Concepts with Symbian OS (779878), страница 59
Текст из файла (страница 59)
Security allows certainthings in. Security represents ‘smart protection’: protection is part of whatit does but there are added elements that determine if entrance into asecure area is allowed.In the context of an operating system, security has several facets. Thereare many levels that must be secure. There must be a consideration of theenvironment external to a computer system. Access to system elementsmust be protected and authorized access must be granted. Securityneeds to prevent malicious destruction and accidental misuse but allowpermissible access.
Protection means more than simply preventing access;security requires more than allowing entry into the system.This chapter explores what security means to computer systems ingeneral and smartphones in detail. We examine the ways that data canbe misused and corrupted and present ways to guard against maliciousmisuse.28614.1SECURITYUnderstanding Security IssuesIt has been said that the only truly secure computer is one withoutpower – turn a computer off and it is fully secure.
Security is difficult toimplement correctly.In fact, total security cannot be achieved. A system is secure if itsresources are accessed and manipulated as intended in all circumstances.This implies a guarantee, something which cannot be given. Securityviolations occur because someone tried a way that was not blocked.Unfortunately, system designers are only human and the components ofcomplex operating systems sometimes interact in unforeseen ways.A classic security problem was revealed in Unix systems in the 1980s.Unix had (and still has) a command called ‘finger’ that queries anothercomputer to see user information.
Someone discovered that if you givethe name of a user in just the right way, you can overflow an internalbuffer (which was fixed at a static size) and push the overflowing data intothe executable part of the program. By structuring the query to containexecutable instruction data, a person could send a ‘query’ that was toolarge and force the finger server to execute the code that had overflowedinto the executable data. And since the finger server ran with very highprivileges, a person could run programs as the system administrator. Allthis because a programmer put a static bound on an array!While we cannot guarantee the protection of a system, it is possibleto make the cost of system access very high. Operating system securitymeasures must secure all foreseen methods of accessing a system sothat using an unforeseen method is very costly. To make this cost high,security must be exercised at four levels:• physical access to the computer or device must be secured againstintruders; this means securing room access or keeping track of amobile phone• human users must be screened to ensure that system access is doneby trusted individuals and those that access a system are who theypurport to be• network access is implemented over wired lines or wireless connections, using Ethernet and mobile phone technologies; networks carrydata and provide a way to break in• the operating system must protect and secure itself; all access must bescreened to determine if it is proper or not.AUTHORIZATION287Both network and operating system security depend on a securephysical environment and access from trusted individuals.
No matterhow secure the operating system of your phone is, putting it on a tableand walking away encourages someone to steal it and access your data.Allowing access to data to a person you think you trust who then givesthat access to malicious users (perhaps for money) cannot be predictedor prevented by an operating system.Because of the implications of an insecure system, it is worth considerable time and effort to make systems secure. Often this seems like a losinggame. For example, designers that are working on securing Linux alsopublish the source code to the operating system. Such open source code isscrutinized by far more people than are working on the implementation.While hundreds might be working on security implementation, thousandsmight be using the source code to gain access.The remainder of this chapter focuses on operating system security.The other areas of security, especially physical and human security, arebeyond the scope of this book.14.2AuthorizationWhen a system function is used or data is accessed, there is a fundamentalassumption that the access is authorized.
It is rare for an operating systemto ask for authorization before performing these functions (but it doeshappen occasionally). We explore what authorization means in thissection.Authorization means ‘to be given authority’. In turn, to be givenauthority implies two things: it did not exist before and it was given bysome other authorized entity. So if you are authorized to do something,you probably had to ask for authorization. The person who authorizedyou verified your request and granted you authority. Often, authorizationis demonstrated by a token or symbol that is recognizable.
A police officeris usually authorized by his uniform; a plain-clothes officer requires abadge to show her authorization. Sometimes, however, authorization isnot questioned. In this case, authorization is assumed or not required.For example, it is not typical to need to show authorization to enter apublic library; the assumption is that anyone may use the library, so anyuse does not need authorization.In an operating system, a process carries information about itself thatcan be used as tokens of authority.
A process has a process ID and288SECURITYowner and group designations. It also records the date and time of itscreation and which process created it. In most cases, this information setis enough to pick from. This information is assigned when a process iscreated, derived from the parent that created it.Take, for example, a process hierarchy in a Unix system. Upon login,a user can be granted shell access. The shell is a process whose job it isto communicate with the user and execute commands on his behalf. Theshell process has the owner and group information assigned to it by theoperating system login process. Any process spawned by this shell derivesowner and group information from the shell.
If the shell is authorized todo something, a command spawned by the shell is authorized to do thesame.Sometimes authority in a computer system is given to any process. InMicrosoft Windows 98 and earlier versions, authority was given to anyprocess simply because they were running on the system. These versionsof Windows did not require authorization to perform operating systemtasks. For example, if you were using the computer, you could deleteany and all files on the system’s hard drive. Even in more recent versionsof Windows, the permissions on files have been set to allow maximumaccess with minimal user security.14.3AuthenticationBecause authority is mostly assumed in an operating system, gettingthat authority is a function that must be administered carefully.
If aprocess is to grant access to the computer system to someone, the identityof that person must be verified or authenticated. Authentication is theverification of identifying characteristics and is an extremely importantpart of security, because, as stated in the previous section, authorityis often not verified. Authentication is usually user-based. A user mustidentify herself in a manner that the system can verify.
Authentication isusually based on one or more of three elements: what you know, whatyou have or who you are.What You KnowAuthentication based on what you know usually takes the form of somekind of password or ‘passalgorithm’ system. It is very common to basesecurity systems on passwords. Password systems usually ask for a userAUTHENTICATION289identifier and a password that has been assigned to that identifier as thebasis for authentication.
The user identifier is probably public knowledgebut the password should be unique to a user.Passwords work on many levels. They are most often used to gainpermission to use a computer system. If system security is more finegrained, passwords can be applied to system resources. The networkdevice, for example, may be password-protected in many operatingsystems and its use forces the operating system to ask the user forthe password.
An even finer-grained approach could allow differentpasswords to reflect different access rights: one password would allowreading a file while another would allow reading and writing.While passwords are common, they are not foolproof and have provenvery vulnerable in the history of operating systems. The problem withpasswords is that they must be remembered for the user to use them. Thismeans that the temptation to make them easy to remember is very great.And if a password is easy to remember, it is also easy to guess.
The mostcommon type of attack against system passwords is called the dictionaryattack, which simply walks through a dictionary and tries all the wordand variants on those words as passwords. Such attacks are easily doneand well documented (as are ways to foil such attempts).Password storage is an issue that can make an operating systemvulnerable.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
