Syllabus   Blank Homework   Quizzes  
Notes   Labs   Scores   Blank

Lecture Notes
Dr. Tong Lai Yu, 2010

  1. Introduction
  2. Processes
  3. Inter Process Communication
  4. Deadlocks
  5. Memory Management
  1. File Systems
  2. Protection and Security
  3. I/O Systems

We don't stop playing because we grow old; we grow old because we stop
					George Bernard Shaw

Protection and Security

  1. Goals of Protection

    prevent accidental or intentional misuse of a system.

    Protection mechanisms:

    Even the slightest flaw in any of these areas may ruin the whole protection mechanism.

  2. Authentication

    User identification is most often done with passwords, a relatively weak form of protection.

    Another form of identification: badge or key.


    Key paradox: key must be cheap to make, hard to duplicate. This means there must be some trick (i.e. secret) that has to be protected.

    Once identification is complete, the system must be sure to protect the identity since other parts of the system will rely on it.

  3. Authorization

    Must indicate who is allowed to do what with what. Draw the general form as an access matrix with one row per user, one column per file. Each entry indicates the privileges of that user on that object. There are two general ways of storing this information: access lists and capabilities.

    Access Lists: with each file, indicate which users are allowed to perform which operations.

    Capabilities: with each user, indicate which files may be accessed, and in what ways.

    Lock-key Mechanism

  4. Access Matrix Model

  5. O = current objects, e.g., a file, a process
  6. S = current subjects, e.g., a process
  7. R = generic rights, e.g., read, write, execute, delete
  8. P = access matrix, indexed by (subject, object) Access Matrix


    s1read, writeown, deleteownsendmailrecmail
    s2executecopyrecmailownblock, wakeup
    s3ownread, writesendmailblock, wakeupown

  9. capability = tuple (o, P(s,o))
  10. each subject has a set of capabilities
  11. posession of capability confers access rights
  12. Access List -- slicing the matrix in columns
  13. Capability List -- slicing the matrix in rows
  14. Capability Based Addressing

    • A scheme usedby some computers to control access to objects memory.
    • Allows an efficient implementation of capability-based security.
    • A user program issues a request to access a word within an object. The address of the request contains the capability ID of the object and an offset within the object.
      Cap Addressing
  15. Access Enforcement

    For the access matrix model, when subject s wants to access a of object o, system views this as request (s,a,o) to monitor of o.

    Monitor permits access iff aP(s,o).

    Some part of the system must be responsible for enforcing access controls and protecting the authorization and identification information.

    In general, protecting a computer system is extremely difficult. There is no completely secure computer system in existence. Some common problems:

    Once the system has been penetrated, it may be impossible to secure it again: hooks could have been left around for the imposter to regain control.

    It is not always possible to tell when the system has been penetrated, since the villain can clean up all traces behind himself.

    If we can never be sure that there are no bugs, then we can never be sure that the system is secure, since bugs could provide loopholes in the protection mechanisms.

    How are computers different from humans when it comes to security?

    Solutions: nothing works perfectly, but here are some possibilities:

  16. Encryption

    Key technology: encryption. Store and transmit information in an encoded form that does not make any sense.

    The basic mechanism:

    encryption Function

    All of this only works under three conditions:

    Public key encryption:

    Encryption procedure E and decryption procedure D must satisfy the following properties:

    1. for every message M, D(E(M)) = M
    2. E and D can be efficiently applied to any message M
    3. it is extremely hard to derive D from E

    e.g. Safe mail:

    Does such a scheme exist?

    The RSA ( Rivest-Shamir-Adleman ) scheme:

  17. Digital Signatures

    Positive identification: can also use public keys to certify identity:

    These two forms of encryption can be combined together. To identify sender in secure mail, encrypt first with your private key, then with receiver's public key. The encryption/decryption functions to send from B to A are:

    encrypted text = E ( D( P, d-keyB ), e-keyA )
    decrypted text = E ( D( P, d-keyA ), e-keyB )

    Digital Signature

    Encryption appears to be a great way to thwart listeners. It does not help with Trojan Horses, though.

    Old Data Encryption Standard (DES). Is not public-key based, but as implemented efficiently and appeared to be relatively safe.

    New Advanced Encryption Standard (AES), called Ryndal (pronounced "rine doll").

    General problem: how do we know that an encryption mechanism is safe? It is extremely hard to prove. This is a hot topic for research: theorists are trying to find provably hard problems, and use them for proving safety of encryption.

    Summary of Protection: very hard, but is increasingly important as things like electronic funds transfer become more and more prevalent.

  18. Steganography

    Covert channel -- a method of communication employed to illicitly transfer information, thus breaking the security policy of the system
    Steganography, as an implementation of covert channels, opens a clear breach in security

    Image with no hidden message.
    Image with hidden message.

    Image with hidden image.
    Image extracted from left image by removing all but the last 2 bits of each color component.

  19. Wi Fi Security
  20. What is PKI?
    • Public Key Infrastructure
    • Collection of digital certificates:
      1. objects that bind identity information to keys using distinguished names
      2. used to verify identities of servers/services or individuals/clients
    • Used to provide authentication, non-repudiation

  21. PKI Components
    • Digital certificates
    • Digital signatures
    • Certificate Authority
    • Key management protocols
    • Public key -- distributed, preferably through a centralized directory; used to encrypt data
    • Private key -- used to decrypt or electronically sign data; preferably protected with passphrase

  22. Digital Certificates
    • Issued to or generated by an owning entity ( client or server )
        --Often issued by trusted authority for authentication systems
    • Contains identifying information
        --Owner name, owner public key, key validity timeframe, issuer identity
    • Can contain additional information for specific applications

  23. Certificate Authority ( CA )
    • Responsible for issuing certificates
    • Trust aggregation point
    • Performs identity verification for certificate requests
    • Signs public keys of entities that prove their identity
    • Public and private CA's

  24. CA - Certificate Management
    • CA's must accommodate key revocation ( CRL )
        -- Entities need a method to recover from a compromised key
        -- Verifying parties should check CRL before authenticating identity
    • May provide key recovery services
        -- Lost private keys, forgotten passwords

  25. Key Management Protocols
    • X.509 used for most PKI implementations
    • Key contains two sections:
      1. Data section includes identity, use information, public key, CRL location
      2. Signature section includes algorithm, encrypted hash of identity section data
    • Signature section signed by CA's private key

  26. Key File Formats
    • DER ( Distinguished Encoding Rules ) -- Certificate in ASN.1 file format
        --Includes .der, .cer file extensions
    • PEM ( Privacy Enhanced Mail ) -- Base64 encoded DER file
    • PKCS#12 ( Public Key Crytography Standard #12 ) -- Storage of private and associated public keys, password
    • PKCS#7 -- Format to disseminate certificates ( such as a CA certificate )

  27. Trust and Key Distribution
    • Trust is a critical component of PKI
    • In large PKI deployments, impossible to trust everyone directly
        --Trust is extended through relationships with other trusted entities
    • Trust can be centrally managed, or distributed

  28. Wireless Network Authentication Architecture
    • Deploying 802.1x assumes user database exists
        --Microsoft AD, LDAP, Cisco Secure ACS, Sun iPlanet, etc.
    • Integrity of user database influences security of WLAN

  29. User Database Recommendations
    • Enforce strong password selection
    • Audit regularly for weak passwords
        --Expire weak passords, force reset
    • Enable failed login account lockout
    • Monitor accounts for signs of abuse
    • Consider time-based authorization
        --Do users require to access WLAN 24-hours a day?
    • Limit number of simultaneous logins
    • Grant access to limited user population