goals for today
play

Goals for Today Learning Objective: Contrast strengths/weaknesses - PowerPoint PPT Presentation

Aug 16, 2023 •222 likes •489 views

Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives Understand design concepts of OS-layer Access Control Announcements, etc: MP3 Soft Extension: Submit by April 25th for -10pts MP4 due

  1. Goals for Today • Learning Objective: • Contrast strengths/weaknesses of security primitives • Understand design concepts of OS-layer Access Control • Announcements, etc: • MP3 Soft Extension: Submit by April 25th for -10pts • MP4 due May 7th Deadline provides more time than necessary; wanted to give you flexibility • • Schedule: • Apr 25 — Final Exam Overview + Review Session • Apr 27 — Energy + Power in Operating Systems • Apr 30 — Operating System Auditing (feat. Wajih Ul Hassan) • May 02 — Final Exam Q&A CS 423: Operating Systems Design 1

  2. Reference Monitor Cool. But how do we implement these models in an operating system? Entry Points System Interface Access Hook Authorize Request? Security-sensitive Access Operation Access Monitor Hook Hook Policy Security-sensitive Security-sensitive Operation Operation Yes/No CS 423: Operating Systems Design 2

  3. Reference Monitor • Where to make access control decisions? (Mediation) • Which access control decisions to make? (Authorization) • Decision function: Compute decision based on request and the active security policy • Reference Monitor Concept (i.e., Goals): • Complete Mediation • Tamper Proof • Verifiable CS 423: Operating Systems Design 3

  4. SELinux Designed by the NSA • A more flexible solution than MLS • SELinux Policies are comprised of 3 components: • Labeling State defines security contexts for every file • (object) and user (subject). Protection State defines the permitted • <subject,object,operation> tuples. Transition State permits ways for subjects and objects to • move between security contexts. Enforcement mechanism designed to satisfy reference • monitor concept CS 423: Operating Systems Design 4

  5. SELinux Labeling State • Files and users on the system at boot-time must are associated with their security labels (contexts) • Map file paths to labels via regular expressions • Map users to labels by names by name • User labels pass on to their initial processes • How are new files labeled? Processes? CS 423: Operating Systems Design 5

  6. SELinux Protection State • MAC Policy based on Type Enforcement • Access Matrix Policy • Processes with subject label… • Can access file of object label • If operations in matrix cell allow • Focus: Least Privilege • Only provide permissions necessary CS 423: Operating Systems Design 6

  7. SELinux Protection State • Permissions in SELinux can be produced with runtime analysis. • Step 1 : Run programs in a controlled (no attacker) environment without any enforcement. • Step 2 : Audit all of the permissions used during normal operation. • Step 3 : Generate policy file description • Assign subject and object labels associated with program • Encode all permissions used into access rules CS 423: Operating Systems Design 7

  8. SELinux Transition State • Premise: Processes don’t need to run in the same protection state all of the time. • Borrows concepts from Role-Based Access Control • Example: passwd starts in user context, transitions to privileged context to update /etc/passwd, transitions back to user. CS 423: Operating Systems Design 8

  9. @ 2001 Linux Kernel Summit… Include SELinux in Linux 2.5! CS 423: Operating Systems Design 9

  10. @ 2001 Linux Kernel Summit… Include SELinux in Linux 2.5! I’m just not that into you… CS 423: Operating Systems Design 10

  11. Linux Security circa 2000 CS 423: Operating Systems Design 11

  12. Linus’s Dilemma CS 423: Operating Systems Design 12

  13. Linus’s Dilemma The answer to all computer science problems… add another layer of abstraction! CS 423: Operating Systems Design 13

  14. Linux Security Models CS 423: Operating Systems Design 14

  15. Linux Security Modules CS 423: Operating Systems Design 15

  16. LSM Requirements CS 423: Operating Systems Design 16

  17. LSM Architecture CS 423: Operating Systems Design 17

  18. Opaque Security Fiels CS 423: Operating Systems Design 18

  19. Security Hooks CS 423: Operating Systems Design 19

  20. Security Hooks CS 423: Operating Systems Design 20

  21. Security Hook Details CS 423: Operating Systems Design 21

  22. LSM Hook Architecture CS 423: Operating Systems Design 22

  23. LSM Hook Architecture Process User Space Kernel Space open System Call Process file path Lookup down to inode inode (resolving directories/ links) DAC checks LSM hook LSM Policy Engine "Is user_process allowed to perform Access operation on inode?" inode CS 423: Operating Systems Design 23

  24. Conclusions • Access Control is supported in operating systems through the “Reference Monitor” concept • LSM is a framework for designing reference monitors • Today, many security modules exist • Must define authorization hooks to mediate access • Must expose a policy framework for specifying which accesses to authorize • Policy Challenges • Is language expressive enough to capture the goals of the user? • Is language simple/intuitive enough for ease of use? • Policy misconfiguration breaks security!! CS 423: Operating Systems Design 24

  25. LSM Performance CS 423: Operating Systems Design 25

  26. LSM Use CS 423: Operating Systems Design 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

Wilder Research One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will understand The purpose of the One-on-Ones The One-on-One process The tools The ways to protect the privacy of

363 views • 19 slides
Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the mission and goals - June 2013 Mission &amp; goals development included a wide array of stakeholders In addition to the CSCU Mission , each

314 views • 15 slides
Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4 Announcements, etc: MP4 is out! Due May 6th (UTC-11) Final Exam MAY 9TH @ 7PM, SIEBEL 1404 Its fine to use electronics today CS 423: Operating

922 views • 34 slides
Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures Announcements, etc: Informal Early Feedback at end of class today Midterm debrief forthcoming on Friday MP2 extension: now due on

726 views • 21 slides
Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in storage!! Announcements, etc: MP3 is out! Due April 18th . MP3 Walkthrough on Monday, slides up later today Reminder : Please put away devices

909 views • 47 slides
Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

2015 Annual Countywide Escheatment Kick-off Meeting Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment Overview 2014 Recap Policy and Procedure Summary 2015 Timeline Q&amp;A 3 Goals

661 views • 17 slides
Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content Announcements, etc: MP3 Soft Extension: Submit by TODAY for -10pts MP4 due May 7th Deadline provides more time than necessary; wanted to give you

648 views • 49 slides
Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals for Today 2 Agenda and Goals for today &gt; Big Picture: Launch of 3-year Phase-in of Modified RCM Budget Model &gt; Goals: Review Process to

502 views • 31 slides
Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some disk performance exercises Announcements, etc: C4: I removed 2 papers from your reading list No longer need to read Multics Security Eval

421 views • 27 slides
E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled, Please Take a Minute to Think about Examples You Can Share with the Group. Feel Free to Talk Amongst Yourselves... How to Write a Great Very

269 views • 13 slides
2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements: Thank you for your Early Informal Feedback Composite, Visitor, HW3 Phase 2, peer reviews due this Thu at Template Method, Faade, 5pm

104 views • 8 slides
Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask) Char/ascii String constants, string as abstraction (albeit a leaky one) C library functions &lt;string.h&gt; Under the hood: C-string as

331 views • 6 slides
OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Member Forums 2015 OCLC Update So, what are our goals for today? Hear what OCLC is doing governance, participation, products and services Talk to each other about what you are doing share best practices, tips and tricks

1.57k views • 102 slides
Marina Industry Our goal today Who we are What are our strategic goals Give you three

Marina Industry Our goal today Who we are What are our strategic goals Give you three

The Voice of the Marina Industry Our goal today Who we are What are our strategic goals Give you three reasons for joining AMIs affiliate program Answer your questions Who are we? Association of Marina Industries The

360 views • 17 slides
Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload and grading Computer Programming II Resources Welcome! This information is largely included in todays handouts, Course Overview and

288 views • 7 slides
AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department is going to focus on that link to the Academic Master Plan AMP connects to multiple items such as performance indicators, enrollment via

333 views • 6 slides
New Poverty Data Highlights Need to Help Workers and Families Login at:

New Poverty Data Highlights Need to Help Workers and Families Login at:

September 2019 RESULTS U.S. Poverty National Webinar New Poverty Data Highlights Need to Help Workers and Families Login at: https://results.zoom.us/j/873308801 or dial (929) 436-2866 or (669) 900- 6833, Meeting ID: 873 308 801. RESULTS is a

1.04k views • 36 slides
Win at Reversing API Tracing and Sandboxing through Inline Hooking Nick Harbour Agenda

Win at Reversing API Tracing and Sandboxing through Inline Hooking Nick Harbour Agenda

Win at Reversing API Tracing and Sandboxing through Inline Hooking Nick Harbour Agenda Reverse Engineering Primer Approaches to Dynamic Analysis Inline Hooks Advantages Over Other Techniques Usages 2 Reverse Engineering

379 views • 19 slides
Limit Laws for q -Hook Formulas Sara Billey University of Washington Based on joint work with:

Limit Laws for q -Hook Formulas Sara Billey University of Washington Based on joint work with:

Limit Laws for q -Hook Formulas Sara Billey University of Washington Based on joint work with: Joshua Swanson arXiv:2010.12701 Slides: math.washington.edu/billey/talks/hooks.pdf Triangle Lectures in Combinatorics November 14, 2020 Outline

867 views • 61 slides
A Look Under the Hood of SMART Designs for Developing Adaptive Interventions Daniel Almirall, PhD

A Look Under the Hood of SMART Designs for Developing Adaptive Interventions Daniel Almirall, PhD

A Look Under the Hood of SMART Designs for Developing Adaptive Interventions Daniel Almirall, PhD Survey Research Center, Institute for Social Research University of Michigan April 11, 2016 Center for Drug Use and HIV Research New York, NY

762 views • 73 slides
Horizon 2020 and Free Software Marc Hoffmann, h-rd.org FOSDEM2014 Horizon 2020 and Free Software

Horizon 2020 and Free Software Marc Hoffmann, h-rd.org FOSDEM2014 Horizon 2020 and Free Software

Horizon 2020 and Free Software http://h-rd.org/publications/fosdem2014/fosdem... Horizon 2020 and Free Software Marc Hoffmann, h-rd.org FOSDEM2014 Horizon 2020 and Free Software Why this presentation? I'm doing research http://h-rd.org I'm

336 views • 5 slides
DEEP-H -Hybrid rid-DataCloud ud Digi gita tal I Inf nfrastr tructu uctures f for R

DEEP-H -Hybrid rid-DataCloud ud Digi gita tal I Inf nfrastr tructu uctures f for R

DEEP-H -Hybrid rid-DataCloud ud Digi gita tal I Inf nfrastr tructu uctures f for R Research ( ch (DI4R) lva varo L Lpez Garc ca Lisbon (Portugal) aloga@ifca.unican.es October 10, 2018 Spanish National Research Council

393 views • 14 slides
International Workshop on Semantics for Transport #Sem4Tra SEMANTiCS 2019 Karlsruhe, Germany

International Workshop on Semantics for Transport #Sem4Tra SEMANTiCS 2019 Karlsruhe, Germany

International Workshop on Semantics for Transport #Sem4Tra SEMANTiCS 2019 Karlsruhe, Germany September 9th #Sem4Tra Problem We are a research community applying Semantic Web technologies on transport problems We encounter specific

273 views • 8 slides
CS440/ECE448 Lecture 11: Alpha-Beta Pruning; Limited Horizon Slides by Mark Hasegawa-Johnson

CS440/ECE448 Lecture 11: Alpha-Beta Pruning; Limited Horizon Slides by Mark Hasegawa-Johnson

CS440/ECE448 Lecture 11: Alpha-Beta Pruning; Limited Horizon Slides by Mark Hasegawa-Johnson &amp; Svetlana Lazebnik, 2/2020 Distributed under CC-BY 4.0 (https://creativecommons.org/licenses/by/4.0/). You are free to share and/or adapt if you

599 views • 28 slides

More recommend