Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build “secure” operating systems (operating systems whose mechanisms protect the system against a motivated adversary). Recently, the importance of ensuring such security has become a mainstream issue for all operating systems.
Security methods in operating systems
a) Separation
* Keeping one user’s object separate from other users
b) Can occur in several ways (Rushby & Randell):
* Physical separation
* Temporal separation
* Logical separation
* Cryptographic separation
Levels of protection
* No protection
* Isolation
* Share all or share nothing
* Share via access limitation
* Share by capabilities
* Limit use of an object
* Granularity of protection!
Security methods in operating systems
a) Separation
* Keeping one user’s object separate from other users
b) Can occur in several ways (Rushby & Randell):
* Physical separation
* Temporal separation
* Logical separation
* Cryptographic separation
Levels of protection
* No protection
* Isolation
* Share all or share nothing
* Share via access limitation
* Share by capabilities
* Limit use of an object
* Granularity of protection!
Memory Protection
Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build “secure” operating systems — operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems.
Methods use for Memory Protection
a) Fence
* The simplest from of protection
* Prevent a faulty program or user from destroying part of the resident portion of OS or another program
* Software or Hardware implementation
* Static or Dynamic (fence register)
Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build “secure” operating systems — operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems.
Methods use for Memory Protection
a) Fence
* The simplest from of protection
* Prevent a faulty program or user from destroying part of the resident portion of OS or another program
* Software or Hardware implementation
* Static or Dynamic (fence register)
b) Relocation
* OS location in memory is variable size
* Process of changing all addresses to reflect actual address located in memory
* Frequently used with fence register
c) Base/bound registers
* Each program is forced between base & bound registers
* To overcome the problem because of not provide a upper bound:
* Add second register called Bounds register (an upper address limit)
d) Tagged architecture
* Base/bounds assumes contiguous user program space.
- Protecting code or data is an all or nothing deal with the base/bounds technique
* Could add tags to memory units
- Very privileged operation to change tags
- Memory unit could be word or a page
- Used for capability support
- Used by Lisp machines to encode types
* RWX bits on pages for Intel architecture
e) Segmentation
* Segmentation
- Dividing program into separate pieces i.e. program,constant, array data, etc
* Benefits
- Each address reference can be checked
- Assignment of different level of protection
- Control access right i.e. >1 user
f) Paging
* Simpler alternative to segmentation
* Program is divided into equal-sized pieces called pages & memory is divided into equal-sized unit called page frames.
g) Paging combined with segmentation
* To solve problems by paging method
* Break each segment into equal sized pages
* Gain advantage of segment permissions coupled with reduction in fragmentation offered by paging.
* OS location in memory is variable size
* Process of changing all addresses to reflect actual address located in memory
* Frequently used with fence register
c) Base/bound registers
* Each program is forced between base & bound registers
* To overcome the problem because of not provide a upper bound:
* Add second register called Bounds register (an upper address limit)
d) Tagged architecture
* Base/bounds assumes contiguous user program space.
- Protecting code or data is an all or nothing deal with the base/bounds technique
* Could add tags to memory units
- Very privileged operation to change tags
- Memory unit could be word or a page
- Used for capability support
- Used by Lisp machines to encode types
* RWX bits on pages for Intel architecture
e) Segmentation
* Segmentation
- Dividing program into separate pieces i.e. program,constant, array data, etc
* Benefits
- Each address reference can be checked
- Assignment of different level of protection
- Control access right i.e. >1 user
f) Paging
* Simpler alternative to segmentation
* Program is divided into equal-sized pieces called pages & memory is divided into equal-sized unit called page frames.
g) Paging combined with segmentation
* To solve problems by paging method
* Break each segment into equal sized pages
* Gain advantage of segment permissions coupled with reduction in fragmentation offered by paging.
Protecting General Objects
* Memory
* File or data set on an auxiliary storage device
* Program executing in the memory
* A directory of files
* A hardware device
* A data structure or an operating system table
* Instructions
* Passwords and user authentication mechanism
* The protection mechanism itself
Goals of protection of objects :
a) Check every access
b) Allow least privilege
c) Verify acceptable usage
Access Control to General Objects
Protecting memory is a specific case of the general problem of protecting objects
Objects to protect :
* A file or data on auxiliary storage device
* An executing program in memory
* A directory of files
* A data structure i.e. stack, array
* OS
* Instructions, especially privileged instructions
* Passwords and user authentication
* Protection mechanism itself
Mechanism: Kerberos
* Authentication and access authorization
* Two component:
- Authentication server is used to authenticate user credential
- and provide encrypted ticket to authenticated user
- Ticket-granting server is used to authenticate ticket and grant access to resources
* Implements single sign-on
File protection
a) Basic forms
* All-none protection
- Assumption : all users can be trusted
- You have the password : you have complete access
* Group protection
* Memory
* File or data set on an auxiliary storage device
* Program executing in the memory
* A directory of files
* A hardware device
* A data structure or an operating system table
* Instructions
* Passwords and user authentication mechanism
* The protection mechanism itself
Goals of protection of objects :
a) Check every access
b) Allow least privilege
c) Verify acceptable usage
Access Control to General Objects
Protecting memory is a specific case of the general problem of protecting objects
Objects to protect :
* A file or data on auxiliary storage device
* An executing program in memory
* A directory of files
* A data structure i.e. stack, array
* OS
* Instructions, especially privileged instructions
* Passwords and user authentication
* Protection mechanism itself
Mechanism: Kerberos
* Authentication and access authorization
* Two component:
- Authentication server is used to authenticate user credential
- and provide encrypted ticket to authenticated user
- Ticket-granting server is used to authenticate ticket and grant access to resources
* Implements single sign-on
File protection
a) Basic forms
* All-none protection
- Assumption : all users can be trusted
- You have the password : you have complete access
* Group protection
b) Single permissions
* Password or other token
* Temporary acquired permission
* Password or other token
* Temporary acquired permission
