CMSC 414 Computer and Network Security Lecture 13

1
CMSC 414Computer and Network SecurityLecture 13

• Jonathan Katz

2
Exam stats

• Median 75
• Letter grades
• 85-100 A
• 65-85 B
• 50-65 C
• lt 50 D/F

3
Memory Protection
4
Memory protection

• Usually think of multi-user security in terms of
  files, but memory protection must also be done
• Behind the sceneshandled by OS automatically
• Enforce logical separation
• Users operate under the illusion that no other
  users processes are running, and in fact are
  unable to access objects outside some permitted
  domain

5
Memory protection

• Fence restricts access to portions of memory
• Introduced in single-user systems to prevent
  (accidental) destruction of OS code
• E.g., predefined memory address where OS resides
  users disallowed from modifying
• Can be enforced at the hardware level
• Drawbacks
• Fixed space allocated for OS
• What if OS is supposed to be modifiable?
• May waste space

6
Continued

• Variation is to have a fence register which
  stores the address of the protected portion of
  memory
• Allow easy relocation by simple addition (in
  hardware)
• Protected portion can dynamically change
• More opportunity for security breaches

7
Base/bounds registers

• Can have two registers base register and bounds
  register
• Memory access restricted to lie between these two
• Contents of these registers will be changed by
  the OS, per-user, as part of context switching
• Can also have an additional base/bounds register
  for each user, to logically separate instructions
  from data
• Prevent accidental overwriting of executable code

8
Tagged architecture

• Base/bounds registers offer very course-grained
  protection
• Also, have the restriction that different
  sections of memory space must be contiguous
• Possible to improve this by tagging every, e.g.,
  word of memory
• E.g., label each word read/write/execute
• Can be wasteful of memory
• Requires changes at the hardware level

9
Segmentation

• Program components divided into logical segments
  (e.g., code of a single procedure local
  variables)
• Each segment has a unique name items in segment
  addressed by (name, offset)
• Each segment may be stored anywhere in memory
• OS handles mapping transparent to user
• Can implement diff. protection for each segment
• OS controls which programs have which entries in
  their segment address tables
• Multiple users can potentially be given access to
  the same segment
• Complete mediation

10
Drawbacks of segmentation?

• Users can guess memory locations
• Users can generate (name, offset) where the
  offset is larger than the segment size
• Can fix this by storing current segment length in
  the segment address table, but this is
  inefficient
• Memory fragmentation
• Address table lookup can be slow

11
Paging

• Similar to segmentation, but with fixed-size
  segments called pages
• Addressing via (page, offset)
• Avoids fragmentation problemand large offset
  issue
• Programmer need not be aware of pages (in
  contrast to segments, which were logical units)
• Drawbacks
• Re-paging causes potential security problems as
  data is shifted from one page to another
• Can be difficult to describe desired protection,
  since pages are no longer logical units

12
Combining the approaches

• Segmentation better for security paging better
  for efficiency
• Combine to get best of both
• Program divided into logical segments each
  segment broken into fixed-size pages

13
Network Security
14
Authentication an Overview
15
Authentication

• Verifying the identity of another entity
• Computer authenticating to another computer
• Person authenticating to a local computer
• Person authenticating to a remote computer
• Two issues
• How authentication information is stored (at both
  ends)
• Authentication protocol itself

16
Authentication

• Authentication may be based on
• What you know
• What you have
• What you are
• Examples?
• Can also consider two-factor authentication
• Mutual authentication vs. unidirectional
  authentication

17
Authentication

• Important to be clear about what is being
  authenticated
• The user?
• The machine?
• The users role?
• The data?
• What assumptions are being made?
• E.g., login on untrusted terminal

18
Attack taxonomy

• Passive attacks
• Active attacks
• Impersonation
• Man-in-the-middle
• Server compromise
• Different attacks may be easier/more difficult in
  different settings

19
Address-based authentication

• Is sometimes used (e.g., unix)
• This is generally not very secure
• Relatively easy to forge source addresses of
  network packets

20
Password-based protocols

• Password-based authentication
• Any system based on low-entropy shared secret
  (note different from book definitions!)
• Distinguish on-line attacks vs. off-line attacks

21
Password selection

• User selection of passwords is typically very
  weak
• Lower entropy password makes dictionary attacks
  easier
• Typical passwords
• Derived from account names or usernames
• Dictionary words, reversed dictionary words, or
  small modifications of dictionary words
• Etc.

22
Better password selection

• Non-alphanumeric characters
• Longer phrases
• Can try to enforce good password selection
• but these types of passwords are difficult for
  people to memorize and type!

23
From passwords to keys?

• Can potentially use passwords to derive symmetric
  or public keys
• What is the entropy of the resulting key?
• Often allows off-line dictionary attacks on the
  password