cs 423 operating system design the linux reference monitor
play

CS 423 Operating System Design: The Linux Reference Monitor - PowerPoint PPT Presentation

Feb 01, 2024 •732 likes •1.02k views

CS 423 Operating System Design: The Linux Reference Monitor Professor Adam Bates CS 423: Operating Systems Design All the Access Controls Basic Access Matrix UNIX, ACL, various capability systems Aggregated Access Matrix TE,

  1. CS 423 
 Operating System Design: The Linux Reference Monitor Professor Adam Bates CS 423: Operating Systems Design

  2. All the Access Controls • Basic Access Matrix • UNIX, ACL, various capability systems • Aggregated Access Matrix • TE, RBAC, groups and attributes, parameterized • Plus Domain Transitions • DTE, SELinux, Java • Lattice Access Control Models • Bell-LaPadula, Biba, Denning • Predicate Models • ASL, OASIS, domain-specific models, many others • Safety Models • Take-grant, Schematic Protection Model, Typed Access Matrix CS 423: Operating Systems Design 2

  3. Reference Monitor Cool. But how do we implement these models in an operating system? Entry Points System Interface Access Hook Authorize Request? Security-sensitive Access Operation Access Monitor Hook Hook Policy Security-sensitive Security-sensitive Operation Operation Yes/No CS 423: Operating Systems Design 3

  4. Reference Monitor • Where to make access control decisions? (Mediation) • Which access control decisions to make? (Authorization) • Decision function: Compute decision based on request and the active security policy • Reference Monitor Concept (i.e., Goals): • Complete Mediation • Tamper Proof • Verifiable CS 423: Operating Systems Design 4

  5. SELinux Designed by the NSA • A more flexible solution than MLS • SELinux Policies are comprised of 3 components: • Labeling State defines security contexts for every file • (object) and user (subject). Protection State defines the permitted • <subject,object,operation> tuples. Transition State permits ways for subjects and objects to • move between security contexts. Enforcement mechanism designed to satisfy reference • monitor concept CS 423: Operating Systems Design 5

  6. SELinux Labeling State • Files and users on the system at boot-time must are associated with their security labels (contexts) • Map file paths to labels via regular expressions • Map users to labels by names by name • User labels pass on to their initial processes • How are new files labeled? Processes? CS 423: Operating Systems Design 6

  7. SELinux Protection State • MAC Policy based on Type Enforcement • Access Matrix Policy • Processes with subject label… • Can access file of object label • If operations in matrix cell allow • Focus: Least Privilege • Only provide permissions necessary CS 423: Operating Systems Design 7

  8. SELinux Protection State • Permissions in SELinux can be produced with runtime analysis. • Step 1 : Run programs in a controlled (no attacker) environment without any enforcement. • Step 2 : Audit all of the permissions used during normal operation. • Step 3 : Generate policy file description • Assign subject and object labels associated with program • Encode all permissions used into access rules CS 423: Operating Systems Design 8

  9. SELinux Transition State • Premise: Processes don’t need to run in the same protection state all of the time. • Borrows concepts from Role-Based Access Control • Example: passwd starts in user context, transitions to privileged context to update /etc/passwd, transitions back to user. CS 423: Operating Systems Design 9

  10. @ 2001 Linux Kernel Summit… Include SELinux in Linux 2.5! CS 423: Operating Systems Design 10

  11. @ 2001 Linux Kernel Summit… Include SELinux in Linux 2.5! I’m just not that into you… CS 423: Operating Systems Design 11

  12. Linux Security circa 2000 CS 423: Operating Systems Design 12

  13. Linus’s Dilemma CS 423: Operating Systems Design 13

  14. Linus’s Dilemma The answer to all computer science problems… add another layer of abstraction! CS 423: Operating Systems Design 14

  15. Linux Security Models CS 423: Operating Systems Design 15

  16. Linux Security Modules CS 423: Operating Systems Design 16

  17. LSM Requirements CS 423: Operating Systems Design 17

  18. LSM Architecture CS 423: Operating Systems Design 18

  19. Opaque Security Fiels CS 423: Operating Systems Design 19

  20. Security Hooks CS 423: Operating Systems Design 20

  21. Security Hooks CS 423: Operating Systems Design 21

  22. Security Hook Details CS 423: Operating Systems Design 22

  23. LSM Hook Architecture CS 423: Operating Systems Design 23

  24. LSM Hook Architecture Process User Space Kernel Space open System Call Process file path Lookup down to inode inode (resolving directories/ links) DAC checks LSM hook LSM Policy Engine "Is user_process allowed to perform Access operation on inode?" inode CS 423: Operating Systems Design 24

  25. Conclusions • Access Control is supported in operating systems through the “Reference Monitor” concept • LSM is a framework for designing reference monitors • Today, many security modules exist • Must define authorization hooks to mediate access • Must expose a policy framework for specifying which accesses to authorize • Policy Challenges • Is language expressive enough to capture the goals of the user? • Is language simple/intuitive enough for ease of use? • Policy misconfiguration breaks security!! CS 423: Operating Systems Design 25

  26. LSM Performance CS 423: Operating Systems Design 26

  27. LSM Use CS 423: Operating Systems Design 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 423 Op Operating erating System System Design: Design: Sche Scheduling uling in in

CS 423 Op Operating erating System System Design: Design: Sche Scheduling uling in in

CS 423 Op Operating erating System System Design: Design: Sche Scheduling uling in in Linux Linux Tianyin Xu ( MI MIC ) * Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design Midterm time is changed 3/12 --

924 views • 46 slides
CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&amp;A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&amp;A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&amp;A) Professor Adam Bates Fall 2018 CS423: Operating Systems Design Goals for Today Learning Objectives: Talk about the relevant skills required in

1.15k views • 33 slides
CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&amp;A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&amp;A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&amp;A) Alberto Alvarez CS423: Operating Systems Design MP1 Goals Get yourself familiar with Linux kernel programming Learn to use the kernels linked

451 views • 32 slides
CS 377: Operating Systems Linux Case Study Outline Linux History Design Principles A

CS 377: Operating Systems Linux Case Study Outline Linux History Design Principles A

CS 377: Operating Systems Linux Case Study Outline Linux History Design Principles A review of what youve System Overview learned, and how it Process Scheduling applies to a real Memory Management operating system File

245 views • 13 slides
What is GNU/Linux? GNU/Linux is a free operating system Other operating systems:

What is GNU/Linux? GNU/Linux is a free operating system Other operating systems:

What is GNU/Linux? GNU/Linux is a free operating system Other operating systems: Microsoft windows Apple Mac OS X Sun Solaris FreeBSD/OpenBSD AIX And many more..... GNU/Linux history GNU project started by

330 views • 9 slides
Unit 10 Linux Operating System 2 Linux Based on the Unix operating system Developed as

Unit 10 Linux Operating System 2 Linux Based on the Unix operating system Developed as

1 Unit 10 Linux Operating System 2 Linux Based on the Unix operating system Developed as an open-source (&quot;free&quot;) alternative by Linux Torvalds and several others starting in 1991 Originally only for Intel based processors

785 views • 16 slides
CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS

CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS

CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS 423: Operating Systems Design Goals for Today Learning Objective: Understand inner workings of modern OS schedulers Announcements, etc:

790 views • 30 slides
CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS

CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS

CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS 423: Operating Systems Design Goals for Today Learning Objective: Understand inner workings of modern OS schedulers Announcements, etc:

498 views • 34 slides
SUSE Linux Enterprise 197 197 The Operating System Challenge Do you need an Enterprise

SUSE Linux Enterprise 197 197 The Operating System Challenge Do you need an Enterprise

SUSE Linux Enterprise 197 197 The Operating System Challenge Do you need an Enterprise Operating System? Linux is free as long as your time is worth nothing. - Jay Ashford Buy support and services, not software Extensive

982 views • 49 slides
CS 423 Operating System Design: MP4 Walkthrough Mohammad Noureddine Spring 2018 CS 423:

CS 423 Operating System Design: MP4 Walkthrough Mohammad Noureddine Spring 2018 CS 423:

CS 423 Operating System Design: MP4 Walkthrough Mohammad Noureddine Spring 2018 CS 423: Operating Systems Design Goals for Today Learning Objective: Understand Linux Security Modules Go through implementation details of MP4

702 views • 33 slides
CS 423 Operating System Design: Con Concu curren rrency cy Tianyin Tianyin Xu Xu * Thanks

CS 423 Operating System Design: Con Concu curren rrency cy Tianyin Tianyin Xu Xu * Thanks

CS 423 Operating System Design: Con Concu curren rrency cy Tianyin Tianyin Xu Xu * Thanks for Prof. Adam Bates for the slides. CS423: Operating Systems Design Nix and NixOS What is nix Nix is a powerful package manager for Linux

466 views • 31 slides
CS 423 Operating System Design: MP3 Walkthrough Professor Adam Bates Spring 2018 CS

CS 423 Operating System Design: MP3 Walkthrough Professor Adam Bates Spring 2018 CS

CS 423 Operating System Design: MP3 Walkthrough Professor Adam Bates Spring 2018 CS 423: Operating Systems Design Purpose of MP3 Understand the Linux virtual to physical page mapping and page fault rate. Design a lightweight

487 views • 27 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
CS 423 Operating System Design: This is the Syllabus Professor Adam Bates CS423:

CS 423 Operating System Design: This is the Syllabus Professor Adam Bates CS423:

CS 423 Operating System Design: This is the Syllabus Professor Adam Bates CS423: Operating Systems Design Learning Objectives Before CS 423: Knowledge of C/C++ Basic knowledge of Linux/POSIX APIs and functions After CS 423:

849 views • 26 slides
CS 423 Operating System Design: This is the Syllabus Professor Adam Bates Fall 2018

CS 423 Operating System Design: This is the Syllabus Professor Adam Bates Fall 2018

CS 423 Operating System Design: This is the Syllabus Professor Adam Bates Fall 2018 CS423: Operating Systems Design Learning Objectives Before CS 423: Knowledge of C/C++ Basic knowledge of Linux/POSIX APIs and functions After CS

247 views • 21 slides
CS 423 Operating System Design Tianyin Xu * Thanks for Prof. Adam Bates for the slides. CS423:

CS 423 Operating System Design Tianyin Xu * Thanks for Prof. Adam Bates for the slides. CS423:

CS 423 Operating System Design Tianyin Xu * Thanks for Prof. Adam Bates for the slides. CS423: Operating Systems Design Learning Objectives Before CS 423: Knowledge of C/C++ Basic knowledge of Linux/POSIX APIs and functions After CS

877 views • 50 slides
The w orld of data v is u ali z ation DATA VISU AL IZATION IN R Ron Pearson Instr u ctor

The w orld of data v is u ali z ation DATA VISU AL IZATION IN R Ron Pearson Instr u ctor

The w orld of data v is u ali z ation DATA VISU AL IZATION IN R Ron Pearson Instr u ctor Graphical tools help u s u nderstand a dataset O u r abilit y to interpret pa erns is a ke y strength T w o basic t y pes of data v is u ali z ations :

823 views • 35 slides
Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing

Sancus: Low-cost trustworthy extensible networked devices with a zero-software Trusted Computing Base Pieter Agten Wilfried Daniels Raoul Strackx Job Noorman Anthony Van Herrewege Christophe Huygens Bart Preneel Ingrid Verbauwhede Frank

806 views • 67 slides
Quantitative Text Analysis. Applications to Social Media Research Pablo Barber a London

Quantitative Text Analysis. Applications to Social Media Research Pablo Barber a London

Quantitative Text Analysis. Applications to Social Media Research Pablo Barber a London School of Economics www.pablobarbera.com Course website: pablobarbera.com/text-analysis-vienna Automated Analysis of Social Media Text Workflow:

1.13k views • 12 slides
Statistical graphics with Statistical graphics with ggplot2 ggplot2 Programming for Statistical

Statistical graphics with Statistical graphics with ggplot2 ggplot2 Programming for Statistical

Statistical graphics with Statistical graphics with ggplot2 ggplot2 Programming for Statistical Programming for Statistical Science Science Shawn Santo Shawn Santo 1 / 59 1 / 59 Supplementary materials Full video lecture available in

613 views • 59 slides
Main Memory Storage Engines Justin A. DeBrabant debrabant@cs.brown.edu Roadmap Paper 1:

Main Memory Storage Engines Justin A. DeBrabant debrabant@cs.brown.edu Roadmap Paper 1:

Main Memory Storage Engines Justin A. DeBrabant debrabant@cs.brown.edu Roadmap Paper 1: Data-Oriented Transaction Execution Paper 2: OLTP Through the Looking Glass Paper 3: Generic Database Cost Models for Hierarchical Memory Systems

685 views • 39 slides
Freedom of Access to Scientific Data Prof. Sergio Marchisio Sapienza University, Rome OPEN

Freedom of Access to Scientific Data Prof. Sergio Marchisio Sapienza University, Rome OPEN

UN/Italy Workshop on the Open Universe Initiative 20 November 2017 Freedom of Access to Scientific Data Prof. Sergio Marchisio Sapienza University, Rome OPEN UNIVERSE INITIATIVE Freedom of access to space data: legal aspects Space law:

595 views • 14 slides
IX: A Protected Dataplane Operating System Problem Context The requirements of modern data

IX: A Protected Dataplane Operating System Problem Context The requirements of modern data

IX: A Protected Dataplane Operating System Problem Context The requirements of modern data center applications are being redefined: High packet rates Quick responses to remote requests Support for high connection counts

455 views • 19 slides
Lecture 19: Cache Basics Todays topics: Out-of-order execution Cache hierarchies

Lecture 19: Cache Basics Todays topics: Out-of-order execution Cache hierarchies

Lecture 19: Cache Basics Todays topics: Out-of-order execution Cache hierarchies Reminder: Assignment 7 due on Thursday 1 Multicycle Instructions Multiple parallel pipelines each pipeline can have a different

538 views • 17 slides

More recommend