26-Protection_and_Security

26-Protection_and_Security - CSE 421/521 - Operating...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CSE 421/521 - Operating Systems Fall 2011 Tevfik Ko ş ar University at Buffalo December 6 th , 2011 Lecture - XXVI The Security Problem • Protecting your system resources, your files, identity, confidentiality, or privacy Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious misuse Security Violations Categories Breach of confidentiality information theft, identity theft Breach of integrity unauthorized modification of data Breach of availability • unauthorized destruction of data Theft of service • unauthorized use of resources Denial of service • crashing web servers Security Violation Methods Masquerading (breach authentication) Pretending to be somebody else Replay attack (message modification) Repeating a valid data transmission (eg. Money transfer) May include message modification Session hijacking • The act of intercepting an active communication session Man-in-the-middle attack • Masquerading both sender and receiver by intercepting messages Program Threats Trojan Horse Code segment that misuses its environment Exploits mechanisms for allowing programs written by users to be executed by other users Spyware, pop-up browser windows, covert channels Trap Door A hole in the security of a system deliberately left in place by designers or maintainers Specific user identifier or password that circumvents normal security procedures Logic Bomb Program that initiates a security incident under certain circumstances Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers) Program Threats (Cont.) • Viruses Code fragment embedded in legitimate program Very specific to CPU architecture, operating system, applications Usually borne via email or as a macro • Visual Basic Macro to reformat hard drive Sub AutoOpen() Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide) End Sub
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Program Threats (Cont.) Virus dropper inserts virus onto the system Many categories of viruses, literally many thousands of viruses:
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 5

26-Protection_and_Security - CSE 421/521 - Operating...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online