Operating Systems - Exam 3

Security, Software Exploitation, Defense, Multi-processor systems, Virtualization, AndroidOS

system bloat

This is the difficult in ensuring security.

manually, automatically

What are the two ways an attacker can launch exploits?

virus

This exploit requires at least some user interaction to propagate.

worm

This exploit is self-propelled without any user input.

trojan horse

This exploit is additional functionality unknowingly installed along with something else.

confidentiality, integrity, availability

What are the three fundamental properties for the security of an information system? It’s what CIA stands for.

confidentiality

This is threatened by exposure to data. (Secret data should remain secret)

integrity

This is threatened by the tampering of data. It means that unauthorized users should not be able to modify any data without the owner’s permission.

availability

This is threatened by the denial of service attack. It means that no one can disturb the system to make it unusable.

crackers

These are the people who try to break into computer systems where they don’t belong.

white-hats

Most attack tools are made by…

nmap, port-scan

This attack tool is useful for both type of attackers.

botnets

These are infrastructures that consist of thousands of compromised computers.

bot or zombie

This is when a computer is under the attacker’s control.

amount of effort for security and protection

What is dependent on who the enemy is thought to be?

cryptography

This is the shuffle of information to make it hard to read without a key.

software hardening

This adds protection mechanisms to make software difficult for attackers to make misbehave.

features

What is the enemy of security?

trusted systems

These have formally stated security requirements and meet those requirements.

trusted computing base (TCB)

This consists of hardware and software necessary for enforcing all of the security rules.

hardware, OS kernel, user programs with superuser privileges

What does the TCB include?

OS kernel

This involves process creation/switching, memory management, and part of the file and i/o management.

reference monitor

This is an important part of the TCB. It accepts all system calls involving security and decides whether they should be processed or not. This is where all security decisions are made.

domain

This is a set of (object, rights) pairs. It also specifies an object and some subset of rights that can be performed on it.

objects

A computer contains many resources which are also known as…

right

This is the permission to perform one of the operations.

principle of least authority (POLA)

This is also known as “need to know” and determines how objects are allocated to domains.

minimum

Security works best when each domain has the _______ objects and privileges to work — and no more.

UID/GID

In UNIX the domain of a process is defined by its…

system calls

What causes a domain switch?

matrix

Conceptually, this can keep track of which objects belong to each domain.

rows/columns

What are the two methods of storing the matrix?

access control list (ACL)

This slices a matrix up by columns. It associates with each object a list containing all domains that may access the object and how.

subjects/principals

Users can also be called…

one

Using an ACL, we assume that each domain is associated with how many users?

generic rights

This type of right is used with ACL, and is used to destroy and copy objects.

object-specific rights

This type of right is used with ACL, and is used to append message for a mailbox.

less encapsulation

This is when a user belongs to any groups that have certain access rights, access is permitted.

groups, wildcards

This is what allows selective blocking of specific users.

edit the ACL to make the change, ACLs are only checked on “open”

What are the two main steps for revoking previously granted access in the ACL?

capabilities

This is what slices the matrix up by rows. It is associated with each process is a list of objects that may be accessed along with permitted operations.

object identifier, bitmap for various rights

What are the two main things contained in a capability?

tagged architecture

This is when each memory word has an extra bit that tells whether the word contains a capability or not.

kernel mode

A tag bit can only be modified if the OS is in which mode?

position

Capabilities are referred to by their ______ in the list.

user space, cryptographically

The C-list should be kept in _____, but managed ______.

distributed systems

What are capabilities best for?

copy/remove capability, copy/destroy object

What are the four of the generic rights applicable to all objects in capabilities?

system must find all capabilities for any object which are stored in C-lists all over the disk.

Why is revoking access to an object difficult using capabilities?

static

Protection matrices are not…

create/delete object, create/delete domain, insert/remove right

What are the 6 primitive operations on the protection matrix that can be used as a base to model any protection system.pr

protection commands

What can the 6 primitive operations be combined into?

system

What enforces the matrix?

authorized/unauthorized

What are the two states that all possible matrices can be partitioned into?

discretionary access control

This access is when most OSs allow individual users to determine who may read and write their files and other objects.

mandatory access control

This type of access is not appropriate for all environments. It regulates the flow of information to make sure that it does not lead out in a way it is not supposed to.

Bell-LaPadula Model, Biba Model

What are the two models associated with mandatory access control?

confinement problem

This is when the goal is to encapsulate or confine the server so it cannot pass information to the collaborator.

protection matrix

This can guarantee that the server cannot write a file which the collaborator can read.

response time

How does the collaborator detect the bit stream? What must it monitor?

covert channel

This has noisy but error correcting code. It doesn’t provide protection based on a matrix of objects and domains can prevent this kind of leakage.

steganography

This is an encoding method that uses the low-order bit of each RGB color value as the covert channel. It can hide text in pictures and can be called “covered writing”

cryptography

The purpose of this is to take a message or file and encrypt it into another text in such a way that only authorized people know how to convert it back to plain text.

plaintext

Before the encryption, what is the text called in cryptography?

ciphertext

This is what the plain text is turned into.

public

Encryption and decryption algorithms should always be…

keys

In cryptography the secrecy depends on parameters to the algorithms called…

C=E(P,K)

What is the definition of encryption?

kerckhoff’s principle

This principle means that algorithms shoujld all be public and the secrecy should reside exclusively in the keys.

P=D(C,K)

What is the definition of decryption?

monoalphabetic substitution

This is a type of encryption where the letters are replaced by other letters of the plaintext.

public key cryptography

These have distinct keys that are used for encryption and decryption. Given a well-chosen encryption key, it is virtually impossible to discover the corresponding decryption key. The encryption key can be made public and only the private decryption key be kept secret.

RSA

This is a public-key system where all arithmetic is done using modulo arithmetic and all the numbers involved have hundreds of digits.

symmetric cryptography

Public key cryptography is thousands of times slower than…

encryption key

What is the public key considered?

decryption key

What is the private key considered?

correspondent

To send a secret message to a user, a ______ encrypts the message with the receiver’s public key.

cryptographic hash function

The function f is considered…

digital signatures

These are necessary to sign documents digitally. They make it possible to ensure signed emails and documents cannot be repudiated by the sender later.

SHA-1 (secure has algorithm)

This type of function typically produces a fixed-length result independent of the original document size.

certificates

These are an alternate method to distribute public keys.

user’s name, public key

What do certificates contain?

certification authority (CA)

What is the trusted third party that signs certificates?

public key infrastructure (PKI)

This is the general scheme for managing public keys.

40

In the Ad-hoc method, how many CA keys come preloaded?

trusted platform module (TPM)

This is a chip that holds a cryptoprocessor with nonvolatile key storage.

unauthorized software from execution, media piracy or enforce expiration dates

What does the TPM prevent? (2 things)

login time

A secured computer system must require all users to be authenticated during what time?

something the user knows, has, is

What are the general principles that help authenticate users?

username, password

What are the two most common method of authentication

obscure/don’t display the password being typed, don’t give feedback too early

What are the two principles of password protection used in implementation?

war dialers

These send out pings, try to set up connections to machines that respond, discover running services, and then launch the attacks

salt

This is an n-bit random number and is associated with each passwrod and “encrypted” with the password

one-way hash chain

This is a scheme that allows a user to log in securely over an insecure network using one-time passwords

challenge-response authentication

This is when the user picks an algorithm when signing up and the server sends an argument. Then the user will type a number. This algorithm can be different at different times. It can have a secret key given enough computing power.

stored value cards

This are small amounts of “persistent” memory

smart cards

This is a small tamperproof computer that can engage with a central computer to authenticate the user.

metal door keys, plastic magnetic stripe cards, plastic chip cards

What are the three main physical object authentication?

biometrics

These measure physical characteristics of the user that are hard to forge.

exploiting vulnerabilities

This is a main method to break into a user’s computer to make it do something different than the programmer intended.