Upload
eric-neal
View
224
Download
0
Tags:
Embed Size (px)
Citation preview
bzupages.com
bzupages.com
Operating System: Presented To: Sir. Ahsan Raza
Presented By: Shaista Sumreen (06-04) Aliya Zafar (06-06) Mamoona Sadia (06-08) Javaria Qayyum (06-26) Sana Tareen (06-31) Sadia Riaz (06-33)
bzupages.com
Services of Operating System:
Process ManagementMulti-TaskingInterrupt ProcessingMemory ManagementRegistersRandom Access MemoryDisk StorageDisk & File SystemNetworkingSecurity
bzupages.com
bzupages.com
Outline
Operating System SecurityProtection MechanismH/W SecurityProtection of MemoryAccess Control MechanismAuditingFault ToleranceSummary
bzupages.com
Shaista Sumreen 06-04
TopicProtection Mechanism
H/W Security
bzupages.com
Protection Mechanism:(1)
Operating system security is provided by gates that users must pass through before entering the operating system environment, and permission matrixes that determine what they are able to do once inside.
bzupages.com
Protection Mechanism:(2)
Dialup gate
Login gate
Root gate
Secure RPC gate
File and directory matrix
NIS+ objects matrix
bzupages.com
Protection Mechanism:
O.S provides protection with following Spectrum:
No protection Isolation Share all Or Share nothing Share via access limitation Share via dynamic capabilities Limited use of an object
bzupages.com
Hardware Security:(1)
Problem???
Examples:
Telephone SIM cards
Smart cards (used for access, TV decoders, ID, money...)
Public ATM machines
bzupages.com
Hardware Security:(2)
Install a version of the PROM monitor that either does not provide (or at least password protects) the commands to examine and change memory contents.
Ensure that workstations cannot be taken into single-user mode without providing the "root" (or a PROM monitor "hardware") password.
bzupages.com
Protecting data from hardwarefailures:(3)
Use Backups.
Use Redundant Arrays of Inexpensive Disks (RAID) .
Failure of a single disk should not cause any data loss.
Beware of manufacturers.
bzupages.com
Protection Of Memory:
Memory Encryption Control Unit (MECU) encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token.
User OrientedData Oriented
bzupages.com
User Oriented Access Control:
User access control in distributed environment can be either
centralized or decentralized.
1. In a centralized approach network provides a log on service, determining who is allowed to use the network and to whom the user is allowed to connect.
2. Decentralized user access control treats the network as a transport communication link, and the destination host carries out the usual log on procedure.
bzupages.com
User Oriented Access Control:
Authenticating users Commonly done using id and password Concern about eavesdropping May be centralized (network logon) or distributed (each host handles logon) May also limit who can access the network as a whole
bzupages.com
Data Oriented Access Control:
Each user has permitted actions Anyone in administration can see the list of employees,but only personnel staff can change someone’s salary Access matrix (Subjects x Objects) Subject — Entity that can access objects Object — Anything to which access is controlled Access Right — The way the object is accessed by the subject
bzupages.com
Data Oriented Access Control:
Generally matrix is sparse, so stored in a different fashion:
Access Control List
Who is allowed to do something with this object
Capability List
What can this user do?
bzupages.com
Javeria Qayyum 06-26
Topic
Access Control
bzupages.com
Access Control:
bzupages.com
Strategy:
Try user info variants
Try words from 60,000 entry dictionary
Try permutations of above (0-O, 1-L, etc.)
Try various capitalization of above
bzupages.com
Protecting Password:
bzupages.com
Sadia Riaz 06-33
Topic
Auditing
bzupages.com
Auditing:
Record of ongoing activity Most systems include auditing files Intruder detection system may have additional files Detection-specific audit records Subject — Who is doing the action? Action — What is being done? Object — What is being used? Exception condition — Any problems? Resource usage Timestamp — When did it happen? Each record refers to an elementary action Easier to detect intrusions Simplifies model and implementation
bzupages.com
Sana Tareen 06-31
Topic
Fault Tolerance
Introduction
Requirements
bzupages.com
Introduction:
What is the System???
3 Levels of Fault Tolerance
1. H/W fault tolerance
2. S/W fault tolerance
3. System fault tolerance
bzupages.com
“A system is the entire set of components, both computer related, and non-computer related, that provides a service to a user.”
bzupages.com
Requirements:
Dependable System
Approaches to achieve dependability
1. Fault avoidance
2. Fault Removal
3. Fault Tolerance
Dependability Specification
1. Qualitative
2. Quantitative
bzupages.com
Mamoona Sadia 06-08
TopicClasses of Fault Tolerance
Mechanism
bzupages.com
Fault Classes:
Locality
Effects (Timing & Date)
Cause (Design , Damage)
Duration (Transient , Persistent)
Efforts On the System State
1. Crash
2. Amesia
bzupages.com
Mechanism:
Detection
Diagnose
Containment
bzupages.com
Aliya Zafar 06-06
Summary of Presentation
bzupages.com
Thanks