CS162 Operating Systems and Systems Programming Lecture 26 Protection and Security in Distributed SystemsReview: RPC Information FlowReview: Distributed File SystemsGoals for TodayProtection vs SecurityPreventing MisuseAuthentication: Identifying UsersPasswords: SecrecyPasswords: How easy to guess?Passwords: Making harder to crackPasswords: Making harder to crack (con’t)AdministriviaAuthentication in Distributed SystemsPrivate Key CryptographyKey DistributionAuthentication Server Continued [Kerberos]Public Key EncryptionPublic Key Encryption DetailsSecure Hash FunctionUse of Hash FunctionsSignatures/Certificate AuthoritiesSecurity through SSLSSL PitfallsRecall: Authorization: Who Can Do What?How fine-grained should access control be?Authorization ContinuedHow to perform Authorization for Distributed Systems?Distributed Access ControlAnalysis of Previous SchemeConclusionCS162Operating Systems andSystems ProgrammingLecture 26Protection and Security in Distributed SystemsDecember 1st, 2008Prof. John Kubiatowiczhttp://inst.eecs.berkeley.edu/~cs162Lec 26.212/01/08 Kubiatowicz CS162 ©UCB Fall 2008Review: RPC Information FlowClient(caller)Server(callee)PacketHandlerPacketHandlercallreturnsendreceivesendreceivereturncallNetworkNetworkClientStubbundleargsbundleret valsunbundleret valsServerStubunbundleargsMachine AMachine Bmbox1mbox2Lec 26.312/01/08 Kubiatowicz CS162 ©UCB Fall 2008Review: Distributed File Systems•VFS: Virtual File System layer–Provides mechanism which gives same system call interface for different types of file systems•Distributed File System: –Transparent access to files stored on a remote disk»NFS: Network File System»AFS: Andrew File System –Caching for performance•Cache Consistency: Keeping contents of client caches consistent with one another–If multiple clients, some reading and some writing, how do stale cached copies get updated?–NFS: check periodically for changes–AFS: clients register callbacks so can be notified by server of changesNetworkRead FileDataClientServerLec 26.412/01/08 Kubiatowicz CS162 ©UCB Fall 2008Goals for Today•Finish discussing distributed file systems/Caching•Security Mechanisms–Authentication–Authorization–Enforcement•Cryptographic MechanismsNote: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne Note: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne. Many slides generated from my lecture notes by Kubiatowicz.Lec 26.512/01/08 Kubiatowicz CS162 ©UCB Fall 2008Protection vs Security•Protection: one or more mechanisms for controlling the access of programs, processes, or users to resources–Page Table Mechanism–File Access Mechanism•Security: use of protection mechanisms to prevent misuse of resources–Misuse defined with respect to policy»E.g.: prevent exposure of certain sensitive information»E.g.: prevent unauthorized modification/deletion of data–Requires consideration of the external environment within which the system operates»Most well-constructed system cannot protect information if user accidentally reveals password•What we hope to gain today and next time–Conceptual understanding of how to make systems secure–Some examples, to illustrate why providing security is really hard in practiceLec 26.612/01/08 Kubiatowicz CS162 ©UCB Fall 2008Preventing Misuse•Types of Misuse:–Accidental:»If I delete shell, can’t log in to fix it!»Could make it more difficult by asking: “do you really want to delete the shell?”–Intentional:»Some high school brat who can’t get a date, so instead he transfers $3 billion from B to A.»Doesn’t help to ask if they want to do it (of course!)•Three Pieces to Security–Authentication: who the user actually is–Authorization: who is allowed to do what–Enforcement: make sure people do only what they are supposed to do•Loopholes in any carefully constructed system:–Log in as superuser and you’ve circumvented authentication–Log in as self and can do anything with your resources; for instance: run program that erases all of your files–Can you trust software to correctly enforce Authentication and Authorization?????Lec 26.712/01/08 Kubiatowicz CS162 ©UCB Fall 2008Authentication: Identifying Users•How to identify users to the system?–Passwords»Shared secret between two parties»Since only user knows password, someone types correct password must be user typing it»Very common technique–Smart Cards»Electronics embedded in card capable of providing long passwords or satisfying challenge response queries»May have display to allow reading of password»Or can be plugged in directly; several credit cards now in this category–Biometrics»Use of one or more intrinsic physical or behavioral traits to identify someone»Examples: fingerprint reader, palm reader, retinal scan»Becoming quite a bit more commonLec 26.812/01/08 Kubiatowicz CS162 ©UCB Fall 2008Passwords: Secrecy•System must keep copy of secret to check against passwords–What if malicious user gains access to list of passwords?»Need to obscure information somehow–Mechanism: utilize a transformation that is difficult to reverse without the right key (e.g. encryption)•Example: UNIX /etc/passwd file–passwdone way transform(hash)encrypted passwd–System stores only encrypted version, so OK even if someone reads the file!–When you type in your password, system compares encrypted version•Problem: Can you trust encryption algorithm?–Example: one algorithm thought safe had back door»Governments want back door so they can snoop–Also, security through obscurity doesn’t work»GSM encryption algorithm was secret; accidentally released; Berkeley grad students cracked in a few hours“eggplant”Lec 26.912/01/08 Kubiatowicz CS162 ©UCB Fall 2008Passwords: How easy to guess?•Ways of Compromising Passwords–Password Guessing: »Often people use obvious information like birthday, favorite color, girlfriend’s name, etc…–Dictionary Attack: »Work way through dictionary and compare encrypted version of dictionary words with entries in /etc/passwd–Dumpster Diving:»Find pieces of paper with passwords written on them»(Also used to get social-security numbers, etc)•Paradox: –Short passwords are easy to crack–Long ones, people write down!•Technology means we have to use longer passwords–UNIX initially required lowercase,
View Full Document
Unlocking...