Operating System Security

CSCI620M03/CSCI445M02/ITEC445
M02
Instructor: Qian Wang
Office hour: EGGC802, Friday 9:00 am—9:30am
Email: qwang23@nyit.edu
Lecture 1: 1/26/2018
Introduction:
 Course Direction
• Operating System Security is a broad topic
• Which directly we go in is largely up to you!
• Focus on OS principles with emphasis on security?
• Focus on security with discussion of OS applications?
• How many people have studied OS?
• How many people have studied security?
• How many people have worked with research
literature?
 Course Details
• To the syllabus!
• It is your responsibility to understand the
requirements and policies of the course and
NYIT
• If you have any questions, don’t hesitate to
ask!
 Note on Attendance
• Students may only sign in during the first 30
minutes of class
• Anyone arriving later will be marked absent
• No retroactive sign-ins allowed
 Statement on Academic Integrity

• There will be absolutely no exceptions from the

integrity policy
• 0 on assignment for first violation
• Each subsequent violation reduces maximum letter grade
for course
• Second offense: Maximum grade is a B+
• Third offense: Maximum grade is a B
• Fourth offense: Maximum grade is a C+
• Fifth offense: Maximum grade is a C
• Sixth offense: Failure in the course
• All incidents will be referred to Student Affairs
 A Digression on References
• As researchers, we stand on the shoulders of giants!
• Research is rarely the act of one individual, but rather
the gradual
accumulation of knowledge over time
• It is critical to properly acknowledge the contributions
of others
• Give credit where its due
• Contextualize your own contribution
• There are serious professional repercussions for not
doing so
 A Digression on References

• Previous work can inform yours in one of three

main ways
• Direct quotation
• Explicitly referring to another work
• Conceptual or background research
(implicit)
Overview
• What is an Operating System?

• What is security?

• What is Operating System Security?

• What Comprises a Secure System?

• Levels of a Secure System

 What is an Operating System?

• Interacting directly with machine is primitive and awkward

• Example: Floppy Disk I/O
• 16 commands specified by loading 9 bytes into a register
• Reading, writing, moving disk arm, formatting data tracks, initializing,
recalibrating, etc.
• Read and write are the most basic commands – and these
require 13 parameters
• Address of disk blocks, sectors per track, intersector gap spacing
• Commands return 23 status and error fields packed into 7
bytes
• Must keep track of motor state
• Tradeoff between read delay and wearing out the disk
 What is an Operating System?

• But all you want to do is write data to the disk!

• OS provides users and programmers with an
extended machine
• Top-down view
• Provides simple abstraction
• Disk has files that can be opened, read, written, and closed
• Hides the dirty truth of the machine
• Provides simple, easy to use high level abstraction
via system calls
 What is an Operating System?

• Modern computer systems have many

components:
• Processors, memories, timers, disks, I/O
devices, network interfaces, etc.
• How to handle:
• Multiple programs trying to use the same
resource
• I.E., send output to a printer
• Multiple users
• How to share hardware as well as data?
 What is an Operating System?

• Need to share both time and space

• Divide processor time
• Divide memory space
• OS: Acts as a manager provides orderly access
to resources to programs contending for them
• Bottom-up view
 What is Computer Security?

• Difficult to define
• Defending computer resources from “bad stuff”
• What this means is largely dependent on the context!
• Threat modeling is crucial
• Broadly, prevent unauthorized people/systems from:
• Gaining access to information they shouldn’t be able to
• Altering information they shouldn’t be able to
• Stopping others from accessing information they shouldn’t
be able to
 Levels of a Secure System

• Physical
• Protect access to sensitive areas
• Prevent tampering with equipment
• Human
• Make sure users are trustworthy
• Prevent social engineering attacks
• Operating System
• Prevent exploitation of OS resources
• Network
• Prevent misuse of communication resources
 Computer Security: Why it is important?

• The numbers speak for themselves.

• Our computer systems are quite vulnerable
• Poor design or after the fact design
• Lack of awareness and education
• Weak threat model and under-estimation of
attacker capabilities
• Buggy
 Threats, Vulnerabilities and Attacks

• A threat to a system is any potential occurrence,

malicious or otherwise, that can have an adverse
effect on the assets and resources associated
with the system
• A vulnerability of a system is some characteristic
that makes it possible for a threat to occur
• An attack on a system is some action that involves
exploitation of some vulnerability in order to
cause an existing threat to occur
 Types of Threats

• Can be classified into four broad categories

• Disclosure - unauthorized access to information
• Deception - acceptance of false data
• Disruption - interruption or prevention of correct
operation
• Usurpation - unauthorized control of some part of a
system
• Examples include – snooping, sniffing, spoofing,
delaying, denial of service, malware, theft of
computational resources…
 Primary Issues

• Confidentiality: prevention of unauthorized

disclosure of information
• Integrity: prevention of unauthorized
modification of information
• Availability: ability to withstand unauthorized
withholding of information or resources
 Computer Security – Evolving Definitions

• Security – freedom from risk and danger

• In early days of computers security meant
physical security and confidentiality
• Integrity and access control then became
important with multitasking computers
• In recent years availability is a big issue
• Now security is hard to define!!
 Computer Security Definitions

• Security is the ability of a system to protect

information and system resources with respect to
confidentiality, integrity, and availability
• Computer Security deals with the prevention and
detection of unauthorized actions by users of a
computer system
• Computer security is preventing attackers from
achieving objectives through unauthorized access
or unauthorized use of computers and
networks
 Computer Security – Informal Definitions

• Cheswik and Bellovin – “keeping anyone from

doing things you do not want them to do, with,
on, or from your computers or any peripheral
devices”
• Garfinkel and Spafford - “A computer is secure if
you can depend on it and its software to behave
as you expect … This concept is often called trust;
you trust the system to preserve and protect your
data”
 Computer Security – other issues

• There are other issues that arise in the design of

secure systems besides confidentiality, availability
and integrity:
• Accountability
• Reliability
• Access Control
• Authentication
• Non-repudiation
• Privacy and anonymity
 Policy and Mechanism

• A security policy is a statement of what is, and

is not, allowed
• Expressed mathematically
• List of allowed and disallowed actions
• A security mechanism is a procedure, tool, or
method of enforcing security policy
• We will learn many cryptographic and noncryptographic
mechanisms
 Security Policy

• A security policy is a set of rules stating which actions are

permitted and which are not
• Can be informal or highly mathematical
• If we consider a computer system to be a finite state
automaton with state transitions then
• A security policy is a statement that partitions the states of a system
into a set of authorized or secure states and a set of unauthorized or
non-secure states
• A secure system is a system that starts in an authorized state and
cannot enter an unauthorized state
• A breach of security occurs when a system enters an unauthorized
state
• We expect a trusted system to enforce the required security
policies
 Elements of a Security Policy

• A security policy considers all relevant aspects

of confidentiality, integrity and availability
• Confidentiality policy: Identifies information leakage
and controls information flow
• Integrity Policy: Identifies authorized ways in which
information may be altered. Enforces separation of
duties
• Availability policy: Describes what services must be
provided: example – a browser may download pages but
no Java applets
 Goals of Security Mechanism

• Given a policy that specifies what is “secure” and what is

“non-secure” goal of security is to put in place mechanisms
that provide:
• Prevention
• Involves implementing mechanisms that users cannot
override and are trusted to be implemented in correct and
unalterable ways
• Detection
• Goal is to determine that an attack is underway, or
has occurred and report it
• Recovery
• Resuming correct operation either after an attack or
even while an attack is underway
 Types of Security Mechanisms/controls

• Cryptography and cryptographic protocol

• Software controls
• Hardware controls
• Physical controls
 Trust

• Security policies and mechanisms are based on

assumptions and one trusts that these assumptions
hold.
• Aspirin from drugstore is considered trustworthy. The
basis of this trust is:
• Testing and certification by FDA.
• Manufacturing standard of company and regulatory
mechanisms that ensure it.
• Safety seal on the bottle.
• Similarly, for a secure system to achieve trust, specific
steps need to be taken.
 Trust - continue

• Trusting the mechanism requires us to

assume:
• Each mechanism designed to implement part of policy
• Union of mechanisms implement all aspects of policy
• Implemented correctly
• Installed and administered correctly