PROTECTION MECHANISMS

Security is easier to achieve if there is a clear model of what is to be protected and who is allowed to do what 

Protection Domains

In order to discuss different protection mechanisms, it is useful to introduce the concept of a domain. A domain is a set of (object, rights) pairs. Each pair specifies an object and some subset of the operations that can be performed on it. Figure 9-4 shows three domains, showing the objects in each domain and the rights (Read, Write, execute) available on each object.

INSIDER ATTACKS & MALWARE

INSIDER ATTACKS

Logic Bombs

Logic bombs are small programs or sections of a program triggered by some event such as a certain date or time, a certain percentage of disk space filled, the removal of a file, and so on. For example, a programmer could establish a logic bomb to delete critical sections of code if she is terminated from the company. Logic bombs are most commonly installed by insiders with access to the system. 

Login spoofing

Login spoofing are techniques used to steal a user's password.The user is presented with an ordinary looking login prompt for username and password, which is actually a malicious program, usually called a Trojan horse under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.

User Authentication

A major security problem for operating systems is User authentication.

Generally, user authentication is based on one or more things: the user's possession of something (a key or card), the user's knowledge of something (a user identifier and password), and/or attribute of the user (fingerprint,retina or signature).

Passwords

Most comman approach to user auth. is passwords. User identified by id and asked for password. I£ the user-supplied password matches the password stored in the system, the system assumes that the account is being accessed by the owner of that account.For instance, a password may be associated with each resource (such as a file). Different passwords may be associated with different access rights. For example, different passwords may be used for reading files, appending files, and updating files, In practice, most systems require only one password for a user to gain full rights

Password Vulnerabilities

Unfortunately, passwords can often be guessed, accidentally exposed, sniffed, or illegally transferred from an authorized user to an unauthorized one. There are two common ways to guess a password. One way is for the intruder (either human or program) to know the user or to have information about the user. The other way is to use brute force, trying enumeration-or all possible combinations of valid password characters (letters, numbers, and punctuation on some systems)-until the password is found. 

Design Principles Of Security

Saltzer and Schroeder (1975) have identified several general principles that can be used as a guide to designing secure systems. A brief summary of their ideas (based on experience with MULTICS) is given below.

First, the system design should be public. Assuming that the intruder will not know how the system works serves only to delude the designers.

Second, the default should be no access. Errors in which legitimate access is refused will be reported much faster than errors in which unauthorized access is allowed.

Third, check for current authority. The system should not check for permission, determine that access is permitted, and then squirrel away this information for subsequent use. Many systems check for permission when a file is opened, and not afterward.