CS361: Operating System

Jian Huang — Spring 2012

EECS | University of Tennessee - Knoxville

Security

First off, let's distinguish two key concepts: protection vs. security. Protection is about the mechanisms for controlling/managing access of processors or users to various resources. Page table, for example, is a protection mechanism. So are file access previleges.

Security in this context is using protection mechanisms to prevent misuse of resources, be it intentional or accidental.

The basic security components in a modern OS consist of: authentication (i.e. who are you?), authorization (i.e. what can you do?), and enforcement (i.e. are you doing what you are supposed to do?).

Authentication relies on encryption, authorization depends on access control (and the fact that there are multiple user groups, previlege levels for both users and processes), and interestingly, enforcement is elegantly handled through kernel mode.

Authentication

While access control and kernel mode have been discussed in various context throughout the semester, we have not so far mentioned much about encryption. In this section, let's go through some high level concepts.

Authentication usually rely on passwords, smart cards or some sort of biometrics such as fingerprint, retinal scan. Passwords are the most common.

For passwords, the OS needs to keep a copy to check against. This copy of information is obfuscated, typically using a transformation that is very hard to reverse unless you have the right key. This is the basic concept of encryption. The simpliest is to compute an XOR on your data. On typical Unix systems, /etc/passwd file contains the passwords in encrypted form.

No security system is 100% bullet proof. Cracking it is a matter of time. The longer it takes, we'd consider that to be harder to crack. Please note - simply harder, and only relatively harder.

Ways to make passwords harder to crack includes: - don't use short passwords, - extend everyone's password with a unique number, - require more complex passwords (upper, lower, punctuation + number), - delay checking of passwords (delay every check by 1 second), - make it infeasible for rapid-fire dictionary attack, - assign very long passwords, - zero-knowledge proof using a series of challenge-response questions.

Authentication over the network

Private key cryptography: - single key used for both encryption and decryption, - can't derive plain text from ciphertext without access to key, - can't derive key from plaintext and ciphertext, - distributing key is quite a problem.

Public key encryption: Have two keys instead of one: Kpublic and Kprivate are mathematically related, but hard to derive from one to the other. Encrypt using Kpublic and decrypt using Kprivate. Example system: RSA.


Jian Huang / EECS /UTK / revised 04/2012