Outline Class evaluation Resource security and protection Class Evaluation Course COP 5611 01 Instructor Xiuwen Liu Today s date April 17 2003 January 14 2019 COP 5611 Operating Systems 2 General Introduction Security is related to dependability Confidentiality Information should only be disclosed to authorized parties Integrity Alterations can be made only in an authorized way January 14 2019 COP 5611 Operating Systems 3 General Introduction cont Security threats Interception A situation where an unauthorized party gained access to a service or data Interruption A situation where services or data become unavailable Modification Unauthorized changing of data or tampering with a service Fabrication Additional data or activity that would normally do not exist January 14 2019 COP 5611 Operating Systems 4 General Introduction cont Security policy Which actions on what entities in a system are allowed Security mechanisms By which a policy can be enforced Important ones include Encryption Authentication Authorization Auditing January 14 2019 COP 5611 Operating Systems 5 Access Control Typical distributed systems are organized as client server architectures A request from a service generally involves invoking a method of a specific object Verifying access right is referred to as access control whereas authorization is about granting access rights January 14 2019 COP 5611 Operating Systems 6 Access Control cont General issues The system consists of subjects that issue a request to access an object Subjects are processes acting on behalf of users but can also be objects that need the services of other objects Objects are entities with their own state and operations January 14 2019 COP 5611 Operating Systems 7 Access Control Matrix Three components Current objects Current subjects Generic rights January 14 2019 COP 5611 Operating Systems 8 Access Control Matrix cont January 14 2019 COP 5611 Operating Systems 9 Access Control Matrix cont January 14 2019 COP 5611 Operating Systems 10 Capabilities The capability based method corresponds to the row wise decomposition of the access matrix Each subject s is assigned a list of pairs o P s o for all objects o that it is allowed to access The pairs are referred to as as capabilities January 14 2019 COP 5611 Operating Systems 11 Capabilities cont January 14 2019 COP 5611 Operating Systems 12 Capabilities cont Implementation considerations A user should not be able to read modify or construct a capability Two approaches The tagged approach One or more bits are attached to each memory location and to every processor register to indicate whether the memory word or a register contains a capability The partitioned approach Capabilities and ordinary data are stored separately January 14 2019 COP 5611 Operating Systems 13 Capabilities cont Advantages of capabilities Efficiency Simplicity Flexibility Drawbacks Control of propagation Review is difficult Revocation of access rights is difficult Garbage collection is difficult January 14 2019 COP 5611 Operating Systems 14 The Access Control List Method Corresponds to the column wise decomposition of the access matrix Each object o is assigned a list of pairs s P s o for all subjects s that are allowed to access the object When a subject s requests access to object o the system checks the access control list of o to see if an entry s exists if yes then check if belongs to January 14 2019 COP 5611 Operating Systems 15 Access Control List Method cont January 14 2019 COP 5611 Operating Systems 16 Access Control List Method cont Advantages Easy revocation Easy review of an access Implementation issues Efficiency of execution Efficiency of storage Protection groups Authority to change an access control list Self control Hierarchical control January 14 2019 COP 5611 Operating Systems 17 The Lock Key Method A hybrid of the capability based method and the access control list method Every subject has a capability list that contains tuples of the form O k indicating that the subject can access object O using key k Every object has an access control list that contains tuples of the form l called a lock entry indicating that any subject which can open the lock l can access this object in modes in January 14 2019 COP 5611 Operating Systems 18 The Lock Key Method cont When a subject s makes the request to access object o in mode the system does the following The system locates the tuple o k in the capability list of the subject If no such tuple is found the access is not permitted Otherwise the access is permitted only if there exists a lock entry l in the access control list of the object o such that k l and a January 14 2019 COP 5611 Operating Systems 19 Take Grant Model The take grant model uses directed graphs to model access control It provides an efficient way to implement an access matrix that is likely to be highly sparse Note a sparse matrix can be stored efficiently using a directed graph There are two types of modes in the graph subjects and objects An edge from node x to y indicates that the subject represented by x has some access rights to node y Two special rights take and grant specify how the access rights can be propagated to other nodes January 14 2019 COP 5611 Operating Systems 20 Take Grant Model cont January 14 2019 COP 5611 Operating Systems 21 Case Studies The UNIX operating system file access modes read write execute owner group others set user ID on execution set group ID on execution enable mandatory locking turn on sticky bit access control lists setfacl getfacl The Hydra Kernel Amoeba Andrew January 14 2019 COP 5611 Operating Systems 22 Summary Protection and security deal with the control of unauthorized use and the access to hardware and software resources Access matrix model is widely used Capabilities Access control lists Case studies January 14 2019 COP 5611 Operating Systems 23
View Full Document
Unlocking...