advanced systems security introduction to os security
play

Advanced Systems Security: Introduction to OS Security Trent Jaeger - PowerPoint PPT Presentation

Apr 27, 2023 •476 likes •770 views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

  1. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Control Bad Code • While an adversary may Trick a user into downloading and running bad code ‣ Turn good code bad ‣ Or trick good code into performing actions chosen by the ‣ adversary • We still have operating systems security to protect the data and other processes on the host Claim: Conventional OS security methods are insufficient ‣ Why not? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

  3. Operating Systems Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. Control Bad Code • What mechanism does an OS use to restrict the rights of processes (i.e., running code) from system resources? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

  5. Access Control • System makes a decision to grant or reject an access request from an already authenticated subject ‣ based on what the subject is authorized to access ‣ • Access request Object: System resource ‣ Operations: One or more actions to be taken ‣ Subject: Process that initiated the request ‣ • Access Control Mechanisms enforce Access Control Policies to make such decisions Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  6. Access Matrix • Lampson formalizes the model of access control in his 1970 paper “Protection” • Called Access Matrix O O O Rows are subjects ‣ S Y Y N Columns are objects ‣ Authorized operations listed in cells ‣ S N Y N • To determine if S i has right to access object O j , compare the S N Y Y request ops to the appropriate cell Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  7. Access Matrix • Using the Access Matrix • (1) Suppose J wants to prevent O O O other users’ processes from reading/ writing her private key (object O 1 ) J ? ? ? • (2) Suppose J wants to prevent other users’ processes from writing S ? ? ? her public key (object O 2 ) • Design the access matrix S ? ? ? • Are these the rights on your host to your SSH public and private keys? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  8. UNIX Access Control • On Files All objects are files ‣ Not exactly true ‣ • Classical Protection System Limited access matrix ‣ Discretionary protection state operations ‣ • Practical model for end users Still involves some policy specification ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  9. UNIX Mode Bits Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  10. Windows Access Control • On Objects Arbitrary classes can be defined ‣ New classes can be defined (Active Directory) ‣ • Classical Protection System Full-blown ACLs (even negative ACLs) ‣ Discretionary protection state operations ‣ • Not so usable Few people have experience ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

  11. Windows Access Control Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

  12. Access Matrix • Using the Access Matrix • (1) Suppose J wants to protect a O O O private key (object O 1 ) from being leaked to or modified by others J ? ? ? • (2) Suppose J wants to prevent a public key (object O 2 ) from being S ? ? ? modified by others • Design the access matrix S ? ? ? • Will this access matrix protect the keys’ secrecy and integrity? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

  13. Consider Bad Code Again • Claim: Any code you run may be able to compromise either of the key files • For the private key Any process running under your user id can read and leak ‣ your private key file • For the public key Any process running under your user id may modify the ‣ public key file Often people make the public key file read-only even to the owner • Is that enough? • Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  14. Consider Bad Code Again • Claim: Any code you run may be able to compromise either of the key files • For the private key Any process running under your user id can read and leak ‣ your private key file • For the public key Any process running under your user id may modify the ‣ public key file Often people make the public key file read-only even to the owner • No. Processes running on behalf of the owner may change perms • Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

  15. Bad Code - Examples • Suppose you download and run adversary-controlled code (e.g., Trojan horse) It will run with all your permissions ‣ Even can modify the permissions of any files you own ‣ • Suppose you run benign code that is compromised by an adversary – becoming bad Is effectively the same as above if adversary can choose code ‣ to execute (e.g., return-oriented attack) Adversaries can also trick victims into performing operations ‣ on their behalf (e.g., confused deputy attack) Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

  16. Fundamentally Flawed • Conventional operating system mechanisms enforce protection rather than security Protection is fundamentally incapable of defending from an ‣ active and determined adversary Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  17. Integrity • Process integrity requires that the process not depend on adversary input What does “depend on” mean? ‣ This is a very difficult requirement to meet ‣ • Suppose a benign process can read from a file controlled by an adversary • Unless the process is trusted to contain no vulnerabilities then the process could be compromised (is potentially malicious ) Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

  18. Secrecy • Process secrecy requires that the process not communicate with unauthorized parties But what about a process that services requests? ‣ This is a very difficult requirement to meet ‣ • Suppose a benign process can write to a file controlled by an adversary • Unless the process is trusted to contain no vulnerabilities then the process could be compromised (is potentially malicious ) Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18

  19. Protection vs. Security • Protection Secrecy and integrity met under benign processes ‣ Protects against an error by a non-malicious entity ‣ • Security Security goals met under potentially malicious processes ‣ Enforces requirements even if adversary is in complete control of the ‣ process • Hence, for J: Non-malicious process shouldn’t leak the private key by accident to a specific file owned by others • A potentially malicious process may contain a Trojan horse that can write the private key to files chosen by adversaries Systems and Internet Infrastructure Security (SIIS) Laboratory Page 19

  20. Trusted Computing Base Appl Appl Appl Policy Operating System • Historically, OS treats applications as black boxes OS controls flows among applications ‣ Security requirements determined by allowed flows ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 20

  21. Policy Enforcement in Apps Appl Policy Appl Appl Policy Operating System • Application policy enforcement: databases, JVM, X Windows, daemons, browsers, email clients, servers Systems and Internet Infrastructure Security (SIIS) Laboratory Page 21

  22. Security Enforcement • Several applications include access control Databases, window servers, web servers, browsers, … ‣ • Some programming systems include access control to system resources Java, Safe-Tcl, Ruby, Python, Perl – Jif, Flow Caml (information flow); ‣ • Some systems recognize that programs may contribute to access control User-level policy server for SELinux ‣ Information Flow Control ‣ • Requirement: Ensure that all layers are using their authority in a manner consistent with system security goals Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22

  23. Multi-Layered Enforcement Appl Policy Appl Appl Policy Operating System Policy Virtual Machine Monitors Network Systems and Internet Infrastructure Security (SIIS) Laboratory Page 23

  24. Network Layer • Network Access Control == Firewall Protect a network from external malice ‣ This is a beneficial view of the world • But, is the internal network (hosts) ready for the approved ‣ (but untrusted) messages? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 24

  25. Virtual Machine Layer • Key technology: Isolation Each VM is a protection domain ‣ • Problem: VMs are not homogeneous There are security-critical apps ‣ There are untrusted inputs and less-critical apps ‣ • How to use VM isolation and control of flows among VMs to achieve security goals? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

555 views • 35 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

420 views • 24 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

589 views • 23 slides
Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Multics Trent Jaeger Systems and

569 views • 33 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Capability Systems Trent Jaeger

622 views • 36 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Control-Flow Integrity Trent

1.55k views • 36 slides
Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Attacks on SGX Trent Jaeger

523 views • 19 slides
Advanced Systems Security Fuzz Testing Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security Fuzz Testing Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security Fuzz Testing Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security Laboratory

812 views • 42 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
CS 188: Artificial Intelligence Markov Decision Processes Instructors: Dan Klein and Pieter

CS 188: Artificial Intelligence Markov Decision Processes Instructors: Dan Klein and Pieter

CS 188: Artificial Intelligence Markov Decision Processes Instructors: Dan Klein and Pieter Abbeel University of California, Berkeley [These slides were created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley. All CS188

684 views • 50 slides
Quadratic Hawkes processes (for financial price series) Fat-tails and Time Reversal

Quadratic Hawkes processes (for financial price series) Fat-tails and Time Reversal

Quadratic Hawkes processes (for financial price series) Fat-tails and Time Reversal Asymmetry Pierre Blanc, Jonathan Donier, JPB (building on previous work with Rmy Chicheportiche & Steve Hardiman) Stylized facts I. Well

304 views • 19 slides
Process Dynamics, Variations and Controls in Software Engineering 1 Agenda Background

Process Dynamics, Variations and Controls in Software Engineering 1 Agenda Background

Process Dynamics, Variations and Controls in Software Engineering 1 Agenda Background Introduction Software process dynamics model Process capability versus process controls SDICC- Approach for Process Management

912 views • 15 slides
Introduction to self-similar growth-fragmentations Quan Shi CIMAT, 11-15 December, 2017 Quan Shi

Introduction to self-similar growth-fragmentations Quan Shi CIMAT, 11-15 December, 2017 Quan Shi

Introduction to self-similar growth-fragmentations Quan Shi CIMAT, 11-15 December, 2017 Quan Shi Growth-Fragmentations CIMAT, 11-15 December, 2017 1 / 34 Literature Jean Bertoin, Compensated fragmentation processes and limits of dilated

1.39k views • 93 slides
Operating Systems Paging Lecture 10 Michael OBoyle 1 Overview Paging Page Tables

Operating Systems Paging Lecture 10 Michael OBoyle 1 Overview Paging Page Tables

Operating Systems Paging Lecture 10 Michael OBoyle 1 Overview Paging Page Tables TLB Shared Pages Hierarchical Pages Hashed Pages Inverted Pages Uses 2 Address Translation Scheme Address

614 views • 33 slides
eTOM- ITIL mapping 3 rd TF-NOC meeting, June 28 th Zurich Stefan Listrm Project manager

eTOM- ITIL mapping 3 rd TF-NOC meeting, June 28 th Zurich Stefan Listrm Project manager

NORDUnet Nordic Infrastructure for Research & Education eTOM- ITIL mapping 3 rd TF-NOC meeting, June 28 th Zurich Stefan Listrm Project manager NORDUnet NORDUnet Agenda Nordic infrastructure for Research & Education Overview

746 views • 19 slides
Chapter 3: Processes Wh a t i s a p r o c e s s ? Wh a t i s p r o c

Chapter 3: Processes Wh a t i s a p r o c e s s ? Wh a t i s p r o c

Chapter 3: Processes Wh a t i s a p r o c e s s ? Wh a t i s p r o c e s s s c h e d u l i n g ? Wh a t a r e t h e c o m m o n o p e r a t i o n s o n p r o c e s s e

839 views • 53 slides
Software Process Assessment Using SEIs Software Capability Maturity Model Neal S. Coulter

Software Process Assessment Using SEIs Software Capability Maturity Model Neal S. Coulter

Software Process Assessment Using SEIs Software Capability Maturity Model Neal S. Coulter College of Computing, Engineering, and Construction University of North Florida Slide -1 Can Software Development Practices Improve Dramatically? - 1

744 views • 48 slides

More recommend