cse 543 computer security
play

CSE 543 - Computer Security Lecture 11 - OS Security October 2, - PowerPoint PPT Presentation

Mar 01, 2024 •578 likes •873 views

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

  1. CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1

  2. OS Security • An secure OS should provide the following mechanisms – Memory protection – File protection – General object protection – Access authentication • How do we go about designing a trusted OS? • “Trust” in this context means something different from “Secure” CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  3. Trust vs. Security • When you get your medication at a pharmacy, you are “trusting” that it is appropriate for the condition you are addressing. In effect, you are arguing internally: – The doctor was correct in prescribing this drug – The FDA vetted the drug through scientific analysis and clinical trials – No maniac has tampered with the bottle • The first two are are matters “trust”, and the last is a matter of “security” • An OS needs to perform similar due diligence to achieve “trust” and “security” CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  4. Access Control Lists • ACL: a list of the principals that are authorized to have access to some object. • Eg., • Or more correctly: O 2 O 1 : S 1 S 1 Y O 2 : S 1 , S 2 , S 3 O 3 : S 3 S 2 Y • We are going to see a lot of S 3 Y examples of these throughout the semester. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  5. ACL in systems • ACLs are typically used to implement discretionary access control • For example: you define the UNIX file system ACLs using the chmod utility …. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  6. Discretionary Access Control in UNIX FS • The UNIX filesystem implements discretionary access control through file permissions set by user • The set of objects is the files in the filesystem, – e.g., /etc/passwd • Each file an owner and group (subjects) – The owner is typically the creator of the file, and the entity in control of the access control policy – Note: this can be overridden by the “root” user • There is a additional subject called world , which represents everyone else CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  7. UNIX filesystem rights … • There are three rights in the UNIX filesystem – READ - allows the subject (process) to read the contents of the file. – WRITE - allows the subject (process) to alter the contents of the file. – EXECUTE - allows the subject (process) to execute the contents of the file (e.g., shell program, executable, …) • Q: why is execute a right? • Q: does the right to read a program implicitly give you the right to execute it? CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  8. The UNIX FS access policy • Really, this is a bit string encoding an access matrix • E.g., rwx rwx rwx World Group Owner • And a policy is encoded as “r”, “w”, “x” if enabled, and “-” if not, e.g, rwxrw--x • Says user can read, write and execute, group can read and write, and world can execute only. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  9. Caveats: UNIX Filesystem • Access is often not really this easy: you need to have certain rights to parent directories to access a file (execute, for example) – The reasons for this are quite esoteric • The preceding policy may appear to be contradictory – A member of the group does not have execute rights, but members of the world do, so … – A user appears to be both allowed and prohibited from executing access – Not really: these policies are monotonic … the absence of a right does not mean they should not get access at all, just that that particular identity (e.g., group member, world) should not be given that right. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  10. Windows 2000 Security Model • Windows uses an ACL model too – But, its model is more general • Subjects – Tokens: Can describe users, groups, arbitrary privileges and retract privileges (restricted contexts) • Objects – Types: An extensible set of object types can be defined • Operations – General operations : Fixed set supported by all types – Per type operations : Operations with semantics specific to the type may be defined • Negative rights • Result : Any combination of rights can be described CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  11. Tokens • Like the UID/GID in a UNIX process – User – Group – Aliases – Privileges (predefined sets of rights) • May be specific to a domain • Composed into global SID • Subsequent processes inherit access tokens – Different processes may have different rights CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 11

  12. Access Control Entries • DACL in the security descriptor of an object – List of access control entries (ACEs) • ACE structure (proposed by Swift et al) – Type (grant or deny) – Flags – Object Type: global UID for type (limit ACEs checked) – InheritedObjectType: complex inheritance – Access rights: access mask – Principal SID: principal the ACE applies to • Checking algorithm – ACE matches SID (user, group, alias, etc) – ACE denies access for specified right -- deny – ACE grants access for some rights -- need full coverage CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 12

  13. Access Checking with ACEs • Example CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 13

  14. Window Vista Integrity • Integrity protection for writing • Defines a series of protection level of increasing protection – untrusted (lowest) – low (Internet) – medium (user) – high (admin) – system – installer (highest) • Semantics: If the subject ’ s (process ’ s) integrity level dominates the object ’ s integrity level, then the write is allowed CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 14

  15. Vista Integrity • Does Vista Integrity protect the integrity of J ’ s public key file O 2 ? O 1 O 2 O 3 J R RW R W S 2 N R R W S 3 N R R W CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  16. UID Transition: Setuid • A special bit in the mode bits • Execute file – Resulting process has the effective (and fs) UID/GID of file owner • Enables a user to escalate privilege – For executing a trusted service • Downside: User defines execution environment – e.g., Environment variables, input arguments, open descriptors, etc. • Service must protect itself or user can gain root access • All UNIX services involves root processes -- many via setuid CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  17. /tmp Vulnerability • creat(pathname, mode) • O_EXCL flag – if file already exists this is an error • Potential attack – Attacker creates file in shared space (/tmp) – Give it a filename used by a higher authority service – Make sure that service has permission to the file – If creat is used without O_EXCL, then can share the file with the higher authority process CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  18. Other Vulnerabilities • Objects w/o sufficient control – Windows registry, network • Libraries – Load order permits malware defined libraries • Executables are everywhere – Web content, Email, Documents (Word) • Labeling is wrong – Mount a new file system; device • Malware can modify your permissions – Inherent to discretionary model CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  19. Sandboxing • An execution environment for programs that contains a limited set of rights – A subset of your permissions (meet secrecy and integrity goals) – Cannot be changed by the running program (mandatory) CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  20. UNIX Chroot • Create a domain in which a process is confined – Process can only read/write within file system subtree – Applies to all descendant processes – Can carry file descriptors in ‘ chroot jail ’ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  21. Chroot Vulnerability • Unfortunately, chroot can trick its own system – define a passwd file at <newroot>/etc/passwd – run su • su thinks that this is the real passwd file – gives root access • Use mknod to create device file to access physical memory • Setup requires great care – Never run chroot process as root – Must not be able to get root privileges – No control by chrooted process (user) of contents in jail – Be careful about descriptors, open sockets, IPC that may be available CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  22. Janus • One of several sandboxing systems developed in the mid-to-late 90s • Operating system access control is too coarse – Run everything as user or root (too many perms) – Can modify permissions (add more) – UNIX is not very expressive (cannot specify minimal rights) CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

8.10.2019 Information Security Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak Can Network Security: Hacettepe University Ensure security of communication over insecure medium

267 views • 10 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #3 Aug 30 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Assignment #0 Please add yourself to the class mailing list Send mail

379 views • 35 slides
Low-mass dileptons at HADES and CBM in a transport approach Janus Weil FIAS with H. van Hees,

Low-mass dileptons at HADES and CBM in a transport approach Janus Weil FIAS with H. van Hees,

Low-mass dileptons at HADES and CBM in a transport approach Janus Weil FIAS with H. van Hees, U. Mosel, S. Endres, M. Bleicher CBM Collab. Meeting, 9. April 2014 Janus Weil Low-mass dileptons at HADES and CBM Outline questions &amp; topics

338 views • 21 slides
Open Access a battle of words Jean-Claude Gudon CC-by Janus-Bifrons the

Open Access a battle of words Jean-Claude Gudon CC-by Janus-Bifrons the

Open Access a battle of words Jean-Claude Gudon CC-by Janus-Bifrons the typical scientist Open Access a battle of words Jean-Claude Gudon CC-by The researcher-bifrons Seeks information Produces

284 views • 24 slides
Outline Intro dilepton physics vector mesons in medium transport models basic principles

Outline Intro dilepton physics vector mesons in medium transport models basic principles

Outline Intro dilepton physics vector mesons in medium transport models basic principles assumptions &amp; input two approaches to dilepton production: pure transport (GiBUU) coarse graining (UrQMD + Rapp SF) comparison to data

459 views • 18 slides
Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee Chonbuk National University, Republic of Korea June 14, 2019@ Workshop on Modern Trends in Cryptography Table of contents 1. Introduction 2.

537 views • 25 slides
Prospects for the study of baryon-rich matter at new facilities Volker Friese Helmholtzzentrum

Prospects for the study of baryon-rich matter at new facilities Volker Friese Helmholtzzentrum

Prospects for the study of baryon-rich matter at new facilities Volker Friese Helmholtzzentrum fr Schwerionenforschung Darmstadt, Germany CPOD 2018 Corfu, 27 September 2018 Metaphysics NUSTAR CBM PANDA I. What can we know? Atomic

1.05k views • 47 slides
Fine

Fine

Fine

852 views • 46 slides
School Choice: Nash Implementation of Stable Matchings through Rank-Priority Mechanisms Paula

School Choice: Nash Implementation of Stable Matchings through Rank-Priority Mechanisms Paula

School Choice: Nash Implementation of Stable Matchings through Rank-Priority Mechanisms Paula Jaramillo 1 gatay Kay 2 Flip Klijn 3 C a 1 Universidad de los Andes, Bogot a, Colombia 2 Universidad del Rosario, Bogot a, Colombia 3

448 views • 11 slides
Origin of Dzialoshinsky-Moriya interactions - Antisymmetric interaction: 0 only if there is no

Origin of Dzialoshinsky-Moriya interactions - Antisymmetric interaction: 0 only if there is no

Origin of Dzialoshinsky-Moriya interactions - Antisymmetric interaction: 0 only if there is no center of symmetry between sites 1 and 2 - - Produces a canting of the spins Moriya s rules for M is the middle point between 1 and 2 1 M

455 views • 6 slides

More recommend