General Purpose OS Security (Pfleeger Ch. 6)


	Protection Services for Operating Systems

	    What is to be protected/shared?
		CPU
		Memory
		Serially sharable devices
			tape, printer
		(pseudo-) Concurrently sharable resources
			disk
		Code
			programs, libraries, subroutines
		Data
		System information (e.g., user names, file names, etc.)

	    Methods of separation
		Physical
		Temporal
		Logical
		Cryptographic

	    Protection/sharing types
		None
		Isolation (VM)
		All-or-nothing (coarse)
		Access limitation (RM)
		Capabilities 
		Limit use of object (fine grained)

	    Granularity
		Coarse - all or nothing
		By size of element (bit/byte/word/block)
		By logical structure of element (object, sub-object)
		By access type (read/write/execute/append/copy/print/...)

	Mechanisms
	    H/W
		Protection/mode bits & protected instructions
			I/O, set clock, set mode, etc.
		Memory Protection
			Fence
			Base/bounds
				absolute
				relocatable
			VM
				Paging
				Segmentation
				Hybrids
			Tagged memory
				instructions vs. data
				read-only vs. read-write
				ownership
				control data vs. ordinary data
		Devices/files
			Locks
		Object-based protection
		    Goals
			Inescapable mediation - check every access
			Least privilege - need-to-know
			Verify acceptable usage - sematantics

		ACM
		    General
			domains/objects - bindings
			extensibility - domains as objects
			limitations - copy-right, restricted copy-right, etc.
		    Implementations
			ACL
			    directory structures
			Capability List
			    SFT
		Procedure-oriented Access
			trusted procedures only have access (Gates)
		File Protection
		    Basic forms
			All-or-none
			Group
			Single protections
			    Password
			    Encryption
			Temporary (setuid)
			Per-object/per-user - ACLs
		
		User Authentication (I&A)
		    Loose-lipped systems
		    Types
			What you are
			What you have
			What you know
		    Passwords
			Storage
				protected memory
				encrypted
				hashed
			Attacks
				page fault example
				finger attack
				probable passwords - joe accounts
				brute force
			Good passwords
				user-generated
				system-generated
				change management
				one-time passwords
				challenge-response systems
				COPS
			Issues
				Interception
			    	Strong vs. weak authentication
				Change
				Recall
		    Biometrics - what you are
			Fingerprint
			Retinal scan
			Iris scan
			Voice identification
			Hand dimensions
			Facial features
			Signature pressure patterns
			I/O device usage patterns (keystrokes, mouse)
			Issues - user acceptance
				reliability/robustness
				discrimination
				costs
				limitations - roaming users
		    Artifact-oriented - what you have
			ATM card
			Key
			ID card
			SecureID, etc. PRNG one-time PINs
				synchronization
			Issues -
				loss/destruction
				interception
				misalignment/loss of synch
				cost