Computer Science 432 Operating Systems Williams College Fall 2006

Agenda

• Announcements
• Exam out Thursday (don't tell the Registrar), due back on Tuesday
• Next final project deadline: complete paper drafts, December 8.
• Protection
  • A main function of the OS: ensure that each object (hardware or software) is accessed correctly and only by those allowed access
    • memory protection
    • file protection
    • CPU protection
  • Protection domains: a set of access rights to objects
  • Processes execute in a domain, rights determined by this domain
  • Unix: domain is defined by UID and GID
    • process can change UID/GID
    • superuser (UID=0) can become any other UID/GID
    • regular users must run setuid/setgid programs
  • Other protection mechanisms are described in SG&G and we will not discuss in any detail in class
    • protection matrix
    • access control lists
    • capabilities
  • Other interesting ideas from Unix: chroot and jails
• Security
  • What is a secure system? It should not allow:
    • unauthorized reading of information
    • unauthorized modification of information
    • unauthorized destruction of data
    • unauthorized use of resources
    • denial of service for authorized uses
  • Authentication: indentifying users to the system
    • most common: passwords, but many ways to steal
    • can have one-time passwords
    • something you know, something you have
    • biometrics
  • Threats: how can a security system be compromised?
    • trojan horses
    • trap doors
    • stack/buffer overflows
    • worms/viruses
    • denial of service
  • What's better for security, open or proprietary systems?
• Encryption
  • May want to encrypt some data (in storage or for network transmission) for privacy or security
  • Original data is "clear text", encrypted is "cipher text"
  • Conventional encryption:
    
    • brute-force attack expensive, but not as much as in the past
    • Data Encryption Standard (DES): 56-bit secret key. Selected by US Gov't in 1977, broken in 1998.
    • Advanced Encryption Standard (AES): 168-bit key - Rijndael selected in 2000 as new standard
  • Problem: how to distribute the keys? Solution: use Public-Key encryption
    
    • keys are generated as public/private pairs
    • public keys are freely distributed
    • only the holder of the private key can decrypt messages encrypted using the corresponding public key
  • Is it OK if someone listens in on the encrypted conversation?
    
  • ssh uses public key encryption
  • Most popular: Rivest-Shamir-Adleman (RSA)

Examples

• setuid
• bufferoverflow
• FreeBSD exploitable example

Links

• SecurityFocus
• CERT
• Smashing The Stack For Fun And Profit
• NIST Computer Security Resource Center
• OpenSSH
• MIT Distribution Center for PGP (Pretty Good Privacy)
• RC5 at distributed.net
• RSA Laboratories' Frequently Asked Questions About Today's Cryptography