constructing secured and safe c/unix programs 1 constructing secured and safe c/unix programs...
TRANSCRIPT
![Page 1: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/1.jpg)
constructing secured and safe C/UNIX programs
1
Constructing Secured and Safe C/UNIX Programs
presenter: shilan habibi
![Page 2: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/2.jpg)
constructing secured and safe C/UNIX programs
2
• Secured Network Programming
• Generic Security Service Application Program Interface
• Open Secure Socket Layer Application Program Interface
• Sockets
• Raw Socket
• UNIX Virtualization
Title list:
![Page 3: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/3.jpg)
constructing secured and safe C/UNIX programs
3
Secured Network Programming
• API GSS-APIRPCSECSSLTLS
![Page 4: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/4.jpg)
constructing secured and safe C/UNIX programs
4
Generic Security Service Applicatio Program Interface
GSS-API offers:
• Confidentiality
• integrity
• authentication
• nonrepudiation
![Page 5: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/5.jpg)
constructing secured and safe C/UNIX programs
5
Generic Security Service Application Program Interface
GSS-API does two things:
1- creates a security context between applications
2-secured data transfers between applications
![Page 6: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/6.jpg)
constructing secured and safe C/UNIX programs
6
Generic Security Service Application Program Interface
The GSS-API stack
![Page 7: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/7.jpg)
constructing secured and safe C/UNIX programs
7
Generic Security Service Application Program Interface
RPCSEC_GSS:
• is an additional layer that seamlessly integrates GSS-API with RPC
• it provides all the functionality of GSS-API in a way that is tailored to RPC
![Page 8: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/8.jpg)
constructing secured and safe C/UNIX programs
8
Generic Security Service Application Program Interface
some of the significant APIs from the GSS-API list:• GSS_Acquire_cred• GSS_Import_name• GSS_Init_sec_context• GSS_Accept_sec_context• GSS_Wrap• GSS_Unwrap
![Page 9: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/9.jpg)
constructing secured and safe C/UNIX programs
9
Secure Network Programming
SNP provides secure network communication with:
• data origin authenticity
• data integrity
• data confidentiality services on top of the usual stream
• datagram services provided by sockets or TCP/IP
![Page 10: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/10.jpg)
constructing secured and safe C/UNIX programs
10
Secure Network Programming
SNP has three protocols:
• a secure bootstrap protocol
• a user–host mutual authentication protocol
• a protocol for named service
![Page 11: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/11.jpg)
constructing secured and safe C/UNIX programs
11
Secure Network Programming
list of services provided by SNP:• Persistent delivery (PD)
• Best effort delivery (BED)
• Sequenced delivery (SD)
• Data confidentiality (DC)
• Data integrity (DI)
• Data origin authenticity)DOA)
• Data destination authenticity (DDA)
• Connection authenticity (CA)
![Page 12: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/12.jpg)
constructing secured and safe C/UNIX programs
12
Secure Network Programming
For initialization, SNP off ers the following API:
• int snp (int family, int type, int protocol)
• int snp_bind (int snp_ep, struct sockaddr *local_addr, int addr_len)
• int snp_listen (int snp_ep, int backlog)
• int snp_attach (int snp_ep, struct name_s *local_name, struct name_s *peer_name)
![Page 13: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/13.jpg)
constructing secured and safe C/UNIX programs
13
Secure Network Programming
For connection establishment, SNP off ers the following API:
• int snp_connect (int snp_ep, struct sockaddr *peer_addr, int peer_addr_len)
• int snp_accept (int snp_ep, struct sockaddr *peer_addr, int peer_addr_len)
![Page 14: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/14.jpg)
constructing secured and safe C/UNIX programs
14
Secure Network Programming
For data transfer, SNP offers the following API:• int snp_write (int snp_ep, char *buf, int nbytes)
• int snp_read (int snp_ep, char *buf, int nbytes)
• int snp_send (int snp_ep, char *buf, int nbytes, int fl ags)
• int snp_recv (int snp_ep, char *buf, int nbytes, int fl ags)
• int snp_sendto (int snp_ep, char *buf, int nbytes, int fl ags, struct sockaddr *to, int tolen)
• int snp_recvfrom (int snp_ep, char *buf, int nbytes, int fl ags, struct sockaddr *from, int *fromlen)
![Page 15: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/15.jpg)
constructing secured and safe C/UNIX programs
15
Secure Network Programming
For connection release, SNP off ers the following API:
• int snp_close (int snp_ep)
• int snp_shutdown (int snp_ep, int how)
![Page 16: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/16.jpg)
constructing secured and safe C/UNIX programs
16
Secure Network Programming
For utility-related functions, SNP off ers the following API:
• int snp_setopt (int snp_ep, int level, int optname, char *optval, int optlen)
• Int snp_perror (const char *s).
• int snp_getpeerid (int snp_ep, struct name_s *peer_name).
![Page 17: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/17.jpg)
constructing secured and safe C/UNIX programs
17
Open Secure Socket Layer Application Program Interface
• SSL
• TLS
• OpenSSL
![Page 18: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/18.jpg)
constructing secured and safe C/UNIX programs
18
Open Secure Socket Layer Application Program Interface
OpenSSL ssl library functions deals with the following data structur:
• SSL_METHOD
• SSL_CIPHER
• SSL_CTX
• SSL_SESSION
• SSL
![Page 19: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/19.jpg)
constructing secured and safe C/UNIX programs
19
Open Secure Socket Layer Application Program Interface
Currently the OpenSSL ssl library exports API functions:
• API dealing protocol methods
• API dealing ciphers
• API dealing protocol context
• API dealing sessions
• API dealing connections
![Page 20: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/20.jpg)
constructing secured and safe C/UNIX programs
20
Sockets
Socket(2) creates an endpoint for communication and returns a descriptor.
A server typically calls socket(2), bind(2), listen(2), and accept(2) or select(2).
A client typically calls socket(2), bind(2). send(2), recv(2), write(2), or read(2).
for data exchange. close(2) or shutdown(2) to close the socket.
![Page 21: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/21.jpg)
constructing secured and safe C/UNIX programs
21
Raw Socket
• You will never need to write code using raw socket.Raw socket is a computer networking term used to describe a socket that allows access to packet headers on incoming
and outgoing packets.
• To open a raw socket
int fd = socket (PF _ INET, SOCK _ RAW, IPPROTO _ TCP);
![Page 22: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/22.jpg)
constructing secured and safe C/UNIX programs
22
UNIX Virtualization
• Virtualization is a philosophy wherein the
operating environment abstracts the
computer resources. UNIX offers memory
virtualization where UNIX attempts to offer
an unlimited memory to the application or the user.
![Page 23: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/23.jpg)
constructing secured and safe C/UNIX programs
23
UNIX Virtualization
• Chroot in UNIX is another type of virtualization. It is
used to restrict access to fi les and directories.
• #include <unistd.h>
chdir(“/foo/bar”);
chroot(“/foo/bar”);
setuid(non zero UID);
![Page 24: Constructing secured and safe C/UNIX programs 1 Constructing Secured and Safe C/UNIX Programs presenter: shilan habibi](https://reader036.vdocuments.net/reader036/viewer/2022070415/5697bf8b1a28abf838c8b100/html5/thumbnails/24.jpg)
constructing secured and safe C/UNIX programs
24
REGARD