Security in Computing, 4th Ed, Pfleeger

Chapter 4

Protection in General-
Purpose Operating Systems

By Mohammed Al-Saleh / JUST

1
 Chapter 4
In this chapter
 Protection features provided by general-purpose
operating systems:
 protecting memory, files, and the execution environment

 Controlled access to objects

 User authentication

By Mohammed Al-Saleh / JUST

2
 Chapter 4
Protected Objects
 In fact, the rise of multiprogramming meant that several
aspects of a computing system required protection:
 memory
 sharable I/O devices, such as disks
 serially reusable I/O devices, such as printers and tape drives
 sharable programs and subprocedures
 networks
 sharable data
 As it assumed responsibility for controlled sharing, the
operating system had to protect these objects

By Mohammed Al-Saleh / JUST

3
 Chapter 4
Security Methods of Operating Systems
 Today three of the most prevalent families of operating
systems, the Windows NT/2000/XP series, Unix, and
Linux, run on many different kinds of hardware
 (Only Apple's Mac OS is strongly integrated with its hardware
base.)
 The default expectation is one level of hardware enforced
separation (two states)

By Mohammed Al-Saleh / JUST

4
 Chapter 4
Security Methods of Operating Systems
 The basis of protection is separation:
 keeping one user's objects separate from other users
 separation in an operating system can occur in several
ways:
 physical separation: processes use different physical objects, such as separate
printers
 temporal separation: processes are executed at different times
 logical separation: users operate under the illusion that no other processes
exist, as when an operating system constrains a program's accesses so that the
program cannot access objects outside its permitted domain
 cryptographic separation, in which processes conceal their data and
computations in such a way that they are unintelligible to outside processes
 Of course, combinations of two or more of these forms of
separation are also possible.

By Mohammed Al-Saleh / JUST

5
 Chapter 4
Security Methods of Operating Systems
 Separation is only half the answer. We want to separate
users and their objects, but we also want to be able to
provide sharing for some of those objects.
 Less sharing mean less resource utilization.
 When we think about data, we realize that access can be
controlled at various levels:
 the bit, the byte, the element or word, the field, the record, the
file, or the volume.
 the granularity of control concerns us. The larger the level of
object controlled, the easier it is to implement access control.

By Mohammed Al-Saleh / JUST

6
 Chapter 4
Paging
 The program is divided into equal-sized pieces called
pages
 Memory is divided into equal-sized units called page
frames
 Each address in a paging scheme is a two-part object,
this time consisting of <page, offset>.
 The page portion of every <page, offset> reference is converted
to a page frame address by a table lookup
 the offset portion is added to the page frame address to produce
the real memory address of the object referred to as <page,
offset>.

By Mohammed Al-Saleh / JUST

7
 Chapter 4
Paging

By Mohammed Al-Saleh / JUST

8
 Chapter 4
Control of Access to General Objects
 Protecting memory is a specific case of the more general
problem of protecting objects.
 Here are some examples of the kinds of objects for which
protection is desirable:
 memory
 a file or data set on an auxiliary storage device
 an executing program in memory
 a directory of files
 a hardware device
 a data structure, such as a stack
 a table of the operating system
 instructions, especially privileged instructions
 passwords and the user authentication mechanism
 the protection mechanism itself

By Mohammed Al-Saleh / JUST

9
 Chapter 4
Control of Access to General Objects
 We use terms like the user or the subject in describing an
access to a general object.
 This user or subject could be a person who uses a computing
system, a programmer, a program, another object, or something
else that seeks to use an object.
 There are several complementary goals in protecting
objects.
 Check every access
 If we have previously authorized the user to access the object, we do not
necessarily intend that the user should retain indefinite access to the object.
 Enforce least privilege
 a subject should have access to the smallest number of objects necessary to
perform some task
 Verify acceptable usage
 assured that the accesses performed are legitimate accesses

By Mohammed Al-Saleh / JUST

10
 Chapter 4
Protection Mechanisms
 protection mechanisms appropriate for general objects of
unspecified types, such as the kinds of objects listed
above
 Directory
 Access Control List
 Access Control Matrix
 Capability
 Role-Based Access Control

By Mohammed Al-Saleh / JUST

11
 Chapter 4
Directory
 A mechanism that works like a file directory
 Imagine we are trying to protect files (the set of objects)
from users of a computing system (the set of subjects).
 Every file has a unique owner who possesses "control" access rights
(including the rights to declare who has what access) and to revoke
access to any person at any time
 Each user has a file directory, which lists all the files to which that
user has access
 Clearly, NO USER can be allowed to write in the file directory
because that would be a way to forge access to a file.
 Therefore, the operating system must maintain all file directories, under
commands from the owners of files
 The obvious rights to files are the common read, write, and execute
familiar on many shared systems
 Furthermore, another right, owner, is possessed by the owner, permitting that user
to grant and revoke access rights

By Mohammed Al-Saleh / JUST

12
 Chapter 4
Directory

By Mohammed Al-Saleh / JUST

13
 Chapter 4
Directory
 This approach is easy to implement because it uses one
list per user
 naming all the objects that user is allowed to access
 However, several difficulties can arise:
 the list becomes too large if many shared objects, such as
libraries of subprograms or a common table of users, are
accessible to all users
 Deletion must be reflected in all directories
 Revocation of access: if a user wants to remove the rights of
everyone to access a file he owns
 Pseudonyms: naming problem. File F for user A and user B
 Solution: renaming

By Mohammed Al-Saleh / JUST

14
 Chapter 4
Access Control List
 There is one such list for each object, and the list shows
all subjects who should have access to the object and
what their access is.
 One access control list per object; a directory is created for each
subject.
 significant advantages
 To see how, consider subjects A and S, both of whom have access to object
F. The operating system will maintain just one access list for F, showing the
access rights for A and S
 The access control list can include general default entries for any users. In
this way, specific users can have explicit rights, and all other users can have
a default set of rights.
 a public file or program can be shared by all possible users of the system
without the need for an entry for the object in the individual directory of each
user

By Mohammed Al-Saleh / JUST

15
 Chapter 4
Access Control List

By Mohammed Al-Saleh / JUST

16
 Chapter 4
Access Control Matrix
 Access control matrix is a table in which each row
represents a subject, each column represents an object,
and each entry is the set of access rights for that subject
to that object.
BIBLIOG TEMP F HELP.TXT C_COMP LINKER SYS_CLO PRINTER
CK

USER A ORW ORW ORW R X X R W

USER B R - - R X X R W

USER S RW - R R X X R W

USER T - - - R X X R W

SYS_MGR - - - RW OX OX ORW O

USER_SVCS - - - O X X R W

By Mohammed Al-Saleh / JUST

17
 Chapter 4
Access Control Matrix
 In general, the access control matrix is sparse (meaning
that most cells are empty):
 Most subjects do not have access rights to most objects
 The access matrix can be represented as a list of triples,
having the form <subject, object, rights>.
 Searching a large number of these triples is inefficient enough
that this implementation is seldom used.

By Mohammed Al-Saleh / JUST

18
 Chapter 4
Capability
 So far, the operating system must keep track of all the
protection objects and rights
 other approaches put some of the burden on the user
 For example, a user may be required to have a ticket or pass that enables
access, much like a ticket or identification card that cannot be duplicated.
 a capability is an unforgeable token that gives the possessor certain
rights to an object
 Operationally, capabilities are a straightforward way to keep track of the
access rights of subjects to objects during execution
 Each time a process seeks to use a new object, the operating system
examines the master list of objects and subjects to determine whether the
object is accessible. If so, the operating system creates a capability for
that object.
 Capabilities can be revoked. When an issuing subject revokes a
capability, no further access under the revoked capability should be
permitted

By Mohammed Al-Saleh / JUST

19
 Chapter 4
Role-Based Access Control
 Role-based access control lets us associate privileges
with groups, such as all administrators can do this or
candlestick makers are forbidden to do this.
 We want some users (such as administrators) to have
significant privileges, and we want others (such as
regular users or guests) to have lower privileges

By Mohammed Al-Saleh / JUST

20
 Chapter 4
User Authentication
 An operating system bases much of its protection on knowing who a
user of the system is
 real-life action
 Thus, most computing authentication systems must be based on
some knowledge shared only by the computing system and the user
 Authentication mechanisms use any of three qualities to confirm a
user's identity.
 Something the user knows. Passwords, PIN numbers, passphrases, a secret
handshake, and mother's maiden name are examples of what a user may know.
 Something the user has. Identity badges, physical keys, a driver's license, or a
uniform are common examples of things people have that make them recognizable.
 Something the user is. These authenticators, called biometrics, are based on a
physical characteristic of the user, such as a fingerprint, the pattern of a person's
voice, or a face (picture).
 Two or more forms can be combined for more solid
authentication (bank card + PIN)

By Mohammed Al-Saleh / JUST

21
 Chapter 4
Passwords as Authenticators
 The most common authentication mechanism for user to operating
system is a password
 a "word" known to computer and user
 Although password protection seems to offer a relatively secure
system, human practice sometimes degrades its quality
 Even though they are widely used, passwords suffer from some
difficulties of use:
 Loss. it is possible that no one will be able to replace a lost or forgotten password.
The operators or system administrators can certainly intervene and unprotect or
assign a particular password, but often they cannot determine what password a
user has chosen; if the user loses the password, a new one must be assigned.
 Use. Supplying a password for each access to a file can be inconvenient and time
consuming.
 Disclosure. If a password is disclosed to an unauthorized individual, the file
becomes immediately accessible.
 Revocation. To revoke one user's access right to a file, someone must change the
password.

By Mohammed Al-Saleh / JUST

22
 Chapter 4
Additional Authentication Information
 In addition to the name and password, we can use other
information available to authenticate users.
 Ex.,
 Suppose Adams works in the accounting department during the shift
between 8:00 a.m. and 5:00 p.m., Monday through Friday.
 Any legitimate access attempt by Adams should be made during those times,
through a workstation in the accounting department offices
 By limiting Adams to logging in under those conditions, the system protects
against two problems:
 Someone from outside might try to impersonate Adams.
 Adams might attempt to access the system from home or on a weekend, planning to use
resources not allowed or to do something that would be too risky with other people around.

 Using additional authentication information is called

multifactor authentication

By Mohammed Al-Saleh / JUST

23
 Chapter 4
Attacks on Passwords
 Here are some ways you might be able to determine a
user's password, in decreasing order of difficulty.
 Try all possible passwords.
 Try frequently used passwords.
 Try passwords likely for the user.
 Search for the system list of passwords.
 Ask the user.

By Mohammed Al-Saleh / JUST

24
 Chapter 4
Loose-Lipped Systems
 The system might expose information to intruders
 If the user enters a wrong username or password
 WELCOME TO THE XYZ COMPUTING SYSTEMS
ENTER USER NAME: adams
INVALID USER NAME UNKNOWN USER
ENTER USER NAME:
 An alternative arrangement of the login sequence is
shown below.
 WELCOME TO THE XYZ COMPUTING SYSTEMS
ENTER USER NAME: adams
ENTER PASSWORD: john
INVALID ACCESS
ENTER USER NAME:
ENTER PASSWORD
 In this way, the intruder does not know which failed.

By Mohammed Al-Saleh / JUST

25
 Chapter 4
Exhaustive Attack
 In an exhaustive or brute force attack, the attacker tries
all possible passwords
 in some automated fashion
 Depends on the implementation of the computing system
 The passwords contain letters, numbers, special symbols, etc
 For example, if passwords are words consisting of the 26
characters AZ and can be of any length from 1 to 8 characters
 there are 261 passwords of 1 character, 262 passwords of 2 characters
 268 passwords of 8 characters.
 Therefore, the system as a whole has 261 + 262 + ... + 268 = 269 - 1 5 * 1012 or
five million possible passwords.
 That number seems intractable enough.
 If we were to use a computer to create and try each password at a rate of
checking one password per millisecond, it would take on the order of 150 years
to test all passwords.
 But if we can speed up the search to one password per microsecond, the work
factor drops to about two months.

By Mohammed Al-Saleh / JUST

26
 Chapter 4
Exhaustive Attack (Ex)
 For example, if passwords are words consisting of the 26
characters AZ and can be of any length from 1 to 8
characters
 there are 261 passwords of 1 character, 262 passwords of 2
characters, 268 passwords of 8 characters.
 Therefore, the system as a whole has 261 + 262 + ... + 268 = 269 -
1 5 * 1012 or five million possible passwords.
 That number seems intractable enough.
 If we were to use a computer to create and try each password at
a rate of checking one password per millisecond, it would take
on the order of 150 years to test all passwords.
 But if we can speed up the search to one password per
microsecond, the work factor drops to about two months.
 This amount of time is reasonable if the reward is large

By Mohammed Al-Saleh / JUST

27
 Chapter 4
Exhaustive Attack
 Searching for a single particular password does not
necessarily require all passwords to be tried; an intruder
needs to try only until the correct password is identified
 If the set of all possible passwords were evenly distributed, an
intruder would likely need to try only half of the password space
(on average)
 This feature reduces the size of the password space

By Mohammed Al-Saleh / JUST

28
 Chapter 4
Probable Passwords
 Think of a word ???
 Is the word you thought of long? Is it uncommon? Is it hard to spell
or to pronounce? The answer to all three of these questions is
probably no. People tend to choose names or words they can
remember
 Penetrators searching for passwords realize these very human
characteristics
 If people prefer short passwords to long ones
 the penetrator will plan to try all passwords but to try them in order by length
 There are only 261 + 262 + 263=18,278 passwords of length 3 or less
 At the assumed rate of one password per millisecond, all of these passwords can
be checked in 18.278 seconds, hardly a challenge with a computer
 Even expanding the tries to 4 or 5 characters raises the count only to 475
seconds (about 8 minutes) or 12,356 seconds (about 3.5 hours), respectively.
 One contains a dictionary of 80,000 words. Trying all of these words as
passwords takes only 80 seconds

By Mohammed Al-Saleh / JUST

29
 Chapter 4
Passwords Likely for a User
 People typically choose personal passwords
 name of a spouse, a child, a brother or sister, a pet, a street name, or something
memorable or familiar

  Users’ Password Choices.

By Mohammed Al-Saleh / JUST
30
 Chapter 4
Passwords Likely for a User
 People typically choose personal passwords
 name of a spouse, a child, a brother or sister, a pet, a street name, or something
memorable or familiar

Of those passwords, 86
percent could be uncovered
in about one week's worth
of 24-hour-a-day testing,
using the very generous
estimate of 1 millisecond
per password check.
  Users’ Password Choices.
By Mohammed Al-Saleh / JUST
31
 Chapter 4
Probable Passwords
 Several news articles have claimed that the four most common
passwords are "God," "sex," "love,"and "money“
 The COPS, Crack, and SATAN utilities allow an administrator to scan a system for
weak passwords.
 People think they can be clever by picking a simple password and replacing certain
characters, such as 0 (zero) for letter O, 1 (one) for letter I or L, 3 (three) for letter E or
@ (at) for letter A. But users aren't the only people who could think up these
substitutions.
 Guessing steps: no password, same as user ID, derived from the user name, common
word list, use dictionary, and brute force.

By Mohammed Al-Saleh / JUST

32
 Chapter 4
Plaintext System Password List
 an attacker may instead target the system password file
 On some systems, the password list is a file, organized essentially
as a two-column table of user IDs and corresponding passwords.
 You might protect the table with strong access controls, limiting
access to the operating system.
 not every operating system module needs or deserves access to this table
 For example, the operating system scheduler, accounting routines, or storage
manager have no need to know the table's contents.
 The operating system is not partitioned, so all its modules have access to all
privileged information
 This monolithic view of the operating system implies that a user who exploits a
flaw in one section of the operating system has access to all the system's
deepest secrets.
 A better approach is to limit table access to the modules that need access: the
user authentication module and the parts associated with installing new users, for
example.

By Mohammed Al-Saleh / JUST

33
 Chapter 4
Plaintext System Password List
 If the table is stored in plain sight, an intruder can simply dump
memory at a convenient time to access it. Careful timing may enable
a user to dump the contents of all of memory and, by exhaustive
search, find values that look like the password table.
 System backups can also be used to obtain the password table.
 Backups often contain only file contents, with no protection mechanism to control
file access
 Finally, the password file is a copy of a file stored on disk. Anyone
with access to the disk or anyone who can overcome file access
restrictions can obtain the password file.

By Mohammed Al-Saleh / JUST

34
 Chapter 4
Encrypted Password File
 There is an easy way to foil an intruder seeking passwords in plain
sight: encrypt them
 When a user's password is received, the stored password is decrypted, and the
two are compared.
 Even with encryption, there is still a slight exposure because for an instant the
user's password is available in plaintext in main memory.
 A safer approach uses one-way encryption, defined in Chapter 2.
 The password table's entries are encrypted by a one-way encryption and then
stored
 When the user enters a password, it is also encrypted and then compared with
the table
 If the two values are equal, the authentication succeeds
 With one-way encryption, the password file can be stored in plain
view
 the password table for the Unix operating system can be read by any user unless
special access controls have been installed

By Mohammed Al-Saleh / JUST

35
 Chapter 4
Encrypted Password File
 There is always the possibility that two people might choose the
same password
 creating two identical entries in the password file
 For instance, if Bill and Kathy both choose their passwords on April 1, they might
choose APRILFOOL as a password. Bill might read the password file and notice
that the encrypted version of his password is the same as Kathy's.
 Unix+ circumvents this vulnerability by using a password extension,
called the salt.
 The salt is a 12-bit number formed from the system time and the process
identifier
 the salt is likely to be unique for each user, and it can be stored in plaintext in the
password file
 The salt is concatenated to Bill's password (pw) when he chooses it and
E(pw+saltB) is stored for Bill, and his salt value is also stored
 When Kathy chooses her password, the salt is different because the time or the
process number is different. Call this new one salt K ;For her, E(pw+saltK) and saltK
are stored

By Mohammed Al-Saleh / JUST

36
 Chapter 4
Encrypted Password File
 When either person tries to log in
 the system fetches the appropriate salt from the password table
 combines that with the password before performing the encryption
 The encrypted versions of (pw+salt) are very different for these two users
 When Bill looks down the password list, the encrypted version of his password
will not look at all like Kathy's
 Storing the password file in a disguised form relieves much of the
pressure to secure it
 Better still is to limit access to processes that legitimately need access
 In this way, the password file is protected to a level commensurate with the
protection provided by the password itself
 Someone who has broken the controls of the file system has access to data, not
just passwords, and that is a serious threat

By Mohammed Al-Saleh / JUST

37
 Chapter 4
Indiscreet Users
 But there is a simple way to obtain a password: Get it directly from
the user
 People often tape a password to the side of a terminal or write it on a card just
inside the top desk drawer
 Users are afraid they will forget their passwords, or they cannot be bothered
trying to remember them
 two-thirds of people approached on the street volunteered to disclose their
password for a coupon good for a cup of coffee, and 79 percent admitted they
used the same password for more than one system or web site

By Mohammed Al-Saleh / JUST

38
 Chapter 4
Password Selection Criteria
 At the RSA Security Conference in 2006, Bill Gates, head of
Microsoft, described his vision of a world in which passwords would
be obsolete
 So what can we conclude about passwords? They should be hard to
guess and difficult to determine exhaustively, we present several
guidelines for password selection:
 Use characters other than just AZ
 Choose long passwords
 Avoid actual names or words
 Choose an unlikely password
 Change the password regularly
 Don't write it down
 Don't tell anyone else

By Mohammed Al-Saleh / JUST

39
 Chapter 4
One-Time Passwords
 A one-time password is one that changes every time it is used
 Instead of assigning a static phrase to a user, the system assigns a
static mathematical function.
 The system provides an argument to the function, and the user computes and
returns the function value
 Such systems are also called challenge response systems because the system
presents a challenge to the user and judges the authenticity of the user by the
user's response. Here are some simple examples of one-time password functions
 f(x) = x + 1. With this function, the system prompts with a value for x, and the user
enters the value x + 1.
 f(a1a2a3a4a5a6) = a3a1a1a4
 One-time passwords are very important for authentication because
an intercepted password is useless because it cannot be reused

By Mohammed Al-Saleh / JUST

40
 Chapter 4
The Authentication Process
 Some authentication procedures are intentionally slow
 A legitimate user will not complain if the login process takes 5 or 10 seconds
 To a penetrator who is trying an exhaustive search or a dictionary search,
however, 5 or 10 seconds per trial makes this class of attack generally infeasible.
 Someone whose login attempts continually fail may not be an
authorized user
 Systems commonly disconnect a user after a small number of failed logins,
forcing the user to reestablish a connection with the system
 will slow down a penetrator

By Mohammed Al-Saleh / JUST

41
 Chapter 4
The Authentication Process
 In more secure installations, stopping penetrators is more important
than tolerating users' mistakes
 After three successive password failures, the account for that user is disabled
and only the security administrator can reenable it
 This action identifies accounts that may be the target of attacks by penetrators.

By Mohammed Al-Saleh / JUST

42
 Chapter 4
Single Sign-On
 users become frustrated at having to authenticate to a computer, a
network, a mail system, an accounting system, and numerous web
sites
 single sign-on
 A user authenticates once per session, and the system forwards that
authenticated identity to all other processes that would require authentication.
 Get in trouble if someone compromises that first authentication
 Microsoft has developed a single sign-on solution for its .net users.
Called a "passport“
 Credit card numbers are authenticated to a single sign-on utility
 Although a desired feature, single sign-on raises doubt about what a
computer is doing on behalf of or in the name of a user, perhaps
without that user's knowledge.

By Mohammed Al-Saleh / JUST

43
 Chapter 4
Fixing Flaws in the Authentication Process
 Password authentication assumes that anyone who knows a
password is the user to whom the password belongs
 As we have seen, passwords can be guessed, deduced, or inferred
 Some people give out their passwords for the asking
 Other passwords have been obtained just by someone watching a user typing in
the password
 The password can be considered as a preliminary or first-level piece
of evidence
 There are several ways to provide a second level of protection
 another round of passwords or a challenge-response interchange

By Mohammed Al-Saleh / JUST

44
 Chapter 4
Challenge-Response Systems
 A more sophisticated login requires a user ID and password,
followed by a challenge-response interchange
 the system prompts the user for a reply that will be different each time the user
logs in
 Each user is assigned a different challenge function to compute
 For example, the system might display a four-digit number, and the user would
have to correctly enter a function such as the sum or product of the digits
 Because there are many possible challenge functions, a penetrator
who captures the user ID and password cannot necessarily infer the
proper function.

By Mohammed Al-Saleh / JUST

45
 Chapter 4
Impersonation of Login
 In the systems we have described, the proof is one-sided
 The system needs assurance that the user is authentic, but the user needs that
same assurance about the system.
 This second issue has led to a new class of computer fraud called phishing
 Common targets of phishing attacks are banks and other financial institutions
 However, a programmer can easily write a program that displays the
standard prompts for user ID and password, captures the pair
entered, stores the pair in a file, displays SYSTEM ERROR;
DISCONNECTED, and exits.
 This attack is a type of Trojan horse
 To foil this type of attack, the user should be sure the path to the system is
reinitialized each time the system is used.
 Microsoft chose <CTRL + ALT + DELETE> as the path to the secure
authorization mechanism for this reason

By Mohammed Al-Saleh / JUST

46
 Chapter 4
Biometrics: Authentication Not Using Passwords

 Some sophisticated authentication devices are now available.

 Authentication with such devices uses unforgeable physical characteristics to
authenticate users
 The list of biometric authentication technologies is still growing:
 fingerprints, hand geometry (shape and size of fingers), retina and iris (parts of
the eye), voice, handwriting, blood vessels in the finger, and face.
 Authentication with biometrics has advantages over passwords because a
biometric cannot be lost, stolen, forgotten, lent, or forged and is always available,
always at hand, so to speak.

By Mohammed Al-Saleh / JUST

47
 Chapter 4
Problems with Biometrics
 Biometrics are relatively new, and some people find their use
intrusive.
 people have real concerns about peering into a laser beam or sticking a finger
into a slot
 Biometric recognition devices are costly
 All biometric readers use sampling and establish a threshold for
when a match is close enough to accept.
 There is normal variability if, for example, your face is tilted, you press one side of
a finger more than another, or your voice is affected by an infection. Variation
reduces accuracy.

By Mohammed Al-Saleh / JUST

48
 Chapter 4
Problems with Biometrics
 Biometrics can become a single point of failure
 "If my credit card fails to register, I can always pull out a second card, but if my
fingerprint is not recognized, I have only that one finger."
 Although equipment is improving, there are still false readings.
 False positive and false negative
 Although we like to think of biometrics as unique parts of an
individual, forgeries are possible.
 The most famous example was an artificial fingerprint produced by researchers in
Japan

By Mohammed Al-Saleh / JUST

49
 Chapter 4
Using Cookies for Authentication
 On the web, cookies are often used for authentication.
 A cookie is a pair of data items sent to the web browsing software by the web
site's server.
 The data items consist of a key and a value, designed to represent the current
state of a session between a user and a web site
 Once the cookie is placed on the user's system (usually in a directory with other
cookies), the browser continues to use it for subsequent interaction between the
user and that web site.
 Each cookie is supposed to have an expiration date, but that date can be
modified later or even ignored

By Mohammed Al-Saleh / JUST

50
 Chapter 4
Summary
 This chapter has addressed four topics:
 memory protection,
 file protection,
 general object access control,
 and user authentication

By Mohammed Al-Saleh / JUST

51