Host and Application SecurityLesson 6: Object Protection (intro)

OS: More Detail Let’s look at the security-relevant parts of the

OS… which are…?

NO direct access One of the first things an operating system

does is prevent much hardware direct access without the concept of a privilege

However, it’s more complicated than that, if we think about the impact of a binary containing the HLT instruction

Separation Need to think about three different levels

Physical Temporal Logical Cryptographic

Memory and Address A fence – hard limit between OS and program

A fence register provides support for a movable fence

More sophisticated: base/bounds registers Tagged architecture – every word of memory

has extra bits to signify access rights

Memory Segmentation Break program into segments OS translates address references to actual

memory Each address is checked for protection Highly granular Two or more processes can share a segment

Paging Alternative to segmentation Each page can be individually protected Page translation table xlates logical to

physical addresses

Toward General Objects Memory is an example of an object – same

ideas apply to general objects Goals of control:

Check every access Enforce least privilege Verify acceptable usage

Controlling Access: ACLs Imagine each object has flags associated with

it What flags would make sense? Unix typically thinks of user, group, world Of course, the permission space can be much

broader…

Windows

Things to Do… Find and read Ch4 of the book “Security in

Computing” Find and read “So long and thanks for the

externalities” by Cormac Herley Compare and contrast the difference access

control models in Windows and Linux. Give some command & code examples of how they work. Due: 1 week.

Questions?