the other,Authentication Digital Signature,Based on asymmetri

30、c keys and digital signature algorithmAuthenticators produced are digital signaturesIn a digital-signature algorithm,computationally infeasible to derive S(ks)from V(kv)V is a one-way functionThus,kv is the public key and ks is the private keyConsider the RSA digital-signature algorithmSimilar to th

31、e RSA encryption algorithm,but the key use is reversedDigital signature of message S(ks)(m)=H(m)ks mod NThe key ks again is a pair d,N,where N is the product of two large,randomly chosen prime numbers p and qVerification algorithm is V(kv)(m,a)(akv mod N=H(m)Where kv satisfies kvks mod(p 1)(q 1)=1,A

32、uthentication(Cont.),Why authentication if a subset of encryption?Fewer computations(except for RSA digital signatures)Authenticator usually shorter than messageSometimes want authentication but not confidentialitySigned patches et alCan be basis for non-repudiation,Key Distribution,Delivery of symm

33、etric key is huge challengeSometimes done out-of-bandAsymmetric keys can proliferate stored on key ringEven asymmetric key distribution needs care man-in-the-middle attack,Man-in-the-middle Attack on Asymmetric Cryptography,Digital Certificates,Proof of who or what owns a public keyPublic key digita

34、lly signed a trusted partyTrusted party receives proof of identification from entity and certifies that public key belongs to entityCertificate authority are trusted party their public keys included with web browser distributionsThey vouch for other authorities via digitally signing their keys,and s

35、o on,Encryption Example-SSL,Insertion of cryptography at one layer of the ISO network model(the transport layer)SSL Secure Socket Layer(also called TLS)Cryptographic protocol that limits two computers to only exchange messages with each otherVery complicated,with many variationsUsed between web serv

36、ers and browsers for secure communication(credit card numbers)The server is verified with a certificate assuring client is talking to correct serverAsymmetric cryptography used to establish a secure session key(symmetric encryption)for bulk of communication during sessionCommunication between each c

37、omputer theb uses symmetric key cryptography,User Authentication,Crucial to identify user correctly,as protection systems depend on user IDUser identity most often established through passwords,can be considered a special case of either keys or capabilitiesAlso can include something user has and/or

38、a user attributePasswords must be kept secretFrequent change of passwordsUse of“non-guessable”passwordsLog all invalid access attemptsPasswords may also either be encrypted or allowed to be used only once,Implementing Security Defenses,Defense in depth is most common security theory multiple layers

39、of securitySecurity policy describes what is being securedVulnerability assessment compares real state of system/network compared to security policyIntrusion detection endeavors to detect attempted or successful intrusionsSignature-based detection spots known bad patternsAnomaly detection spots diff

40、erences from normal behaviorCan detect zero-day attacksFalse-positives and false-negatives a problemVirus protectionAuditing,accounting,and logging of all or specific system or network activities,Firewalling to Protect Systems and Networks,A network firewall is placed between trusted and untrusted h

41、ostsThe firewall limits network access between these two security domainsCan be tunneled or spoofedTunneling allows disallowed protocol to travel within allowed protocol(i.e.telnet inside of HTTP)Firewall rules typically based on host name or IP address which can be spoofedPersonal firewall is softw

42、are layer on given hostCan monitor/limit traffic to and from the hostApplication proxy firewall understands application protocol and can control them(i.e.SMTP)System-call firewall monitors all important system calls and apply rules to them(i.e.this program can execute that system call),Network Secur

43、ity Through Domain Separation Via Firewall,Computer Security Classifications,U.S.Department of Defense outlines four divisions of computer security:A,B,C,and D.D Minimal security.C Provides discretionary protection through auditing.Divided into C1 and C2.C1 identifies cooperating users with the same

44、 level of protection.C2 allows user-level access control.B All the properties of C,however each object may have unique sensitivity labels.Divided into B1,B2,and B3.A Uses formal design and verification techniques to ensure security.,Example:Windows XP,Security is based on user accountsEach user has

45、unique security IDLogin to ID creates security access tokenIncludes security ID for user,for users groups,and special privilegesEvery process gets copy of tokenSystem checks token to determine if access allowed or deniedUses a subject model to ensure access security.A subject tracks and manages permissions for each program that a user runsEach object in Windows XP has a security attribute defined by a security descriptorFor example,a file has a security descriptor that indicates the access permissions for all users,End of Chapter 15,