SystemsSec 2016W Lecture 2: Difference between revisions
Dusanrozman (talk | contribs) Added notes for Jan 12th lecture. Work done by Dusan Rozman Xiusan Zhou |
Dusanrozman (talk | contribs) No edit summary |
||
Line 40: | Line 40: | ||
* file system permissions | * file system permissions | ||
Applications don't interact with untrusted sources or are "locked down" | Applications don't interact with untrusted sources or are "locked down". | ||
boot process | boot process | ||
Latest revision as of 20:33, 14 January 2016
Topics & Readings
- Operating system security
- Trusted computing
Class Notes:
Security mechanisms in a Unix system:
- All processes have a user, group, and "effective user".
- users
- passwords
- users have file permissions
- User input may cause vulnerabilities therefore the OS must control the input in some way.
- Networks
- IP tables: allows system admin to configure tables provided by Linux kernel firewall
- firewall used to protect system and restrict communication from untrusted sources.
- Just like not all programs can be trusted neither can all networks.
- Firewalls aren't only way to limit connections. Example, TCP wrappers: /etc/host.allow and /etc/host.deny
- Disk encryption
- Used to protect the information stored on disk from unauthorized users.
- SSH (secure shell).
- Used to remotely log into a unix system.
- SSH key is used to authenticate the user.
- Notion of secure downloads on Ubuntu using "apt-get". It's Utility used to install software packages and even upgrade the OS.
Important Concepts:
We briefly discussed the concept of what makes an OS secure.
What to trust in an OS?
- Kernel
- all root priviledged code
- daemons + set UID programs
- file system permissions
Applications don't interact with untrusted sources or are "locked down".
boot process
The modern OS is a mess. That is with the amount of complexity (the millions of lines of code) in a modern OS it's difficult (close to impossible) to ensure security.
Trusted Computing Base (TCB). TCB is synonymous with "trust model". In other words it defines software and data that OS relies on to enforce it's security goals. Ideally, the TCB should be minimal.