23_Protection_and_Security

23_Protection_and_Security - CSC 4103 - Operating Systems...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CSC 4103 - Operating Systems Fall 2009 Tevfik Ko ! ar Louisiana State University November 19 th , 2009 Lecture - XXIII Protection and Security The Security Problem • Protecting your system resources, your files, identity, confidentiality, or privacy Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security • Attack can be accidental or malicious • Easier to protect against accidental than malicious misuse Security Violations • Categories Breach of confidentiality • information theft, identity theft Breach of integrity • unauthorized modification of data Breach of availability • unauthorized destruction of data Theft of service • unauthorized use of resources Denial of service • crashing web servers Security Violation Methods Masquerading (breach authentication) • Pretending to be somebody else Replay attack (message modification) • Repeating a valid data transmission (eg. Money transfer) • May include message modification Session hijacking • The act of intercepting an active communication session Man-in-the-middle attack • Masquerading both sender and receiver by intercepting messages Program Threats Trojan Horse Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Spyware, pop-up browser windows, covert channels Trap Door A hole in the security of a system deliberately left in place by designers or maintainers Specific user identifier or password that circumvents normal security procedures Logic Bomb Program that initiates a security incident under certain circumstances Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers) Program Threats (Cont.) • Viruses Code fragment embedded in legitimate program Very specific to CPU architecture, operating system, applications Usually borne via email or as a macro
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 4

23_Protection_and_Security - CSC 4103 - Operating Systems...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online