Silberschatz,Galvin,and Gagne?199919.1Applied Operating System Concepts
Module 19,Security(安全)
The Security Problem(安全问题)
Authentication(授权)
Program Threats(来自程序的威胁)
System Threats(来自系统的威胁)
Threat Monitoring(威胁的监控)
Encryption(加密)
Silberschatz,Galvin,and Gagne?199919.2Applied Operating System Concepts
The Security Problem(安全问题)
Security must consider external environment of the system,and
protect it from:(安全必须考虑系统的外环境,以下方面防护:)
– unauthorized access.(未授权访问)
– malicious modification or destruction(恶意的修改和破坏)
– accidental introduction of inconsistency.(意外的引入和不一致)
Easier to protect against accidental than malicious misuse.(防止意外的误用比防止恶意的误用更加容易)
Silberschatz,Galvin,and Gagne?199919.3Applied Operating System Concepts
Authentication(授权)
User identity most often established through passwords,can be
considered a special case of either keys or capabilities.(用户身份通常使用密码确立,可以认为密码就是某种权限或者钥匙)
Passwords must be kept secret.(密码必须保持秘密的状态)
– Frequent change of passwords.(经常更换密码)
– Use of,non-guessable” passwords.(使用难猜的密码)
– Log all invalid access attempts.(记录所有非法访问企图)
Silberschatz,Galvin,and Gagne?199919.4Applied Operating System Concepts
Program Threats(程序的威胁)
Trojan Horse(特洛伊木马)
– Code segment that misuses its environment.(代码段滥用环境)
– Exploits mechanisms for allowing programs written by users
to be executed by other users.(利用机制使得某个用户写的程序可以被其他用户运行)
Trap Door(后门)
– Specific user identifier or password that circumvents normal
security procedures.(特殊的用户标识符或者密码可以绕过通常的安全检查)
– Could be included in a compiler.(有可能包含在编译器中)
Silberschatz,Galvin,and Gagne?199919.5Applied Operating System Concepts
System Threats(系统的威胁)
Worms – use spawn mechanism; standalone program(蠕虫:使用大量复制机制;独立的程序)
Internet worm(因特网蠕虫)
– Exploited UNIX networking features (remote access) and bugs
in finger and sendmail programs.(使用 UNIX网络特性以及
finger,sendmail等程序的漏洞)
– Grappling hook program uploaded main worm program.( 挂钩程序启动蠕虫程序的主体)
Viruses – fragment of code embedded in a legitimate program.(病毒
:嵌入到合法程序中的代码片断)
– Mainly effect microcomputer systems.(主要影响微机系统)
– Downloading viral programs from public bulletin boards or
exchanging floppy disks containing an infection.(从网络下载带毒程序或者使用受到感染的软盘)
– Safe computing.(安全计算)
Silberschatz,Galvin,and Gagne?199919.6Applied Operating System Concepts
The Morris Internet Worm( Morris因特网蠕虫)
Silberschatz,Galvin,and Gagne?199919.7Applied Operating System Concepts
Threat Monitoring(威胁监控)
Check for suspicious patterns of activity – i.e.,several incorrect
password attempts may signal password guessing.(检查可疑的行动模式:例如,多次错误的密码尝试可能表示有人在猜密码)
Audit log – records the time,user,and type of all accesses to an
object; useful for recovery from a violation and developing better
security measures.(审计日志:记录所有对象访问的时间、用户
、以及类型;对于受损后的恢复以及开发更好的安全措施有用)
Scan the system periodically for security holes; done when the
computer is relatively unused.(定期扫描系统安全漏洞;系统不用的时候关闭)
Silberschatz,Galvin,and Gagne?199919.8Applied Operating System Concepts
Threat Monitoring (Cont.)(威胁监控)
Check for:(检查 )
– Short or easy-to-guess passwords(过短的或易猜的密码)
– Unauthorized set-uid programs(未授权的 set-uid程序)
– Unauthorized programs in system directories(系统目录中的未授权程序)
– Unexpected long-running processes(程序的意外超常时间运行)
– Improper directory protections(不恰当的目录保护)
– Improper protections on system data files(不恰当的系统数据文件保护)
– Dangerous entries in the program search path (Trojan horse)
(危险的程序搜索路径入口)
– Changes to system programs,monitor checksum values(系统程序的改变:监控器检查程序代码的校验和)
Silberschatz,Galvin,and Gagne?199919.9Applied Operating System Concepts
Network Security Through Domain Separation Via Firewall
网络安全通过使用防火墙分离的域实现
Silberschatz,Galvin,and Gagne?199919.10Applied Operating System Concepts
Encryption(加密)
Encrypt clear text into cipher text.(加密使得明文变成密文)
Properties of good encryption technique:(优秀加密技术的特征)
– Relatively simple for authorized users to incrypt and decrypt
data,(对于授权用户,加密和解密都相对的简单)
– Encryption scheme depends not on the secrecy of the
algorithm but on a parameter of the algorithm called the
encryption key.(加密模式依赖于算法的密钥参数,而不是算法的保密)
– Extremely difficult for an intruder to determine the encryption
key.(入侵者确定密钥极为困难)
Data Encryption Standard substitutes characters and rearranges
their order on the basis of an encryption key provided to authorized
users via a secure mechanism,Scheme only as secure as the
mechanism,(数据加密标准使用通过安全机制提供给授权用户的密钥代替了打乱次序文字串。模式和机制一样安全)
Silberschatz,Galvin,and Gagne?199919.11Applied Operating System Concepts
Encryption (Cont.)(加密 续)
Public-key encryption based on each user having two keys:(公钥加密,每个用户有两个密钥)
– public key – published key used to encrypt data.(公钥:用于加密的公共密钥)
– private key – key known only to individual user used to
decrypt data.(私钥:用于解密的密钥,只有授权的用户个人知道)
Must be an encryption scheme that can be made public without
making it easy to figure out the decryption scheme.(加密模式必须可以公开,并且不会因此容易计算出来)
– Efficient algorithm for testing whether or not a number is
prime.(高效的算法测试一个数是否为素数)
– No efficient algorithm is know for finding the prime factors of
a number.(大数的质因数分解目前只有复杂度很高的算法)
Silberschatz,Galvin,and Gagne?199919.12Applied Operating System Concepts
Java Security Model( Java的安全模型)
Module 19,Security(安全)
The Security Problem(安全问题)
Authentication(授权)
Program Threats(来自程序的威胁)
System Threats(来自系统的威胁)
Threat Monitoring(威胁的监控)
Encryption(加密)
Silberschatz,Galvin,and Gagne?199919.2Applied Operating System Concepts
The Security Problem(安全问题)
Security must consider external environment of the system,and
protect it from:(安全必须考虑系统的外环境,以下方面防护:)
– unauthorized access.(未授权访问)
– malicious modification or destruction(恶意的修改和破坏)
– accidental introduction of inconsistency.(意外的引入和不一致)
Easier to protect against accidental than malicious misuse.(防止意外的误用比防止恶意的误用更加容易)
Silberschatz,Galvin,and Gagne?199919.3Applied Operating System Concepts
Authentication(授权)
User identity most often established through passwords,can be
considered a special case of either keys or capabilities.(用户身份通常使用密码确立,可以认为密码就是某种权限或者钥匙)
Passwords must be kept secret.(密码必须保持秘密的状态)
– Frequent change of passwords.(经常更换密码)
– Use of,non-guessable” passwords.(使用难猜的密码)
– Log all invalid access attempts.(记录所有非法访问企图)
Silberschatz,Galvin,and Gagne?199919.4Applied Operating System Concepts
Program Threats(程序的威胁)
Trojan Horse(特洛伊木马)
– Code segment that misuses its environment.(代码段滥用环境)
– Exploits mechanisms for allowing programs written by users
to be executed by other users.(利用机制使得某个用户写的程序可以被其他用户运行)
Trap Door(后门)
– Specific user identifier or password that circumvents normal
security procedures.(特殊的用户标识符或者密码可以绕过通常的安全检查)
– Could be included in a compiler.(有可能包含在编译器中)
Silberschatz,Galvin,and Gagne?199919.5Applied Operating System Concepts
System Threats(系统的威胁)
Worms – use spawn mechanism; standalone program(蠕虫:使用大量复制机制;独立的程序)
Internet worm(因特网蠕虫)
– Exploited UNIX networking features (remote access) and bugs
in finger and sendmail programs.(使用 UNIX网络特性以及
finger,sendmail等程序的漏洞)
– Grappling hook program uploaded main worm program.( 挂钩程序启动蠕虫程序的主体)
Viruses – fragment of code embedded in a legitimate program.(病毒
:嵌入到合法程序中的代码片断)
– Mainly effect microcomputer systems.(主要影响微机系统)
– Downloading viral programs from public bulletin boards or
exchanging floppy disks containing an infection.(从网络下载带毒程序或者使用受到感染的软盘)
– Safe computing.(安全计算)
Silberschatz,Galvin,and Gagne?199919.6Applied Operating System Concepts
The Morris Internet Worm( Morris因特网蠕虫)
Silberschatz,Galvin,and Gagne?199919.7Applied Operating System Concepts
Threat Monitoring(威胁监控)
Check for suspicious patterns of activity – i.e.,several incorrect
password attempts may signal password guessing.(检查可疑的行动模式:例如,多次错误的密码尝试可能表示有人在猜密码)
Audit log – records the time,user,and type of all accesses to an
object; useful for recovery from a violation and developing better
security measures.(审计日志:记录所有对象访问的时间、用户
、以及类型;对于受损后的恢复以及开发更好的安全措施有用)
Scan the system periodically for security holes; done when the
computer is relatively unused.(定期扫描系统安全漏洞;系统不用的时候关闭)
Silberschatz,Galvin,and Gagne?199919.8Applied Operating System Concepts
Threat Monitoring (Cont.)(威胁监控)
Check for:(检查 )
– Short or easy-to-guess passwords(过短的或易猜的密码)
– Unauthorized set-uid programs(未授权的 set-uid程序)
– Unauthorized programs in system directories(系统目录中的未授权程序)
– Unexpected long-running processes(程序的意外超常时间运行)
– Improper directory protections(不恰当的目录保护)
– Improper protections on system data files(不恰当的系统数据文件保护)
– Dangerous entries in the program search path (Trojan horse)
(危险的程序搜索路径入口)
– Changes to system programs,monitor checksum values(系统程序的改变:监控器检查程序代码的校验和)
Silberschatz,Galvin,and Gagne?199919.9Applied Operating System Concepts
Network Security Through Domain Separation Via Firewall
网络安全通过使用防火墙分离的域实现
Silberschatz,Galvin,and Gagne?199919.10Applied Operating System Concepts
Encryption(加密)
Encrypt clear text into cipher text.(加密使得明文变成密文)
Properties of good encryption technique:(优秀加密技术的特征)
– Relatively simple for authorized users to incrypt and decrypt
data,(对于授权用户,加密和解密都相对的简单)
– Encryption scheme depends not on the secrecy of the
algorithm but on a parameter of the algorithm called the
encryption key.(加密模式依赖于算法的密钥参数,而不是算法的保密)
– Extremely difficult for an intruder to determine the encryption
key.(入侵者确定密钥极为困难)
Data Encryption Standard substitutes characters and rearranges
their order on the basis of an encryption key provided to authorized
users via a secure mechanism,Scheme only as secure as the
mechanism,(数据加密标准使用通过安全机制提供给授权用户的密钥代替了打乱次序文字串。模式和机制一样安全)
Silberschatz,Galvin,and Gagne?199919.11Applied Operating System Concepts
Encryption (Cont.)(加密 续)
Public-key encryption based on each user having two keys:(公钥加密,每个用户有两个密钥)
– public key – published key used to encrypt data.(公钥:用于加密的公共密钥)
– private key – key known only to individual user used to
decrypt data.(私钥:用于解密的密钥,只有授权的用户个人知道)
Must be an encryption scheme that can be made public without
making it easy to figure out the decryption scheme.(加密模式必须可以公开,并且不会因此容易计算出来)
– Efficient algorithm for testing whether or not a number is
prime.(高效的算法测试一个数是否为素数)
– No efficient algorithm is know for finding the prime factors of
a number.(大数的质因数分解目前只有复杂度很高的算法)
Silberschatz,Galvin,and Gagne?199919.12Applied Operating System Concepts
Java Security Model( Java的安全模型)
