Module 20: Security.• The Security Problem.• Authentication.• Program Threats.• System Threats.• Threat Monitoring.• Encryption. Silberschatz and Galvin 1999 The Security Problem.• Security must consider external environment of the system, and. protect it from:. – unauthorized access – malicious modification or destruction. – accidental introduction of inconsistency• Easier to protect against accidental than malicious misuse Silberschatz and Galvin 1999 Authentication.• User identity most often established through passwords, can be. considered a special case of either keys or capabilities• Passwords must be kept secret – Frequent change of passwords – Use of “non-guessable” passwords – Log all invalid access attempts Silberschatz and Galvin 1999 Program Threats.• Trojan Horse. – Code segment that misuses its environment – Exploits mechanisms for allowing programs written by users. to be executed by other users• Trap Door. – Specific user identifier or password that circumvents normal. security procedures – Could be included in a compiler Silberschatz and Galvin 1999 System Threats.• Worms – use spawn mechanism; standalone program.• Internet worm. – Exploited UNIX networking features (remote access) and. bugs in finger and sendmail programs – Grappling hook program uploaded main worm program• Viruses – fragment of code embedded in a legitimate program – Mainly effect microcomputer systems – Downloading viral programs from public bulletin boards or. exchanging floppy disks containing an infection – Safe computing Silberschatz and Galvin 1999 The Morris Internet Worm. Silberschatz and Galvin 1999 Threat Monitoring.• Check for suspicious patterns of activity – ., several incorrect. password attempts may signal password guessing• Audit log – records the time, user, and type of all accesses to an. object; useful for recovery from a violation and developing better. security measures• Scan the system periodically for security holes; done when the. computer is relatively unused Silberschatz and Galvin 1999 Threat Monitoring (Cont.).• Check for:. – Short or easy-to-guess passwords. – Unauthorized set-uid programs. – Unauthorized programs in system directories. – Unexpected long-running processes. – Improper directory protections. – Improper protections on system data files. – Dangerous entries in the program search path (Trojan. horse). – Changes to system programs: monitor checksum values. Silberschatz and Galvin 1999 Network Security Through Domain Separation Via Firewall. Silberschatz and Galvin 1999 Encryption.• Encrypt clear text into cipher text• Properties of good encryption technique:. – Relatively simple for authorized users to incrypt and decrypt. data – Encryption scheme depends not on the secrecy of the. algorithm but on a parameter of the algorithm called the. encryption key – Extremely difficult for an intruder to determine the encryption. key• Data Encryption Standard substitutes characters and rearranges. their order on the basis of an enc
