UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs...
-
Upload
bonnie-lee -
Category
Documents
-
view
212 -
download
0
Transcript of UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs...
UNIX System Protection
Unix History
• Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs
• Adapted some ideas from the Multics project in 1969
Design Features
• Written in C – portable
• Application program interface (API) – enabled programmers to write applications that are compatible with multiple platforms
• A small base program called “kernel” with a standard interface to interact
Security
• Security goal:– A common platform that could be shared by
several users– Security problem becomes one of “protection”
• Common mechanisms– Password storage– Protection ring– Access control lists
Kernel and Processes
• A running Unix system consists of the kernel and the processes each running a program– Protection ring boundary isolates the kernel from
the processes– Each process has its own address space– The concept of “file” for representing all persistent
system objects
Trusted Computing Base
• The set of software and data upon which the system depends for correct enforcement of system security goals
• Consists of the kernel and processes running with root (superuser) privilege
Unix Protection System
• What does protection mean?– An access enforcement mechanism that
authorizes requests from subjects to perform operations on objects
– Requests: read, write, etc.– Subjects: users, processes, etc.– Objects: files, sockets, etc.
Unix Protection System
• Protection state: describes the operations that system subjects can perform on system objects
• UNIX protection state specification– Subjects: process identities
• Process identities: user id (UID), group id (GID), and a set of supplementary groups.
– Objects: files – Access: read, write, execute– Protection state is specified by an access control list (ACL)
associated with each file
Unix File
• Each file is associated with:– An owner UID and an owner GID• Process with the owner UID privilege can modify the
protection state
– “mode bits” describe the ACL of a file• {owner bits, group bits, others bits}, where each
element consists of a read bit, a write bit, and an execute bit• e.g., rwxr--r--
Authorization Mechanism
• If the process UID corresponds to the owner UID of the file, use the mode bits for the owner to authorize access.
• Else if the process GID or supplementary groups correspond to the file’s group GID, use the mode bits for the group permissions.
• Otherwise, use the permissions assigned to all others.
Examples
-rw-rw-r-- 1 simon faculty 14 Sep 8 03:59 file1-rw-rw-r-- 1 user1 faculty 14 Sep 8 04:04 file2-rw-rw-r-- 1 user2 students 14 Sep 8 04:04 file3
“simon” belongs to group “faculty”“user1”, “user2” belong to group “students”
-r-------- 1 simon faculty 14 Sep 8 03:59 file1----r----- 1 user1 students 14 Sep 8 05:01 file2-------r-- 1 user2 students 14 Sep 8 05:02 file3
Protection State Modification in Unix
• Protection state operations: enable a protection state to be modified
• In Unix, the protection state can be modified by any process that has the owner ID privilege– This is called “discretionary access control”– Essentially we have to trust all user-level processes
to achieve the security goal of protection