Smartphone Operating System (779883), страница 41
Текст из файла (страница 41)
Since files are the basic units ofstorage, it is extremely important that they remain secure and protectedfrom malicious access. The remainder of the file system structure is alsovulnerable.Chapter 14 is dedicated to security. However, security issues are soimportant that we discuss them here as well – as they pertain to filesystems. In this section, we look at the issues with security and outlinethe attacks and protections that file systems can have.General Security IssuesAccess to a file system and the files it contains needs to be controlled.Allowing any and all access would be a mistake, because it invitesmalicious activity.
However, too many restrictions make file systemscumbersome to use. In addition to the proper security, we also need todecide what elements need security restrictions imposed on them.When an access is made to a file system, the fundamental assumptionis that the access is authorized or permissible. A fine-grained securitysystem would request authorization before each access. A coarse-grainedsecurity system would make a single validation that would verify allaccess.
Somewhere between the two extremes lies a system with enoughsecurity and a tolerable amount of overhead.190FILE SYSTEMS AND STORAGEAuthorization implies identification. File-system access cannot beauthorized for users if those users are not identified. Identifying usersis usually done by allowing them to log into a system or otherwise givinga user name or ID. Files are usually tagged with this user ID and specificpermissions are given to authorized user IDs.There are certain users that have all permissions to all files. Mostoften, these are termed superusers or root users.
These users have allpermissions by design (note the assumption that the user has beenidentified and authorized).Using remote file systems can be a security issue. Consider the following scenario: user X is authorized to access a collection of files. Whenthat collection of files is shared remotely to another computer system,what happens when user X does not exist on the remote system? Orworse, what happens when user X does exist on the remote system, butis a different user with the same user name?Typically, identification is verified on the system that the file systemcomes from before access is granted. This means that identical usernames on two different systems would not result in an infraction ofsecurity, because verification of the user name (called ‘authorization’ inChapter 14) is done on the computer the file system comes from.
Thatverification is unique and done in one place. When there are multipleservers serving up file systems, a centralized server for authentication isoften preferred. This can happen through a designated computer on thenetwork; this computer often runs an identity server to verify users.Security Failures: Flaws and AttacksSecurity advances often come from learning by mistakes or finding lapsesin security. There have been many security failures since file systemswere implemented. An overview of some of these is appropriate beforewe discuss mechanisms used to protect files.Operating systems have long allowed access without user identification. In this type of system, there is no specific owner of a file andall access to all files is implicitly granted. With no user identification,there is essentially a single user of the computer.
That user controls allsystem resources, including all files and file access. Most early operating systems – including early versions of Microsoft Windows – wereimplemented with this type of access.It is this environment that enabled the creation of viruses. Viruses arefragments of data that are typically added to programs in such a waySECURITY191that they can be executed when the program is executed. This ‘infection’is passed from program to program by the executing virus code.
Suchinfection is easy and permitted when no user identification is required toaccess files.Sometimes operating systems verify user identification but do not usethat identification to regulate access to files. These types of systems are‘gatekeepers’: once a user is validated – or passed through the gate – thatuser may do anything to the system and its data. In these systems, user validation usually serves to personalize the environment for users but is oftendiluted for security.
Recent versions of Microsoft Windows – throughto Microsoft Windows 2000 – would set up access to files in such a waythat the default access rights would grant all permissions to all users. Theresult was that, no matter what user you were, you could still access allfiles and have all privileges.Most operating systems in use today verify user identification anduse that identification for file access. These systems identify the type ofaccess allowed for various classes of users by identifying the user. Thesesystems are as vulnerable as their verification process. If a user can entera computer system with another user name, for example, then securityon files is meaningless. Access assumes authorization; if authorization iscompromised, so is file access.Unix has long had this type of security implementation. As the nextsection describes, Unix file systems have the notion of user classes,which include ‘owner’, and users are classified by their user ID whenthey validate themselves to the system.
This allows Unix to classify usersfurther, in groups or as ‘other’. Each of these classes has security settingsthat allow for file read, write and execute operations, with a file ownerbeing able to grant access to its file to particular user classes.Establishing and enforcing ownership on files is a great way to thwartvirus infection. When only an owner can modify a file, then a viruscan only infect a file if its executing process is identified as the owner.Sometimes, the owner can grant others ‘write’ permission by using ACLsor by giving groups of users access. Viruses can infect files in these casesif the executing process is identified as a user having permission to writeto a file.
Because owners are usually carefully controlled, Unix systemsare rarely infected with viruses.It is useful to note that some computer systems cannot establish useridentification and therefore must work to provide other forms of security192FILE SYSTEMS AND STORAGEsystems. Smartphones are a great example of this situation. It would beterribly inconvenient for the smartphone user to identify herself beforeeach use (imagine ‘logging in’ to a smartphone to answer a call).Protection MechanismsProtection of files starts with something outside of a file system: authentication.
Authentication is the verification of user identity. As Chapter 14points out, verification of identity can happen in a number of ways;appropriate verification uniquely and correctly identifies users to theoperating system.Most protection mechanisms verify that file access is permissible byrecording several pieces of information with each file. These piecesusually include:• ownership : the user ID associated with the process that created thefile; this assumes that the operating system identifies users and canrelay that information to files• permission specification : if the owner of a file is recorded, thenownership permission is also recorded; other types of access can berecorded: access for non-owners or for members of the group that theowner belongs to• access control : when permissions are too broad to properly securea file, access control lists (ACLs) can be used to specify users (ratherthan groups) and specific permissions can be associated with certainusers• capabilities : when access control lists are too broad or require toomuch detail, users and applications are assigned a specific type ofcapability (for example, ‘file read’ and ‘file write’).
The capability isalways matched against the type of access requested. Capabilitiesare usually more detailed than permissions or access control. Forexample, ‘file delete’ might be a capability that is usually not assignedas a permission.There are many variations on these security mechanisms. Linux usespermissions for file security. In a Linux system, there are three typesof user: owners, members of the owner’s groups, and others.
There areseveral types of file access in Linux. The most useful access types are‘read’, ‘write’ and ‘execute’. The permissions can be used like bits in aSECURITY193number and are assigned to each of the three types of user. For example,a file may have the following listing:-rwx-----x 1 jipping 11001344 Jul 18 15:49 Presentation.pptThe first entry shows the permissions: owners (the rwx part) have allaccess rights, group members (the --- part) have no access rights and‘others’ (the --x part) have only execute permissions.Security on Symbian OSSmartphone security is an interesting variation on general computersecurity. There are several aspects of smartphones that make security achallenge.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
