Computer Science 322 Operating Systems Mount Holyoke College Spring 2008

Agenda

• Announcements
  • Final exam administrative details
• Final project status
  • right here, Monday evening for final project presentations
  • open to the public!
• Final lecture assignment recap
• Security
  • What is a secure system? It should not allow:
    • unauthorized reading of information
    • unauthorized modification of information
    • unauthorized destruction of data
    • unauthorized use of resources
    • denial of service for authorized uses
  • Authentication: indentifying users to the system
    • most common: passwords, but many ways to steal
    • can have one-time passwords
    • something you know, something you have
    • biometrics
  • Threats: how can a security system be compromised?
    • trojan horses
    • trap doors
    • stack/buffer overflows
    • worms/viruses
    • denial of service
  • What's better for security, open or proprietary systems?
• Course evaluations

Links

• SecurityFocus
• CERT
• Smashing The Stack For Fun And Profit
• NIST Computer Security Resource Center
• OpenSSH
• MIT Distribution Center for PGP (Pretty Good Privacy)
• RC5 at distributed.net
• RSA Laboratories' Frequently Asked Questions About Today's Cryptography

Examples

• bufferoverflow
• FreeBSD exploitable example