mikro sina
play

Mikro-SINA Bastei's stacked policies Overlay window management - PDF document

Aug 09, 2023 •264 likes •347 views

So far ... Faculty of Computer Science Institute for System Architecture, Operating Systems Group Basics Device Drivers Real time Naming Secure Systems Resource Management Stefan Kalkowski Virtualization / Legacy

  1. So far ... Faculty of Computer Science Institute for System Architecture, Operating Systems Group • Basics • Device Drivers • Real time • Naming Secure Systems • Resource Management Stefan Kalkowski • Virtualization / Legacy Container • Secure Systems Dresden, 2008-01-08 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 2 von 39 Outline • Secure Systems: ● Detailed example: Mikro-SINA ● Definitions ● Security policies Mikro-SINA ● Bastei's stacked policies ● Overlay window management ● Demo TU Dresden, 2008-01-08 MOS - Secure Systems Slide 3 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 4 von 39 Secure Internet Network Architecture SINA Box • VPN based security architecture by 'Bundes- • Minimized & hardened Linux amt für Sicherheit in der Informationstechnik' • IPSec and PKI • Intrusion detection & response • Complex real world scenario TU Dresden, 2008-01-08 MOS - Secure Systems Slide 5 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 6 von 39

  2. Linux complexity Project Mikro-SINA • Linux is complex! • Goals: ● Reduce Trusted Computing Base of VPN • SLOC for kernel 2.6.18 gateway ● All: 4.983.723 ● Enable high level evaluation (e.g.: Common ● Architecture specific: 817.880 Criteria) ● x86 specific: 55.463 • Objectives: ● Driver code: 2.365.256 ● Confidentiality and integrity of sensitive ● Common: 1.800.587 network data inside the VPN • Running kernel > 2 millions lines of code • Exploit microkernel features • Minimized & hardened version > 500.000 LOC TU Dresden, 2008-01-08 MOS - Secure Systems Slide 7 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 8 von 39 IPSec – the heart of VPN security Easy approach • IPSec is a protocol suite for securing the • Use paravirtualized L4Linux as a tool Internet protocol • Identify the security relevant parts in the • Authentication header insecure application and separate them ● Guarantees integrity Application • 'Viaduct' is used for authentication, key and authentication management and en- and decryption TCP/UDP • Encapsulating Security L 4 Linux L 4 Linux Payload IP ● Also confidentiality TCP/IP IPSec TCP/IP „Viaduct“ • Two different modes IPSec IPSec ● Tunnel vs. transport Data Link Layer Fiasco Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 9 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 10 von 39 Viaduct in details Fragmentation of IP packets • IP packets must be passed to the Viaduct • Encrypted IP packets get fragmented ● Use TUN/TAP driver in Linux to tunnel IP ● Problem for decryption • IP packets have to be unfragmented before they are passed to the Viaduct L 4 Linux TCP/IP μ-SINA μ-SINA Viaduct Gateway Gateway IP router IP router L4Linux Viaduct L4Linux Viaduct eth0 l4tun0 Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 11 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 12 von 39

  3. Let Linux do the dirty work ... What about confidentiality? • Register new transport protocol • L4Linux is untrusted ● but handles encrypted and unencrypted data • IP stack will unfragment IP packets • Use a second L4Linux instance ● Each L4Linux instance drives its own ethernet L 4 Linux card exclusively AH/ESP TCP/IP Viaduct Internet LAN Viaduct L 4 Linux L 4 Linux eth0 l4tun0 eth0 eth1 Fiasco Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 13 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 14 von 39 Mikro-SINA so far Mikro-SINA: Multi Level Security • 'Outer' L4Linux instance handles encrypted • Different security levels for data from different data only organizational levels • 'Inner' L4Linux instance handles unencrypted • Use an own L4Linux instance for each level, data and cannot communicate to the other that handle the unencrypted data instance or the 'outgoing' network device L 4 Linux Internet Viaduct LAN L 4 Linux L 4 Linux L 4 Linux Viaduct L 4 Linux L 4 Linux eth0 eth1 eth0 Fiasco Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 15 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 16 von 39 Reduce untrusted code size Techniques • Do we need two L4Linux instances for a VPN • Fine grained isolation  Microkernel feature gateway?  Linux user level, process management,  Enables implementation of principle of least scheduling, file systems etc. are not necessary privilege • Use FLIPS (Flexible IP Stack): standalone • Minimize complexity of TCB for security TCP/IP stack relevant code  Split applications in security relevant and nonrelevant parts Viaduct  Use trusted wrappers (e.g.: Viaduct) FLIPS FLIPS  Minimize common code (microkernel approach) eth0 eth1 • Usage of legacy code Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 17 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 18 von 39

  4. Nizza - security architecture • Beyond Mikro-SINA: greater vision Nizza Terms & Models Common secure platform TU Dresden, 2008-01-08 MOS - Secure Systems Slide 19 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 20 von 39 Secure system Policy and Mechanism Secure System * : Security Policy:  A secure system is a system that starts in an  A security policy is a statement of what is, and authorized state and cannot enter an what is not allowed.  e.g.: SELinux policy, pagetable, /etc/passwd unauthorized state. Security Policy * : Security Mechanism:  A security policy is a statement that partitions  A security mechanism is a method, tool, or the states of the system into a set of procedure for enforcing a security policy authorized, or secure, states and a set of  e.g.: Capabilities, paging hardware unauthorized, or nonsecure, states. * Matt Bishop: Computer Security – Art and Science TU Dresden, 2008-01-08 MOS - Secure Systems Slide 21 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 22 von 39 Formal security model: Bell-LaPadula Formal security model: Bell-LaPadula • Subjects and objects have a security label , • Example: Label L 1 : (Topsecret, {National}) consisting of a security level and category set dominates L 2 (Secret, {}) • A security label dominates another one, if its • Simple Security Condition: S can read O if S security level is greater or equal than the dominates O (no reads up) other one and its category set is a superset of • *-Property: S can write to O if and only if O the other one dominates S (no writes down) Top Secret {National,Foreign} Secret {National} {Foreign} Confidential {} Unclassified TU Dresden, 2008-01-08 MOS - Secure Systems Slide 23 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 24 von 39

  5. Bell-LaPadula summary More flexible security models • Information flow policy, that preserves • Type Enforcement  Subjects and objects have types confidentiality  Types can be compounded to other types • Very simple model, proof of model's security  Explicit rules state what types can access properties is also trivial (read, write) what other types • No integrity concerns in the model (use Biba) • Very general model • Problem: information flows only in one • In general: its more hard to prove specific direction security properties in such a policy  A lot of underlying system software (e.g. device drivers) has to be used by all different • SELinux is an example for TE in practice security levels  Mostly these parts are excluded from the model TU Dresden, 2008-01-08 MOS - Secure Systems Slide 25 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 26 von 39 SELinux Decompose security policies • Developed by the NSA • Szenario: Content Management System + typical web services • Based on Linux Security Modules (LSM) TCP/IP User User Web • Linux functionality leads to complex security Document Passwd SSL Stack Alice Bob Getty Store Auth Auth policy • Standard (NSA) policy Content Ethernet Intel 100 TPM 1000 Card Pro System  over 300 domains TCP/IP Mailserver Webserver DNS  ~ 50.000 rules Stack PCI Host LPC ATA Driver Controller Controller  Tools might help to keep the overview Audit DMZ • Problem: monolithic kernel leads to monolithic Device Manager reference monitor with one big policy inside Init TU Dresden, 2008-01-08 MOS - Secure Systems Slide 27 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 28 von 39 Decompose security policies Use Bastei sessions • Application specific policy stack • In Bastei every task dominates its children with respect to sessions outside the child's • Diverse security policy types can be combined own subtree TCP/IP User User Web Document Passwd SSL Stack Alice Bob Getty Store Auth Auth • Eases up multilateral security Grand- – Every organization unit can Child integrate its own policy Ethernet Intel 100 TE + TPM Roles 1000 Card Pro dominates first policy TCP/IP decision Mailserver Webserver DNS Stack Child 1 Child 2 ATA PCI Host LPC Controller Controller Driver dominates Audit iptables second policy just ACM decision do it! Init ACM TU Dresden, 2008-01-08 MOS - Secure Systems Slide 29 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 30 von 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc & Julien

mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc & Julien

mikro - Introducing a C ++ Mikro Kernel Victor Aperc & Julien Freche Introduction Kernel types mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc & Julien Freche considerations Features and

642 views • 49 slides
Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 | info@detection-technologies.com | www.detection-technologies.com Mikro Tek Key Advantages One analyzer - up to 300m detection range! A single Mikro Tek

874 views • 6 slides
mikro - Multiprocessor Init in Kernel CPU init Percpu variables Conclusion Julien Freche

mikro - Multiprocessor Init in Kernel CPU init Percpu variables Conclusion Julien Freche

mikro - Multiprocessor Init in Kernel Julien Freche Introduction Interruptions mikro - Multiprocessor Init in Kernel CPU init Percpu variables Conclusion Julien Freche julien.freche@lse.epita.fr http://lse.epita.fr/ Outline I mikro -

543 views • 39 slides
Southside Institutions Neighborhood Alliance (SINA) SINA is a partnership between three anchor

Southside Institutions Neighborhood Alliance (SINA) SINA is a partnership between three anchor

Southside Institutions Neighborhood Alliance (SINA) SINA is a partnership between three anchor institutions, the Connecticut Childrens Medical Center, Hartford Hospital and Trinity College Incorporated as a 501 (c) (3) in 1978

451 views • 27 slides
BANK WAKAF MIKRO AHMAD BUCHORI Triyono Advisor Strategic Committee What is Bank Wakaf Mikro

BANK WAKAF MIKRO AHMAD BUCHORI Triyono Advisor Strategic Committee What is Bank Wakaf Mikro

BANK WAKAF MIKRO AHMAD BUCHORI Triyono Advisor Strategic Committee What is Bank Wakaf Mikro (BWM)? Mi c r o Wa q f B a n k o r B a n k Wa k a f Mi k r o ( B WM) i s a b r a n d i n g n a me o f I s

376 views • 9 slides
pathophysiology Prof. Sina Aziz PhD (Paediatrics) KMDC/ASH 6/30/2012 PNDS/sina aziz 1

pathophysiology Prof. Sina Aziz PhD (Paediatrics) KMDC/ASH 6/30/2012 PNDS/sina aziz 1

IBD (Inflammatory bowel disease) pathophysiology Prof. Sina Aziz PhD (Paediatrics) KMDC/ASH 6/30/2012 PNDS/sina aziz 1 Contents of this presentation GI anatomy Prevalence of IBD IBD definition layman IBS and IBD Signs

613 views • 37 slides
Color perception SINA 11/12 Color adds another dimension to visual perception

Color perception SINA 11/12 Color adds another dimension to visual perception

Color perception SINA 11/12 Color adds another dimension to visual perception Enhances our visual experience Increase contrast between objects of similar lightness Helps recognizing objects SINA 11/12 However, it

728 views • 47 slides
Color perception SINA 08/09 Color adds another dimension to visual perception

Color perception SINA 08/09 Color adds another dimension to visual perception

Color perception SINA 08/09 Color adds another dimension to visual perception Enhances our visual experience Increase contrast between objects of similar lightness Helps recognizing objects SINA 08/09 However, it

448 views • 44 slides
Clinicopathologic Conference (CPC) (Neurology) Sina Hospital Tehran 95/8/18 Presentation of

Clinicopathologic Conference (CPC) (Neurology) Sina Hospital Tehran 95/8/18 Presentation of

Clinicopathologic Conference (CPC) (Neurology) Sina Hospital Tehran 95/8/18 Presentation of Case A 63-year-old, right-handed woman was transferred from a local hospital to our neurological unit after a witnessed generalized tonic-clonic

243 views • 5 slides
Affordable Deep Learning on the Cloud The Perks of Being a (KTH) Student Sina Sheikholeslami

Affordable Deep Learning on the Cloud The Perks of Being a (KTH) Student Sina Sheikholeslami

Affordable Deep Learning on the Cloud The Perks of Being a (KTH) Student Sina Sheikholeslami Distributed Computing Group KTH Royal Institute of Technology November 8, 2019 KTH ID2223 Scalable ML & DL sinash@kth.se This session is about

744 views • 15 slides
Connectedness and inverse limits with set-valued functions on intervals Sina Greenwood

Connectedness and inverse limits with set-valued functions on intervals Sina Greenwood

Connectedness and inverse limits with set-valued functions on intervals Sina Greenwood Coauthors: Judy Kennedy and Michael Lockyer July 25, 2016 Outline CC-sequences and components bases Applications of component bases Large and

705 views • 31 slides
Satisfaction Algorithm for Dynamic Reconfiguration Sina Entekhabi Ahmet Serkan Karata Halit O

Satisfaction Algorithm for Dynamic Reconfiguration Sina Entekhabi Ahmet Serkan Karata Halit O

An Incremental Constraint Satisfaction Algorithm for Dynamic Reconfiguration Sina Entekhabi Ahmet Serkan Karata Halit O uztzn ODT, Ankara IZTECH Dependability, 8 May 2017 Supported by TBTAK -ARDEB-1001 program under project

659 views • 31 slides
Asynchronous Hyperparameter Tuning and Ablation Studies with Apache Spark Sina Sheikholeslami

Asynchronous Hyperparameter Tuning and Ablation Studies with Apache Spark Sina Sheikholeslami

Asynchronous Hyperparameter Tuning and Ablation Studies with Apache Spark Sina Sheikholeslami Distributed Computing Group, KTH Royal Institute of Technology @cutlash CASTOR Software Days 2019 October 16 2019 sinash@kth.se The Machine

891 views • 43 slides
DETECTION USING SENTENCE CORRELATIONS Muharram Mansoorizadeh and Taher Rahgooy Bu-Ali Sina

DETECTION USING SENTENCE CORRELATIONS Muharram Mansoorizadeh and Taher Rahgooy Bu-Ali Sina

PERSIAN PLAGIARISM DETECTION USING SENTENCE CORRELATIONS Muharram Mansoorizadeh and Taher Rahgooy Bu-Ali Sina University Hamedan, Iran Outline Plagiarism Detection The Proposed Approach Results and Discussion

297 views • 14 slides
Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018

Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018

Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018 1 / 15 Constrained Pseudorandom Functions [KPTZ13,BW13,BGI14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 / 15 Constrained

916 views • 60 slides
Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+ 1 May 2019 1 / 15 Zero Knowledge [GoldwasserMicaliRackoff85] Zero-knowledge (interactive) proof for language L : allows a prover P to

1.21k views • 89 slides
Kids First and Adults First Outreach Healthwatch Merton and South West London CCG July 2020 What

Kids First and Adults First Outreach Healthwatch Merton and South West London CCG July 2020 What

Kids First and Adults First Outreach Healthwatch Merton and South West London CCG July 2020 What is Healthwatch Merton? Part of a nationwide network with 152 other local Healthwatch Here to gather and represent the views of the public

299 views • 19 slides
Introduction to Missional Conversations January 5, 2013 1 Introduction to Missional

Introduction to Missional Conversations January 5, 2013 1 Introduction to Missional

Introduction to Missional Conversations What Can I Expect to Get out of Todays Session? Be introduced to the principles, concepts and vocabulary of Missional Church Hear about living examples of Missional Church in our Diocese.

124 views • 11 slides
Partial pro-drop = zero exponence + deblocking? Eric Fu, Goethe University Frankfurt Amsterdam,

Partial pro-drop = zero exponence + deblocking? Eric Fu, Goethe University Frankfurt Amsterdam,

Partial pro-drop = zero exponence + deblocking? Eric Fu, Goethe University Frankfurt Amsterdam, 16.01.2009 1. Introduction Availability of null subjects: Typological difference between Italian (Spanish, Greek ... ) vs. English (German,

473 views • 12 slides
Quantitative Analysis on Verb Valency Evolution of Chinese Bingli LIU, Chunshan Xu Huaqiao

Quantitative Analysis on Verb Valency Evolution of Chinese Bingli LIU, Chunshan Xu Huaqiao

Quantitative Analysis on Verb Valency Evolution of Chinese Bingli LIU, Chunshan Xu Huaqiao University, China bingli_liu@yahoo.co SECTIONS 01/ 02/ Question Methods and Materials 03/ 04/ Conclusion Results and Discussion 1 Question

712 views • 23 slides
Depressed Mainline Examples 1 2/28/2019 DULUTH, MN (MAINLINE VIEW) CINCINNATI, OH (MAINLINE

Depressed Mainline Examples 1 2/28/2019 DULUTH, MN (MAINLINE VIEW) CINCINNATI, OH (MAINLINE

2/28/2019 02.04.2019 Context Sensitive Designs 02.04.2019 Depressed Mainline Examples 1 2/28/2019 DULUTH, MN (MAINLINE VIEW) CINCINNATI, OH (MAINLINE VIEW) 2 2/28/2019 ST LOUIS, MO (MAINLINE VIEW) 02.04.2019 Raised/Viaduct Mainline

414 views • 15 slides
Best practice guidelines for community legal information VLAF Online Legal Information Guidelines

Best practice guidelines for community legal information VLAF Online Legal Information Guidelines

Best practice guidelines for community legal information VLAF Online Legal Information Guidelines Joh Kirby Executive Director Victoria Law Foundation About the Victoria Law Foundation State statutory body Focus on Victorians

892 views • 51 slides
Community Information Session Welcome and introductions 2 Caz Treby, Parks Victoria Agenda

Community Information Session Welcome and introductions 2 Caz Treby, Parks Victoria Agenda

Community Information Session Welcome and introductions 2 Caz Treby, Parks Victoria Agenda Welcome and introductions - Caz Treby, Parks Victoria Project background Cass Philippou, Department of Environment, Land, Water and Planning Access

355 views • 24 slides
2016 Welcome Principal Ms. Pam Dyson Senior School Team A.P. Senior School: Ms Jo

2016 Welcome Principal Ms. Pam Dyson Senior School Team A.P. Senior School: Ms Jo

Noble Park Our New Science Centre Secondary College Senior School Information Night 2016 Welcome Principal Ms. Pam Dyson Senior School Team A.P. Senior School: Ms Jo Cucchiara Careers Co-ordinator: Ms Sandra Vaina MIPS

603 views • 18 slides

More recommend