may 15 information flow and confinement
play

May 15: Information Flow and Confinement Information flow for - PowerPoint PPT Presentation

Jul 22, 2023 •157 likes •487 views

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

  1. May 15: Information Flow and Confinement • Information flow for integrity policies • Examples of information flow controls – Android phone – Firewalls • Confinement • Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide #1

  2. Integrity Mechanisms • Biba: mathematical dual of Bell-LaPadula • Same idea for all constraints, but the opposite • In general: reverse direction of ≤ and reoplace lub with glb May 15, 2017 ECS 235B Spring Quarter 2017 Slide #2

  3. Assignment x := y + z ; Information flows from y , z to x , so for integrity this requires x ≤ glb ( y , z ) More generally: y := f ( x 1 , ..., x n ) the relation y ≤ glb ( x 1 , …, x n ) must hold May 15, 2017 ECS 235B Spring Quarter 2017 Slide #3

  4. Conditional Statement if x + y < z then a := b else d := b * c – x ; • The statement executed reveals information about x , y , z , so lub ( a , d ) ≤ glb ( x , y , z ) More generally: if f ( x 1 , ..., x n ) then S 1 else S 2 ; end • S 1 , S 2 must be certified with respect to integrity • lub ( y | y target of assignment in S 1 , S 2 ) ≤ glb ( x 1 , …, x n ) May 15, 2017 ECS 235B Spring Quarter 2017 Slide #4

  5. Example: Android Cellphones • Usually apps ask for (and get) all permissions • Ad libraries part of app, so have same permissions • So app (and libraries) can access information on, about phone – Like address book May 15, 2017 ECS 235B Spring Quarter 2017 Slide #5

  6. Information Flow! • Here, information flowing illicitly out of phone • So, how do we analyze this? • Biba, with 2 integrity levels – Untainted (U) – Tainted (T) – T < U (ie, information can flow from untainted to tainted but not the other way) May 15, 2017 ECS 235B Spring Quarter 2017 Slide #6

  7. Example Tool • TaintDroid: dynamic flow analysis tool – Android native libraries are U – Those that communicate info externally are taint sinks – Objects are U or T, as these propagate throughout the system – A T object involving a taint sink: data going out of taint sink recorded May 15, 2017 ECS 235B Spring Quarter 2017 Slide #7

  8. During App Operation • Info flow rules (for integrity) modify tags as rules dictate – Android native libraries: external variables referenced, return values tagged based on knowledge of what the code does • IPC: values in messages grouped by level • Files: taint tag updated as file written; tag of file tied to variables as file is readf • Sensors: tagged depending on data May 15, 2017 ECS 235B Spring Quarter 2017 Slide #8

  9. Effectiveness • Out of 30 popular apps that made 105 network connections using data marked T – 2 sent cellphone ID info (like phone number) to server – 9 send device identifiers (2 didn’t notify the user they were doing this) – 15 sent location info to third parties (none notified the user they were doing this) May 15, 2017 ECS 235B Spring Quarter 2017 Slide #9

  10. Firewalls • Host that mediates access to a network – Blocks or allows access based on security policy – If rules applied at the packet level, packet filtering firewall – If rules applied at the application level, proxy or application level firewall – If it keeps track of state of each connection, it’s a stateful firewall May 15, 2017 ECS 235B Spring Quarter 2017 Slide #10

  11. Examples • Firewall checks all incoming email for malware, and discards letters with that • Java applet coming from an untrusted source – On each HTTP connection, firewall analyzes connection to see if applet coming over – If so, analyze the applet to see if it is safe; discard the applet; or disable it (change “<applet>” to something else May 15, 2017 ECS 235B Spring Quarter 2017 Slide #11

  12. DMZ • Portion of a network separating a completely internal network from an external one – Internal firewall separates DMZ, internal network – External firewall separates DMZ, external network – Internal firewall more restrictive than external one (usually) May 15, 2017 ECS 235B Spring Quarter 2017 Slide #12

  13. DMZ • Idea: servers in DMZ serve as intermediaries – House externally visible web pages there – Email goes through a DMZ server • If attacker compromises those systems, still must get through inner firewall to access company’s secret May 15, 2017 ECS 235B Spring Quarter 2017 Slide #13

  14. DMZ Configuration May 15, 2017 ECS 235B Spring Quarter 2017 Slide #14

  15. DMZ Configuration May 15, 2017 ECS 235B Spring Quarter 2017 Slide #15

  16. Confinement • What is the problem? • Isolation: virtual machines, sandboxes • Detecting covert channels May 15, 2017 ECS 235B Spring Quarter 2017 Slide #16

  17. Example Problem • Server balances bank accounts for clients • Server security issues: – Record correctly who used it – Send only balancing info to client • Client security issues: – Log use correctly – Do not save or retransmit data client sends May 15, 2017 ECS 235B Spring Quarter 2017 Slide #17

  18. Generalization • Client sends request, data to server • Server performs some function on data • Server returns result to client • Access controls: – Server must ensure the resources it accesses on behalf of client include only resources client is authorized to access – Server must ensure it does not reveal client’s data to any entity not authorized to see the client’s data May 15, 2017 ECS 235B Spring Quarter 2017 Slide #18

  19. Confinement Problem • Problem of preventing a server from leaking information that the user of the service considers confidential May 15, 2017 ECS 235B Spring Quarter 2017 Slide #19

  20. Total Isolation • Process cannot communicate with any other process • Process cannot be observed Impossible for this process to leak information – Not practical as process uses observable resources such as CPU, secondary storage, networks, etc. May 15, 2017 ECS 235B Spring Quarter 2017 Slide #20

  21. Example • Processes p , q not allowed to communicate – But they share a file system! • Communications protocol: – p sends a bit by creating a file called 0 or 1 , then a second file called send • p waits until send is deleted before repeating to send another bit – q waits until file send exists, then looks for file 0 or 1 ; whichever exists is the bit • q then deletes 0 , 1 , and send and waits until send is recreated before repeating to read another bit May 15, 2017 ECS 235B Spring Quarter 2017 Slide #21

  22. Covert Channel • A path of communication not designed to be used for communication • In example, file system is a (storage) covert channel May 15, 2017 ECS 235B Spring Quarter 2017 Slide #22

  23. Rule of Transitive Confinement • If p is confined to prevent leaking, and it invokes q , then q must be similarly confined to prevent leaking • Rule: if a confined process invokes a second process, the second process must be as confined as the first May 15, 2017 ECS 235B Spring Quarter 2017 Slide #23

  24. Lipner’s Notes • All processes can obtain rough idea of time – Read system clock or wall clock time – Determine number of instructions executed • All processes can manipulate time – Wait some interval of wall clock time – Execute a set number of instructions, then block May 15, 2017 ECS 235B Spring Quarter 2017 Slide #24

  25. Kocher’s Attack • This computes x = a z mod n , where z = z 0 … z k –1 x := 1; atmp := a ; for i := 0 to k –1 do begin if z i = 1 then x := ( x * atmp ) mod n ; atmp := ( atmp * atmp ) mod n ; end result := x ; • Length of run time related to number of 1 bits in z May 15, 2017 ECS 235B Spring Quarter 2017 Slide #25

  26. Isolation • Present process with environment that appears to be a computer running only those processes being isolated – Process cannot access underlying computer system, any process(es) or resource(s) not part of that environment – A virtual machine • Run process in environment that analyzes actions to determine if they leak information – Alters the interface between process(es) and computer May 15, 2017 ECS 235B Spring Quarter 2017 Slide #26

  27. Virtual Machine • Program that simulates hardware of a machine – Machine may be an existing, physical one or an abstract one • Why? – Existing OSes do not need to be modified • Run under VMM, which enforces security policy • Effectively, VMM is a security kernel May 15, 2017 ECS 235B Spring Quarter 2017 Slide #27

  28. VMM as Security Kernel • VMM deals with subjects (the VMs) – Knows nothing about the processes within the VM • VMM applies security checks to subjects – By transitivity, these controls apply to processes on VMs • Thus, satisfies rule of transitive confinement May 15, 2017 ECS 235B Spring Quarter 2017 Slide #28

  29. Example 1: KVM/370 • KVM/370 is security-enhanced version of VM/370 VMM – Goal: prevent communications between VMs of different security classes – Like VM/370, provides VMs with minidisks, sharing some portions of those disks – Unlike VM/370, mediates access to shared areas to limit communication in accordance with security policy May 15, 2017 ECS 235B Spring Quarter 2017 Slide #29

  30. Example 2: VAX/VMM • Can run either VMS or Ultrix • 4 privilege levels for VM system – VM user, VM supervisor, VM executive, VM kernel (both physical executive) • VMM runs in physical kernel mode – Only it can access certain resources • VMM subjects: users and VMs May 15, 2017 ECS 235B Spring Quarter 2017 Slide #30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement problem Covert channels Isolation: virtual machines, sandboxes March 2, 2009 ECS 235B, Winter Quarter 2009 Slide #19-1 Matt Bishop, UC

322 views • 30 slides
QCD - properties confinement, Higgs mechanism more on confinement (i) the absence of free quarks

QCD - properties confinement, Higgs mechanism more on confinement (i) the absence of free quarks

QCD - properties confinement, Higgs mechanism more on confinement (i) the absence of free quarks in Nature [but quarks could combine with a fundamental coloured scalar] (ii) observable particles are colour singlets [but this confuses

1.58k views • 130 slides
May 24: Confinement Confinement, non-VM isolation Program modification Covert channels

May 24: Confinement Confinement, non-VM isolation Program modification Covert channels

May 24: Confinement Confinement, non-VM isolation Program modification Covert channels May 24, 2017 ECS 235B Spring Quarter 2017 Slide #1 Compiling Compiler enforces or validates constraints Type-safe language enforces them

313 views • 27 slides
Drugs during Confinement: A look at different sources of information Jorge Ameth Villatoro

Drugs during Confinement: A look at different sources of information Jorge Ameth Villatoro

Drugs during Confinement: A look at different sources of information Jorge Ameth Villatoro Velzquez Coordinator of the Surveys and Data Analysis Unit Ramn de la Fuente Muiz National Institute of Psychiatry Online Training Seminar Drug

387 views • 25 slides
Tetraquarks in the Steiner tree model of confinement available at

Tetraquarks in the Steiner tree model of confinement available at

Introduction Symmetry breaking and tetraquarks The additive model of tetraquark confinement The Steiner-tree model of confinement Conclusions Tetraquarks in the Steiner tree model of confinement available at

644 views • 20 slides
Laboratorio Nacional de Fusin, CIEMAT, Spain 1/ 31 CORE TRANSPORT EMPIRICAL ACTUATORS

Laboratorio Nacional de Fusin, CIEMAT, Spain 1/ 31 CORE TRANSPORT EMPIRICAL ACTUATORS

SUMMARY SESSION EX/C Magnetic Confinement experiments (Confinement) EX/D Magnetic Confinement Experiments: Plasma-material interactions PPC -Plasma Overall Performance and Control I. CORE TRANSPORT II. EDGE TRANSPORT III. PLASMA-WALL IV.

591 views • 31 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
May 19: Design Principles and Confinement Principles of Secure Design One set; other sets

May 19: Design Principles and Confinement Principles of Secure Design One set; other sets

May 19: Design Principles and Confinement Principles of Secure Design One set; other sets say basically the same thing Confinement, non-VM isolation Library operating systems Sandboxes Program modification Covert

584 views • 30 slides
Static Use-Based Object Confinement Christian Skalka and Scott Smith The Johns Hopkins University

Static Use-Based Object Confinement Christian Skalka and Scott Smith The Johns Hopkins University

Static Use-Based Object Confinement Christian Skalka and Scott Smith The Johns Hopkins University Object confinement: what is it? Object confinement is concerned with the encapsulation , or protection, of object references Code boundaries

412 views • 24 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Solitary ry confinement and super- maximum prisons A South Afr frican and in international

Solitary ry confinement and super- maximum prisons A South Afr frican and in international

Solitary ry confinement and super- maximum prisons A South Afr frican and in international perspective Gwen Dereymaeker Westville CC 7 September 2017 @ACJReform History ry of f super-maximum prisons Solitary confinement as punishment

380 views • 18 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
FIRST STEP ACT OF 2018 Early Release Mechanisms: Home Confinement and Reduction in Sentence

FIRST STEP ACT OF 2018 Early Release Mechanisms: Home Confinement and Reduction in Sentence

FIRST STEP ACT OF 2018 Early Release Mechanisms: Home Confinement and Reduction in Sentence Peter Goldberger, Ardmore PA NACDL Webinar, July 25, 2019 Early Eligibility for Home Confinement Per 603(a) of the First Step Act, amending

356 views • 22 slides
Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Information Flow 3 Many security requirements can be formulated as what information flow is allowed/disallowed E.g., confidential data should not

478 views • 27 slides
A Receding Horizon Approach for the Runtime Management of IaaS Cloud Systems www.modaclouds.eu

A Receding Horizon Approach for the Runtime Management of IaaS Cloud Systems www.modaclouds.eu

A Receding Horizon Approach for the Runtime Management of IaaS Cloud Systems www.modaclouds.eu Danilo Ardagna, Michele Ciavotta {danilo.ardagna, michele.ciavotta}@polimi.it Politecnico di Milano Riccardo Lancellotti

694 views • 26 slides
Cloud WorkBench A Web-Based Framework for Benchmarking Cloud Services Joel Scheuner University

Cloud WorkBench A Web-Based Framework for Benchmarking Cloud Services Joel Scheuner University

Cloud WorkBench A Web-Based Framework for Benchmarking Cloud Services Joel Scheuner University of Zurich, Switzerland software evolution &amp; architecture lab 14.08.2014 Cloud Computing - Essential Characteristics 1. On-demand Self-service

508 views • 28 slides
Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff Agenda IT Staff

Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff Agenda IT Staff

Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff Agenda IT Staff Introductions Brief Student Introduction Best way to get IT help Overview of student computing and equipment resources Treys Top

445 views • 28 slides
The Global Steel Industry: Innovation, Restructuring and Free Trade Brian Kruger, Chief Financial

The Global Steel Industry: Innovation, Restructuring and Free Trade Brian Kruger, Chief Financial

The Global Steel Industry: Innovation, Restructuring and Free Trade Brian Kruger, Chief Financial Officer David Goodwin, Executive Vice President Corporate Affairs 17 October 2003 Originally issued by BHP Steel. On 17 November 2003 BHP Steel

161 views • 15 slides
Virtualization is the Operating System of the Cloud Ren W. Schmidt Principal Engineer VMware,

Virtualization is the Operating System of the Cloud Ren W. Schmidt Principal Engineer VMware,

Virtualization is the Operating System of the Cloud Ren W. Schmidt Principal Engineer VMware, Inc. Cloud 1 Agenda Virtualization Primer Cloud Computing Defined VMware vCloud Initiative Cloud Application Architecture

616 views • 37 slides
Towards Understanding the Workload of a IaaS Cloud Lo c Perennou Outscale, ISEP

Towards Understanding the Workload of a IaaS Cloud Lo c Perennou Outscale, ISEP

Towards Understanding the Workload of a IaaS Cloud Lo c Perennou Outscale, ISEP loic.perennou@outscale.com September 13, 2018 1 / 25 Outline Introduction Data Collection Comparison of Outscales and Azures Workloads Relationship

274 views • 25 slides
Old Dominion University Old Dominion University Director Director s Message s Message

Old Dominion University Old Dominion University Director Director s Message s Message

Old Dominion University Old Dominion University Director Director s Message s Message Hampton Roads Real Estate Hampton Roads Real Estate Market Review and Forecast Market Review and Forecast John R. Lombard, PhD 2008 2008

363 views • 4 slides
SPONSOR DEBT PURCHASES Flow-chart assessing realization of CODI in connection with purchases of

SPONSOR DEBT PURCHASES Flow-chart assessing realization of CODI in connection with purchases of

SPONSOR DEBT PURCHASES Flow-chart assessing realization of CODI in connection with purchases of debt April 6 , 2020 1 Tax Structure Flowchart Sponsor Debt Purchases The below seeks to provide general guidance regarding U.S. federal

299 views • 4 slides

More recommend