If Data Is Confidential and Available but Altered Decryption of Altered Data Usually Gives Garbage Exception: Electronic-Codeboo

38 40

If Data is Conﬁdential and Available but Altered Encryption

• do not use ECB–Mode

• use CBC– or CTR–mode (recommendation Schneier/Ferguson)

• use AES or one of the ﬁnalists – Twoﬁsh (Schneier, Ferguson, Kelsey, Whiting, Wagner, Hall) decryption of altered data usually gives garbage – Serpent (Anderson, Biham, Knudsen) – MARS (Coppersmith et al., IBM) exception: electronic-codebook-mode (ECB) (uses independent blocks) – RC6 (Rivest, patented by RSA)

39 41

ECB-Mode Encrypted Penguin If Data is Non-Alterable and Conﬁdential but not Available

,,Your message with authenticator 08931281763e1de003e5f930c449bf791c9f0db6

encryption is block by block has been received, but unfortunately the server is down.

❀ every block gets another color Your mail-service will never be accessible.”

Example: lavabit.com, Snowden’s e-Mail-Provider 42 44

Authorization: Who is Allowed to Do All This? Problem: Person/Process/Role ⇐⇒ String (2)

How to link a person to a string?

• Person knows something (password, secret cryptographic key).

• Person has something (token, USB–key, chipcard).

Authorized entities only. • Person is something (biometrics, ﬁngerprint etc.). Only Bob is allowed to enter here. We have to identify persons, processes and their roles.

43 45

Problem: Person/Process/Role ⇐⇒ String (1) Proof of Identity is Called Authentication

Person identiﬁed by picture

String identiﬁed by equality relation. 46 48

Proof of Identity: Links Person to a String

Third party guarantees real identity. Has something: ID–card.

47 49

Proof of True Source is Called Authenticity Authentic Messages

depends on author (key) and message

Either symmetric: Message authentication code

Or by public key: Digital signature 50 52

Management of a Computer System Literature

the user of a computer system needs • FreeBSD Handbook • reliability of his processes http: //www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ • security of his data • the manual pages of the FreeBSD system, for example • access to the attached devices man security • access to the network • the Internet sans.org, schneier.com, www.heise.de/security/ ❀job of system administrator

51 0. Operating System 53

What this course is about... Parts of an OS

1. UNIX Philosophy 2. Files / Inodes 3. Shell An operating system consists of software to enable 4. Processes • process management 5. User Identities • memory management 6. File System • 7. Network ﬁle system 8. Kernel & Booting • input/output 9. Security Issues of a computer system. 10. Local Security 11. Network Security 1. UNIX Philosophy 54 1. UNIX Philosophy 56

UNIX History 1995 OpenBSD splits from NetBSD (security) ... 2005 X.org splits from XFree86 (license debate) ... 2008 OpenSolaris ... 2010 Linux 2.6.33.2, FreeBSD 8.1, OpenBSD 4.7, NetBSD 5.0.2 ... "...the number of UNIX installations has grown to 10, 2012 Linux 3.3.2, FreeBSD 9.0, OpenBSD 5.1, NetBSD 5.1.2

with more expected..." ... 2015 Linux 3.19.5, FreeBSD 10.1, OpenBSD 5.7, NetBSD 6.1.5 - Dennis Ritchie and Ken Thompson, June 1972

1. UNIX Philosophy 55 1. UNIX Philosophy 57

1973 ﬁrst UNIX system by AT&T UNIX Features 1979 UNIX V6 (1BSD) with C, UUCP, Bourne Shell 1980 Microsoft: Xenix 1984 U. of California (Berkeley): 4.2BSD with TCP/IP

1986 U. of California (Berkeley): 4.3BSD with DNS and NFS • multi–tasking ❀ ❀ 1987 MIT: X11 ( XFree86 X.org) • multi–user 1991 U. of California (Berkeley): stop ﬁnancial support of BSD • virtual memory 1991 386BSD splits into FreeBSD and NetBSD • portable (written in C) 1991 Linus Torvalds: Linux • symmetric multiprocessing (SMP) 1993 Novell buys AT&T UNIX Lab 1993 FreeBSD 1.0 1994 Linux 1.0 1. UNIX Philosophy 58 1. UNIX Philosophy 60

UNIX Standards Philosophy

Consortium OpenGroup www.opengroup.org "It is not UNIX’s job to stop you from shooting your foot. • Capgemini (Netherlands)

• Hewlett-Packard (USA) If you so choose to do so,

• IBM (USA) then it is UNIX’s job • SAP (Germany)

• Shenzhen Kingdee Middleware (China) to deliver Mr. Bullet to Mr Foot • Sun Microsystems (USA) in the most efficient way it knows." POSIX (since 1988) en.wikipedia.org/wiki/POSIX

❀(since 2003) Opengroup+POSIX = Single UNIX Speciﬁcation UNIX03 -- Terry Lambert

1. UNIX Philosophy 59 1. UNIX Philosophy 61

Virtual Memory UNIX Basic Commands

cp copy files mv move/rename files If it’s there, and you can see it, it’s real. rm remove files cat show file contents If it’s not there, and you can see it, it’s virtual. more show file pagewise If it’s there, and you can’t see it, it’s transparent. less show file pagewise gzip/gunzip compress files If it’s not there, and you can’t see it, you erased it. bzip2/bunzip2 compress files tar create/extract file archive - IBM, 1978, on virtual memory head show first lines of files tail show last lines of files 1. UNIX Philosophy 62 1. UNIX Philosophy 64

General Structure Manual Page: Example

command options files TOUCH(1) FreeBSD General Commands Manual TOUCH(1) Options are preceded by a hyphen: -a -b -c ... NAME touch -- change file access and modification times Files are denoted by name or pattern SYNOPSIS Patterns contain a touch [-acfhm] [-r file] [-t [[CC]YY]MMDDhhmm[.SS]] file ... • “?” for an arbitrary character DESCRIPTION • “*” for an arbitrary string The touch utility sets the modification and access times of files to the current time of day. If the file doesn’t exist, it is created with default permissions. Manual pages contain possible options

1. UNIX Philosophy 63 1. UNIX Philosophy 65

Manual Pages Manual Page: Example

section meaning 1 Shell commands (tools, utilities) [ls] OPEN(2) FreeBSD System Calls Manual OPEN(2) 2 System calls (kernel functions) [open] 3 Library calls (C library functions) [sqrt] NAME 4 Device Drivers [lp] open -- open or create a file for reading or writing 5 File formats [/etc/passwd] 6 Games LIBRARY Standard C Library (libc, -lc) 7 Macro packages and conventions [man, groff]

8 System administration commands [mount] SYNOPSIS 9 (BSD) Kernel internals [suser] #include Manual pages are searched in this order – ﬁrst match is displayed. int Manual pages are located in /usr/share/man/ open(const char *path, int flags, ...); man -t grep > grep.ps # Save the PostScript version to a file 1. UNIX Philosophy 66 1. UNIX Philosophy 68

Manual Page: Example Manual Page: Structure

NAME SYNOPSIS DESCRIPTION OPTIONS (Linux) FILES EXAMPLES (BSD) SEE ALSO BUGS COMPATIBILITY (BSD) STANDARDS (BSD) HISTORY (BSD) AUTHOR (Linux)

1. UNIX Philosophy 67 1. UNIX Philosophy 69

ASCII(7) FreeBSD Miscellaneous Information Manual ASCII(7) UNIX Design (Files) NAME ascii -- octal, hex and decimal ASCII character sets

... • everything is a file, which means, has a file interface 00NUL 01SOH 02STX 03ETX 04EOT 05ENQ 06ACK 07BEL 08BS 09HT 0ANL 0BVT 0CNP 0DCR 0ESO 0FSI – plain files 10DLE 11DC1 12DC2 13DC3 14DC4 15NAK 16SYN 17ETB 18CAN 19EM 1ASUB 1BESC 1CFS 1DGS 1ERS 1FUS – directories 20SP 21! 22" 23# 24$ 25% 26& 27’ 28( 29) 2a* 2b+ 2c, 2d- 2e. 2f/ – devices 300 311 322 333 344 355 366 377 – main memory 388 399 3a: 3b; 3c< 3d= 3e> 3f? 40@ 41A 42B 43C 44D 45E 46F 47G – ... 48H 49I 4aJ 4bK 4cL 4dM 4eN 4fO 50P 51Q 52R 53S 54T 55U 56V 57W • users are contained in groups 58X 59Y 5aZ 5b[ 5c\ 5d] 5e^ 5f_ 60‘ 61a 62b 63c 64d 65e 66f 67g • 68h 69i 6aj 6bk 6cl 6dm 6en 6fo files are owned by a user and a group 70p 71q 72r 73s 74t 75u 76v 77w • 78x 79y 7az 7b{ 7c| 7d} 7e~ 7fDEL there is one super–user with special privileges ... 1. UNIX Philosophy 70 1. UNIX Philosophy 72

UNIX Design (Processes) Process: Starting Other Processes

• a program is an executable ﬁle, this can be – a compiled program (from non–executable source C, C++) – an interpreted program (JAVA, Shell, Perl,. . . ) but Shell, JAVA–, Perl–Interpreter are compiled programs • a process is a program currently executed by a processor • a process uses code of the programmer, C–library, operating system • a process returns the value . . . · 0 in case of success ❀true · > 0 and ≤ 255 in case of failure ❀false • processes are owned by the user starting it, group owner of the process is the user’s login group • • processes manipulate ﬁles processes are created by OS • the process table may be viewed using the command • termination is accompanied by exit value ❀must be checked ps (process status)

1. UNIX Philosophy 71 1. UNIX Philosophy 73

Process: Layer-Model Process: Programs Calling Libraries

• delegate responsibility • functions are called • simplify bug ﬁxes • termination is accompanied by return value ❀must be checked • discourage reinventing the wheel 1. UNIX Philosophy 74 1. UNIX Philosophy 76

Process: Programs/Libraries Calling System Interface Library: Static Linking (1)

library functions incorporated into program (at compile time)

• system calls (functions) are called • termination is accompanied by return value • return value must be checked for < 0

1. UNIX Philosophy 75 1. UNIX Philosophy 77

Errors on System Call Library: Static Linking (2)

The system call returns –1. + applications are more robust (run standalone) CHECK ALL RETURN VALUES OF ALL FUNCTION CALLS! + cases saving performance: many calls to library routines The system call sets a global variable int errno. + errors in new library version limited to corresp. programs The global variable errno is deﬁned in errno.h. - program size bigger All possible values of errno are given by constants starting with E: - changes in library require recompiling program ENOMEM, EACCES, EINVAL,... static linking is enabled by An error text for errno may be printed with perror(). gcc -static ... A string containing the error text may be created with strerror().