CHAPTER THREE

COMPUTER SECURITY

SECURITY IN CONVENTIONAL
OPERATING SYSTEMS

BY: SHEWANGIZAW LIULSEGED

 Security methods in OSs
Basis of security in OS: separation
= keeping one user’s objects secure from interference by other users
Kinds of separation:
1) Physical separation
Different processes use different physical objects
E.g., different printers for different ‘confidentiality levels’ of
output
2) Temporal separation
Processes having different security req’s executed at different times
3) Logical separation
Illusion that OS executes processes only for single user
4) Cryptographic separation
Processes conceal their data and computations from other processes
 Security methods in OSs
Strength of security via separation (least to most secure):
Logical separation Level of
Temporal separation security
Physical separation
Complexity of implementation of separation (least to most complex):
Physical separation
Temporal separation Complexity of
implementation
Logical separation
Cryptographic separation
Resource utilization in different kinds of separation:
Poor: physical separation / temporal separation
Good: logical separation / cryptographic separation
 Levels of protection in OSs
Absolute separation reduces efficiency
– need to share some resources for efficiency

Full sharing-separation spectrum = levels of protection by OS:

1) No protection
Caveat emptor („Let the buyer beware” in Latin)
User can still protect self by, e.g, temporal separation
2) Isolation
Concurrently running processes hidden from each other
=> unaware of each other
Own address space, files, other objects for each process
3) Full sharing or no sharing
Object/resource owner declares it as:
- public (can be shared by all)
or
- private (not shared)
4) Sharing via access limitation
Access to each object by each user determined by access rights
5) Sharing by capabilities
Extension to “Sharing via access limitation”
Can be changed by owner, subject, computation context,
object itself
6) Limited object use
Limits not only object access — limit object use
E.g., can view a doc but can’t copy it
E.g., can view statistical summary of data but can’t view
individual data records (e.g., can see average salary
but not John Smith’s salary)
 Memory and Address Protection
 Most obvious protection:
Protect program memory from being affected by other programs
 Outline
A. Fence
B. Relocation
C. Base/Bounds Registers
D. Tagged Architecture
E. Segmentation
F. Paging
 Memory and Address Protection
A. Fence
Confining users to one side of a boundary
E.g., predefined memory address n between OS and user
program instruction at address ≤ n (OS’s side of the fence) not
allowed to execute
B. Relocation
Programs written as if starting at location 0 in memory
Actually, starting at location n — determined by OS
Before user instruction executed, each address relocated by
adding relocation factor n to it
Relocation factor = starting address of program in memory
 C. Base/Bounds Registers
Base register = variable fence register
Determines starting address, i.e. lower limit, for user program
addresses
Bounds register
Determines upper limit for user pgm addresses
To protect user’s instructions from user’s own data address errors – use
two pairs of registers
1) Register pair for data
2) Register pair for instructions
 D. Tagged Architecture
 Tagged architecture (gives low granularity of access rights)
Every word of machine memory has ≥1 tag bits defining access
rights to this word (a h/w solution!)

Tag Word
R = Read only  Access bits set by OS
R 0001  Tested every time
RW 0137 RW = Read/Write instruction accesses its
R 4091 X = Execute only location
R 0002
X
 E. Segmentation
Benefits addressing + enhances memory protection for free
Effect of an unbounded number of base/bounds registers
Pgm segmentation:
Program divided into logical pieces (called segments)
E.g. Pieces are: code for single procedure / data of an array /
collection of local data values
Consecutive program segments can be easily stored in
nonconsecutive memory locations.
 F. Paging
Principles:
Programs divided into equal-sized pieces called pages
Memory divided into same-sized page frames
Size is usually 2n, from 512 B to 4096 B
OS maintains Page Translation Table (PTT)
— maps pages into page frames
Benefits of paging
Programmer can be oblivious to page boundaries (automatic)
Paging completely hidden from programmer
No fragmentations of main memory
 AUTHENTICATION
determine who can log on to a system, and the association of users with
the software subjects that they are able to control as a result of logging
in.
The four factors for authentication
1. Something you know, such as a password or a personal identification
number (PIN).
2. Something you have, such as a smart card or security token.
3. Something you are, such as fingerprint, voice, retina, or iris
characteristics.
4. Where you are, for example inside or outside a company firewall, or
proximity of login location to a personal GPS device.
 AUTHORIZATION
Authorization is the process of Validating or figuring out the identity of a
person.
Once we know (reasonably) who it is, we need to decide what they can
access, and how.
Servers
Networks
Applications
Files (data)
Actions
Read (R)
Write (W)
Execute (X)
 WHAT IS DATABASE SECURITY?
Database:

It is a collection of information stored in a computer.

Security:

It is being free from danger.

Database Security:

It is the mechanisms that protect the database against intentional

or accidental threats.
 THREE MAIN ASPECTS

1. Secrecy
2. Integrity
3. Availability
 SECRECY
It is protecting the database from unauthorized users.
Ensures that users are allowed to do the things they are trying to do.
For examples,
The employees should not see the salaries of their managers.
 INTEGRITY
Protecting the database from authorized users.

Ensures that what users are trying to do is correct.

For examples,
An employee should be able to modify his or her own
information.
 AVAILABILITY

Authorized users should be able to access data for Legal purposes

as necessary

For examples,
Payment orders regarding taxes should be made on time by the
tax law.
 DATABASE PROTECTION REQUIREMENTS

1. Protection from Improper Access

2. Protection from Inference
3. Integrity of the Database
4. User Authentication
5. Multilevel Protection
6. Confinement
7. Management and Protection of Sensitive Data
 TYPE OF SECURITY CONTROLS

1. Flow Control

2. Inference Control

3. Access Control
 FLOW CONTROL
Flow controls regulate the distribution (flow) of information among
accessible objects.

A flow between object X and object Y occurs when a statement

reads values from X and writes values into Y.

Copying data from X to Y is the typical example of information

flow.
 INFERENCE CONTROL
Inference control aim at protecting data from indirect detection.

Information inference occurs when: a set X of data items to be read by a

user can be used to get the set Y of data.

An inference channel is a channel where users can find an item X and

then use X to get Y as
Y = f(X).
 MAIN INFERENCE CHANNELS
Indirect Access:
Occurs when a user derives:
unauthorized data (say Y)
from an authorized source (say X).

Correlated Data:
If visible data X is semantically connected to invisible data Y.
 INDIRECT ACCESS
Occurs when a user derives unauthorized data (say Y) from an
authorized source (say X).
SELECT Name OR SELECT Name
FROM GradeReport FROM GradeReport
WHERE grade = A WHERE ID=120000348

Name ID grade
GradeReport Abebe 120000348 A
Ayele 120000636 B
Mohammed 120000756 A
 CORRELATED DATA
If visible data X is semantically connected to invisible data Y.

Position (visible)-------------> Salary (invisible).

Name Position Salary

Abebe Manager 10000 Birr
Ayele Staff 7000 Birr
Mohammed Staff 7000 Birr
 ACCESS CONTROL
Access control in information system are responsible for ensuring that
all direct accesses to the system objects occur base on modes and rules
fixed by protection policies.

An access control system includes :

subjects (users, processes).
Who access objects (data, programs).
Through operations (‘read’, ‘write’, ‘run’).
ACCESS CONTROL (CONT.)
 SQL INJECTION
SQL injection is one of the most widely used threat to Database
security.
E.g. application takes accnt_number as input from user and creates an
SQL query as follows:
string query = "select balance from account where account_number =‘"
+ accnt_number +"‘"
Suppose instead of a valid account number, user types in
‘; delete from r; then (oops!) the query becomes
select balance from account where account_number =‘ ‘; delete from r;
Hackers can probe for SQL injection vulnerability by typing, e.g.
‘*** in an input box
Tools can probe for vulnerability
Error messages can reveal information to hacker
 PREVENTING SQL INJECTION
To prevent SQL injection attacks use prepared statements (instead of
creating query strings from input parameters)
PreparedStatement pstmt= conn.prepareStatement("select balance from
account where account_number =?“);
pstmt.setString(1,accnt_number);
pstmt.execute();
(assume that conn is an already open connection to the database)
Alternatives:
use stored procedures
use a function that removes special characters (such as quotes) from
strings
Any questions?