Download - 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity
![Page 1: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/1.jpg)
11
Chapter 7: OS SecurityInstructor: Hengming Zou, Ph.D.
In Pursuit of Absolute Simplicity 求于至简,归于永恒
![Page 2: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/2.jpg)
22
Content
The security environment
Basics of cryptography
User authentication
Intrusions and attacks
Protection mechanisms
Trusted systems
![Page 3: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/3.jpg)
33
Hardware Reality
Collection of processor, memory, disks, network interfaces that can be used by anyone to do anything
Or could turn it off, leaving you with hardware that won’t do anything for anyone
![Page 4: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/4.jpg)
44
Security Goals and Threats
Goal Threat
Data Confidentiality Exposure of data
Data Integrity Tampering with data
Personal Privacy Misuse of data
System Availability Denial of service
Acts of God
![Page 5: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/5.jpg)
55
Security Threats
Natural or man-made disasters– fires, floods, earthquake, wars
Hardware or software errors– CPU malfunction, bad disk, program bugs
Human errors– data entry, wrong tape mounted
Attacks by intruders or adversaries– This is where we will focus in this lecture
![Page 6: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/6.jpg)
66
Intrusion Motive
Casual prying by non-technical users
Snooping by insiders
Determined attempt to make money
Commercial or military espionage
![Page 7: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/7.jpg)
77
Some Example Attacks
Spoof identity– pretend to send a message from your IP address
Man-in-the-middle attack– Eavesdrop and delete the original message
– Insert new message that pretends to be from original sender
– Replay old messages
![Page 8: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/8.jpg)
88
Security Elements
Data security– not viewed by unauthorized personnel
– data are not tampered
System security– Systems do not do things not supposed to do
![Page 9: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/9.jpg)
99
Security Elements
Static security– Data stored are not compromised
– Achieved by access control and cryptography
Dynamic security– Data in transit is not compromised
– Achieved by secure communication
![Page 10: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/10.jpg)
1010
Secure Communication
Confidentiality:– Attacker should not be able to understand data
Authentication:– Assure receiver that message is from the right sender
Freshness: – Attacker should not be able to replay an old request
Availability:– No denial-of-service
![Page 11: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/11.jpg)
1111
Secure Communication
How to achieve secure communication?
![Page 12: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/12.jpg)
1212
Cryptography
Cryptography is one of the main tools used to provide data security, both static and dynamic– What other ways for secure communication?
Basic idea– encrypt (clear text, e-key) = cipher text
– decrypt (cipher text, d-key) = clear text
![Page 13: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/13.jpg)
1313
Basics of Cryptography
Relationship between plaintext and ciphertext
EncryptionAlgorithm
DecryptionAlgorithm
P
KE
Ciphertext
P=D(C, KD)C=E(P, KE)
Plaintext OutPlaintext In
Encryption key Decryption key
KD
Encryption Decryption
![Page 14: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/14.jpg)
1414
Cryptography
Encrypt and decrypt algorithms are usually public
Shouldn’t be able to deduce d-key from (clear text, cipher text) pairs
![Page 15: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/15.jpg)
1515
One-Way Functions
Encryption function should be selected such that – given formula for f(x)
– easy to evaluate y = f(x)
But given y– computationally infeasible to find x
![Page 16: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/16.jpg)
1616
Symmetric Key Encryption
Given e-key, it is easy to find out d-key
Vice versa (i.e. symmetric)– Sometimes d-key = e-key!
Only sender and receiver know the key
Sometimes this is called “secret key” encryption– It must not be made public
![Page 17: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/17.jpg)
1717
Symmetric Key Cryptography
Ex: Mono-alphabetic substitution– each letter replaced by different letter
ABCDEFGHIJKLMNOPQRSTUVWXYZ
QWERTYUIOPASDFGHJKLZXCVBNM
Given e-key
– QWERTYUIOPASDFGHJKLZXCVBNM,
Easy to d-key: – KXVMCNOPHQRSZYIJADLEGWBUFT
![Page 18: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/18.jpg)
1818
Symmetric Key Encryption
How do sender and receiver get a shared secret key in the first place?
![Page 19: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/19.jpg)
1919
Symmetric Key Encryption
Famous Symmetric Key encryption include:
DES、 RC2、 RC4、 IDEA
GOST、 SAFER、 FEAL、 Skipjack、 Blowfish
![Page 20: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/20.jpg)
2020
Public-key Encryption
Also called asymmetric encryption
Given e-key, it is virtually impossible to find d-key– Thus the name asymmetric
Thus, the encryption key can be made public– Thus the name public
![Page 21: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/21.jpg)
2121
Public-Key Cryptography
All users pick a public key/private key pair– publish the public key
– private key not published
Public key is the encryption key– private key is the decryption key
![Page 22: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/22.jpg)
2222
Public-key Encryption
Encryption/decryption process:– crypt (clear text, e-key) = cipher-text-1
– crypt (cipher-text-1, d-key) = clear text
– crypt (clear text, d-key) = cipher-text-2
– crypt (cipher-text-2, e-key) = clear text
In general d-key(e-key(msg))=e-key(d-key(msg))– But not always!
![Page 23: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/23.jpg)
2323
Public-key Encryption
Note that– cipher-text-1 != cipher-text-2
– crypt(cipher-text-2, d-key) != clear text
– crypt(cipher-text-1, e-key) != clear text
e-key is called the “public key”– Everyone knows the value of everyone’s public keys
![Page 24: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/24.jpg)
2424
Public-key Encryption
d-key is called the “private key”– Only the sender knows his/her own private key
Difficult to guess private key– Even if you know the public key and crypt(),
– and lots of encrypted pairs
![Page 25: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/25.jpg)
2525
Public-key Encryption
Public-key encryption can be used for authentication
For example: to authenticate sender “zou”, we do:– “from zou” crypt (message, zou-private)
Anyone can read this message (no confidentiality)
Only zou can generate this message– Others can verify that zou generated the message
– by decrypting with zou-public
![Page 26: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/26.jpg)
2626
Public-key Encryption
Why include “from zou” in the message?– So that receivers know the message comes from zou
– so that s/he will use zou-public key to decode the text
This is called a “digital signature”– Can detect any change to the data
![Page 27: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/27.jpg)
2727
Public-key Encryption
If using public-key encryption for privacy, do– crypt (message, receiver-public)
Anyone can send this message (no authentication)
Only receiver can read it
![Page 28: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/28.jpg)
2828
Public-key Encryption
Using PK encryption for authentication and privacy, – crypt (“from zou” crypt (msg, zou-private), receiver-public)
Only receiver can read this
Only zou can send it
![Page 29: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/29.jpg)
2929
Public-key Encryption
Does the following work?– “from zou” crypt (crypt (message, receiver-public), zou-private)
![Page 30: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/30.jpg)
3030
Example Public-key System: RSA
1978 by Ron Rivest, Adi Shamir, Leonard Adleman
Principle:– Multiplication and module is easy
– While factoring is difficult!
![Page 31: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/31.jpg)
3131
Example Public-key System: RSA
Idea:– Find two large (e.g., 1024-bit) prime numbers P and Q
Choose E such that:– E is greater than 1 but less than PQ,
– E and (P-1)(Q-1) are relatively prime
– which means they have no prime factors in common
![Page 32: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/32.jpg)
3232
Example Public-key System: RSA
E does not have to be prime, but it must be odd– (P-1)(Q-1) can't be prime because it's an even number
Compute D such that:– (DE - 1) is evenly divisible by (P-1)(Q-1)
Mathematicians write this as DE = 1 mod (P-1)(Q-1) – and they call D the multiplicative inverse of E
![Page 33: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/33.jpg)
3333
Example Public-key System: RSA
This is easy to do:
Simply find an integer X which causes:– D = (X(P-1)(Q-1) + 1)/E to be an integer
– then use that value of D
![Page 34: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/34.jpg)
3434
Example Public-key System
The encryption function is C = (T^E) mod PQ
where C is the ciphertext (a positive integer)
T is the plaintext (a positive integer)
^ indicates exponentiation
message T must be less than the modulus PQ
![Page 35: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/35.jpg)
3535
Example Public-key System
The decryption function is T = (C^D) mod PQ
where C is the ciphertext (a positive integer)
T is the plaintext (a positive integer)
^ indicates exponentiation
![Page 36: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/36.jpg)
3636
Example Public-key System
Your public key is the pair (PQ, E)
Your private key is the number D (reveal it to no one).
The product PQ is the modulus – often called N in the literature
E is the public exponent
D is the secret exponent
![Page 37: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/37.jpg)
3737
Example Public-key System
You can publish your public key freely
because there are no known easy methods of calculating D, P, or Q given only (PQ, E)
(your public key)
If P and Q are each 1024 bits long, the sun will burn out before the most powerful computers presently in existence can factor your modulus into P and Q.
![Page 38: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/38.jpg)
3838
RSA Example
P = 61 <- first prime number – destroy this after computing E and D
Q = 53 <- second prime number – destroy this after computing E and D
PQ = 3233 <- modulus (give this to others)
E = 17 <- public exponent (give this to others)
D = 2753 <- private exponent (keep this secret!)
![Page 39: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/39.jpg)
3939
RSA Example
(DE - 1) = 46800
(P-1)(Q-1) = 3120
(DE - 1)/ (P-1)(Q-1) =46800/3120=15– Evenly divisible
![Page 40: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/40.jpg)
4040
RSA Example
Your public key is (E,PQ)
Your private key is D
The encryption function is: – encrypt(T) = (T^E) mod PQ = (T^17) mod 3233
The decryption function is: – decrypt(C) = (C^D) mod PQ = (C^2753) mod 3233
![Page 41: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/41.jpg)
4141
RSA Example
To encrypt the plaintext value 123, do this:
encrypt(123) = (123^17) mod 3233 =
337587917446653715596592958817679803 mod 3233 = 855
To decrypt the ciphertext value 855, do this:
decrypt(855) = (855^2753) mod 3233 = 123
But how to computer 855^2753?
![Page 42: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/42.jpg)
4242
RSA Example
Compute the value of 855^2753 mod 3233:
2753 = 101011000001 base 2
2753 = 1+ 2^6 + 2^7 + 2^9 + 2^11 =
1 + 64 + 128 + 512 + 2048
![Page 43: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/43.jpg)
4343
RSA Example
Consider this table of powers of 855:
855^1 = 855 (mod 3233)
855^2 = 367 (mod 3233)
855^4 = 367^2 (mod 3233) = 2136 (mod 3233)
855^8 = 2136^2 (mod 3233) = 733 (mod 3233)
855^16 = 733^2 (mod 3233) = 611 (mod 3233)
855^32 = 611^2 (mod 3233) = 1526 (mod 3233)
![Page 44: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/44.jpg)
4444
RSA Example
855^64 = 1526^2 (mod 3233) = 916 (mod 3233)
855^128 = 916^2 (mod 3233) = 1709 (mod 3233)
855^256 = 1709^2 (mod 3233) = 1282 (mod 3233)
855^512 = 1282^2 (mod 3233) = 1160 (mod 3233)
855^1024 = 1160^2 (mod 3233) = 672 (mod 3233)
855^2048 = 672^2 (mod 3233) = 2197 (mod 3233)
![Page 45: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/45.jpg)
4545
RSA Example
Given the above, compute:
855^2753 (mod 3233) =
855^(1 + 64 + 128 + 512 + 2048) (mod 3233) =
855^1*855^64*855^128*855^512 * 855^2048 (mod 3233) =
855 * 916 * 1709 * 1160 * 2197 (mod 3233) =
794 * 1709 * 1160 * 2197 (mod 3233) =
2319 * 1160 * 2197 (mod 3233) =
184 * 2197 (mod 3233) = 123 (mod 3233) = 123
![Page 46: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/46.jpg)
4646
RSA Caveats
Though it is widely suspected to be true
It is not yet proven that – no easy methods of factoring exist
It is not yet proven that– the only way to crack RSA is to factor the modulus
![Page 47: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/47.jpg)
4747
Problems with PK Encryption
More computationally expensive – than symmetric-key encryption
Solve by using public-key to – exchange a short-lived symmetric key (session key)
How to exchange my public key?
How to trust authenticity of published public keys?
![Page 48: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/48.jpg)
4848
Problems with PK Encryption
Example:
A wants to communicate with B
So A and B must learn each other’s public keys– A-public and B-public
Villain has two public keys – V-public1 and V-public2
![Page 49: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/49.jpg)
4949
Problems with PK Encryption
What if villain manages to:– convince A that B’s public key is V-public1?
– Or convince B that A’s public key is V-public2?
A sends signed & sealed message with wrong key: – crypt (“From A” crypt(message, A-private), V-public1)
– Then all bets are off
![Page 50: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/50.jpg)
5050
Common Public-key Encryption
SSL: secure sockets layer– used in web https for encrypt text transmitted
ssh: secure shell– Commands typed are encypted
pgp: secure mail– Invented in 1991 by Philip Zimmermann
– Pretty good privacy
![Page 51: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/51.jpg)
5252
Authentication
Who are you?
Authentication is the process of you proving your identity to the operating system
It may also include the operating system proving its identity to you
![Page 52: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/52.jpg)
5353
User Authentication
Identify the user– i.e. the person is who he claims to be
Done before user can use the system
![Page 53: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/53.jpg)
5454
General Principles of Authentication
Something the user know– Password
Something use has– Physical token
Something the user is– Biometrical token
![Page 54: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/54.jpg)
5555
Passwords
A shared secret between user and OS
What happens if villain gains access to the list of passwords?
Instead of storing the password, the OS can store a one-way function of password
![Page 55: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/55.jpg)
5656
Passwords
What’s the weakest link in a password system?
Or how to crack a password system?– Guess
– Look over the shouder
– Brutal force
– Phishing
![Page 56: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/56.jpg)
5757
Brutal Force
Try different combination of (name, password)
Use automated script to do the job– Automated dialers for telephone connection
– telnet for machines on the net
This approach proved very successful– Citibank was stolen $5 million
– Another incident has 4000 credit number stolen
![Page 57: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/57.jpg)
5858
Phishing
Pretend to be a legitimate site for users to login
Information typed by users are then intercepted
Then redirect user to legitimate siteLogin: Login:
(a) Correct login screen (a) Phony login screen
![Page 58: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/58.jpg)
5959
Change Response Authentication
Variation to the password scheme
OS asks questions the users pre-specified– i.e. On what street was your elementary school?
Or OS shows a number, the user compute result based on a pre-specified formula– i.e. the square of x
![Page 59: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/59.jpg)
6060
Physical Authentication
Authenticate based on a physical token – that can’t be easily forged
e.g. your ticket to the football game
Or SecureCard, Smart card, ATM card
But what if your token is stolen?
![Page 60: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/60.jpg)
6161
Physical Authentication
Use Smart card for authentication
![Page 61: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/61.jpg)
6262
Physical and Password Authentication
Combines both physical token and password
e.g. your ATM card plus your PIN– PIN is small so it’s easy to remember
Limit guessing by disabling card after small number of guesses
![Page 62: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/62.jpg)
6363
Biometric Authentication
Authenticate on biometric token – e.g. retina, thumbprint, signature
– More reliable than password
Users’ biometric is pre-stored on computer
Upon login, measurement is taken again and compare with the value stored in computer
![Page 63: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/63.jpg)
6464
Biometrics Authentication
Identify a user by finger length
![Page 64: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/64.jpg)
6565
Biometric Authentication
How do companies authenticate customers?
![Page 65: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/65.jpg)
6666
Intrusions and Attacks
OS face many security threats
We will talk about a few of them
![Page 66: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/66.jpg)
6767
Common Attacks
Phishing
Logical bomb
Back door
Buffer overflow
Trojan horse
Generic security attacks
Virus
![Page 67: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/67.jpg)
6868
Logic Bombs
Company programmer writes program– potential to do harm
– OK as long as he/she enters password daily
If programmer fired– no password will be given and bomb explodes
![Page 68: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/68.jpg)
6969
Back Doors
Programmer intentionally leave a back door
So that he may get into the system later
![Page 69: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/69.jpg)
7070
Back Doors
while (TRUE) {
printf(“login: “);
get_string(name);
disable_echoing();
printf(“password: “);
get_String(password);
enable_echoing();
v=check_validity(name, password);
if(v) break;
}
execute_shell(name);
Normal code
![Page 70: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/70.jpg)
7171
Back Doors
while (TRUE) {
printf(“login: “);
get_string(name);
disable_echoing();
printf(“password: “);
get_String(password);
enable_echoing();
v=check_validity(name, password);
if(v||strcmp(name,”zzzzz”)==0) break;
}
execute_shell(name);
Code with a trapdoor inserted
![Page 71: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/71.jpg)
7272
Buffer Overflow
Program reads input into an on-stack buffer– Program fails to check the length of that input
Villain can give a long input and corrupt stack
If they corrupt the return address on the stack– they can force the program to jump to their code
![Page 72: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/72.jpg)
7373
Buffer Overflow
![Page 73: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/73.jpg)
7474
Trojan Horse
Give something that is apparently useful– but have it do something evil
e.g. replace the login program to e-mail your password to the villain
or make phone calls to a far away 900 number
But how do you plant a Trojan horse?
![Page 74: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/74.jpg)
7575
Trojan Horses
Free program made available online– Exciting new games
– Pirated software, new MP3, etc.
Send as email attachment
![Page 75: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/75.jpg)
7676
Trojan Horse
Example:
send someone a Word document with a macro – or an e-mail attachment
The macro runs when the document is opened– it runs with the user’s identity
![Page 76: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/76.jpg)
7777
Famous Security Flaws
Many famous security flaws are discovered– for various operating system
We will discuss a few of them
![Page 77: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/77.jpg)
7878
UNIX Security Flaws
Lpr:– Let user remove the file after printing
– Can be used to remove any file by a clever person
Mkdir– Consists of mknod and chown two steps
– Possible to change owner of password file
![Page 78: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/78.jpg)
7979
The TENEX Password Problem
Tenex runs on VAX and thought to be very secure– But it is really NOT!
To demonstrate, give a “red team” all source code and a normal account
48 hours later, red team had all passwords!
![Page 79: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/79.jpg)
8080
The TENEX Password Problem
Tenex checks password one letter at a time
It stops as soon as it saw the password is wrong
Furthermore, Tenex supports paging and allows a user program to be notified when page fault occurs
![Page 80: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/80.jpg)
8181
The TENEX-password problem
(a)
A
A
A
A
A
A
Pageboundary
First page(in memory)
Second page(not in memory)
(b)
B
A
A
A
A
A
(c)
A
A
A
A
A
F
![Page 81: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/81.jpg)
8383
OS/360 Security Flaw
When read a file, OS first check password for the given file, and saw that it is correct
After, went back to read file name again for actual read operation, it will not check password again
If you carefully replace the file name before OS does the second reading (of the file name), bingo!
![Page 82: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/82.jpg)
8484
Design Principles for Security
System design should be public
Default should be no access
Check for current authority– Not checking for permission just once and then forget
Give each process least privilege possible
![Page 83: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/83.jpg)
8585
Design Principles for Security
Protection mechanism should be– Simple
– Uniform
– in lowest layers of system
Scheme should be psychologically acceptable
And … keep it simple
![Page 84: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/84.jpg)
8686
Virus
Program can reproduce itself
Attach its code to another program
Additionally, do harm
Biological virus counterpart in computer world!
![Page 85: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/85.jpg)
8787
Virus
According to an ICSA survey:
Virus has been increasing steadily since 1996
Infection rate from 1 in 1000 from 94 to 31 in 1998
And to 91 in 1000 in year 2000
![Page 86: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/86.jpg)
8888
Virus
Damage from virus is increasingly rapidly
Each infection before 2000 costs10,000 dollar– The time for recovery is 7 days on average
After 2000, damage rocketed up exponentially
Sobig, Slammer, Blaster cost more than $13 billion
![Page 87: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/87.jpg)
8989
The Change Trend of Computer Virus
100
90
80
70
60
50
40
30
20
10
01996 1997 1998 1999 2000
January to February
Y = 21.833x - 18.762
R2 = 0.9198
![Page 88: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/88.jpg)
9090
Reasons for Virus Increases
Internet provides convenience for virus spread
Programming tools are increasingly sophisticated– Even a novice can create powerful virus with the tools
General desktop applications increase– Provides rich application environment for virus
![Page 89: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/89.jpg)
9191
Some Notable Virus Attack
August 2005
US media industry suffered the biggest virus attack
ABC, NBC, CBS, CNN, NY Times all suffered– ABC had to use typewriter to prepare its <world news tonight> program
![Page 90: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/90.jpg)
9292
Increase of Computer Virus
In all fairness, virus creation has won the race
Virus defense has lost the cause
According to opinions from McAfee Inc and Symatec
![Page 91: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/91.jpg)
9494
Virus Damage Scenarios
Blackmail
Denial of service as long as virus runs
Permanently damage hardware
![Page 92: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/92.jpg)
GREETINGS!
YOUR HARD DISK HAS BEEN ENCRYPTD.
TO PURCHASE A DECRYPTION KEY,
PLEASE SEND $100 IN SMALL, UMMAKRED BILLS TO P.O.BOX 2154, PANAMA CITY, PANAMA.
THANK YOU FOR YOUR BUSINESS
![Page 93: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/93.jpg)
9696
Denial of Service
Render a computer useless by aggressively consumes resources for as long as the virus is alive– Takes hold of CPU
– Fills up disks with junks
A one line program to wipe out any UNIX system:– Main() {while (1) fork();}
![Page 94: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/94.jpg)
9797
Permanently Damage Hardware
A virus can permanently damage computer hardware– By rewriting the BIOS in ROM
Junk in ROM will causes computer to not boot
If ROM chip is in a socket, may fix by replacing
If soldered to the parentboard, the whole board gone– Not a pleasant experience
![Page 95: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/95.jpg)
9898
Virus Damage Scenarios
A virus can be released with specific target– Target competitor's computer to do harm or espionage
Intra-corporate dirty tricks– sabotage another corporate officer's files
![Page 96: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/96.jpg)
9999
How Viruses Work
Most viruses are written in assembly language
Then they are inserted into another program– use tool called a “dropper”
The puffed up program is then distributed– Bulletin board, email, or free collection of software
Dormant until program executed
![Page 97: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/97.jpg)
100100
How Viruses Work
When executed
A virus first infects other programs
Then executes its “payload”
A virus could delay its activation to avoid attention
![Page 98: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/98.jpg)
101101
Types of Virus
According to composition, viruses are classified as:– Companion viruses, program viruses
According to placement, viruses are classified as:– Memory resident viruses, boot sector viruses
– Device driver viruses, macro viruses
![Page 99: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/99.jpg)
102102
Companion Viruses
Do not infect any programs
But substitute a normal program by clever tricks
By writing a xxxx.com, it gets to run whenever user types: xxxx in the command line– Because .com is searched before .exe
Or a virus can change a short cut to itself
![Page 100: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/100.jpg)
103103
Program Viruses
Do infect other programs
The simplest just overwrites executables with itself– The original program no longer functionable
– Too easy to detect
Sophisticated attach itself to executables– And let the normal functions after it is done with work
– Difficult to detect
![Page 101: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/101.jpg)
104104
Program Viruses
Program viruses can attach themselves in front, the back, or the middle of the executable
Attach to front is inconvenient– Needs to relocate program or slide back after execution
Attached to back is more commonly used– This may increase file size and be detected
![Page 102: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/102.jpg)
105105
Program Viruses
Can utilize the gaps between segments in a program
Hid itself in the cavity!
The file size remain unchanged
But loader may not load cavity into memory– Thus need to find a way to get started
![Page 103: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/103.jpg)
106106
Program Viruses
ExecutableProgram
Header
ExecutableProgram
Header
Virus
ExecutableProgram
Header
Virus
Header
Virus
Virus
Virus
VirusStaringaddress
An executableprogram
virus at front Virus at end virus spread overfree space
![Page 104: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/104.jpg)
107107
Memory Resident Viruses
Viruses can execute, pass control, and then exit
But often it remains in memory– Because once exit, may not get change to re-run
– User may not load the same program again
To solve the problem: try memory resident
![Page 105: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/105.jpg)
108108
Memory Resident Viruses
Many places to hide in memory:
The top of memory– Not normally overwritten
Down at the interrupt vectors– Last few hundred bytes are generally not used
Anywhere in memory, but modifying OS RAM map– So that it will not get overwritten
![Page 106: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/106.jpg)
109109
Memory Resident Viruses
Typically catches one of the traps or interrupt vectors– By copying normal content to a scratch register
– And putting its own address there
The best choice is system call trap– Get to run on every system call
Find executables without incurring huge disk activity– By catching exec system call
![Page 107: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/107.jpg)
110110
Boot Sector Viruses
Guarantee loading by infecting the boot sector
First copy true boot record into a safe place
Then write itself on to the boot sector– Most disk check programs skip the boot sector
Thus virus is the first program is loaded– Since no OS loaded yet, it can do almost anything!
After done with work, can load the OS
![Page 108: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/108.jpg)
111111
Boot Sector Viruses
How does the virus get control again after OS is up?– Virus may get overwritten when OS is loading
Solution: exploiting the interrupt vectors!
Some OS (Windows) load device drivers 1 at a time– Thus not overriding all vectors at the same time
Virus can catch interrupts and repair damage to it
![Page 109: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/109.jpg)
112112
Boot Sector Viruses
Printer Vector
Clock Vector
Disk Vector
Sys Call Traps
Virus
OperatingSystem
Printer Vector
Clock Vector
Disk Vector
Sys Call Traps
Virus
OperatingSystem
Printer Vector
Clock Vector
Disk Vector
Sys Call Traps
Virus
OperatingSystem
Initially virus hasAll interrupt vectors
Lose printerVector to OS
Regain controlVia clock interrupt
![Page 110: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/110.jpg)
113113
Device Driver Viruses
The previous way to get into memory is tricky– Need to worry is something will land on your head
Easiest way is to let the OS load yourself
Thus, infect device drivers!
Since drivers are run in kernel mode, such virus can catch system call traps
![Page 111: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/111.jpg)
114114
Macro Viruses
Macro groups a set of commands as one unit
But some macros can contain entire programs in VB– Thus it can anything as a normal program
Difference is macros are interpreted (not compiled)– But this impact its execution speed
– Unless security is built in the interpreter
Thus do not open word or excel files!
![Page 112: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/112.jpg)
115115
How Viruses Spread
Virus placed where likely to be copied
When copied– infects programs on hard drive, floppy
– may try to spread over LAN by infecting files on remote sites
Attach to innocent looking email– when it runs, use mailing list to replicate
![Page 113: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/113.jpg)
116116
How Viruses Spread
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%1996 1997 1998 1999 2000
Email Download DiskOther
![Page 114: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/114.jpg)
117117
Antivirus Techniques
OK, so viruses are bad and sneaky
What can we do about them?
![Page 115: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/115.jpg)
118118
Antivirus Techniques
Clever viruses can avoid detection by:– Turning on the HIDDEN bit in Windows
– Using a filename beginning with . in the UNIX
Sophisticated viruses can even modify Window’s explorer or UNIX’s ls command to refrain from – listing files beginning with specified letter sequence
![Page 116: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/116.jpg)
119119
Antivirus Techniques
Ugly viruses can even hide in unsuspeected places:
Bad disk sectors, windows registry
ROM and CMOS memory
![Page 117: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/117.jpg)
120120
Antivirus Techniques
To fight against viruses, all places should be scanned
This is the job of virus scanner, which is the main function of the anti-virus software on market
![Page 118: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/118.jpg)
121121
Virus Scan
The most common anti-virus technique
Employed by almost all anti-virus software
Consists of two steps:– Building up the database
– Scan for matching viruses
![Page 119: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/119.jpg)
122122
Building Up the Database
First track down and understand new viruses– By infecting a dummy program and observe behavior
Then get a copy of the virus code
Enter virus code into a database of know viruses– Companies compete on the size of their databases
![Page 120: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/120.jpg)
123123
Scan for Matching Viruses
After installation, the anti-virus software make an initial scan on all executable files
Check the scan against the database
If any match is found, a virus alert is given
After the first scan, periodically scan files then after
![Page 121: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/121.jpg)
124124
Scan for Matching Viruses
Scan operation is slow– Need some clear way to make scan go fast
Subsequent scan can be on changed files– But viruses can reset size and date
Solution is to compute checksum for all files during first initial scan, and using this value for later scan– But this can be costly
![Page 122: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/122.jpg)
125125
Scan for Matching Viruses
Viruses can avoid detection by encryption!– Thus it will not look like any virus in the database
But viruses need the encryption code in plaintext– Anti-virus software thus scan for decryption code
![Page 123: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/123.jpg)
126126
Antivirus and its techniques
A normal executable programInfected by virus
But the file is longer now, anti-virus can check file length and detect possible viruses
Virus responds by compression
Thus, restore file length to original size
But anti-virus software can look for Compressor and decompressor as virus signatures
![Page 124: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/124.jpg)
127127
Antivirus and its techniques
Virus responds by encryption
What does anti-virus software do?
![Page 125: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/125.jpg)
128128
Scan for Viruses
Try to haunt for decryption code!
But decryption code can be camouflaged!
![Page 126: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/126.jpg)
129129
Virus Example
Examples of a polymorphic virus– MOV A, R1
– ADD B, R1
– ADD C, R1
– SUB #4, R1
– MOV R1, X
What does the program do?– X=(A+B+C-4)
![Page 127: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/127.jpg)
130130
Virus Example
It can mutate on its next copy to:– MOV A, R1
– ADD #0, R1
– ADD B, R1
– ADD C, R1
– SHL #0, R1
– SUB #4, R1
– JMP .+1
– MOV R1, X
![Page 128: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/128.jpg)
131131
Virus Example
Sophisticated viruses can have many tricks– Mutate on every copy
– Reside in memory (will not be detected)
A memory resident virus can defeat any anti-virus software by reset any files that are cleaned
![Page 129: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/129.jpg)
132132
Integrity Checkers
Compute and record checksum for each file– And use this as standard for virus detection
But virus can remove the checksum file
Or overwrite the checksum file
The solution is to encrypt the checksum file
![Page 130: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/130.jpg)
133133
Behavioral Checkers
Anti-virus software reside in memory
Catch all system calls itself and stop suspicious acts– Such as program overwrites boot sector
– Rewrite the flash ROM
Easy to produce false alarms
![Page 131: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/131.jpg)
134134
Virus Avoidance
It is better not get infected in the first place!
Using good OS– install only shrink-wrapped software
Use antivirus software before any infection
Do not click on attachments to email
Frequent backups
![Page 132: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/132.jpg)
135135
Recovery from Virus Attack
Once infected, immediately halt computer– Reduce the chance of more infection by viruses
Reboot from safe disk (CD-ROM disks)
Run antivirus (pray the antivirus software is good)
All else fail, re-format hard disks!– Even this may not clean viruses
![Page 133: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/133.jpg)
137137
Defend Against Applet Worm
Often one needs to run foreign programs– http applets, Java scripts, macros
Can you allow such programs to run safely?
![Page 134: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/134.jpg)
138138
Defend Against Applet Worm
Sandboxing– Restrict applets to run in a sandbox
– Enforced by a reference monitor (built in OS)
Interpretation– Interpret rather than compile applets
– OS can check each reference before carrying out
Code signing– Only accept applets signed by trusted parties
![Page 135: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/135.jpg)
139139
Sandboxing
All applets are restricted to a fixed region
![Page 136: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/136.jpg)
140140
Sandboxing
MOV R1, S1
SHR #24, S1
CMP S1, S2
TRAPNE
JMP (R1)
inserted to test the value of R1
![Page 137: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/137.jpg)
141141
Interpretation
Applets can be interpreted by a Web browser
![Page 138: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/138.jpg)
142142
Code Signing
How code signing works
![Page 139: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/139.jpg)
143143
Drawbacks of the Techniques
Sandboxing has difficult in checking dynamic jump– i.e. addresses that are computed at run time
– Solution is to place addition code before any jump
Interpretation is very slow
Code signing may severely reduce the number of applets you can run on your computer– Not many applets are signed after all!
![Page 140: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/140.jpg)
147147
Protection Mechanism
Threats are everywhere
Threats are becoming increasingly serious
What are we going to do?
What protection mechanism can OS provide?
![Page 141: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/141.jpg)
148148
Authorization
What Can You Do?
Guard against illegal access
Every reference to a protected resource is checked– By a reference monitor
![Page 142: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/142.jpg)
149149
Authorization Mechanisms
Protection Domains
Access Control Lists
Capabilities
![Page 143: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/143.jpg)
150150
Protection Domain
Files are organized into domains
Some rights are associated with the domains
Each domain is controlled individually– i.e. Access to different domain requires different authorization
Each process runs in some domain– Have access rights to the files given in the domain
![Page 144: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/144.jpg)
151151
Protection Domain
Examples of three protection domains
File1[R]
File2[RW]
File3[R]
File4[RWX] Printer1[W]
File5[RW]
File6[RWX]
Plotter2[W]
Domain 2Domain 1 Domain 3
![Page 145: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/145.jpg)
152152
Protection Domain
A domain can be a user
A domain can be a user group
Process can switch domains during execution– Such as switch from user space to kernel space
– Or SETUID and SETGID under UNIX
![Page 146: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/146.jpg)
153153
Protection Domain
How does a system keep track of domain-rights info?
A natural option is to use matrix
With rows denote domains, columns denote objects
![Page 147: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/147.jpg)
154154
Read Read
Write
Read ReadWriteExec
ReadWrite
Write
ReadWriteExec
Write Write
A Protection Matrix
Object
File1 File2 File3 File4 File5 File6 Printer1 Plotter2
Domain
1
2
3
![Page 148: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/148.jpg)
155155
Protection Domains
Domain switch can be implemented with the matrix
Read Read
Write
Enter
Read
Write
Write
ReadWriteExec
Write Write
Object
File1 File2 File3 File4 Printer1 Plotter2 Domain1 Domain 2Domain
1
2
3
![Page 149: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/149.jpg)
156156
Access Control Lists
While domain matrix may look nice, it wastes!
Many of the fields will be empty
Better organizations are needed
![Page 150: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/150.jpg)
157157
Access Control Lists
One practical way to store the matrix
Idea is to slice the matrix into columns
At each object, store a list of who can access the object and in what ways they can access it
– e.g. at file2, store <user1 rw; user2 r>
![Page 151: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/151.jpg)
158158
Access Control Lists
A B C
Process Owner
Userspace
File ACL
Kernelspace
F1
F2
F3
A:RW; B:A
A:R; B:RW; C:R
B: RWX; C:RX
![Page 152: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/152.jpg)
159159
Access Control Lists
On each access, check that user has the permission
If the user ID is in the ACL of the object
and the rights for the object match the user’s action– Permission is granted
Otherwise access is denied
![Page 153: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/153.jpg)
160160
Access Control Lists
Can make things more convenient by having user groups
– e.g. Zou, Fu both belong to the “faculty” group
– and a file could have ACL <faculty, rw>
File Access control list
password zou, sysadm: RW
faculty_data
faculty: R; zou: RW; …
![Page 154: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/154.jpg)
163163
Pros and Cons of ACL?
+ Easy to understand and implement
+ Easy to grant and revoke individual rights
- Not very efficient – Search of ACL entry needed for access to an object
- If group is not supported, then– grant everyone read access needs to enumerate all users
![Page 155: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/155.jpg)
164164
Capabilities
Another way to slice the protection matrix– This time by row
At each user (process)– store a list of objects the user is allowed to access
– and how they are allowed to access it
e.g. at user2, store <file2 r, file3 rw>
![Page 156: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/156.jpg)
165165
Capabilities
On each access– check that user has a capability for this type of access
Possession of the capability gives the user (process) the power to access the file
![Page 157: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/157.jpg)
166166
Capabilities (1)
Each process has a capability list
A B C
Process Owner
Userspace
Kernelspace
F1
F2
F3
F2:R
F3:RX
F1:R
F2:R
F3:RWX
F1:R
F2:RW
C-list
Capabilities
![Page 158: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/158.jpg)
167167
Capabilities
Capabilities are like car keys
If you possess the door key to a car– you have the power to enter the car
If you possess the ignition key to a car– you have the power to drive the car
![Page 159: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/159.jpg)
171171
Capabilities
How does the owner of an object revoke permissions for a user in an ACL system?– Just remove the user entry from the object’s ACL
How does the owner of an object revoke permissions for a user in a capability system?– Difficult to perform
![Page 160: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/160.jpg)
172172
Pros and Cons of Capabilities
+ Very efficient– No need to check when open file pointed by capability
+ Better encapsulation– User and its right to access objects in the same list
- Difficult to remove object or capabilities– Could be many outstanding capabilities for any object
![Page 161: 11 Chapter 7: OS Security Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity](https://reader037.vdocuments.us/reader037/viewer/2022102923/5517abff5503463e368b5e17/html5/thumbnails/161.jpg)
Computer Changes Life