Module19: Security(安全) The Security Problem(安全问题 ° Authentication(授权) ° Program Threats(来自程序的威胁) System Threats(来自系统的威胁) Threat Monitoring(威胁的监控) Encryption(加密) Applied Operating System Concepts Silberschatz, Galvin, and Gagne @1999
19.1 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Module 19: Security(安全) • The Security Problem(安全问题) • Authentication(授权) • Program Threats(来自程序的威胁) • System Threats(来自系统的威胁) • Threat Monitoring(威胁的监控) • Encryption(加密)
The Security Problem(安全问题) ° Security must consider external environment of the system, and protect it fror om:(安全必须考虑系统的外环境,以下方面防护:) unauthorized access.(未授权访问) malicious modification or destruction(恶意的修改和破坏) accidental introduction of inconsistency.(意外的引入和不 致) Easier to protect against accidental than malicious misuse.(s] 止意外的误用比防止恶意的误用更加容易) Applied Operating System Concepts 192 Silberschatz, Galvin, and Gagne @1999
19.2 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts The Security Problem(安全问题) • Security must consider external environment of the system, and protect it from:(安全必须考虑系统的外环境,以下方面防护:) – unauthorized access.(未授权访问) – malicious modification or destruction(恶意的修改和破坏) – accidental introduction of inconsistency.(意外的引入和不一 致) • Easier to protect against accidental than malicious misuse.(防 止意外的误用比防止恶意的误用更加容易)
Authentication(授权) User identity most often established through passwords, can be considered a special case of either keys or capabilities.(用户身 份通常使用密码确立,可以认为密码就是某种权限或者钥匙) ° Passwords must be kept secret.(密码必须保持秘密的状态 Frequent change of passwords.(经常更换密码) Use of“ne sabe" passwords.(使用难猜的密码) og lid access attempts.(记录所有非法访问企图) Applied Operating System Concepts Silberschatz, Galvin, and Gagne @1999
19.3 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Authentication(授权) • User identity most often established through passwords, can be considered a special case of either keys or capabilities.(用户身 份通常使用密码确立,可以认为密码就是某种权限或者钥匙) • Passwords must be kept secret.(密码必须保持秘密的状态) – Frequent change of passwords.(经常更换密码) – Use of “non-guessable” passwords.(使用难猜的密码) – Log all invalid access attempts.(记录所有非法访问企图)
Program Threats(程序的威胁 ° Trojan Horse(特洛伊木马) Code segment that misuses its environment.(代码段滥用 环境 Exploits mechanisms for allowing programs written by users to be executed by other users.(利用机制使得某个用户写的 程序可以被其他用户运行) mDo(后门 Specific user identifier or password that circumvents normal securit! y procedures.(特殊的用户标识符或者密码可以绕过 通常的安全检查) Could be included in a compiler.(有可能包含在编译器中) Applied Operating System Concepts 194 Silberschatz, Galvin, and Gagne @1999
19.4 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts Program Threats(程序的威胁) • Trojan Horse(特洛伊木马) – Code segment that misuses its environment.(代码段滥用 环境) – Exploits mechanisms for allowing programs written by users to be executed by other users.(利用机制使得某个用户写的 程序可以被其他用户运行) • Trap Door(后门) – Specific user identifier or password that circumvents normal security procedures.(特殊的用户标识符或者密码可以绕过 通常的安全检查) – Could be included in a compiler.(有可能包含在编译器中)
System Threats(系统的威胁) Worms- use spawn mechanism; standalone program(蠕虫:使用 大量复制机制;独立的程序) nternet worn(因特网蠕虫) Exploited UNIX networking features(remote access)and bugs in finger and sendmail programs.(使用UNX网络特性以及 finger、 sendmail等程序的漏洞) Grappling hook program uploaded main worm program.(ttl 程序启动蠕虫程序的主体) ° Viruses- fragment of code embedded in a legitimate program.(病毒 嵌入到合法程序中的代码片断) Mainly effect microcomputer systems.(主要影响微机系统) Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection.(从网络下载带 毒程序或者使用受到感染的软盘) Safe computing.(安全计算) Applied Operating System Concepts 19.5 Silberschatz, Galvin, and Gagne @1999
19.5 Silberschatz, Galvin, and Gagne ©1999 Applied Operating System Concepts System Threats(系统的威胁) • Worms – use spawn mechanism; standalone program(蠕虫:使用 大量复制机制;独立的程序) • Internet worm(因特网蠕虫) – Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs.(使用UNIX网络特性以及 finger、sendmail等程序的漏洞) – Grappling hook program uploaded main worm program.(挂钩 程序启动蠕虫程序的主体) • Viruses – fragment of code embedded in a legitimate program.(病毒 :嵌入到合法程序中的代码片断) – Mainly effect microcomputer systems.(主要影响微机系统) – Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection.(从网络下载带 毒程序或者使用受到感染的软盘) – Safe computing.(安全计算)