m eeting critical security objectives with security
play

M eeting Critical Security Objectives with Security-Enhanced Linux - PowerPoint PPT Presentation

Apr 22, 2023 •46 likes •476 views

M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco Information Assurance Research G roup National Security Agency Co-author: Stephen D. Smalley, NAI Labs 1 roup Inform ation A ssurance R esearch G

  1. M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco Information Assurance Research G roup National Security Agency Co-author: Stephen D. Smalley, NAI Labs 1 roup ■ Inform ation A ssurance R esearch G ■

  2. Presentation Outline • O perating system security • The Flask architecture • Security-enhanced Linux • Example security server • Meeting critical security objectives • Future Direction 2 roup ■ Inform ation A ssurance R esearch G ■

  3. The Need for Secure OS • Increasing risk to valuable information • Dependence on O S protection mechanisms • Inadequacy of mainstream operating systems • Key missing feature: Mandatory Access Control (MAC) – Adm inistratively-set security policy – Control over all subjects and objects in system – Decisions based on all security-relevant inform ation 3 roup ■ Inform ation A ssurance R esearch G ■

  4. W hy is DAC inadequate? • Decisions are only based on user identity and ownership • No protection against malicious software • Each user has complete discretion over his objects • O nly two major categories of users: superuser and other • Many system services and privileged programs must run with coarse-grained privileges if not as superuser 4 roup ■ Inform ation A ssurance R esearch G ■

  5. W hat can M AC offer? • Strong separation of security domains • System and data integrity • Ability to limit program privileges • Protection against tamper and bypass • Processing pipelines guarantees • Authorization limits for legitimate users 5 roup ■ Inform ation A ssurance R esearch G ■

  6. M AC Im plem entation Issues • Must overcome limitations of traditional implementations – M ore than just M ultilevel Security – Address integrity, least privilege, separation of duty issues – Com plete control using needed security relevant inform ation – Control relationships between subjects and code • Policy flexibility required – One size does not fit all! – Ability to change the m odel of security – Ability to express different policies within given m odel – Separation of policy from enforcem ent • Maximize security transparency 6 roup ■ Inform ation A ssurance R esearch G ■

  7. Custom ize according to need • Separation policies – Establishing Legal Restrictions on data – Restrictions to classified/com partm ented data • Confinement policies – Restricting web server access to authorized data – M inim izing dam age from viruses and other m alicious code • Integrity policies – Protecting applications from m odification – Preventing unauthorized m odifications of databases • Invocation policies – Guaranteeing that data is processed as required – Enforcing encryption policies 7 roup ■ Inform ation A ssurance R esearch G ■

  8. Security Solutions with Flexible M AC • Confines malicious code – Can safely run code of uncertain pedigree – Constrains code inserted via buffer overflow attacks – Lim its virus propagation • Allows effective decomposition of root – Root no longer all powerful – Lim its each root function to needed privilege – Elim inates m ost privilege elevation attacks • Allows effective assignment of privilege – Servers need not run with com plete access – Servers and needed resources can be isolated – Separate protections for system logs 8 roup ■ Inform ation A ssurance R esearch G ■

  9. Toward a New Form of M AC • Research by NSA with help from SCC • G eneralized from prior Type Enforcement work • Provide flexible support for security policies • Cleanly separate policy from enforcement • Address limitations of traditional MAC • DTMach, DTO S, Flask 9 roup ■ Inform ation A ssurance R esearch G ■

  10. The Flask Security Architecture • Cleanly separates policy from enforcement. • W ell-defined policy interfaces. • Support for policy changes. • Allows users to express policies naturally. • Fine-grained controls over kernel services. • Caching to minimize performance overhead. • Transparent to applications and users. 10 roup ■ Inform ation A ssurance R esearch G ■

  11. The Flask Security Architecture Subject, object, Security Server Object Manager class, requested Access Policy Policy Vector Decisions Enforcement Cache Yes/no Access vector SID/Context Object/SID Mapping Mapping 11 roup ■ Inform ation A ssurance R esearch G ■

  12. Policy Decisions • Labeling Decisions: O btaining a label for a new subject or object. • Access Decisions: Determining whether a service on an object should be granted to a subject. • Polyinstantiation Decisions: Determining where to redirect a process when accessing a polyinstantiated object. 12 roup ■ Inform ation A ssurance R esearch G ■

  13. Policy Changes • Interfaces to AVC for policy changes • Callbacks to O bject Managers for retained permissions • Sequence numbers to address interleaving • Revalidation of permissions on use 13 roup ■ Inform ation A ssurance R esearch G ■

  14. Controlled Services • Permissions are defined on objects and grouped together into object classes • Examples – Process: code execution, transitions, entrypoints, signals, wait, ptrace, capabilities, etc. – File: fd inheritance and transfer, accesses to files, directories, file system s – Socket: accesses to sockets, m essages, network interfaces, hosts – System V IPC: accesses to sem aphores, m essage queues, shared m em ory – Security: accesses to security server services 14 roup ■ Inform ation A ssurance R esearch G ■

  15. Security Server Interface • O bject Labeling – Request SID to label a new object • int security_transition_sid(ssid, tsid, tclass, *out_sid) – Exam ple of usage for new file label • error = security_transition_sid(current->sid, dir->i_sid, FILE, &sid); 15 roup ■ Inform ation A ssurance R esearch G ■

  16. Security Server Interface (cont.) • Access Decisions – Request Access Vector for a given object class/perm ission • int security_com pute_av(ssid, tsid, tclass, requested, *allowed, *decided, *seqno); – Ignores access vectors for auditing and requests of notifications of com pleted operations 16 roup ■ Inform ation A ssurance R esearch G ■

  17. Security Server Interface (cont.) • Access Vector Cache (AVC) – security_com pute_av() called indirectly through AVC • int avc_has_perm _ref(ssid, tsid, tclass, requested, *aeref, *auditdata) – aeref is hint to cache entry. If invalid then security_com pute_av() is called • File permission check shortcuts – int dentry_m ac_perm ission(struct dentry *d, access_vector_t av ) 17 roup ■ Inform ation A ssurance R esearch G ■

  18. Perm ission Checking Exam ples • unlink from fs/namei.c:vfs_unlink() error = dentry_m ac_perm ision(dentry, FILE_UNLINK); if (error) return error; – Additional directory-based checks for search and rem ove_nam e perm issions • Process to socket check from net/ipv4/af_inet:inet_bind() lock_sock(sk); ret = avc_has_perm _ref(current->sid,sk->sid,sk->sclass, SOCKET_BIND &sk->avcr); release_sock(sk); if (ret) return ret; 18 roup ■ Inform ation A ssurance R esearch G ■

  19. Perm ission Checking Exam ples • execve() from fs/exec.c:prepare_binprm () if (!bprm ->sid) { retval = security_transition_sid(current->sid, inode->i_sid, S EC C LA SS _PR O C ES S, & bprm ->sid); if (retval) return retval;} if (current->sid != bprm ->sid & & !bprm ->sh_bang){ retval = A VC _H AS _PE R M _A U D IT(current->sid, bprm ->sid, P R O C E SS , TR A N SITIO N , &ad); if (retval) return retval; retval = process_file_m ac_perm ission(bprm ->sid, bprm ->file, P R O C E SS _EN TR YP O IN T); if (retval) return retval;} retval = process_file_m ac_perm ission(bprm ->sid, bprm ->file, P R O C E SS _EX EC U TE); if (retval) return retval; • Also checks file:execute, fd:inherit, process:ptrace 19 roup ■ Inform ation A ssurance R esearch G ■

  20. API Enhancem ents • Existing Linux API calls unchanged • New API calls for security-aware applications: execve_secure, mkdir_secure, stat_secure, socket_secure, accept_secure, etc. • New API calls for application policy enforcers: security_compute_av, security_transition_sid, etc. 20 roup ■ Inform ation A ssurance R esearch G ■

  21. Exam ple Security Server • Implements combination of Role-Based Access Control, Type Enforcement, optional Multi-Level Security. • Labeling, access, and polyinstantiation decisions defined through set of configuration files. • Example policy configuration provided. 21 roup ■ Inform ation A ssurance R esearch G ■

  22. Exam ple Policy Configuration: TE Concepts • Domains for processes, types for objects. • Specifies allowable accesses by domains to types. • Specifies allowable interactions among domains. • Specifies allowable and automatic domain transitions. • Specifies entrypoint and code execution restrictions for domains. 22 roup ■ Inform ation A ssurance R esearch G ■

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Through Examples Exploring Cyber Security in Critical Infrastructure Tim Yardley,

Security Through Examples Exploring Cyber Security in Critical Infrastructure Tim Yardley,

Security Through Examples Exploring Cyber Security in Critical Infrastructure Tim Yardley, University of Illinois Urbana-Champaign yardley@illinios.edu Introduction Material September 30, 2016 cred-c.org Se Settin ing T The St Stage 1

495 views • 20 slides
Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided

Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided

Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided by a typical operating system. Introduce the basic Unix security model. See how general security principles are implemented in an actual

733 views • 59 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP) Top List, we

830 views • 39 slides
APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of

APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of

APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of Networks and Security, JKU Linz PhD defense 2 nd of March 2018 14:15-15:45, Science Park 3 Room S3 218 MOTIVATION Trend towards security and

541 views • 28 slides
www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device generates, stores and processes security-critical information 2 PUFs: Myth, Fact or Busted? CHES 2012 However: Cryptographic secrets can be leaked

443 views • 26 slides
(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom frei@techzoom.net Twitter @stefan_frei Cyber & Networking Security Networking security has become critical issue for all types

788 views • 66 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
Energy as a National Security Challenge Environmental Entrepreneurs Mission Critical 9

Energy as a National Security Challenge Environmental Entrepreneurs Mission Critical 9

The Caliber of Your Choice Energy as a National Security Challenge Environmental Entrepreneurs Mission Critical 9 November 2011 Dan Nolan - Sabot 6, Inc. An Energy Security Company 1800 Diagonal Ave Ste 600 - Alexandria, VA 22314

692 views • 51 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
Welcome to NJMHAPP 1.0 NJ Mental Health Application for Payment Processing Provider Information

Welcome to NJMHAPP 1.0 NJ Mental Health Application for Payment Processing Provider Information

Welcome to NJMHAPP 1.0 NJ Mental Health Application for Payment Processing Provider Information Session November 16, 2016 Release Date January 2017 Brian Regan Assistant Divisional Director (OIS) Nitin Garg OIS Manager Mahesh Phadke

572 views • 41 slides
UPLOAD VIDEOS TO MICROSOFT STREAM VIA ACCESSUH To upload a video on Microsoft Stream, go to

UPLOAD VIDEOS TO MICROSOFT STREAM VIA ACCESSUH To upload a video on Microsoft Stream, go to

UPLOAD VIDEOS TO MICROSOFT STREAM VIA ACCESSUH To upload a video on Microsoft Stream, go to AccessUH, login with your Cougarnet credentials and then click Office 365. Search for Stream to find the Microsoft Stream app.

138 views • 3 slides
APPLY TEXAS 101 Dual2Degree Department IN YOUR WEB BROWSER TYPE : WWW.APPLYTEXAS.ORG CLICK

APPLY TEXAS 101 Dual2Degree Department IN YOUR WEB BROWSER TYPE : WWW.APPLYTEXAS.ORG CLICK

APPLY TEXAS 101 Dual2Degree Department IN YOUR WEB BROWSER TYPE : WWW.APPLYTEXAS.ORG CLICK CREATE YOUR ACCOUNT NOW MY PROFILE Check Box Suffix means if your name (for males) ends with Jr., III, etc. Under place of birth, select a

788 views • 40 slides
Goddard College Presentation Good morning. My name is Joyce Gustafson and I am the Director of

Goddard College Presentation Good morning. My name is Joyce Gustafson and I am the Director of

Goddard College Presentation Good morning. My name is Joyce Gustafson and I am the Director of Operations for Goddard College in Port Townsend. Im joined here today by my colleague Jessica Plumb. I want to begin by thanking the PDA Board

99 views • 6 slides
TRALSE POSITIVE Simple Methods for Confirming IDS/IPS Alerts Introduc3on

TRALSE POSITIVE Simple Methods for Confirming IDS/IPS Alerts Introduc3on

TRALSE POSITIVE Simple Methods for Confirming IDS/IPS Alerts Introduc3on Geoffrey Serrao Currently Employed at Sourcefire, Inc. Tier I Technical Support Engineer Typical work day for a Tier 1 Hardware

517 views • 24 slides
Before the FEDERAL COMMUNICATIONS COMMISSION Washington, DC 20554 In the Matter of ) ) WC

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, DC 20554 In the Matter of ) ) WC

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, DC 20554 In the Matter of ) ) WC Docket 17-108 Restoring Internet Freedom ) To: The Commission MOTION FOR ACCEPTANCE OF LATE-FILED SUBMISSION The Wireless Internet Service

831 views • 23 slides
Crypto Mining CHRISTOS HADJISTYLLIS EPL682 - ADVANCED SECURITY TOPICS, SPRING 2018/2019

Crypto Mining CHRISTOS HADJISTYLLIS EPL682 - ADVANCED SECURITY TOPICS, SPRING 2018/2019

Crypto Mining CHRISTOS HADJISTYLLIS EPL682 - ADVANCED SECURITY TOPICS, SPRING 2018/2019 UNIVERSITY OF CYPRUS Introduction Cryptocurrency: virtual currency usually not controlled by any government or physical entity Examples: Bitcoin,

623 views • 36 slides
Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2), Anshuman Singh(1), and Aleardo Manacero Jr.(2) (1)University of Louisiana at Lafayette, USA (2)Paulista State University (UNESP), Brazil PEPM 2010

309 views • 29 slides

More recommend