CS162 Operating Systems and Systems Programming Lecture 26 Protection and Security II, ManyCore Operating SystemsReview: Use of Hash FunctionsReview: Public Key Encryption DetailsGoals for TodayRecall: Authorization: Who Can Do What?How to perform Authorization for Distributed Systems?Distributed Access ControlAnalysis of Previous SchemeAnalysis ContinuedAdministriviaInvoluntary InstallationEnforcementState of the WorldOther Security ProblemsSecurity Problems: Buffer-overflow ConditionThe Morris Internet WormSome other AttacksTiming Attacks: Tenex Password CheckingDefeating Password CheckingManyCore Chips: The future is here (for EVERYONE)PARLab OS Goals: RAPPidSThe Problem with Current OSsA First Step: Two Level SchedulingImportant New Mechanism: Spatial PartitioningTessellation: The Exploded OSOS as Distributed SystemIt’s all about the communicationSpace-Time PartitioningAnother Look: Two-Level SchedulingSpace-Time Resource GraphImplementing the Space-Time GraphTessellation ArchitectureExample of Music ApplicationConclusionCS162Operating Systems andSystems ProgrammingLecture 26Protection and Security II,ManyCore Operating SystemsDecember 2nd, 2009Prof. John Kubiatowiczhttp://inst.eecs.berkeley.edu/~cs162Lec 26.212/02/09 Kubiatowicz CS162 ©UCB Fall 2009Review: Use of Hash Functions•Several Standard Hash Functions:–MD5: 128-bit output–SHA-1: 160-bit output, SHA-256: 256-bit output•Can we use hashing to securely reduce load on server?–Yes. Use a series of insecure mirror servers (caches)–First, ask server for digest of desired file»Use secure channel with server–Then ask mirror server for file»Can be insecure channel»Check digest of result and catch faulty or malicious mirrorsClientRead File XHere is hx = H(X)InsecureDataMirrorFile XRead XFile XFile XServerLec 26.312/02/09 Kubiatowicz CS162 ©UCB Fall 2009•Idea: Kpublic can be made public, keep Kprivate private•Gives message privacy (restricted receiver):–Public keys can be acquired by anyone/used by anyone–Only person with private key can decrypt message•What about authentication?–AliceBob: [(I’m Alice)Aprivate Rest of message]Bpublic–Provides restricted sender and receiver•Suppose we want X to sign message M?–Use private key to encrypt the digest, i.e. H(M)Xprivate–Send both M and its signature: [M,H(M)Xprivate]–Now, anyone can verify that M was signed by X»Simply decrypt the digest with Xpublic»Verify that result matches H(M)BprivateAprivateReview: Public Key Encryption DetailsAlice BobBpublicApublicInsecure ChannelInsecure ChannelLec 26.412/02/09 Kubiatowicz CS162 ©UCB Fall 2009Goals for Today•Use of Cryptographic Mechanisms•Distributed Authorization/Remote Storage•Worms and Viruses•ManyCore operating systemsNote: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne. Also, slides on Taint Tracking adapted from Nickolai ZeldovichLec 26.512/02/09 Kubiatowicz CS162 ©UCB Fall 2009•How do we decide who is authorizedto do actions in the system?•Access Control Matrix: containsall permissions in the system–Resources across top »Files, Devices, etc…–Domains in columns»A domain might be a user or a group of permissions»E.g. above: User D3 can read F2 or execute F3–In practice, table would be huge and sparse!•Two approaches to implementation–Access Control Lists: store permissions with each object»Still might be lots of users! »UNIX limits each file to: r,w,x for owner, group, world»More recent systems allow definition of groups of users and permissions for each group–Capability List: each process tracks objects has permission to touch»Popular in the past, idea out of favor today»Consider page table: Each process has list of pages it has access to, not each page has list of processes …Recall: Authorization: Who Can Do What?Lec 26.612/02/09 Kubiatowicz CS162 ©UCB Fall 2009How to perform Authorization for Distributed Systems?•Issues: Are all user names in world unique?–No! They only have small number of characters»[email protected] [email protected] [email protected]»However, someone thought their friend was [email protected] and I got very private email intended for someone else…–Need something better, more unique to identify person•Suppose want to connect with any server at any time?–Need an account on every machine! (possibly with different user name for each account)–OR: Need to use something more universal as identity»Public Keys! (Called “Principles”)»People are their public keysDifferent AuthorizationDomainsLec 26.712/02/09 Kubiatowicz CS162 ©UCB Fall 2009Client 1Domain 1Distributed Access Control•Distributed Access Control List (ACL)–Contains list of attributes (Read, Write, Execute, etc) with attached identities (Here, we show public keys)»ACLs signed by owner of file, only changeable by owner»Group lists signed by group key–ACLs can be on different servers than data»Signatures allow us to validate them»ACLs could even be stored separately from verifiersServer 1: Domain 2File XOwner Key: 0x22347EF…File XOwner Key: 0x22347EF…Access Control List (ACL) for X:R: Key: 0x546DFEFA34…RW:Key: 0x467D34EF83…RX: Group Key: 0xA2D3498672… ACL verifierHash, Timestamp, Signature (owner)Server 2: Domain 3Group ACL:Key: 0xA786EF889A…Key: 0x6647DBC9AC…GACL verifierHash, Timestamp, Signature (group)(Read X)KclientKey: 0x6647DBC9AC…ReadGroupGACL(data)KserverLec 26.812/02/09 Kubiatowicz CS162 ©UCB Fall 2009Analysis of Previous Scheme•Positive Points:–Identities checked via signatures and public keys»Client can’t generate request for data unless they have private key to go with their public identity»Server won’t use ACLs not properly signed by owner of file–No problems with multiple domains, since identities designed to be cross-domain (public keys domain neutral)•Revocation:–What if someone steals your private key?»Need to walk through all ACLs with your key and change…! »This is very expensive–Better to have unique string identifying you that people place into ACLs»Then, ask Certificate Authority to give you a certificate matching unique string to your current public key»Client Request: (request + unique ID)Cprivate; give server certificate if they ask for it.»Key compromisemust distribute “certificate revocation”, since can’t wait for previous certificate to expire.–What if you remove someone from ACL of a given
View Full Document
Unlocking...