Скачать или смотреть Operating System #35 OS Security: Goals, Policy & Model | Access Control Techniques

Operating System #35 OS Security: Goals, Policy & Model | Access Control Techniques.

Best Programming Courses @ https://goo.gl/MVVDXR
Complete Operating Systems Lecture/ Tutorials from IIT @ https://goo.gl/GMr3if
MATLAB Tutorials @ https://goo.gl/EiPgCF

01:00 Security Goals:

• Secrecy (confidentiality)
– Unauthorized disclosure
– Limits the objects (files/sockets) that a process can read
• Integrity
– Unauthorized modification
– Limits the objects that a process can write
(objects may contain information that other processes depend on)
• Availability
– Limits the system resources that processes (or users) may consume
– Therefore preventing denial of service attacks

04:04 Confidentiality & Integrity: Achieved by Access Control
• Every access to an object in the system should be controlled
• All and only authorized accesses can take place
– Achieved by OS resource management techniques like fair scheduling

05:38 Access Control Systems
• Development of an access control system has three components
– Security Policy : high level rules that define access control
– Security Model : a formal representation of the access control security policy and its working.
(this allows a mathematical representation of a policy; there by aid in proving that the model is secure)
– Security Mechanism : low level (sw / hw) functional implementations of policy and model

Security Policy
• A scheme for specifying and enforcing security policies in a system
• Driven by
– Understanding of threat and system design
• Often take the form of a set of statements
– Succinct statements
– Goals are agreed upon either by
• The entire community
• Top management
• Or is the basis of a formal mathematical analysis

11:37 Security Model
• Why have it at all?
– It is a mathematical representation of the policy.
– By proving the model is secure and that the mechanism correctly implements the model, we can argue that the system is indeed secure (w.r.t. the security policy)

Security Mechanism:
• Implementing a correct mechanism is non trivial
• Could contain bugs in implementation which would break the security
• The implementation of the security policy must work as a ‘trusted base’ (reference monitor)
• Properties of the implementation
o Tamper proof
o Non-bypassable (all accesses should be evaluated by the mechanism)
o Security kernel – must be confined to a limited part of the system (scattering security functions all over the system implies that all code must be verified)
o Small – so as to achieve rigorous verification

14:36 Access Control Techniques
• DAC – Discretionary
• MAC – Mandatory
• RBAC -- Role-based

Discretionary Access Control
• Discretionary (DAC)
– Access based on
• Identity of requestor
• Access rules state what requestors are (or are not) allowed to do
– Privileges granted or revoked by an administrator
– Users can pass on their privileges to other users
– Example. Access Matrix Model

Access Matrix Model
• By Butler Lampson, 1971
• Subjects : active elements requesting information
• Objects : passive elements storing information

24:23 States of Access Matrix:
• A protection system is a state transition system
• Leaky State:
– A state (access matrix) is said to leak a right ‘r’ if there exists a command that adds right ‘r’ into an entry in the access matrix that did not previously contain ‘r’
– Leaks may not be always bad.

Is my system safe?
• Safety
– Definition 1: System is safe if access to an object without owner’s concurrence is impossible
– Definition 2: A user should be able to tell if giving away a right would lead to further leakage of that right.

Safety in the formal model
• Suppose a subject s plans to give subjects s’ right r to object o.
– with r entered into A[s’,o], is such that r could subsequently be entered somewhere new.
– If this is possible, then the system is unsafe