advanced systems security principles
play

Advanced Systems Security: Principles Trent Jaeger Systems and - PowerPoint PPT Presentation

Mar 24, 2024 •177 likes •420 views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

  1. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Access Control – The Right Way • We said that ordinary operating systems cannot control code controlled by an adversary • Review formalisms developed for “protection” and show how they are extended to enforce “security” ‣ • Key concepts Reference monitor ‣ Enforce access control comprehensively • Mandatory protection state ‣ Without allowing adversary to modify access control policy • Later: Security models ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

  3. Protection System • Manages the authorization policy for a system It describes what operations each subject (via their ‣ processes) can perform on each object • Consists of State: Protection state ‣ State Ops: Protection state operations ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. Protection State Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

  5. Access Matrix Protection System • Protection State Current state of matrix ‣ • Can modify the protection state Via protection state operations ‣ E.g., can create objects ‣ E.g., owner can add a subject, operation ‣ mapping for their objects • Lampson’s “ Protection ” paper Can even delegate authority to perform ‣ protection state ops Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  6. Protection System Problems • Protection system approach is inadequate Suppose a process runs bad code ‣ • Processes can change their own permissions Processes are untrusted, but can modify policy ‣ • Processes, files, etc. are created and modified Cannot predict in advance (safety problem) ‣ • What do we need to achieve necessary controls? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  7. Define and Enforce Goals • Claim: If we can define and enforce a security policy that ensures security goals, then we can prevent such attacks • How do we know the policy expresses effective goals? Will look into this in depth later ‣ • How do we know the enforcement mechanism will enforce policy as expected? Look into this today ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  8. Mandatory Protection System • Is a protection system that can be modified only by trusted administration that consists of ‣ A mandatory protection state where the protection state is defined in terms of an immutable set of labels and the operations that subject labels can perform on object labels ‣ A labeling state that assigns system subjects and objects to those labels in the mandatory protection state ‣ A transition state that determines the legal ways that subjects and objects may be relabeled • MPS is immutable to user-space process Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  9. Mandatory Protection System Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  10. Mandatory Protection State • Immutable table of Subject labels ‣ Object labels ‣ Operations authorized for former upon latter ‣ • How can you use an MPS to control use of bad code? E.g., Prevent modification of kernel memory? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

  11. Mandatory Protection State • Immutable table of Subject labels ‣ Object labels ‣ Operations authorized for former upon latter ‣ • How can you use an MPS to control use of bad code? E.g., Prevent modification of kernel memory? ‣ (1) if a process reads adversary-accessible object label, ‣ remove permission to modify kernel memory (2) if a process reads adversary-accessible object label, ‣ remove permission to write to any process with access to kernel memory (transitively) Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

  12. Labeling State • Immutable rules mapping Subjects to labels (in rows) ‣ Objects to labels (in columns) ‣ • How can you use labeling state to control bad code? E.g., Prevent modification of kernel memory? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

  13. Labeling State • Immutable rules mapping Subjects to labels (in rows) ‣ Objects to labels (in columns) ‣ • How can you use labeling state to control bad code? E.g., Prevent modification of kernel memory? ‣ Assign all processes that may run bad code ‣ With a label that has restricted permissions ‣ What about objects created by these processes? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  14. Transition State • Immutable rules mapping Subject labels to conditions that change their subject labels ‣ Object labels to conditions that change their object labels ‣ • How can you use labeling state to control bad code? E.g., Prevent modification of kernel memory? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

  15. Transition State • Immutable rules mapping Subject labels to conditions that change their subject labels ‣ Object labels to conditions that change their object labels ‣ • How can you use labeling state to control bad code? E.g., Prevent modification of kernel memory? ‣ Prevent bad code from launching a process of a label that ‣ can modify kernel memory How do we launch processes with more permissions now? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

  16. Managing MPS • Challenge Determining how to set and manage an MPS in a complex ‣ system involving several parties • Parties What does programmer know about deploying their ‣ program securely? What does an OS distributor know about running a ‣ program in the context of their system? What does an administrator know about programs and ‣ OS? Users? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  17. Reference Monitor • Purpose: Ensure enforcement of security goals Define goals in the mandatory protection system ‣ Reference monitor ensures enforcement ‣ • Every component that you depend upon to enforce your security goals must be a reference monitor Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

  18. Reference Monitor • Components ‣ Reference monitor interface (e.g., LSM) ‣ Reference validation mechanism (e.g., SELinux) ‣ Policy store (e.g., policy binary) Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18

  19. Reference Monitor Guarantees • Complete Mediation The reference validation mechanism must ‣ always be invoked • Tamperproof The reference validation mechanism must be ‣ tamperproof • Verifiable The reference validation mechanism must be ‣ subject to analysis and tests, the completeness of which must be assured Systems and Internet Infrastructure Security (SIIS) Laboratory Page 19

  20. Complete Mediation • Every security-sensitive operation must be mediated What’s a “security-sensitive operation”? ‣ E.g., operation that may not be authorized for every ‣ subject • How do we validate complete mediation? Every security-sensitive operation must be identified ‣ E.g., ensure every execution of that operation is checked ‣ • Mediation : Does interface mediate? • Mediation : On all resources? • Mediation : Verifably? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 20

  21. Tamperproof • Prevent modification by untrusted entities Interface, mechanism, policy of reference monitor ‣ Code and policy that can affect reference monitor mods ‣ • How to detect tamperproofing? Transitive closure of operations ‣ Challenge: Often some untrusted operations are present ‣ • Tamperproof : Is reference monitor protected? • Tamperproof : Is system TCB protected? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 21

  22. Verification • Determine correctness of code and policy What defines correct code? ‣ What defines a correct policy? ‣ • Test and analyze reference validation mechanism Does code/policy do its job correctly? ‣ For all executions ‣ • Verifiable : Is TCB code base correct? • Verifiable : Does the MPS enforce the system’s security goals? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22

  23. Evaluation • Mediation : Does interface mediate? • Mediation : On all resources? • Mediation : Verifably? • Tamperproof : Is reference monitor protected? • Tamperproof : Is system TCB protected? • Verifiable : Is TCB code base correct? • Verifiable : Does the MPS enforce the system’s security goals? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

589 views • 23 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Capability Systems Trent Jaeger

622 views • 36 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

555 views • 35 slides
Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Multics Trent Jaeger Systems and

569 views • 33 slides
Advanced Architectures 15A. Distributed Computing Operating Systems Principles 15B.

Advanced Architectures 15A. Distributed Computing Operating Systems Principles 15B.

5/29/2016 Advanced Architectures 15A. Distributed Computing Operating Systems Principles 15B. Multi-Processor (and NUMA) Systems 15C. Tightly Coupled (SSI) Clusters Advanced Architectures 15D. Loosely Coupled (Horizontally Scalable) 15E.

206 views • 10 slides
Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Control-Flow Integrity Trent

1.55k views • 36 slides
Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Attacks on SGX Trent Jaeger

523 views • 19 slides
Homework Assignment 1/3 America COMPETES Reauthoriza6on Act (H.R. 1806

Homework Assignment 1/3 America COMPETES Reauthoriza6on Act (H.R. 1806

Homework Assignment 1/3 America COMPETES Reauthoriza6on Act (H.R. 1806 -114 th Congress ) House Science Majority Bill Provides authoriza6ons for NSF, DOE

36 views • 3 slides
QCD Simulations at Realistic Quark Masses: Probing the Chiral Limit G. Schierholz Deutsches

QCD Simulations at Realistic Quark Masses: Probing the Chiral Limit G. Schierholz Deutsches

QCD Simulations at Realistic Quark Masses: Probing the Chiral Limit G. Schierholz Deutsches Elektronen-Synchrotron DESY QCDSF Collaboration Special mention: M. G ockeler, T. Hemmert, R. Horsley, Y. Nakamura, D. Pleiter, P.E.L.

324 views • 31 slides
So=ware Security using Language Engineering and mbeddr Markus

So=ware Security using Language Engineering and mbeddr Markus

Towards improving So=ware Security using Language Engineering and mbeddr Markus Vlter, Zaur Molotnikov, Bernd Kolb voelter@acm.org www.voelter.de @markusvoelter

703 views • 55 slides
Berezinskii-Kosterlitz-Thouless Criticality in the q-state Clock Model Tao Xiang

Berezinskii-Kosterlitz-Thouless Criticality in the q-state Clock Model Tao Xiang

Berezinskii-Kosterlitz-Thouless Criticality in the q-state Clock Model Tao Xiang txiang@iphy.ac.cn Institute of Physics Chinese Academy of Sciences Outline Brief introduction to the tensor-network renormalization group methods

1.25k views • 48 slides
Shared Memory Consistency Models: A Tutorial By Sarita Adve, Kourosh Gharachorloo WRL

Shared Memory Consistency Models: A Tutorial By Sarita Adve, Kourosh Gharachorloo WRL

Shared Memory Consistency Models: A Tutorial By Sarita Adve, Kourosh Gharachorloo WRL Research Report, 1995 Presentation: Vince Schuster Contents Overview Uniprocessor Review Sequential Consistency Relaxed Memory Models

598 views • 25 slides
Tutorial on CPLEX Linear Programming Combinatorial Problem Solving (CPS) Enric Rodr

Tutorial on CPLEX Linear Programming Combinatorial Problem Solving (CPS) Enric Rodr

Tutorial on CPLEX Linear Programming Combinatorial Problem Solving (CPS) Enric Rodr guez-Carbonell June 6, 2019 LP with CPLEX Among other things, CPLEX allows one to deal with: Mixed integer linear progs Real linear progs

791 views • 31 slides
Non-Planarity Measures and Small Cycles EuroCG 2020 PhD School Markus Chimani Theoretical

Non-Planarity Measures and Small Cycles EuroCG 2020 PhD School Markus Chimani Theoretical

Non-Planarity Measures and Small Cycles EuroCG 2020 PhD School Markus Chimani Theoretical Computer Science, Osnabrck University March 19th, 2020 Planarity 2 Non-Planarity Measures Planarity Planarity 2 Non-Planarity Measures

1.46k views • 120 slides
Finding Triangles for Maximum Planar Subgraphs Ghent Graph Theory Workshop 2017 Parinya

Finding Triangles for Maximum Planar Subgraphs Ghent Graph Theory Workshop 2017 Parinya

Finding Triangles for Maximum Planar Subgraphs Ghent Graph Theory Workshop 2017 Parinya Chalermsook a Andreas Schmid b Ghent, August 18, 2017 a Aalto University, Espoo, Finland b Max Planck Institute for Informatics, Saarbrcken, Germany

1.04k views • 70 slides

More recommend