OS Module 12: Security

Why is security important in computational systems?

Protects against data loss, financial risks, and competitive disadvantage.

What is an adversary in security?

An unauthorized entity seeking to access, modify, or destroy data.

What is a vulnerability?

A deficiency in a system that can be exploited by threats.

Common types of cyber attacks?

• Doxing (exposing data)

• Diddle attack (tampering data)

• Denial-of-Service (DoS) (disabling access)

• Identity fraud (falsifying identities)

What are typical adversary motivations?

Opportunistic prying, hacktivism, snooping, spoofing, monetary crime, sabotage.

What are key steps in managing security risk?

Identify assets, assess costs, set policies, identify vulnerabilities, develop countermeasures.

What are three types of access control implementation?

• Hardware-based (BIOS encryption)

• Software-based (OS policies)

• Human-based (passwords, biometrics)

What are weaknesses of human-based security?

Password sharing and social engineering risks.

What is Discretionary Access Control (DAC)?

Object owners set permissions individually.

What is Mandatory Access Control (MAC)?

Organizations control access, not users.

What is Role-Based Access Control (RBAC)?

User roles determine access rights; roles can be hierarchical and inherited.

What is an Access Control Matrix (ACM)?

Matrix showing which domain has which rights over which objects.

What problem does SOX compliance address with ACMs?

Prevents accounting fraud by controlling and auditing access.

How are ACLs and Capability Lists (CLs) used to solve ACM scaling issues?

• ACLs: Organized by object.

• CLs: Organized by domain.

What is the Bell-LaPadula model?

Focuses on confidentiality:

• Read down (k or lower)

• Write up (k or higher)

What is the Biba model?

Focuses on integrity:

• Read up (k or higher)

• Write down (k or lower)

Why can’t Bell-LaPadula and Biba models be enforced together?

Their rules contradict, causing single-level compartments, harming data sharing.

What is a side channel?

Indirect leakage of information through system behaviors, not direct data access.

Examples of side channel attacks?

Monitoring electromagnetic radiation, CPU sounds, system load timing.

What is a covert channel?

Unauthorized secret communication between processes violating security policy.

Examples of covert channels?

• Storage covert channels (encode info via file size).

• Timing covert channels (manipulate packet send times).

How can processor utilization be abused for a covert channel?

Sender modulates CPU usage to encode 1s and 0s; receiver monitors timing to reconstruct data.

How can covert channels hide inside normal programs?

Sender hides inside word processors, receiver acts like system monitors to avoid detection.

What is cryptography?

• Transforming plaintext into ciphertext to protect information.

• Ensures only authorized users can decrypt and access the original data.

What characterizes modern cryptography?

Based on mathematical theory and computational hardness assumptions

What is the basic encryption process flow

Plaintext → (Encryption Key + Algorithm) → Ciphertext → (Decryption Key + Algorithm) → Plaintext.

What is symmetric cryptography

• Same key is used for both encryption and decryption.

• Used historically for secure group communication.

What is asymmetric cryptography?

• Different keys for encryption and decryption.

• Public key encrypts, private key decrypts.

Example of classic cryptosystems?

• Caesar cipher (letter shifting)

• Rail Fence cipher (zig-zag rearrangement)

• Hill cipher (matrix multiplication)

Example of modern cryptosystems?

• DES (outdated, 56-bit keys, broken in 1999)

• AES (secure, 128/192/256-bit keys)

How is cryptography used for secure communication?

Use public key to send a symmetric key, enabling fast two-way encryption after setup.

How does digital signing work?

Private key signs, public key verifies authenticity.

What are cryptographic hash functions used for?

Produce a fixed-length output to verify data integrity without revealing original data.

What is the difference between identification and authentication

• Identification: Claims an identity.

• Authentication: Verifies that the identity is valid

Three types of authentication methods

• Possession-based (e.g., cards)

• Knowledge-based (e.g., passwords)

• Biometric-based (e.g., fingerprints)

What are passive and active identification devices

• Passive: Physical keys.

• Active: RFID/NFC cards, Smartcards.

How do smartcards improve authentication?

Compute a response to a challenge from the server to authenticate securely.

What are common challenges with password-based authentication?

• Need to balance memorability and security.

• Risk of writing down or reusing passwords.

How does password length impact security?

Longer passwords increase the total combinations, making brute force attacks harder.

Common classical password attack strategies?

• Dictionary attacks (common words).

• Default password guessing (preset credentials).

• Joe accounts (username = password).

• Finger attacks (using personal info like birthdates).

What security trade-offs exist with complex password policies?

Complex passwords are safer but harder to remember, increasing risk of unsafe practices (e.g., writing them down).

Why is cryptographic security considered "practically unbreakable"?

It is theoretically breakable, but would take millions of years with current technology

What is a buffer overflow attack?

Occurs when more data is written to a buffer than it can hold, overwriting adjacent memory.

How do attackers exploit buffer overflows?

Overflow buffers to overwrite memory like function pointers and redirect execution toward malicious payloads.

Why are buffer overflows dangerous?

Can cause remote command execution, unauthorized data access, system crashes.

Which programming languages are most vulnerable to buffer overflow?

C and C++ (no built-in protections).

What safer languages provide built-in memory protection?

PERL, Java, JavaScript, C#.

What is a stack-based buffer overflow?

An attack that overwrites a function’s return address stored in the stack memory.

How does the Stack Canary method prevent buffer overflow attacks?

• A random canary value is placed before the return address.

• If the canary changes, the program detects an attack and terminates.

What is an integer overflow attack?

Happens when a computed number exceeds storage limits, causing incorrect values and vulnerabilities.

What causes integer overflow?

• Fixed-length numbers (8, 16, 32, 64-bit)

• Unchecked arithmetic operations

• No built-in overflow detection in C.

How do attackers exploit integer overflow?

Input large values to cause overflow, leading to incorrect memory allocation, system crashes, or data corruption.

Example of a wrap-around error?

Adding 1 to 65,535 (max 16-bit unsigned int) wraps around to 0.

What is an insider attack?

Threats from individuals with legitimate access, misusing their privileges.

Types of insider attacks?

• Privilege escalation

• Abuse of access rights

• Logic bombs, backdoors, login spoofing

What is a logic bomb?

Malicious code triggered by specific events (dates, actions) to cause system damage.

Why are logic bombs hard to detect?

They remain dormant until triggered and attackers destroy evidence after activation

What is a backdoor?

A hidden access point bypassing normal authentication, used for unauthorized system control.

Example of a backdoor?

A login system that grants access if the username is "ZZZZZ" regardless of password validity.

What is login spoofing?

A fake login page captures user credentials and forwards them to attackers.

Why is login spoofing dangerous?

• Users are unaware their credentials are stolen.

• Attackers gain full access to victim accounts.

Key prevention strategies for insider threats?

• Thorough vetting during hiring.

• Security monitoring of employee activities.

• Legal and contractual safeguards.