Saturday 14 January 2012

operating system(6)


6. Protection & Security

1.   What are two advantages of encrypting data shared in the computer system?          [4]
ans :-- It  is the process of taking data and modifying it so that it cannot be read by untrust users. Encryption is an important tool in protection, security and authentication. The process involves two steps (Figure 15.2):
·        Encryption: the original message is changed to some other form
·        Decryption: the encrypted message is restored back to the original


Key

 
 
                        Plain                                                                              Plain

B

 

A

 

Encrypton

 

Decrypton

 
                        Text                                                                               Text
                                                            Cipher text                              

Figure 15.2: Conventional Encryption

Data before encryption is called plain text and after encryption is called cipher text. Usually the above operations are performed by hardware.
            Encryption could be by one of the following two basic methods:
·        Transposition ciphers
·        Substitution ciphers
In transposition ciphers the contents of the data are not changed but the order is changed. For example, a message could be sent in reverse order like:
                        I am fine à enif ma I
Railfence cipher is a method that belongs to this class. The method is slow because the entire message is to be stored and then encrypted. It also requires more storage space when messages are long.
Substitution ciphers work by sending a set of characters different from the original like:
                        I am fine à r zn ormv
Ceasar cipher is a popular method of this type. This method is fast and requires less memory because characters can be changed as they are read and no storage is required.
            Variations of this scheme are used for bit streams. Encryption in this case involves adding a key to every bit stream and decryption is removing the key from the cipher text.
            Thus every algorithm has a key. It must ensure restoration. Normally a single piece of hardware is responsible for both encryption and decryption.
            In the conventional encryption scheme two parties A and B agree upon a key. Someone say A or B or a third party has to decide upon this common key get concurrence from concerned parties and initiate communication. This is called key distribution. Each pair of nodes needs a unique key. If there are ‘n’ nodes then there will be nx(n-1)/2 keys. If ‘n’ is large then the number of keys will also be large. Deciding, conveying and storing these keys is a mammoth job. Tapping can take place. This is the key distribution problem.
            An alternate is the public key encryption. Keys used for encryption and decryption are not the same. Key K1 is used for encryption and another key K2 is used for decryption. A message encrypted using K1 can be decrypted only using K2 and not K1. One of the keys is publicly known. Hence the name public key encryption. Decryption is done using a private key and hence information cannot leak out. Interchange of keys K1 and K2 is possible that is, K2 to encrypt and K1 to decrypt.
            Each user has two keys, one public and one private (Figure 15.3). The private key is a secret but the user publishes the public key to a central key database. The database maintains public keys of different users.






 
                                                B’s public key                                         B’s private key
                        Plain                                                                              Plain

A

 

B

 

Decryption

 

Encrypton

 
                        Text                                                                               Text
                                                            Cipher text                              

 

Figure 15.3: Public key Encryption


Encryption and decryption are as follows:
·        A wants to send a message to B.
·        A searches the database of public keys for the public key of B.
·        A encrypts the data using B’s public key.
·        The cipher text is sent to B.
·        B receives this cipher text.
·        B decrypts the received cipher text using its private key and reads the message.

The problem here is that of authentication. B does not know who has sent the message to it because everybody knows B’s public key. In the conventional encryption method a single key is used between two parties and hence the receiver knows the sender. But it suffers from the problem of key distribution. In public key encryption method, for ‘n’ nodes in the network only 2xn keys (1 public and 1 private for each of the nodes) are required. There need be no agreement. Private key is chosen and a public key is made known. Key distribution is really not necessary. Key leakage and tapping are minimal. Protection is ensured but authentication is not provided.

2          The list of all passwords Is kept within the operating, system. Thus, If a user manages to read this list, password protection is no longer provided. Suggest a scheme that will avoid this problem.                                                         [5]
3.         With reference to Unix consider the following situation:
4.         What protection problems may arise if a shared stack is used for parameter passing?
                                                                                                                                            [6]

5.         What are the assets of a computer system? What are the possible categories of attack on the security of a computer system or network?                [6]

6.  A password may become known to other user by any way. Is there a simple method for detecting that such an event has occurred? Explain your answer.        [5]
7          What are the advantages of public-key encryption?                                                  [6]
ans :-- Symmetric-key cryptosystems use the same key for encryption and decryption of a message, though a message or group of messages may have a different key than others. A significant disadvantage of symmetric ciphers is the key management necessary to use them securely.
The public –key encryption  sloved this problem by creating a set of two different keys for anyone needing to transmit encrypted information. A precise mathematical relationship exists information. A precise mathematical relationship exists between the two keys, which together are called a key pair. Both keys are produced at the same time using algorithm. As a result ,when either one o he two keys is used to encrypted a message, the other can be used to decrypt it.
                        The two keys in a key pair are as follows :
a)      private key :-- a private key is known only to the owner
b)     public key :-- a public key is distributed to any user who resust it. Because the public and private keys are related mathematically ,someone could take another person’s public key,perform complex mathe,atical calculations on it, and extract the corresponding private key. Therefore use keys sufficiently long and with a sufficiently complex mathematically relationship so that it is all but impossible to extract the private key from the public one. Once a key pair is generated for someone, that person can use it to enrypt messages and digitally  sign messages so that the recipient can be sure of the identity of the sender. The whole public key cryption system is founded on trust. All persons who are issued key pairs must trust the third party authority who provided the key pairs. This trusted authority is called a certifitcate authority.

8          Discuss a means by which managers of system connected to the Internet could have designed their systems to limit or eliminate the damage done by the worm. What are the drawbacks of making the change that you suggest?         [7]
9.         What protection problems may arise if a shared stack is used for parameter passing?                                                                                      [4]

10.
What is the main difference between worm and virus?                                                  [4]
Ans :--  a worm is a variation on the theme of the virus;instead of attaching itself to another program, a worm is an independent process which spawns copies of itself. The effect of this is to clog up a system with spurious execution of these processes,preventing legitimate processes from running property. In addition, like a virus, the worm may perform some other destructve activity. Worm are usually associate with propagation through network systems. A major incidence of the worm was reported in 1988 when one propagated itself through thousand of UNIX computer time and rendering many of these machines temporarity useless.

 VIRUS:A computer virus is written with an intention of infecting other programs. It is a part of a program that piggybacks on to a valid program. It differs from the worm in the following ways:
·        Worm is a complete program by itself and can execute independently whereas virus does not operate independently.
·        Worm consumes only system resources but virus causes direct harm to the system by corrupting code as well as data.
There are several types of computer viruses. New types get added every now and then. Some of the common varieties are:
·        Boot sector infectors
·        Memory resident infectors
·        File specific infectors
·        Command processor infectors

11.       What is meant by a domain and rights on it? Describe a Capability list and ways of protecting it from user tampering.                                                                              [9]
ans :-- a capability list for a domain is a list of objects together with the operation allowed on those objects. An object is often represented by its physical name or address, called a capability. The capability list is associated with a domain, but it is never directly accessible to a proess executing in that domain. Rather , the capability list is itself a protected object, maintained by the  OS and accessed by the user nly indirectly. Capability based protection relies on the fact that  capabilities are never allowed to migrate into any address space directly accessaible by a user process. If all capabilityes are secure, the object they protect is also secure againt unauthoriezed access. Capabilities wrer originally propoed that was foreseen as multiprogrammed comuter ssystem came of age. The idea of an inherently protected pinter provides a foundation for protection that can be extended up to the applications level. To provide inherent protection,we must distinguish capabilities from other kinds  of objects, and they must be interpreted by an abstract machnine on which higher-level program run. Capabilities are sueually distinguished from other data .several capabilities based protection system have been developed.

12        Access Matrix is used for user authentication which can be implemented by Access List and Capability List. Briefly explain the two implementations.               [4]
13        Distinguish between different divisions of classification as per US Department of Defence Trusted Computer System Evaluation Criteria.                        [6]

14.       Describe the public-key encryption scheme and mention how is it advantageous to the data-encryption standard.                                                                                        [10]
 15.   What is protection domain? What are the various methods of storing a protection matrix?
Ans :-- a computer system is a collection of processes and object . by object ,we mean both hardware objet (such a CPU, MEMORY SEGMENT,PRINTER, DISKS AND TAPE DRIVES) and software objects (such as FILES, PROGRAM AND SEMAPHORES) . Each object has a unique name that differentiates it from all other  object in the system, and each can be accessed only through well defined and meaningful operations .object are essentially abstract data types. To facilities the scheme just described, a process operates within a protection domain,which specifies the resourse that the process may access. Each domain defines a set of object and the types of operations on an object is an access right. A domain is a collection od access rights, each of which is an ordered pair <object_name,right_set>.  A domain can be realized in a varity of ways :--
è each user may be a domain.in this case, the set of objcect that can be accessed depended on the identifity of the user. Domain switching occurs when the user is changed.
è each process may be a domain. In this case , the set of object that can be accessed depending on the identity of the process. Domain switching occurs when one process sends a message to another process and then waits for a respose.
è each procedure may be a domain. In set of objects that can be accessed corresponds to the locl variable defined eithin the procedure.

Method of protection matrix:--
A LOCK KEY MECHANISM:-- the lock key scheme is a compromise between access lists and capability lists. Each object has a list of unique bit pattern,called locks.

                                                                                                                                                  [3]

16. How an access matrix is used for implementing protection policies?                          [4]
ANS :--
 the rows of the access matrix represent domains, and the olumns represent object. Each entry in the matrix consists of a set of access rights. Because the column defines objects explicitly,we can omit the object name from the access right.the entry access (I,j) defines the set of operations that a process executing in domain Di can invoke on object  O j . the matrix scheme provides us with the mechanism for specifying a variety of policies. The machanism consists of implementing the access matrix and ensuring that the semantic properties we have outlined hold.  The matrix can implement policy decisions concerning protection. The policy decisions involve which rights should be include in the (I,j) th entry. The user normally decide the consists of the aceess matrix entries. When a user creates a new object oj , the column oj is added to the acess matrix with the appropriate initialization entries, as dictated by the creator. The access matrix provides an appropriate mechanism for defined and implementing strick control for both the static and dynamic associaton etween processes and domains. When  we switch a process from one domain to another, wea re executing an operation(switch) on an object (the domain) . w can control domain switching by including domains among the object s of the accesss matrix.
                            
       Object

domain
F1
F2
F3
Printer
D1
READ

READ

D2



PRINT
D3

READ
EXECUTE

D4
READ
WRITE

READ
WRITE



No comments:

Post a Comment