mandatory access control systems
play

Mandatory Access Control Systems CSE497b - Spring 2007 - PowerPoint PPT Presentation

Nov 14, 2023 •21 likes •281 views

Mandatory Access Control Systems CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007- Professor Jaeger

  1. Mandatory Access Control Systems CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007- Professor Jaeger

  2. Mandatory Access Control • System-Defined Policy – Fixed Set of Subject and Object Labels – Fixed Permission Assignments – Fixed Label Assignments: (e.g., file to object label) O 1 O 2 O 3 J R R R W W S 2 N R R W S 3 N R R W CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 2

  3. MAC and Systems • What is necessary to be a system that enforces MAC policies? – Specify: MAC Policy Model – Enforce: Reference Monitor – Transitions: Changes of privilege must be controlled • Plus, others – Management: Policy development tools – Services: MAC-aware services – Applications: Work with MAC limitations • What do these systems look like? – We ’ ll examine Multics and SELinux CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 3

  4. Multics • Multiplexed Information and Computing Service – Project started as a timesharing system in 1965 -- Used until 2000 – Research project that led to a commercial product • Invented a number of important OS features – Segmented and Virtual Memory – Shared Memory Multiprocessor – Online Reconfiguration – Hierarchical File Systems CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 4

  5. Multics Security Features • Also, a number of security features were pioneered – First Multilevel Secure (MLS) system – Isolation based on segments and rings – Ring crossing mechanisms to protect integrity – Guard-like functions for integrity protection (Gatekeepers) – One-way encrypted passwords – Covert channel defenses – And software assurance techniques... • But, function over security – Multics Security Evaluation, 1974 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 5

  6. Protection Rings • Successively less-privileged “domains” • Example: Multics (64 rings in theory, 8 in practice) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 6

  7. What do rings mean? • What ’ s in a ring? – Processes, with the code that they can access – Data they can access directly • Execute in ring i – Process runs with rights of ring i – Data in rings >= i can be accessed – Any procedure may be accessible • Ring-crossings (generalized) – If process calls procedure in a different ring – Traps to kernel to authorize transition – If authorized, process runs the new procedure in the new ring CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 7

  8. Multics Ring Interpretation • Kernel resides in ring 0 • Process runs in a ring r – Access based on current ring • Process accesses data segments – Each data segment has an access bracket : (a1, a2) • a1 <= a2 – Describes read and write access • r is the current ring • r <= a1: access permitted • a1 < r <= a2: r permitted; w denied • a2 < r: all access denied CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 8

  9. Multics Ring Interpretation (con’t) • Also different procedure segments – with call brackets : (c1, c2) • c1 <= c2 – and access brackets (a1, a2) – Rights to execute code in a new procedure segment • (1) r < a1: access permitted with ring-crossing fault • (2) a1 <= r <= a2 = c1: access permitted and no fault • (3) a2 < r <= c2: access permitted through a valid gate • (4) c2 < r: access denied • What ’ s it mean? – case 1: ring-crossing fault changes procedure ’ s ring • increases from r to a1 – case 2: keep same ring number – case 3: gate checks args, decreases ring number (to a2) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 9

  10. Examples • Process in ring 3 accesses data segment – access bracket: (2, 4) – What operations can be performed? • Process in ring 5 accesses same data segment – What operations can be performed? • Process in ring 5 accesses procedure segment – access bracket (2,4) – call bracket (4, 6) – Can call be made? – Can new procedure segment access the data segment above? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 10

  11. Multics Community • Multicians CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 11

  12. Secure Operating Systems • Provably Secure OS (PSOS) • GEMSOS • KeyKOS and EROS (capability systems) • IX (Secure UNIX variant) • Trusted Solaris • Trusted IRIX (SGI) • Trusted Mach • Distributed Trusted Mach • XTS-400 and STOP (BAE Systems) • Flask (Microkernel based system) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 12

  13. MAC in Linux • In 2000, Linus authorized the development of a reference monitor for Linux – So, he didn ’ t have to choose a single security approach • Linux Security Modules framework was born – LSM defines an interface for reference monitoring modules – Anybody could build an LSM! • Introduced in Linux 2.6 – Version built for BSD – Underway for MAC OS X CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 13

  14. Linux Security Modules Approach • Linux Security Modules framework • What security function and how does implementation satisfy it? Entry Points Entry Points System System Interface Interface Access Access Hook Hook Authorize Request? Security-sensitive Security-sensitive Access Access Operation Operation Access Access Monitor Monitor Hook Hook Hook Hook Policy Policy Security-sensitive Security-sensitive Security-sensitive Security-sensitive Operation Operation Operation Operation Yes/No CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 14

  15. SELinux • LSM + much more SELinux SELinux-aware System Bootstrap Services Processes (1) Load Policy (2) Authenticate (3) Syscalls SELinuxfs Linux Kernel SELinux LSM CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 15

  16. SELinux uses Type Enforcement • MAC Policy O 1 O 2 O 3 – Subjects and Objects Labeled • Access Matrix Policy S 1 Y Y N – Processes with subject label – Can access object of object label S 2 N Y N – If operations in matrix cell allow • Focus: Least Privilege S 3 N Y Y – Integrity bias CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16

  17. SELinux Execute Transitions • Run the privileged passwd program • Simplified view -- takes 4 policy rules to do this Fork User Proc user_t User Proc user_t Exec passwd_t Root Proc passwd_t CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17

  18. MAC Systems • Policy – Define a fixed access policy (mandatory access control) – Multics MLS and ring policies; SELinux TE • Enforcement – Use a reference monitor (remember the guarantees required) – Multics kernel; Linux LSM (SELinux) • Transitions – Enable controlled transition between privilege levels – Complexity most due to limiting transitions – Multics ring transitions; SELinux execute transitions • Challenge – Getting programs to run with limited information flows CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 18

  19. Assurance • We want to know – Security model we are enforcing (Security Function) – That it enforces this model correctly (Assurance) • Suppose – We have a system that enforces Bell-LaPadula – What should a system do that enforces BLP? – How do we know that the implementation is correct? • Assurance – aims to answer these questions CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 19

  20. Rainbow Series • Trusted Computer Systems Evaluation Criteria • From 1983-1999 – A variety of documents to help build secure systems – Password Management – Audit – Configuration Management • Orange Book (1985) – Defined 6 classes of security systems • Function that the class provides • Requirements for verifying that implementation met the class – Requirements fall into a number of categories • Access control mechanism/policy • Authentication • Audit CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 20

  21. Orange Book Classes • C1 and C2 – Discretionary protection • Authentication, audit for discretionary access • Testing and documentation – C2 is the most common class for commercial products • B1, B2, and B3 – Labeled security protection: • Multi-level security (Bell-LaPadula) • More testing and more documentation – B1: MLS on some objects; B2: MLS on all • B2 also introduces covert channel protections and config mgmt – B3 more software engineering documentation • A1: Verified protection – Requires correspondence between code and formal model CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control

Outline Multilevel and mandatory access control CSci 5271 Capability-based access control Introduction to Computer Security Announcements intermission Day 11: OS security: higher assurance Stephen McCamant OS trust and assurance University

303 views • 9 slides
Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Stephen McCamant Capability-based access control University of Minnesota, Computer

486 views • 7 slides
Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security

Outline Multilevel and mandatory access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Stephen McCamant Capability-based access control University of Minnesota, Computer

245 views • 5 slides
Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown:

Mandatory Access Control Mandatory Access Control 1 DAC DAC and Trojan Horse d T j H Brown: read, write Employee Brown Read Employee Black Brown: read write Black, Brown: read, write REJECTED! Blacks Employee Black is not allowed

565 views • 38 slides
D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF

D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF

D e f i n i t i o n o f S E L i n u x 80:20:DE:AD:BE:EF 80:20:DE:AD:BE:EF Mandatory Access Control ... refers to a type of access control by which the operating system constrains the ability of a subject or initiator to

599 views • 47 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System

Role-Based Access Control Corban Rivera CS 6204, Spring 2005 1 Trusted Computer System Evaluation Criteria (TCSEC) Background MAC Mandatory Access Control Firm security levels DAC Discretionary Access Control Access

240 views • 6 slides
Attacks on Pay-TV Access Control Systems Markus G. Kuhn Computer Laboratory Generations of

Attacks on Pay-TV Access Control Systems Markus G. Kuhn Computer Laboratory Generations of

Attacks on Pay-TV Access Control Systems Markus G. Kuhn Computer Laboratory Generations of Pay-TV Access Control Systems Analog Systems remove sync information, try to confuse gain-control in receiver, etc. cryptography is not essential part

463 views • 14 slides
Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction

Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction

Outline OS security: authentication, contd Basics of access control CSci 5271 Introduction to Computer Security Announcements intermission OS security: access control Unix-style access control Stephen McCamant Multilevel and mandatory

656 views • 9 slides
Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project)

Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project)

Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project) Miroslaw.Zakrzewski@Ericsson.ca Ericsson Research Canada Open System Lab Montral Canada http://www.risq.ericsson.ca Rev PA1 2002-05-22 1 Ericsson

841 views • 42 slides
DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read

DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read

DAC and Trojan Horse Brown: read, write Employee Mandatory Access Control Brown B Read Employee R d E l Black, Brown: read, write REJECTED! Blacks Employee Black is not allowed To access Employee Black 1 2 Mandatory Access

433 views • 6 slides
Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File

Working Set- -Based Access Control for Based Access Control for Working Set Network File Systems Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University

667 views • 23 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Automa'c Iden'fica'on of Research Ar'cles from Crawled Documents

Automa'c Iden'fica'on of Research Ar'cles from Crawled Documents

Automa'c Iden'fica'on of Research Ar'cles from Crawled Documents Cornelia Caragea 1 , Jian Wu 2 , Kyle Williams 2 , Sujatha Das G. 1 , Madian Khabsa 3 , Pradeep

470 views • 25 slides
Implementing autograd Slides by Matthew Johnson Autograds implementation

Implementing autograd Slides by Matthew Johnson Autograds implementation

Implementing autograd Slides by Matthew Johnson Autograds implementation github.com/hips/autograd Dougal Maclaurin, David Duvenaud, Matt Johnson differentiates native Python code handles most of Numpy + Scipy loops, branching,

967 views • 44 slides
MATH 12002 - CALCULUS I 3.7: Antiderivatives (Part 1) Professor Donald L. White Department of

MATH 12002 - CALCULUS I 3.7: Antiderivatives (Part 1) Professor Donald L. White Department of

MATH 12002 - CALCULUS I 3.7: Antiderivatives (Part 1) Professor Donald L. White Department of Mathematical Sciences Kent State University D.L. White (Kent State University) 1 / 6 Definitions and Theorems Definition Let f be a function

254 views • 6 slides
CS 4803 / 7643: Deep Learning Topics: Specifying Layers Forward &amp; Backward

CS 4803 / 7643: Deep Learning Topics: Specifying Layers Forward &amp; Backward

CS 4803 / 7643: Deep Learning Topics: Specifying Layers Forward &amp; Backward autodifferentiation (Beginning of) Convolutional neural networks Zsolt Kira Georgia Tech Projects We will release a set of project ideas for those

1.04k views • 50 slides
Evaluating Systems Information Assurance Fall 2009 Reading Material Chapter 21 Computer

Evaluating Systems Information Assurance Fall 2009 Reading Material Chapter 21 Computer

Evaluating Systems Information Assurance Fall 2009 Reading Material Chapter 21 Computer Security: Art and Science The orange book and the whole rainbow series http://nsi.org/Library/Compsec/orangebo.txt The common criteria

833 views • 31 slides
Module 19: Security The Security Problem Authentication Program Threats System

Module 19: Security The Security Problem Authentication Program Threats System

Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT Operating System Concepts Silberschatz, Galvin and Gagne 2002

425 views • 9 slides
Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world Security decisions based on: Value: How much is it worth? Locks: How hard is it to circumvent protection? Police: What are the

980 views • 47 slides
Security CS 4410 Operating Systems References: Security Introduction and Access Control by Fred

Security CS 4410 Operating Systems References: Security Introduction and Access Control by Fred

Security CS 4410 Operating Systems References: Security Introduction and Access Control by Fred Schneider Historical Context 1961 1969 1960s OSes begin to be shared. Enter: Communication Synchronization Protection Security:

1.16k views • 53 slides

More recommend