Title: Textbook Ch19
1CSS430 Security Textbook Ch19
Instructor Munehiro Fukuda These slides were
compiled from the Applied OSC textbook slides
(Silberschatz, Galvin, and Gagne) and the
instructors class materials.
2Security Problem
- Security violation
- Accidental access
- Malicious access protecting against intentional
access is much harder. - Malicious access
- Unauthorized reading of data (theft of
information) - Unauthorized modification of data
- Unauthorized destruction of data
- Security level
- Physical level Hardware firewall, demilitarized
zone, etc. - Human level Security clearance for each user
- Operating systems level Our focus
- OS Security
- Easiest way password
- Hardest way the isolation of concurrent process
3Authentication
- Passwords
- The most common authentication
- Vulnerabilities
- Shoulder surfing
- Sniffing
- Encrypted passwords
- Authentication succeeds when /etc/passwd matches
encrypting function f( user_typed_password) - The /etc/passwd file is readable.
- Unix uses popular encrypting functions.
- One-time passwords
- System and user shares a secret and function f.
- System sends a seed (e.g., a random number or a
login time) - User sends f( seed, secret) to the system which
compare the result with its f(seed, secret).
4Program Threats
- Trojan Horse
- Code segment that misuses its environment.
- Faked system commands
- Suppose that your friend has a faked ls comand in
his/her home directory and your path includes
.. What happens if you type cd myfriend ls ? - Faked login program
- Suppose that some left running a fake login
program. What happens if you type your account
and password? - Trap Door
- Specific user identifier or password that
circumvents normal security procedures.
5System Threats - Worms
- Worms Standalone program that exploits OS
mechanisms for spawning and remote access
inetd
Fin 2 send a overflowed message to
target
rshd
finger
sendmail
worm
Rsh 1 find .rhosts
Fin 1 finger _at_target
Em 1 cat hook mail foo_at_target
6System Threats - Viruses
- Viruses fragment of code embedded in a
legitimate program. - Infection media downloading viral program from
public bulletin boards, email, or floppy
disk - Targets files or OS of mainly microcomputer
systems. - Activating conditions upon an execution, Friday
13th, one-month incubation - Symptoms erasing files, reformatting hard disks,
distributing email, and printing out
messages - Safe computing.
- Only believe software provided from commercial
companies - Use anti-virus programs
- Do not open attached files if they are unknown
- Do not insert suspicious floppy disks.
7Firewall
LAN
Good sites
Malicious sites
Internet
Limited ports only (ssh, sftp)
Problematic ports (rsh, finger)
Firewall
- Prohibits intruders to enter the LAN from
malicious sites. - How can we distinguish good sites from bad sites?
- Close ports that are frequently used for
attacking - How about sendmail and http? They can be
maliciously used, cant they?
8Demilitarized Zone
9Encryption
- Data-encryption standard (Symmetric-key
cryptography) - When k a secret key, m plain text
- Encryption E(m, k) c
- Decryption D(c, k) m
- Problem key-distribution problem
Hello! Are you done with your final Project?
????? ??? ??? ???? ???? ???? ????? ????????
Hello! Are you done with your final Project?
Plain text
Cipher text
Plain text
10Public-Key Encryption
- A public key (e, n) is generated from
- n p q where p and q are a different prime
number. - e satisfies e d (p 1) (q - 1) 1
- A private key (d, n) is generated from
- d satisfies GCDd, (p 1) (q 1) 1
- Encryption E(m) me n c
- Decryption D(c) cd n m
- While a public key(e, n) is disclosed, p and q
are secret and thus a private key(d, n) is
difficult to solve.
For example, see p607
public key(e,n)
secret key(d,n)
Hello! Are you done with your final Project?
????? ??? ??? ???? ???? ???? ????? ????????
Hello! Are you done with your final Project?
Plain text
Cipher text
Plain text
11Java Security Model
- Javac
- No pointer
- Strict array/string boundary
- Class loader
- Primordial class loader
- Objects permitted to access all system resource.
- Extended class loader
- Each applet has its own class.
- Each class load forms its own namespace
- Even the same class objects belong to a different
space if they are loaded by a different class.
12Class LoaderOverview
network
Java Default system ClassLoader
DiskClassLoader
NetworkClassLoader
Make your own ClassLoader subclass
If you want to compare them, use their superclass
or common interface.
13Exercises (No Turn-In)
- Which cases are appropriate?
- I received email from a technical staff saying
our server was down and all user accounts and
passwords were erased out. Please give your
account name and password. I immediately
responded to him/her with my account name and
password. - One of the classes I am taking requires two
students to make a group and to solve a project.
My partner has not yet had his/her own account,
and so we share my account until the partner gets
a new account - Some day, I found that the access mode of my
files had been changed from read-only to
read/write. I thought that I got a senior moment
and forgot to do that by myself or assumed that a
technical staff had to do that. Thus, I left
those files as they were. - Although a password should not be conceived by
someone else, it may be troublesome if I forget
my difficult password. Therefore, I came up with
a sentence I Want To Graduate In 3 Years.,
picked up each initial, and made my password
iwtgi3y. - A friend of mine told me that he/she was going to
send me some pictures taken by a digital camera
on our trip. After several days had passed, I got
email including attached file from my friend. The
attached file was picture.exe. Before opening it,
I asked him/her why it was not picture.jpg.
14Class Loader - appendixMethods
- protected final class defineClass( String name,
byte data, int offest, int length ) - read the name file and transform its data into a
Class object assuming that its size is length
and the meaningful data starts from offset. - protected final void resolveClass( Class c )
- Load all classes the class c refers to and
resolve all reference relationships. - protected final findSystemClass( String name )
throws ClassNotFoundException - Load the class from the name file using the
system-standard default class loader and
instantiate a Class object. - Protected abstract Class loadClass( String name,
boolean resolve ) throws ClassNotFoundException - Instantiates a Class object from the name file.
If inter-classes reference relationship must be
resolved, the argument resolve must be true.
15Class Loader - appendixDesigning loadClass( )
- If a given class has been cached in memory,
simply return this class object. - If it is not cached in memory, read from a named
file. - If finished reading successfully,
- Instanciate a Class object by calling
defineClass( ). - Register this object into cache.
- Call resolveClass( ) if references must be
resolved. - Return this Class object
- If data cannot be read successfully,
- Call findSystemClass( ) to find the given Class
from the system. - In case none of those schemes results in success,
throw ClassNotFoundException.
16Class Loader - appendixImplementation
Private byte loadClassData( String name )
throws ClassNotFoundException File f new
File( name .class ) byte data
null try long bc f.length( ) if ( bc gt
0 ) data new byte ( int ) bc //
allocate data with the file size FileInputStrea
m fi new FileInputStream( f ) // open the
file fi.read( data ) // read the
data fi.close( ) // close the file
catch ( IOException e ) throw new
ClassNotFoundException( IO Error name )
return data // return this class
data Public synchronized Class loadClass(
String name, boolean resolve ) throws
ClassNotFoundException Class c ( Class )
cache.get( name ) // return the class object if
found in cache if ( c ! null ) return c byte
data loadClassData( name ) // read the data
from the file if ( data ! null ) cache.put(
name, ( c defineClass( name, data, 0,
data.length ) ) ) // instantiate a Class
object if ( resolve c ! null )
resolveClass( c ) // resolve references
else c findSystemClass( name ) // find the
Class from the system if data cannot be read from
file if ( c null ) throw new
ClassNotFoundException( No Class name
) return c // return the Class object
17Class Loader - appendixExample Loading a class
from command line
Import java.io. Import java.util. Public
class CmdClassLoader extends ClassLoader
private Hashtable cache new Hashtable( ) //
prepare for cache public static void main(
String args ) if ( args.length lt 0 )
System.exit( 0 ) CmdClassLoader cl new
CmdClassLoader( ) Class c try c
cl.loadClass( args0, true ) // call my
loadClass( ) Object o c.newInstance( ) //
instantiate an object from this Class
c catch( ClassNotFoundException e ) //
error handling System.err.print( Class
args0 not found ) System.exit( 0
) private byte loadClassData( String
name ) throws ClassNotFoundException //
read data from a given file. public
synchronized Class loadClass( String name,
boolean resolve ) throws ClassNotFoundException
// create a Class object from the
data