host and application security
DESCRIPTION
Host and Application Security. Lesson 6: Object Protection (intro). OS: More Detail. Let’s look at the security-relevant parts of the OS… which are…?. NO direct access. One of the first things an operating system does is prevent much hardware direct access without the concept of a privilege - PowerPoint PPT PresentationTRANSCRIPT
Host and Application SecurityLesson 6: Object Protection (intro)
OS: More Detail Let’s look at the security-relevant parts of the
OS… which are…?
NO direct access One of the first things an operating system
does is prevent much hardware direct access without the concept of a privilege
However, it’s more complicated than that, if we think about the impact of a binary containing the HLT instruction
Separation Need to think about three different levels
Physical Temporal Logical Cryptographic
Memory and Address A fence – hard limit between OS and program
A fence register provides support for a movable fence
More sophisticated: base/bounds registers Tagged architecture – every word of memory
has extra bits to signify access rights
Memory Segmentation Break program into segments OS translates address references to actual
memory Each address is checked for protection Highly granular Two or more processes can share a segment
Paging Alternative to segmentation Each page can be individually protected Page translation table xlates logical to
physical addresses
Toward General Objects Memory is an example of an object – same
ideas apply to general objects Goals of control:
Check every access Enforce least privilege Verify acceptable usage
Controlling Access: ACLs Imagine each object has flags associated with
it What flags would make sense? Unix typically thinks of user, group, world Of course, the permission space can be much
broader…
Windows
Things to Do… Find and read Ch4 of the book “Security in
Computing” Find and read “So long and thanks for the
externalities” by Cormac Herley Compare and contrast the difference access
control models in Windows and Linux. Give some command & code examples of how they work. Due: 1 week.
Questions?