23_Protection_and_Security_2spp

23_Protection_and_Security_2spp - CSC 4103 - Operating...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CSC 4103 - Operating Systems Fall 2009 Tevfik Ko ! ar Louisiana State University November 19 th , 2009 Lecture - XXIII Protection and Security The Security Problem • Protecting your system resources, your files, identity, confidentiality, or privacy Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security • Attack can be accidental or malicious • Easier to protect against accidental than malicious misuse
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security Violations • Categories Breach of confidentiality • information theft, identity theft Breach of integrity • unauthorized modification of data Breach of availability • unauthorized destruction of data Theft of service • unauthorized use of resources Denial of service • crashing web servers Security Violation Methods Masquerading (breach authentication) • Pretending to be somebody else Replay attack (message modification) • Repeating a valid data transmission (eg. Money transfer) • May include message modification Session hijacking • The act of intercepting an active communication session Man-in-the-middle attack • Masquerading both sender and receiver by intercepting messages
Background image of page 2
Program Threats Trojan Horse Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Spyware, pop-up browser windows, covert channels Trap Door A hole in the security of a system deliberately left in place by designers or maintainers Specific user identifier or password that circumvents normal security procedures Logic Bomb Program that initiates a security incident under certain circumstances Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers) Program Threats (Cont.) • Viruses Code fragment embedded in legitimate program Very specific to CPU architecture, operating system, applications Usually borne via email or as a macro
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 11

23_Protection_and_Security_2spp - CSC 4103 - Operating...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online