Computer System Security: Threats, Protection, and Access Control

Posted on Dec 7, 2024 in Computers

Safety and Security in Computer Systems

A computer system provides services to human users within a company or organization. Some types of services are:

  • Management of information (e.g., financial transactions, personal files, etc.)
  • Other activities (e.g., industrial processes, traffic control, etc.)
  • Services built on apparatus (e.g., automobiles, robots, etc.)

Computer system resources are limited: There is an inherent cost to their utilization, which may be reflected in the form of tariffs or user charges.

In every human society or organization, there are some restrictions on the use of information: Privacy rights, information that represents or is the subject of ownership, and so on. In such cases, depending on what is necessary, restrict user access to system information.

Information Security

Ensuring the integrity, availability, and privacy of information in a computer system allows the distinction of classes of users with different permissions on the use of system resources.

Computer Security

It is a broad field, covering, inter alia:

  • Working patterns of individuals
  • Physical security devices
  • Internal security of the machine and operating system

External Security

Concerning the facilities of the computer system and access to people and information systems. It covers two areas:

  • Physical Security: Of the facilities. It includes measures of prevention or recovery of claims and access control systems.
  • Safety: Policies and security mechanisms: authorization levels or responsibility, access methods, communication protocols.

Internal Security

Refers to the circuitry system or security issues of the operating system.

Protection

Some of the internal security is on the access control programs, processes, or uses of the resources of a computer system.

Types of Threats to System Integrity

  • Negligent or improper use
  • Claims (physical damage to the system)
  • Unauthorized use or abuse
  • Sabotage (deliberate act of disrupting the system)

These threats can be accidental or intentional.

Intrusion: Unauthorized or improper entry into the system. Also called penetration.

Possible Effects of Hazards

  • Unauthorized disclosure
  • Destruction of information
  • Improper use of system services
  • Physical damage to the system
  • Degradation in system performance
  • Denial of access to authorized users

Some Intrusion Attempts

Based on opportunism, finding useful information, scheduling, etc.

  • Password theft or espionage
  • Making careless
  • Garbage collection
  • Inspection System Information
  • Electronic listening
  • Trial and Error: password program analyzers, decoders, etc.

Programs lure: Trojan horse; ruse of deception

Using a “back door” (backdoor)

Exploiting holes in the system

Malicious Software

Programs whose direct or indirect purpose is to violate the security of the system:

  • Worms (worms) and viruses: programs designed to sabotage the system
  • Trojan Horses

Objectives of the Security System

  • Effectively establish a system of licenses for use of resources and information
  • Prevent or avoid security threats
  • Detect intrusion attempts and keep track of the operations audit
  • Recover from security breaches robustness
  • Solving the above consuming minimal resources and without causing a major nuisance to users (in short, with the lowest cost)

The licensing system has to define:

  • How information is generated, added, deleted, or extracted
  • Internal information flows allowed
  • Authorizations for access to information
  • Authorizations for resource use in general

Security: Principles

  • Good faith will always be malicious users or negligent
  • Disregard the attacker
  • Optimism (remember Murphy’s Law)

Security: Design Principles (Saltzer and Schroeder)

  • Minimum Privilege: Each subject must have the minimum privileges to perform their duties.
  • Privilege Separation: Ensure they have met several conditions to perform a function.
  • Common Mechanism: Minimizing.
  • Minimum: Shares.
  • Simplicity of Mechanism: Avoid unnecessary complications.
  • Full Mediation: Do the access check always.
  • Safe Defaults: The default option should be denied access to.
  • Public Resources: Designed effectiveness of the security system should not rely on secrecy of design.
  • Accepted by Users: The safety system must be easy to meet and little annoyed.

User Validation

Validation and authentication mechanisms allow or deny access to users.

The validation mechanism must be comfortable, accepted by users, cheap, and difficult to replicate or steal.

Should minimize false acceptances and false rejections of users.

Classes of mechanisms:

  • Password little known to the person
  • Artifact something possessed by the person
  • Biometrics something characteristic of the person

Passwords: The most popular and economical mechanism

  • Very easy to implement
  • Did not require additional hardware
  • Impose user efforts
  • Theft or divination is difficult to detect
  • Require more elaborate mechanisms to ensure some level of security

Artifacts: Magnetic cards, keys, etc.

  • Comfortable to use and socially acceptable
  • Almost always multifunction (used for other things)
  • Avoid Trojans
  • Can be difficult to replicate
  • Loss or theft is easily detected

Biometric Methods: Physiological characteristics (fingerprint, retinal vessels) or behavioral (signature, voice pattern, etc.).

  • Require more expensive hardware
  • Practically impossible to replicate
  • The false rejection rate may be high
  • Tend to be rejected socially

Passwords

If they are easy to remember, they are easy to guess.

Solution: Random passwords generated by the system

  • Difficult to remember, tend to score, can be stolen

Multilevel passwords, or uncomfortable by type of service

Dynamic challenge: To raise an enigma known by the user impracticable

Limitation of consecutive attempts, e.g., with subsequent disconnection of the terminal or risk cancellation of the account of denial of service or loss of efficiency

Expiration of Passwords: That expire after a certain time

Protective Measures Typically Charged to the OS or Hardware

Set privilege levels through circuitry:

  • Recording dual operation
  • Protection of memory segments
  • Protection of access to peripherals
  • Protection management of events (interrupts, timer, etc.)

Clean storage keeps getting deleted by garbage collection information

Audit log services offered by the operating system

Replication information (backup, etc.).

Self-consistency of information (checksums, error-correcting codes, etc.) ð antivirus

Cryptography: Encryption in the transmission and storage of highly sensitive data (such as passwords, personal files, etc.)

Formal Model of Protection

In a computer, in protection, consider a set of subjects (active entities = processes or users) that perform operations on objects (any resource, information, etc.).

Each object supports a set of operations on it.

Subjects and objects can appear and disappear in the course of the existence of the system (e.g., new processes, new files)

Access Rights: Authority of a subject to perform an operation

Each subject has a set of access rights on each resource.

Protection Domain: A set of access rights, as a list of pairs <object, set of rights>

At each point, a process executes within a protection domain.

Protection Domains

Example of representation of protection domains:

pepe.cjuan.ccca.outimpresora D1 create ejecutarborrar read write read write execute D2 print run ejecutarborrar create

The set of protection domains is sometimes called an access matrix

What is a domain of protection?

  • A user (UNIX) or a user group
  • A process
  • A procedure (Hydra)

Protection domains and access rights can also be objects.

To take one case, you can define the access right that allows a process to run on a particular protection domain.

Example: Access matrix that defines the life cycle of a process of editing/compilation/execution of a program.

a.out cc foo.c D1 D2 D3 printer D1crear reading writing change to D2 leercrear run switch to remove write print run D3 remove remove remove

Note that this example serves the principle of minimum need.

Implementation of Protection Domains

The access matrix is only a theoretical construct, potentially unlimited, and it is small (many blank boxes).

Mechanisms developed:

  • Implicit Rules
  • Access Hierarchies
  • Encapsulation (in programming languages)
  • Access Lists
  • Capabilities
  • Keys and locks

Implicit Rules

Avoid expressing security information data structures.

Very common is that a user is a domain of protection or some variant of this principle.

Example: In Unix, each object has a user or process owner. Certain operations (kill a process, change permissions of a file) can only be made when the user who owns the acting process coincides with the object.

The user is authenticated through a system name and password. After authenticating, is in a protection domain for the UID of the user.

Access Hierarchy

Establish a set of hierarchical levels of access to resources and the allowed transitions between them.

Dual mode of operation (as supervisor/user mode): two levels.

Multiple levels of operation.
E.g., kernel mode, system administrator mode, user mode.

Rings of protection (MULTICS)

n levels, each associated with a protection domain.
Each process runs on a level k; protection domain is the union of i-level domains £ k.

Solution very limited: you can not define protection domains that are not hierarchical.

Encapsulation in Programming Languages

Many languages protect the objects declared in the programs by structuring the code in blocks, separate compilation of modules, abstract data types, etc.

Access Lists

Each object has a list of items associated <domain, rights> with existing access rights on it ð non-empty cells of his column in the array of requests

The protection information can then be scattered: each object has its own separate list.

Empty cells in the array access are not represented.

Variations:

  • Lists default rights (if not on the lists, you are given the right by default)
  • Playlists rejecting (who appears in them, not have the right indicated)

Capabilities

A capability is a representation of a domain of protection: it works as a ticket that entitles you to access an object, as specified in your ability.
From the point of view of a programming language, a capability is a protected pointer.

A capability is conceptually a row of the array accesses.

A capability is a special type of pointer to objects.

Every subject (process) has a list of capabilities, which allow controlled access to system objects.

Simply possessing the ability to access the corresponding object (with associated rights to capacity). There are no additional verification.

The system has to guarantee that a process can not use abilities that do not possess.

A process operates on objects by invoking services of the type operation (capacity, parameters, etc.), services provided by the operating system.

In the system may have many different abilities that point to the same object but with different rights.

Implementation of a System Capacity

Because capabilities are pointers to objects, implementing a capacity mechanism is intertwined with the memory management (primary or secondary).

The list of capabilities or capabilities themselves must be protected by hardware so that a process or user can not create their own abilities.

Ways to implement the system:

  • Memory marked
  • Memory segment
  • Encrypted Capabilities

Report Marked

Each object has a mark indicating the type: in this case, we distinguish between memory capacity or normal words.
Only the operating system would have the authority to create objects of type capacity.

Example:

direccióntipocontenido. . .. . . 123NORMAL33124CAPACIDAD489783498125NORMAL12345126NORMAL970567. . .. . .

Disadvantage: requires a different memory model of von Neumann.

Segmented Memory

It makes use of a local table by process capabilities and a global table of objects. Both structures must be protected to prevent a process from creating or altering capabilities uncontrollably.

Example:

Advantage: implementable from a segmented memory system

Encrypted Capabilities

The capacity is a bit pattern formed by the object identifier, access rights, and a checksum (checksum):

id. objetoderechossuma control

All information is encrypted by the system so that the ingredients are unrecognizable.

No boards are required to objects or skills, since all routing information and protection is self-contained in capacity.
Hence this mechanism is ideal for distributed systems.

There is the likelihood of generating capacity unduly valid, but is virtually zero due to the encryption and checksum, if they have a lot of bits.

Instead of checksums, you can use timestamps (timestamps) with the moment of creation of its generation capacity over undue ðdificulta

Handling Capacity

There may be services for:

  • Create a new capacity
  • Destroy any capacity
  • Curtail the rights of a capacity
  • Copy or move a capability to another process or user

To avoid security problems, we can define a process owner of each building, which is the one with the power to eliminate it. or trim their rights.

Comparison of Capabilities and Access Lists

In a system based on capabilities, protecting information resides in individuals (lists of skills), rather than objects, like access lists.

Capacities are also directions of objects.

Advantages of Competency:

  • The system object access can be faster capabilities, as paths are not in lists. The address of the object is given by one’s ability.
  • Rights may be transferred between processes access easily without having to alter access lists.

Capabilities Disadvantages:

  • It is difficult to know what processes have access rights on a particular object.
  • If a process revokes a capability, how do you get to affect other processes that have the same capacity?
  • If an object disappears, how will invalidate all the capabilities for that object?

Keys and Locks

Intermediate mechanism between the access lists and capabilities.

Each object has a set of locks ð unique bit patterns in the system. Each lock is associated with a set of rights.

Each protection domain has a set of keys ð unique bit patterns, each of which fits with a key in the system.

A process can perform an operation on an object only if the domain under which you run has a specific key for any of the locks of the object.

Both the keys and locks are to be protected in the same way that capacities.

This mechanism has the advantages of capabilities while simplifying the problem of deleting objects that exist with the capabilities.