Documente Academic
Documente Profesional
Documente Cultură
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-2
Protection 14
and Security
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
1
Slide 14-3
Allowing Only Authorized Access
Subject
Authorized Authentication
Access Authorization
Unauthorized
Subject Secure
Access Entity
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
2
Slide 14-5
Cryptographically Protected Information
Secure Container
Secure
Element
Secure
Element
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Active Active
Active SAM**
SAM**
Active SAM
Directory Directory
Directory Server
Server SAM
Directory
User Space
Supervisor Space
Security
SecurityReference
ReferenceMonitor
Monitor
(SRM)
(SRM)
3
Security Goals
Slide 14-7
Machine X
Resource W
Resource X Resource Y
read Process A
Resource Z
read/write read
Process B
read/write
• Authentication Machine Y
• Authorization
Process C
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
• User/process authentication
– Is this user/process who it claims to be?
• Passwords
• More sophisticated mechanisms
• Authentication in networks
– Is this computer who it claims to be?
• File downloading
• Obtaining network services
• The Java promise
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
4
Authorization
Slide 14-9
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
5
A Protection System Slide 14-11
Subjects Objects
S
a
X
•S desires a access to X
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-12
A Protection System
Subjects Objects
Protection
S State X
•S desires a access to X
•Protection state reflects
current ability to access X
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
6
Slide 14-13
A Protection System
Subjects Objects
Protection
S State X
State
•S desires a access to X
Transition
•Protection state reflects
current ability to access X
•Authorities can change
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-14
A Protection System
Subjects Objects
Protection
S State X
State
•S desires a access to X
Transition
•Protection state reflects
current ability to access X
•Authorities can change
Rules
•What are rules for
changing authority?
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
7
Slide 14-15
A Protection System
Subjects Objects
Protection
S State X
State
•S desires a access to X
Transition
•Protection state reflects
current ability to access X
•Authorities can change
Rules
•What are rules for
changing authority?
•How are the rules chosen?
Policy
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-16
a
S X
•S desires a access to X
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
8
Slide 14-17
S X
•S desires a access to X S a
•Captures the protection state
Access matrix
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-18
Access
S X
authentication
X
•S desires a access to X S a
•Captures the protection state
•Generates an unforgeable ID
Access matrix
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
9
Protection System Example Slide 14-19
(S, a, x)
Access
S Monitor X
authentication
X
•S desires a access to X S a
•Captures the protection state
•Generates an unforgeable ID
•Checks the access against
the protection state
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
S1 S2 S3 F1 F2 D1 D2
S1 control block control read* seek owner
wakeup owner write*
owner
S2 control stop owner update owner seek*
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
10
Slide 14-21
A Protection System
Subjects Objects
Protection
S State X
State
Transition
Policy
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
S1 S2 S3 F1 F2 D1 D2
S1 control block control read* seek owner
wakeup owner write*
owner
S2 control stop owner update owner seek*
11
Protection Domains Slide 14-23
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-24
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
12
Slide 14-25
A Two-level Domain Architecture
User
Supv
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Ri
R2
R1
… … R0
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
13
Slide 14-27
Resource Descriptor
Resource Descriptor
• Windows resource
a a a
managers also use
ACLs for protection
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
14
Capability Lists Slide 14-29
S a
Process Descriptor
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
15
Cryptography Slide 14-31
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-32
More on Cryptography
encryption
plaintext ciphertext
decryption
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
16
Slide 14-33
More on Cryptography
Ke Kd
C = EKe(plaintext)
plaintext Encrypt
Encrypt Decrypt
Decrypt plaintext
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-34
More on Cryptography
Ke Kd
C = EKe(plaintext)
plaintext Encrypt
Encrypt Decrypt
Decrypt plaintext
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
17
Cryptographic Systems Slide 14-35
Cryptographic Systems
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-36
Kerberos
Authentication
Server
Client
Server
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
18
Slide 14-37
Kerberos
Authentication Encrypted for client
Server Encrypted for server
Ticket
Client ID Client
Session Key
Session Key
Server
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
Slide 14-38
Kerberos
Authentication Encrypted for client
Server Encrypted for server
Session Key
Server
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
19
Slide 14-39
Kerberos
Authentication Encrypted for client
Server Encrypted for server
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
64-bit
64-bitBlock
Block
Plain
Plain
Text
Text IP
IP
64-bit
64-bitBlock
Block
LLj-1 RRj-1
j-1 j-1
ff Kj = j(K, j)
⊕⊕
RRj-1 RRj-1
j-1 j-1
64-bit
64-bitBlock
Block
IP -1
IP-1
64-bit
64-bitBlock
Block
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
20
Slide 14-41
Translate
API
Client
Content Query
Repository Consumer
API
Admin
Consumable Playback
Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5
21