Operating Systems and Security I
CS 3IS3
Ryszard Janicki
Department of Computing and Software, McMaster University, Hamilton, Ontario, Canada
Acknowledgments: Material based on Information Security by Mark Stamp (Chapters 13.1-13.2)
Ryszard Janicki
Operating Systems and Security I 1/11
Operating System (OS) and Security
OSs are large, complex programs
Many bugs in any such program
We have seen that bugs can be security threats
Here we are concerned with security provided by OS Not concerned with threat of bad OS software
Concerned with OS as security enforcer In this section we only scratch the surface
Ryszard Janicki
Operating Systems and Security I 2/11
OS Security Challenges
Modern OS is multi-user and multi-tasking OS must deal with
Memory
I/O devices (disk, printer, etc.) Programs, threads
Network issues
Data, etc.
OS must protect processes from other processes and users from other users.
Whether accidental or malicious
Ryszard Janicki
Operating Systems and Security I 3/11
OS Security Functions
Memory protection
Protect memory from users/processes
File protection
Protect user and system resources
Authentication
Determines and enforce authentication results
Authorization
Determine and enforces access control
Ryszard Janicki
Operating Systems and Security I 4/11
Memory Protection
Fundamental problem
How to keep users/processes separate?
Separation
Physical separation – separate devices
Temporal separation – one at a time
Logical separation – sandboxing, etc.
Cryptographic separation – make information unintelligible to outsider
Or any combination of the above
Fence – users cannot cross a specified address Static fence – fixed size OS
Dynamic fence – fence register
Base/bounds register – lower and upper address limit Assumes contiguous space
Ryszard Janicki
Operating Systems and Security I 5/11
Memory Protection
Tagging – specify protection of each address
+ Extremely fine-grained protection
− High overhead – can be reduced by tagging sections
instead of individual addresses − Compatibility
More common is segmentation and/or paging Protection is not as flexible
But much more efficient
Ryszard Janicki
Operating Systems and Security I 6/11
Segmentation I
Divide memory into logical units, such as Single procedure
Data in one array, etc.
Can enforce different access restrictions on different segments
Any segment can be placed in any memory location (if location is large enough)
OS keeps track of actual locations
Ryszard Janicki
Operating Systems and Security I 7/11
Segmentation II
OS can place segments anywhere
OS keeps track of segment locations as
Segments can move out of memory
All address references go through OS
Ryszard Janicki
Operating Systems and Security I 8/11
Segmentation Advantages and Disadvantages
Advantages:
Every address reference can be checked Possible to achieve complete mediation
Different protection can be applied to different segments Users can share access to segments
Specific users can be restricted to specific segments
Disadvantages:
How to reference
OS must know segment size to verify access is within segment
But some segments can grow during execution (for example, dynamic memory allocation)
OS must keep track of variable segment sizes
Memory fragmentation is also a problem Compacting memory changes tables
A lot of work for the OS
More complex ⇒ more chance for mistakes
Ryszard Janicki
Operating Systems and Security I 9/11
Paging
Like segmentation, but fixed-size segments Access via ¡page,offset¿
Pluses and minuses
+ Avoids fragmentation, improved efficiency
+ OS need not keep track of variable segment sizes − No logical unity to pages
− What protection to apply to a given page?
Ryszard Janicki
Operating Systems and Security I 10/11
Other OS Security Functions
OS must enforce access control
Authentication Passwords, biometrics Single sign-on, etc.
Authorization
ACL (Access Control List – a list of permissions associated
with a system resource (object) Capabilities
These topics discussed previously
OS is an attractive target for attack!
Ryszard Janicki
Operating Systems and Security I 11/11