Computer Science 322
Operating Systems

• Announcements
  • Term project progress reports due.
• Exam 2 out Wednesday
  • it is a 48 hour, 5 minute take home: Wednesday 3:55 PM through Friday at 4:00 PM
  • take as much time as you wish, but expect to spend 3 or maybe 4 hours
  • you may consult your own notes, the SG&Gtext, your graded and ungraded labs and lecture assignments, class examples in the shared area, any of my online lecture notes, and the assigned supplemental readings
  • you may write your answers on paper, but I would prefer typeset responses (electronic submission OK, just return signed exam paper later)
  • topics up to the end of class today last Wednesday are fair game
• Review questions and answers
• Protection: Other interesting ideas from Unix: chroot and jails
• Security
  • What is a secure system? It should not allow:
    • unauthorized reading of information
    • unauthorized modification of information
    • unauthorized destruction of data
    • unauthorized use of resources
    • denial of service for authorized uses
  • Authentication: indentifying users to the system
    • most common: passwords, but many ways to steal
    • can have one-time passwords
    • something you know, something you have
    • biometrics
  • Threats: how can a security system be compromised?
    • trojan horses
    • trap doors
    • stack/buffer overflows
    • worms/viruses
    • denial of service
  • What's better for security, open or proprietary systems?
• Encryption
  • May want to encrypt some data (in storage or for network transmission) for privacy or security
  • Original data is "clear text", encrypted is "cipher text"
  • Conventional encryption:
    
    • brute-force attack expensive, but not as much as in the past
    • Data Encryption Standard (DES): 56-bit secret key. Selected by US Gov't in 1977, broken in 1998.
    • Advanced Encryption Standard (AES): 168-bit key - Rijndael selected in 2000 as new standard
  • Problem: how to distribute the keys? Solution: use Public-Key encryption
    
    • keys are generated as public/private pairs
    • public keys are freely distributed
    • only the holder of the private key can decrypt messages encrypted using the corresponding public key
  • Is it OK if someone listens in on the encrypted conversation?
    
  • ssh uses public key encryption
  • Most popular: Rivest-Shamir-Adleman (RSA)

Due at the start of class, Wednesday, April 28.

You need not submit answers to these questions, but you will have a chance to ask questions about them at the start of class.

1. SG&G Exercise 10.17, p. 459.
2. SG&G Practice Exercise 11.8, p. 500.
3. SG&G Exercise 11.9, p. 500.
4. SG&G Exercise 11.15, p. 501.
5. SG&G Exercise 12.16, p. 548.
6. SG&G Exercise 12.22, p. 549-550.
7. SG&G Exercise 12.28, part (a) only, p. 550.
8. SG&G Exercise 12.33, p. 551.

• SecurityFocus
• CERT
• Smashing The Stack For Fun And Profit
• NIST Computer Security Resource Center