Operating System Security

CSCI-620: M02
Instructor: Qian Wang
Office hour: EGGC 802, Friday 10:30 am11:00am
Email: [email protected]

Lecture 1: 9/9/2016
Introduction:
 Course Direction
Operating System Security is a broad topic
Which directly we go in is largely up to you!
Focus on OS principles with emphasis on security?
Focus on security with discussion of OS applications?
How many people have studied OS?
How many people have studied security?
How many people have worked with research
literature?
 Course Details
To the syllabus!
It is your responsibility to understand
the requirements and policies of the
course and NYIT
If you have any questions, dont
hesitate to ask!
 Note on Attendance
Students may only sign in during the
first 15 minutes of class
Anyone arriving later will be marked
absent
No retroactive sign-ins allowed
 Statement on Academic
Integrity
There will be absolutely no exceptions from
the integrity policy
0 on assignment for first violation
Each subsequent violation reduces maximum letter grade
for course
Second offense: Maximum grade is a B+
Third offense: Maximum grade is a B
Fourth offense: Maximum grade is a C+
Fifth offense: Maximum grade is a C
Sixth offense: Failure in the course
All incidents will be referred to Student Affairs
 A Digression on References
As researchers, we stand on the shoulders of giants!
Research is rarely the act of one individual, but
rather the gradual
accumulation of knowledge over time
It is critical to properly acknowledge the
contributions of others
Give credit where its due
Contextualize your own contribution
There are serious professional repercussions for not
doing so
 A Digression on References

Previous work can inform yours in

one of three main ways
Direct quotation
Explicitly referring to another work
Conceptual or background research
(implicit)
Overview
What is an Operating System?

What is security?

What is Operating System Security?

What Comprises a Secure System?

Levels of a Secure System

 What is an Operating System?

Interacting directly with machine is primitive and awkward

Example: Floppy Disk I/O
16 commands specified by loading 9 bytes into a register
Reading, writing, moving disk arm, formatting data tracks, initializing,
recalibrating, etc.
Read and write are the most basic commands and these
require 13 parameters
Address of disk blocks, sectors per track, intersector gap spacing
Commands return 23 status and error fields packed into 7
bytes
Must keep track of motor state
Tradeoff between read delay and wearing out the disk
 What is an Operating System?

But all you want to do is write data to the disk!

OS provides users and programmers with an
extended machine
Top-down view
Provides simple abstraction
Disk has files that can be opened, read, written, and
closed
Hides the dirty truth of the machine
Provides simple, easy to use high level
abstraction via system calls
 What is an Operating System?

Modern computer systems have many

components:
Processors, memories, timers, disks, I/O
devices, network interfaces, etc.
How to handle:
Multiple programs trying to use the same
resource
I.E., send output to a printer
Multiple users
How to share hardware as well as data?
 What is an Operating System?

Need to share both time and space

Divide processor time
Divide memory space
OS: Acts as a manager provides
orderly access to resources to
programs contending for them
Bottom-up view
 What is Computer Security?

Difficult to define
Defending computer resources from bad stuff
What this means is largely dependent on the
context!
Threat modeling is crucial
Broadly, prevent unauthorized people/systems
from:
Gaining access to information they shouldnt be able to
Altering information they shouldnt be able to
Stopping others from accessing information they
shouldnt be able to
 Levels of a Secure System

Physical
Protect access to sensitive areas
Prevent tampering with equipment
Human
Make sure users are trustworthy
Prevent social engineering attacks
Operating System
Prevent exploitation of OS resources
Network
Prevent misuse of communication resources
Computer Security: Why it is important?

The numbers speak for themselves.

Our computer systems are quite
vulnerable
Poor design or after the fact design
Lack of awareness and education
Weak threat model and under-estimation
of attacker capabilities
Buggy
 Threats, Vulnerabilities and Attacks

A threat to a system is any potential

occurrence, malicious or otherwise, that can
have an adverse effect on the assets and
resources associated with the system
A vulnerability of a system is some
characteristic that makes it possible for a
threat to occur
An attack on a system is some action that
involves exploitation of some vulnerability in
order to cause an existing threat to occur
 Types of Threats

Can be classified into four broad categories

Disclosure - unauthorized access to information
Deception - acceptance of false data
Disruption - interruption or prevention of correct
operation
Usurpation - unauthorized control of some part of a
system
Examples include snooping, sniffing, spoofing,
delaying, denial of service, malware, theft of
computational resources
 Primary Issues

Confidentiality: prevention of
unauthorized disclosure of information
Integrity: prevention of unauthorized
modification of information
Availability: ability to withstand
unauthorized withholding of information
or resources
Computer Security Evolving Definitions

Security freedom from risk and danger

In early days of computers security meant
physical security and confidentiality
Integrity and access control then became
important with multitasking computers
In recent years availability is a big issue
Now security is hard to define!!
 Computer Security Definitions

Security is the ability of a system to protect

information and system resources with respect
to confidentiality, integrity, and availability
Computer Security deals with the prevention
and detection of unauthorized actions by users
of a computer system
Computer security is preventing attackers from
achieving objectives through unauthorized
access or unauthorized use of computers and
networks
 Computer Security Informal
Definitions
Cheswik and Bellovin keeping anyone
from doing things you do not want them
to do, with, on, or from your computers or
any peripheral devices
Garfinkel and Spafford - A computer is
secure if you can depend on it and its
software to behave as you expect This
concept is often called trust; you trust the
system to preserve and protect your data
 Computer Security other issues

There are other issues that arise in the

design of
secure systems besides confidentiality,
availability
and integrity:
Accountability
Reliability
Access Control
Authentication
Non-repudiation
Privacy and anonymity
 Policy and Mechanism

A security policy is a statement of

what is, and is not, allowed
Expressed mathematically
List of allowed and disallowed actions
A security mechanism is a
procedure, tool, or method of
enforcing security policy
We will learn many cryptographic and
noncryptographic mechanisms
 Security Policy

A security policy is a set of rules stating which actions are

permitted and which are not
Can be informal or highly mathematical
If we consider a computer system to be a finite state
automaton with state transitions then
A security policy is a statement that partitions the states of a
system
into a set of authorized or secure states and a set of unauthorized or
non-secure states
A secure system is a system that starts in an authorized state and
cannot enter an unauthorized state
A breach of security occurs when a system enters an unauthorized
state
We expect a trusted system to enforce the required security
policies
 Elements of a Security Policy

A security policy considers all relevant

aspects of confidentiality, integrity and
availability
Confidentiality policy: Identifies information
leakage and controls information flow
Integrity Policy: Identifies authorized ways in which
information may be altered. Enforces separation of
duties
Availability policy: Describes what services must be
provided: example a browser may download pages
but no Java applets
 Goals of Security Mechanism

Given a policy that specifies what is secure and what is

non-secure goal of security is to put in place mechanisms
that provide:
Prevention
Involves implementing mechanisms that users
cannot override and are trusted to be implemented in
correct and unalterable ways
Detection
Goal is to determine that an attack is underway, or
has occurred and report it
Recovery
Resuming correct operation either after an attack or
even while an attack is underway
Types of Security Mechanisms/controls

Cryptography and cryptographic

protocol
Software controls
Hardware controls
Physical controls
 Trust

Security policies and mechanisms are based on

assumptions and one trusts that these
assumptions hold.
Aspirin from drugstore is considered trustworthy.
The basis of this trust is:
Testing and certification by FDA.
Manufacturing standard of company and regulatory
mechanisms that ensure it.
Safety seal on the bottle.
Similarly, for a secure system to achieve trust,
specific steps need to be taken.
 Trust - continue

Trusting the mechanism requires us

to assume:
Each mechanism designed to implement part of
policy
Union of mechanisms implement all aspects of
policy
Implemented correctly
Installed and administered correctly