ADITYA ENGINEERING COLLEGE(A)

Operating Systems

Unit – V
Secondary-Storage Structure: Overview of disk structure, and
attachment, Disk scheduling, RAID structure, Stable storage
implementation.
System Protection: Goals of protection, Principles and domain of
protection, Access matrix, Access control, Revocation of access
rights.
System Security: Introduction, Program threats, System and network
threats.
Case Studies: Linux, Microsoft Windows.
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Size increases

cost decreases

speed decreases

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Magneti c Disks
• A read–write head “flies” just above each surface of every
platter. The heads are attached to a disk arm that moves all the
heads as a unit. The surface of a platter is logically divided into
circular tracks, which are subdivided into
sectors. The set of tracks that are at one arm position makes
up a cylinder.
• There may be thousands of concentric cylinders in a disk drive,
and each track may contain hundreds of sectors. The storage
capacity of common disk drives is measured in gigabytes.
• When the disk is in use, a drive motor spins it at high speed.
Most drives rotate 60 to 250 times per second, specified in terms
of rotations per minute (RPM).

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Magneti c Disks
• The transfer rate is the rate at which data flow between the
drive and the computer.
• The positioning time, or random-access time, consists of
• two parts: the time necessary to move the disk arm to the desired
cylinder, called the seek time, and the time necessary for the
desired sector to rotate to the disk head, called the rotational
latency.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Solid-State Disks
• SSD is nonvolatile memory that is used like a hard drive.
• SSDs have the same characteristics as traditional hard disks but can be more reliable because they have no moving parts and
faster because they have no seek time or latency.
• They consume less power.
• They are more expensive per megabyte than traditional hard disks, have less capacity than the larger hard disks, and may
have shorter life spans than hard disks.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Magneti c Tapes
• Magnetic tape was used as an early secondary-storage
medium.
• Although it is relatively permanent and can hold large
quantities of data, its access time is slow compared with
that of main memory and magnetic disk.
• Random Access to magnetic tape is about a thousand
times slower than random access to magnetic disk, so
tapes are not very useful for secondary storage.
• Tape capacities vary greatly, depending on the particular
kind of tape drive, with current capacities exceeding
several terabytes.
• Tapes are used mainly for backup, for storage of
infrequently used information.
• A tape is kept in a spool and is wound or rewound past a
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Operating Systems
Disk Scheduling

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)
Price per Megabyte of
Magnetic Hard Disk, From 1981 to 2004

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Elements of File Management

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Disk Scheduling
• The operating system is responsible for using hardware
efficiently — for the disk drives, this means having a
fast access time and disk bandwidth.
• Access time has two major components:
• Seek time is the time for the disk are to move the heads to
the cylinder containing the desired sector.
• Rotational latency is the additional time waiting for the disk
to rotate the desired sector to the disk head.
• Minimize seek time  seek distance.
• Disk bandwidth is the total number of bytes
transferred, divided by the total time between the first
request for service Sand
sushma,ITthe completion of last transfer.
Department
 ADITYA ENGINEERING COLLEGE(A)

Components of Disk I/O Transfer

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Disk Scheduling
• There are many sources of disk I/O request:
• OS
• System processes
• Users processes
• I/O request includes input/output mode, disk address,
memory address, number of sectors to transfer.
• OS maintains queue of requests, per disk or device.
• Idle disk can immediately work on I/O request, busy
disk means work must queue:
• Optimization algorithms only make sense when a queue
exists.
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Disk Structure
• Disk drives are addressed as large
1-dimensional arrays of logical blocks, where the
logical block is the smallest unit of transfer.
• The 1-dimensional array of logical blocks is mapped
into the sectors of the disk sequentially:
• Sector 0 is the first sector of the first track on the outermost
cylinder.
• Mapping proceeds in order through that track, then the rest
of the tracks in that cylinder, and then through the rest of
the cylinders from outermost to innermost.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Disk Scheduling Algorithms

• FCFS
• SSTF
Elevator Algorithms
• SCAN
• CSCAN
• LOOK
• CLOOK

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Disk Scheduling Algorithms

• Note that drive controllers have small buffers and can manage a
queue of I/O requests (of varying “depth”).
• Several algorithms exist to schedule the servicing of disk I/O requests.
• The analysis is true for one or many platters.
• We illustrate them with a I/O request queue (cylinders are between
0-199):

queue = 98, 183, 37, 122, 14, 124, 65, 67

head starts at 53

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

First Come First Serve (FCFS) Example

Illustration shows total head movement of 640 cylinders.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

First Come First Serve (FCFS)

• Handle I/O requests sequentially.

• Fair to all processes.
• Approaches random scheduling in performance if
there are many processes/requests.
• Suffers from global zigzag effect.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Shortest Seek Time First (SSTF) Example

Illustration shows total head movement of 236 cylinders.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Shortest Seek Time First (SSTF)

• Selects the request with the minimum seek time from the current
head position.
• Also called Shortest Seek Distance First (SSDF) – It’s easier to compute
distances.
• It’s biased in favor of the middle cylinders requests.
• SSTF scheduling is a form of SJF scheduling; may cause starvation of
some requests.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Elevator Algorithms
• Algorithms based on the common elevator principle.
• Four combinations of Elevator algorithms:
– Service in both directions or in only one direction.
– Go until last cylinder or until last I/O request.

Go until Go until the Go until the

Direction last cylinder last request
Service both
directions Scan Look
Service in only
C-Scan
one direction S sushma,IT
C-Look
Department
 ADITYA ENGINEERING COLLEGE(A)

Scan Example
*In the SCAN algorithm, the disk arm starts
at one end of the disk and moves toward the
other end, servicing requests as it reaches
each cylinder, until it gets to the other end of
the disk. At the other end, the direction of
head movement
is reversed, and servicing continues. The head
continuously scans back and forth across the
disk.
*The SCAN algorithm is sometimes called the
elevator algorithm since the disk
armbehaves just like an elevator in a
building, first servicing all the requests
going up and then reversing to service
requests the other way.

Illustration shows total head movement of 208 cylinder

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

C-Scan Example
*The head moves from one end of the disk to
the other, servicing requests as it goes. When it
reaches the other end, however, it immediately
returns to the beginning of the disk, without
servicing any requests on the return trip.
*When the head reaches the other end, however,
it immediately returns to the beginning of the
disk without servicing any requests on the return
trip.
*The C-SCAN scheduling algorithm essentially
treats the cylinders as a circular list that wraps
around from the final cylinder to the first one.
*Provides a more uniform wait time than SCAN;
it treats all cylinders in the same manner.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Look

• Both SCAN and C-SCAN move the disk arm across

the full width of the disk.
• In practice, neither algorithm is often implemented
this way. More commonly, the arm goes only as far
as the final request in each direction. Then, it
reverses direction immediately,without going all the
way to the end of the disk.
• The disk arm starts at the first I/O request on the
disk, and moves toward the last I/O request on the
other end, servicing requests until it gets to the
other extreme I/O request on the disk, where the
head movement is reversed and servicing
continues.
• It moves in both directions until both last I/O
requests; more inclined to serve the middle cylinder
requests.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

C-Look Example

• Look version of C-Scan.

• Arm only goes as far as the last
request in each direction, then
reverses direction immediately,
without first going all the way to
the end of the disk.
• In general, Circular versions are
more fair but pay with a larger
total seek time.
• Scan versions have a larger total
seek time than the
corresponding Look versions.
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Disk Scheduling Algorithms

Given so many disk-scheduling algorithms, how do we choose the best one?
SSTF is common and has a natural appeal because it increases performance over
FCFS. SCAN and C-SCAN perform better for systems that place a heavy load on
the disk, because they are less likely to cause a starvation problem.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Another Example
LOOK C-LOOK

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Graphs for previous example

LOOK

S sushma,IT Department
C-LOOK
 ADITYA ENGINEERING COLLEGE(A)

Other Disk Scheduling Policies

• Pickup
• A combination of FCFS and Look.
• Goes to next I/O request by FCFS but services all existing requests on the way
to it.
• Priority
• Goal is not to optimize disk use but to meet other objectives.
• Short batch jobs may have higher priority.
• Provide good interactive response time.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Scan Algorithm Variations

• FScan
• Use two queues.
• One queue is empty to receive new requests.
• N-step-Scan
• Segments the disk request queue into subqueues of
length N.
• Subqueues are processed one at a time, using Scan.
• New requests added to other queue when a certain queue
is processed.
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Selecting a Disk-Scheduling Algorithm (1)

• Performance depends on the number and types of requests.

• Requests for disk service can be influenced by the file-allocation
method.
• The disk-scheduling algorithm should be written as a separate module
of the operating system, allowing it to be replaced with a different
algorithm if necessary.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Selecting a Disk-Scheduling Algorithm (2)

• With low load on the disk, It’s FCFS anyway.

• SSTF is common and has a natural appeal – good for medium disk
load.
• SCAN and C-SCAN perform better for systems that place a heavy load on the
disk; Less starvation.
• Performance depends on number and types of requests.
• Requests for disk service can be influenced by the file-allocation
method and metadata layout.
• Either SSTF or LOOK (as part of an Elevator package) is a reasonable
choice for the default algorithm.
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Disk Structure
• Magnetic tape was used as an early secondary-storage medium.
• Although it is relatively permanent and can hold large quantities of data, its access time
is slow compared with that of main memory and magnetic disk

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

RAID Structure
 The general idea behind RAID is to employ a group of hard drives together with some form of
duplication, either to increase reliability or to speed up operations, ( or sometimes both. )

 RAID originally stood for Redundant Array of Inexpensive Disks, and was designed to use a bunch
of cheap small disks in place of one or two larger more expensive ones. Today RAID systems
employ large possibly expensive disks as their components, switching the definition to
Independent disks.
Striping: means spreading data out across multiple disks that can be accessed simultaneously.

mirroring: a system contains identical data on two or more disks.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

RAID Levels
Raid Level 0 - This level includes striping only, with no mirroring.

Raid Level 1 - This level includes mirroring only, no striping.

Raid Level 2 - This level stores error-correcting codes on additional disks, allowing for any damaged data to be
reconstructed by subtraction from the remaining undamaged data. Note that this scheme requires only three extra
disks to protect 4 disks worth of data, as opposed to full mirroring. ( The number of disks required is a function of
the error-correcting algorithms, and the means by which the particular bad bit(s) is(are) identified.)

Raid Level 3 - This level is similar to level 2, except that it takes advantage of the fact that each disk is still doing its
own error-detection, so that when an error occurs, there is no question about which disk in the array has the bad
data. As a result a single parity bit is all that is needed to recover the lost data from an array of disks. Level 3 also
includes striping, which improves performance. The downside with the parity approach is that every disk must take
part in every disk access, and the parity bits must be constantly calculated and checked, reducing performance.
Hardware-level parity calculations and NVRAM cache can help with both of those issues. In practice level 3 is
greatly preferred over level 2.
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

RAID Levels
Raid Level 4 - This level is similar to level 3, employing block-level striping instead of bit- level striping. The benefits
are that multiple blocks can be read independently, and changes to a block only require writing two blocks ( data
and parity ) rather than involving all disks. Note that new disks can be added seamlessly to the system provided they
are initialized to all zeros, as this does not affect the parity results.

Raid Level 5 - This level is similar to level 4, except the parity blocks are distributed over all disks, thereby more
evenly balancing the load on the system. For any given block on the disk(s), one of the disks will hold the parity
information for that block and the other N-1 disks will hold the data. Note that the same disk cannot hold both data
and parity for the same block, as both would be lost in the event of a disk crash.

Raid Level 6 - This level extends raid level 5 by storing multiple bits of error-recovery codes, ( such as the
Reed-Solomon codes ), for each bit position of data, rather than a single parity bit. In the example shown below 2
bits of ECC are stored for every 4 bits of data, allowing data recovery in the face of up to two simultaneous disk
failures. Note that this still involves only 50% increase in storage needs, as opposed to 100% for simple mirroring
which could only tolerate a single disk failure.
S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)
RAID Levels

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)
Stable-Storage Implementation
 The concept of stable storage involves a storage medium in which data is never lost, even in the face of
equipment failure in the middle of a write operation.

 To implement this requires two ( or more ) copies of the data, with separate failure modes.

 An attempted disk write results in one of three possible outcomes:

1. The data is successfully and completely written.

2. The data is partially written, but not completely. The last block written may be garbled.

3. No writing takes place at all.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)
Stable-Storage Implementation
 • Whenever an equipment failure occurs during a write, the system must detect it, and return the system
back to a consistent state. To do this requires two physical blocks for every logical block, and the following
procedure:

 1. Write the data to the first physical block.

 2. After step 1 had completed, then write the data to the second physical block.

 3. Declare the operation complete only after both physical writes have completed successfully.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)
Stable-Storage Implementation
 • During recovery the pair of blocks is examined.

 If both blocks are identical and there is no sign of damage, then no further action is necessary.

 If one block contains a detectable error but the other does not, then the damaged block is replaced with the
good copy. ( This will either undo the operation or complete the operation, depending on which block is
damaged and which is undamaged. )

 If neither block shows damage but the data in the blocks differ, then replace the data in the first block with the
data in the second block. ( Undo the operation. )

 • Because the sequence of operations described above is slow, stable storage usually includes NVRAM as a
cache, and declares a write operation complete once it has been written to the NVRAM.

S sushma,IT Department
 ADITYA ENGINEERING COLLEGE(A)

Chapter 14: System

Protection

Operating System Concepts – 8th Edition, Silberschatz, Galvin and Gagne ©2009

Chapter 14: System Protection

 Goals of Protection
 Principles of Protection
 Domain of Protection
 Access Matrix
 Implementation of Access Matrix
 Access Control
 Revocation of Access Rights
 Capability-Based Systems
 Language-Based Protection
14.2
 ADITYA ENGINEERING COLLEGE(A)
Objectives
 Discuss the goals and principles of protection in a modern computer system
 Explain how protection domains combined with an access matrix are used to specify the resources a process may access
 Examine capability and language-based protection systems

Operating System Concepts – 8th Edition 14.3 Silberschatz, Galvin and Gagne ©2009

Goals of Protection
 Operating system consists of a collection of objects, hardware or software

 Each object has a unique name and can be accessed through a well- defined set of operations.

 Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.

14.4
 ADITYA ENGINEERING COLLEGE(A)
Principles of Protection
 Guiding principle – principle of least privilege
 Programs, users and systems should be given just enough privileges to perform their tasks

Operating System Concepts – 8th Edition 14.5 Silberschatz, Galvin and Gagne ©2009

Domain Structure
 Access-right = <object-name, rights-set>
where rights-set is a subset of all valid operations that can be performed on the object.

 Domain = set of access-rights

14.6
 ADITYA ENGINEERING COLLEGE(A)
Domain Implementation (UNIX)
 System consists of 2 domains:
 User
 Supervisor

 UNIX
 Domain = user-id
 Domain switch accomplished via file system.
 Each file has associated with it a domain bit (setuid bit).
 When file is executed and setuid = on, then user-id is set to owner of the file being executed. When execution completes user-id
is reset.
Operating System Concepts – 8th Edition 14.7 Silberschatz, Galvin and Gagne ©2009

Domain Implementation (MULTICS)

 Let Di and Dj be any two domain rings.
 If j < I  Di  Dj

14.8
 ADITYA ENGINEERING COLLEGE(A)
Access Matrix
 View protection as a matrix (access matrix)

 Rows represent domains

 Columns represent objects

 Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj

Operating System Concepts – 8th Edition 14.9 Silberschatz, Galvin and Gagne ©2009

Access Matrix

14.10
 ADITYA ENGINEERING COLLEGE(A)
Use of Access Matrix
 If a process in Domain Di tries to do “op” on object Oj, then “op” must be in the access matrix.

 Can be expanded to dynamic protection.

 Operations to add, delete access rights.
 Special access rights:
 owner of Oi
 copy op from Oi to Oj
 control – Di can modify Dj access rights
 transfer – switch from domain Di to Dj
Operating System Concepts – 8th Edition 14.11 Silberschatz, Galvin and Gagne ©2009

Use of Access Matrix (Cont.)

 Access matrix design separates mechanism from policy.
 Mechanism
and that rules are strictly enforced.
 Operating system provides access-matrix + rules.
 Policy
 If ensures that the matrix is only manipulated by authorized agents
 User dictates policy.
 Who can access what object and in what mode.

14.12
 ADITYA ENGINEERING COLLEGE(A)
Implementation of Access Matrix
 Each column = Access-control list for one object Defines who can perform what
operation.
Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read
⁝
 Each Row
Fore each= domain,
Capability Listoperations
what (like a key)
allowed on what objects.
Object 1 – Read
Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy

Operating System Concepts – 8th Edition 14.13 Silberschatz, Galvin and Gagne ©2009

Access Matrix of Figure A With Domains as Objects

Figure B

14.14
 ADITYA ENGINEERING COLLEGE(A)
Access Matrix with Copy Rights

Operating System Concepts – 8th Edition 14.15 Silberschatz, Galvin and Gagne ©2009

Access Matrix With Owner Rights

14.16
 ADITYA ENGINEERING COLLEGE(A)
Modified Access Matrix of Figure B

Operating System Concepts – 8th Edition 14.17 Silberschatz, Galvin and Gagne ©2009

Access Control
 Protection can be applied to non-file resources
 Solaris 10 provides role-based access control to implement least privilege
 Privilege is right to execute system call or use an option within a system call
 Can be assigned to processes
 Users assigned roles granting access to privileges and programs

14.18
 ADITYA ENGINEERING COLLEGE(A)
Role-based Access Control in Solaris 10

Operating System Concepts – 8th Edition 14.19 Silberschatz, Galvin and Gagne ©2009

Revocation of Access Rights

 Access List – Delete access rights from access list.
 Simple
 Immediate

 Capability List – Scheme required to locate capability in the system before capability can be revoked.
 Reacquisition
 Back-pointers
 Indirection
 Keys
14.20
 Chapter 15: Security

Operating System Concepts – 8th Edition Silberschatz, Galvin and Gagne ©2009
 ADITYA ENGINEERING COLLEGE(A)

Objectives
• To discuss security threats and attacks

• To explain the fundamentals of encryption, authentication, and

hashing

• To examine the uses of cryptography in computing

• To describe the various countermeasures to security attacks

 ADITYA ENGINEERING COLLEGE(A)

The Security Problem

• System secure if resources used and accessed as intended under all circumstances
• Unachievable

• Intruders (crackers) attempt to breach security

• Threat is potential security violation

• Attack is attempt to breach security

• Attack can be accidental or malicious

• Easier to protect against accidental than malicious misuse

 ADITYA ENGINEERING COLLEGE(A)
Security Violation Categories
• Breach of confidentiality
• Unauthorized reading of data
• Breach of integrity
• Unauthorized modification of data
• Breach of availability
• Unauthorized destruction of data
• Theft of service
• Unauthorized use of resources
• Denial of service (DOS)
• Prevention of legitimate use
 ADITYA ENGINEERING COLLEGE(A)

Security Violation Methods

• Masquerading (breach authentication)

• Pretending to be an authorized user to escalate privileges
• Replay attack
• As is or with message modification
• Man-in-the-middle attack
• Intruder sits in data flow, masquerading as sender to receiver and vice versa
• Session hijacking
• Intercept an already-established session to bypass authentication
 ADITYA ENGINEERING COLLEGE(A)
Standard Security Attacks
 ADITYA ENGINEERING COLLEGE(A)
Security Measure Levels

• Impossible to have absolute security, but make cost to perpetrator sufficiently high
to deter most intruders
• Security must occur at four levels to be effective:
• Physical
• Data centers, servers, connected terminals
• Human
• Avoid social engineering, phishing, dumpster diving
• Operating System
• Protection mechanisms, debugging
• Network
• Intercepted communications, interruption, DOS
• Security is as weak as the weakest link in the chain
• But can too much security be a problem?
 ADITYA ENGINEERING COLLEGE(A)

Program Threats
• Many variations, many names
• Trojan Horse
• Code segment that misuses its environment
• Exploits mechanisms for allowing programs written by users to be executed
by other users
• Spyware, pop-up browser windows, covert channels
• Up to 80% of spam delivered by spyware-infected systems
• Trap Door
• Specific user identifier or password that circumvents normal security
procedures
• Could be included in a compiler
• How to detect them?
 ADITYA ENGINEERING COLLEGE(A)

Program Threats (Cont.)

• Logic Bomb
• Program that initiates a security incident under certain circumstances
• Stack and Buffer Overflow
• Exploits a bug in a program (overflow either the stack or memory buffers)
• Failure to check bounds on inputs, arguments
• Write past arguments on the stack into the return address on stack
• When routine returns from call, returns to hacked address
• Pointed to code loaded onto stack that executes malicious code
• Unauthorized user or privilege escalation
 ADITYA ENGINEERING COLLEGE(A)
C Program with Buffer-overflow Condition

#include <stdio.h>
#define BUFFER SIZE 256
int main(int argc, char *argv[])
{
char buffer[BUFFER SIZE];
if (argc < 2)
return -1;
else {
strcpy(buffer,argv[1]);
return 0;
}
}
 ADITYA ENGINEERING COLLEGE(A)
Layout of Typical Stack Frame
 ADITYA ENGINEERING COLLEGE(A)
Modified Shell Code

#include <stdio.h>
int main(int argc, char *argv[])
{
execvp(‘‘\bin\sh’’,‘‘\bin \sh’’, NULL);
return 0;
}
 ADITYA ENGINEERING COLLEGE(A)
Hypothetical Stack Frame

Before attack After attack

 ADITYA ENGINEERING COLLEGE(A)

Great Programming Required?

• For the first step of determining the bug, and second step of writing exploit
code, yes
• Script kiddies can run pre-written exploit code to attack a given system
• Attack code can get a shell with the processes’ owner’s permissions
• Or open a network port, delete files, download a program, etc
• Depending on bug, attack can be executed across a network using allowed
connections, bypassing firewalls
• Buffer overflow can be disabled by disabling stack execution or adding bit to
page table to indicate “non-executable” state
• Available in SPARC and x86
• But still have security exploits
 ADITYA ENGINEERING COLLEGE(A)
Program Threats (Cont.)
• Viruses
• Code fragment embedded in legitimate program
• Self-replicating, designed to infect other computers
• Very specific to CPU architecture, operating system, applications
• Usually borne via email or as a macro
• Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS = CreateObject(’’Scripting.FileSystemObject’’)
vs = Shell(’’c:command.com /k format c:’’,vbHide)
End Sub
 ADITYA ENGINEERING COLLEGE(A)
Program Threats (Cont.)

• Virus dropper inserts virus onto the system

• Many categories of viruses, literally many thousands of viruses

• File / parasitic
• Boot / memory
• Macro
• Source code
• Polymorphic to avoid having a virus signature
• Encrypted
• Stealth
• Tunneling
• Multipartite
• Armored
 ADITYA ENGINEERING COLLEGE(A)
A Boot-sector Computer Virus
 ADITYA ENGINEERING COLLEGE(A)

The Threat Continues

• Attacks still common, still occurring
• Attacks moved over time from science experiments to tools of organized
crime
• Targeting specific companies
• Creating botnets to use as tool for spam and DDOS delivery
• Keystroke logger to grab passwords, credit card numbers

• Why is Windows the target for most attacks?

• Most common
• Everyone is an administrator
• Licensing required?
• Monoculture considered harmful
 ADITYA ENGINEERING COLLEGE(A)
System and Network Threats

• Some systems “open” rather than secure by default

• Reduce attack surface
• But harder to use, more knowledge needed to administer

• Network threats harder to detect, prevent

• Protection systems weaker
• More difficult to have a shared secret on which to base access
• No physical limits once system attached to internet
• Or on network with system attached to internet
• Even determining location of connecting system difficult
• IP address is only knowledge
 ADITYA ENGINEERING COLLEGE(A)
System and Network Threats (Cont.)

• Worms – use spawn mechanism; standalone program

• Internet worm
• Exploited UNIX networking features (remote access) and bugs in finger and
sendmail programs
• Exploited trust-relationship mechanism used by rsh to access friendly systems
without use of password
• Grappling hook program uploaded main worm program
• 99 lines of C code
• Hooked system then uploaded main code, tried to attack connected systems
• Also tried to break into other users accounts on local system via password
guessing
• If target system already infected, abort, except for every 7 th time
 ADITYA ENGINEERING COLLEGE(A)

The Morris Internet Worm

 ADITYA ENGINEERING COLLEGE(A)

System and Network Threats (Cont.)

• Port scanning
• Automated attempt to connect to a range of ports on one or a range of IP
addresses
• Detection of answering service protocol
• Detection of OS and version running on system
• nmap scans all ports in a given IP range for a response
• nessus has a database of protocols and bugs (and exploits) to apply against
a system
• Frequently launched from zombie systems
• To decrease trace-ability
 ADITYA ENGINEERING COLLEGE(A)

System and Network Threats (Cont.)

• Denial of Service
• Overload the targeted computer preventing it from doing any useful work
• Distributed denial-of-service (DDOS) come from multiple sites at once
• Consider the start of the IP-connection handshake (SYN)
• How many started-connections can the OS handle?
• Consider traffic to a web site
• How can you tell the difference between being a target and being really popular?
• Accidental – CS students writing bad fork() code
• Purposeful – extortion, punishment
 ADITYA ENGINEERING COLLEGE(A)

Sobig.F Worm
• More modern example

• Disguised as a photo uploaded to adult newsgroup via account created with stolen credit card

• Targeted Windows systems

• Had own SMTP engine to mail itself as attachment to everyone in infect system’s address book

• Disguised with innocuous subject lines, looking like it came from someone known

• Attachment was executable program that created WINPPR23.EXE in default Windows system directory
Plus the Windows Registry
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayX" = %windir%\winppr32.exe /sinc
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayX" = %windir%\winppr32.exe /sinc