Computer Security CSE 543
Popular in Course
Popular in Computer Science and Engineering
This 0 page Class Notes was uploaded by Libby Kuhlman on Sunday November 1, 2015. The Class Notes belongs to CSE 543 at Pennsylvania State University taught by Staff in Fall. Since its upload, it has received 20 views. For similar materials see /class/233115/cse-543-pennsylvania-state-university in Computer Science and Engineering at Pennsylvania State University.
Reviews for Computer Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/01/15
OUHINE Access control matrix ACL capabilities gt Implementation and issues of capabilities aplementation and issues of access llers 39 Lampsori s Access control matrix model 7 Sparse matrix how to store 131911223 column Access Control List dip iri acl obj principal p nger proof row Capabilities chars keys w ops INTUITIVELY 0 Each has its advantages and disadvantages 0 When do ACLs make more sense Given an object What subjects can access it and how Owned objects Eg file management 0 When do capabilities make more sense Given a subject What objects can it access and how Functionalities capabilities of a process object space of a process memory management 7 APPLICATIONS OF CAPABILITIES AND ACLS 0 Capabilities Page table entry File descriptors Passwords Java object reference can t forge because of Java s type safety 0 ACL UniX file or process permissions 1 Pure capabilitybased systems Eg EROS UHU UPenn CAP Cambridge 0 Pure ACL based system 0 Typically hybrid SYSTEM ARCHITECTURE Segmented memory Objects memory segments Descriptors For mapping segments to physical address Can be used as a capability for protection base Unique segment id limit Correlate With segment registers and segment table re llsth mews t nn i l wra m U t fes ir q MEIE News a 54mm e WI E sl39 L 39y praee sanl x ifi39 l 1 1mm in a I 39H mam23mm diestflw m Eii39giIE39I39HP39Ev H w unuqee aegis1er m U 392 ad time we rectum desewpa wvr 613 iirnq rir rf mm Ham TAGGED ARCHITECTURE 0 Capability can be stored anywhere in memory 9 Every word in a memory has an extra bit capability or data 0 Flexibility process can store its capabilities wherever it wants v9 DisadV hardware support search time Eg IBM As400 Assumed m tbz spaper as it s the general raw 39 k 7 PROTECTED MEMORY 0 Place capabilities in memory space readable by user processes but not changeable 0 Efficient if all capabilities for a process are placed together in one or more segments C lists No extra hardware required 3 Eg UniX region table WORKING OF THE SYSTEM szqmz ltd mm 1 Supervisor Wants to schedule e process A 2 It possesses capability for prog A code segment 3 It has capability for camlog of user of A capability segment 7 segment mble 7 loads them in protection Exam m description regs V Starts running process A c5 rm 7 does not clear the registers further capabilities COMPLETE PICTURE 0 Need to authenticate the user running the process Supervisor s 1 Supervisor s authentication process runs Vvagggsgs With the capability for UID table 39383988 space 2 User logs in providing his password 3 If authenticated supervisor does the following i clears the prot desc reg capability for catalog wads the capability for the user s that catalog 7 ma marmom iii Loads the capability of a prog V belonging to the user 5m EDIE wel mhi 2 typically the entry code segment L iv Starts running process DJ 5L1 swung 57m 2r L with wss capah lug F 1 153 Mervs zf39ims39i n Iwuhla mum w zg E El El 3 l39 nh lfy tufu aq har39rl tt 5mm EE39S l39 E 539 I wetszh gr 5 gzrnenl Mn t p h r tar 5 3nger irargmm El minim fair Eii eigh data base aeqmani much fm Snagmarl B H 3quot ail ITEM risu M321 I cam mg 1m in base K segment hams 39zana far seam i DYNAMIC SHARING 0 We need a special communication segment between pairs of users to pass the capability 0 If there are N users 0N2 extra segments 0 Can use a mailbox segment for each receiver Where each sender places the capability 0N Mailbox must be able to associate sender s id With the capability Must be able to associate the receiver s id With ISSUES Users can copy capabilities dynamically thout any constraint There s no control of propagation guilt to review Which users have access segment cation of capabilities is a problem in tagged architecture QUICKFIXES ACCESS CONTROL SYSTEM ramk mg zdm irfeiasf it is gm i r m m i a a f g m 51H mamm V H 19 39 l czsng39m39z mg39 39 39 39 39 39 w it V uh r39mmgeqi fl 4 I id mafaar j ai g r j jg mg mm ua 513 1 1mm CAN GETMESSY Every segment has an access controller Every access requires a lot of memory reads Access controllers may change size dynamically No issues With uncontrolled propagation revocation or reVieW QUICKFIXES 0 When authorized for first time provide a capability for that principal With the access rights to that object Which can be used for subsequent accesses 0 Group the users restrict number of entries E g Unix restricts to three owner group and others 0 Better alternative Hybrid system Capabilities for memory high traffic path Access controllers for secondary storage and file system Eg process uid 9 fopen file name 9 ACL check 9 fd WHO GIIFSAUTHORITYFOR ACCESS 9 Discretionary 391 Self Control 112IIYE1IYUVQ33lill CXISF1CEIIZEEZI11 1DV SI GLQll NKIEF magma ism mean isms wanna BMMa tarl Imsiwrwr rimsgimgrivam a 11mm im b 0 Userdefined Objects a quot ii 0 Protected subsystem 5 Collection of Objects E and processes With eXClusiV f 1 RE E f i i Ei wire r39 f1Eii l s 39 i capab1l1t1es on the ObJGCtS L r I Vii mm warm k on mail Eg UniX kernel Java Ex 3 l 5 39 was Xe sandbox IMPLEMENTING A PROTECTED SUBSYST EM Involves computation across several protection domains gtSWitching of protection domains gtReplacing C lists of one domain With another 6 Implemented as procedure calls The entry procedure of one domain requires the calling domain to have Enter capability Eg Unix system calls IMPLEMENTATION ISSUES 0 To name just a few H i Separation of privilege required for security To access internal structure of an object two capabilities are needed both must allow access Eg setuid in UniX forking in sshd ii Book keeping data of the domains must be preserved activation records and static variables iii Argument passing In UniX When returning from kernel mode it is checked if the calling user has valid rights for the return address Buffer over ow attack CONCLUSION A39Comprehensive overview of information lrotection es the trend at that time and the Us reSearCh directions drastic Change since then we still have V39 issuesz we still have a lot of