outline operating system security
play

Outline Operating System Security, Buffer overflows Continued - PDF document

Nov 21, 2023 •219 likes •329 views

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 27, 2006 Lecture 12 Lecture 12 Page 1 Page 2

  1. Outline Operating System Security, • Buffer overflows Continued • Designing secure operating systems CS 239 • Assuring OS security Computer Security • Logging and auditing February 27, 2006 Lecture 12 Lecture 12 Page 1 Page 2 CS 239, Winter 2006 CS 239, Winter 2006 Buffer Overflows What Is a Buffer Overflow? • One of the most common causes for • A program requests input from a user compromises of operating systems • It allocates a temporary buffer to hold • Due to a flaw in how operating the input data systems handle process inputs • It then reads all the data the user –Or a flaw in programming languages provides into the buffer, but . . . –Or a flaw in programmer training • It doesn’t check how much was provided –Depending on how you look at it Lecture 12 Lecture 12 Page 3 Page 4 CS 239, Winter 2006 CS 239, Winter 2006 For Example, Well, What If the User Does? int main(){ • The code continues reading data into char name[31]; memory printf(“Please type your name: “); gets(name); –That’s how gets() works printf(“Hello, %s”, name); • The first 32 bytes go into name return (0); } • Where do the remaining bytes go? • What if the user enters more than 32 characters? • Onto the stack Lecture 12 Lecture 12 Page 5 Page 6 CS 239, Winter 2006 CS 239, Winter 2006 1

  2. Using Buffer Overflows to Munging the Stack Compromise Security • The temporary variable name is allocated • Carefully choose what gets written into on the stack the instruction pointer – Close to the record of the function • So that the program jumps to currently being run something you want to do • The overflow will spill into whatever’s next –Under the identity of the program on the stack that’s running • Commonly, that’s effectively going to • Such as, execute a command shell overwrite the instruction pointer Lecture 12 Lecture 12 Page 7 Page 8 CS 239, Winter 2006 CS 239, Winter 2006 Effects of Buffer Overflows Are Buffer Overflows Common? • Remote or unprivileged local user gets • You bet! to run a program with greater • Weekly occurrences in major privileges systems/applications • If buffer overflow is in a root program, • Probably one of the most common gets all privileges, essentially security bugs • Common mechanism to allow attackers to break into machines Lecture 12 Lecture 12 Page 9 Page 10 CS 239, Winter 2006 CS 239, Winter 2006 Some Recent Buffer Overflows Fixing Buffer Overflows • Windows Media Player Plug-In • Check the length of the input • Use programming languages that prevent them • Microsoft Windows Web Client • Put in OS controls that prevent overwriting the • LibPNG Graphics Library stack • Put things in different places on the stack, making • Metamail message processing it hard to find the return pointer • Blackberry Enterprise Server • Why aren’t these things commonly done? • And two others, just in last week’s • Presumably because programmers and designers SANS vulnerability report neither know nor care about security Lecture 12 Lecture 12 Page 11 Page 12 CS 239, Winter 2006 CS 239, Winter 2006 2

  3. Desired Security Features of a Extra Features for a Trusted OS Normal OS • Authentication of users • Mandatory and discretionary access • Memory protection control • File and I/O access control • Object reuse protection • General object access control • Enforcement of sharing • Complete mediation • Fairness guarantees • Audit capabilities • Secure IPC and synchronization • Intruder detection capabilities • Security of OS protection mechanisms Lecture 12 Lecture 12 Page 13 Page 14 CS 239, Winter 2006 CS 239, Winter 2006 How To Achieve OS Security Advantages of Kernelization • Kernelized design • Smaller amount of trusted code • Separation and isolation mechanisms • Easier to check every access • Virtualization • Separation from other complex pieces of the system • Layered design • Easier to maintain and modify security features Lecture 12 Lecture 12 Page 15 Page 16 CS 239, Winter 2006 CS 239, Winter 2006 Assurance of Trusted Operating Reference Monitors Systems • An important security concept for OS • How do I know that I should trust design someone’s operating system? • A reference monitor is a subsystem • What methods can I use to achieve the that controls access to objects level of trust I require? –It provides (potentially) complete mediation • Very important to get this part right Lecture 12 Lecture 12 Page 17 Page 18 CS 239, Winter 2006 CS 239, Winter 2006 3

  4. Secure Operating System Assurance Methods Standards • Testing • If I want to buy a secure operating system, how do I compare options? • Formal verification • Use established standards for OS • Validation security • Several standards exist Lecture 12 Lecture 12 Page 19 Page 20 CS 239, Winter 2006 CS 239, Winter 2006 Some Security Standards The U.S. Orange Book • U.S. Orange Book • The earliest evaluation standard for trusted operating systems • European ITSEC • Defined by the Department of Defense • U.S. Combined Federal Criteria in the late 1970s • Common Criteria for Information • Now largely a historical artifact Technology Security Evaluation Lecture 12 Lecture 12 Page 21 Page 22 CS 239, Winter 2006 CS 239, Winter 2006 Purpose of the Orange Book Orange Book Security Divisions • To set standards by which OS security • A, B, C, and D could be evaluated – In decreasing order of degree of security • Fairly strong definitions of what features • Important subdivisions within some of the and capabilities an OS had to have to divisions achieve certain levels • Requires formal certification from the • Allowing “head-to-head” evaluation of government (NCSC) security of systems – And specification of requirements – Except for the D level Lecture 12 Lecture 12 Page 23 Page 24 CS 239, Winter 2006 CS 239, Winter 2006 4

  5. Some Important Orange Book The C2 Security Class Divisions and Subdivisions • C2 - Controlled Access Protection • Discretionary access –At fairly low granularity • B1 - Labeled Security Protection • Requires auditing of accesses • B2 - Structured Protection • And password authentication and protection of reused objects • Windows NT has been certified to this class Lecture 12 Lecture 12 Page 25 Page 26 CS 239, Winter 2006 CS 239, Winter 2006 The B1 Security Class The B3 Security Class • Requires careful security design • Includes mandatory access control –With some level of verification –Using Bell-La Padula model • And extensive testing –Each subject and object is assigned a • Doesn’t require formal verification security level –But does require “a convincing • Requires both hierarchical and non- argument” hierarchical access controls • Trusted Mach is in this class Lecture 12 Lecture 12 Page 27 Page 28 CS 239, Winter 2006 CS 239, Winter 2006 Basics of Common Criteria The Common Criteria Approach • Modern international standards for • Something of an alphabet soup – computer systems security • The CC documents describe • Covers more than just operating systems –The Evaluation Assurance Levels • Design based on lessons learned from (EAL) earlier security standards • The Common Evaluation Methodology • Lengthy documents describe the Common (CEM) details guidelines for Criteria evaluating systems Lecture 12 Lecture 12 Page 29 Page 30 CS 239, Winter 2006 CS 239, Winter 2006 5

  6. Another Bowl of Common What’s This All Mean? Criteria Alphabet Soup • TOE – Target of Evaluation • Highly detailed methodology for • TSP – TOE Security Policy specifying : – Security policy of system being evaluated 1. What security goals a system has • TSF – TOE Security Functions 2. What environment it operates in – HW, SW used to enforce TSP • PP – Protection Profile 3. What mechanisms it uses to achieve its security goals – Implementation-dependent set of security requirements 4. Why anyone should believe it does so • ST – Security Target – Predefined sets of security requirements Lecture 12 Lecture 12 Page 31 Page 32 CS 239, Winter 2006 CS 239, Winter 2006 Logging and Auditing Logging • No security system will stop all attacks • An important part of a complete security solution –Logging what has happened is vital to dealing with the holes • Practical security depends on knowing • Logging also tells you when someone what is happening in your system is trying to break in • Logging and auditing is required for –Perhaps giving you a chance to close that purpose possible holes Lecture 12 Lecture 12 Page 33 Page 34 CS 239, Winter 2006 CS 239, Winter 2006 Access Logs Other Typical Logging Actions • Logging failed login attempts • One example of what might be logged for security purposes – Can help detect intrusions or password crackers • Listing of which users accessed which • Logging changes in program permissions objects – Often done by intruders –And when and for how long • Logging scans of ports known to be • Especially important to log failures dangerous Lecture 12 Lecture 12 Page 35 Page 36 CS 239, Winter 2006 CS 239, Winter 2006 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 23, 2005 Lecture 11 Lecture 11 Page 1 Page 2

553 views • 8 slides
Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection Interprocess communications protection Security for Networks and File protection System Software Authentication May 20, 2002 Lecture 13 Lecture

348 views • 12 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Outline Introduction Operating System Security Memory protection CS 239

Outline Introduction Operating System Security Memory protection CS 239

Outline Introduction Operating System Security Memory protection CS 239 Interprocess communications protection File protection Computer Security February 16, 2005 Lecture 10 Lecture 10 Page 1 Page 2 CS 239, Winter 2005

406 views • 8 slides
Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems Where does the operating system fjt in a computing system? User mode and kernel mode What are the general operating system functions? 1 What is

450 views • 26 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Operating System Security It is also important to understand the operations and the

Operating System Security It is also important to understand the operations and the

Security risks exist for all operating systems and are not new. It is important to know the existing threats. Operating System Security It is also important to understand the operations and the vulnerabilities of your OS. Try to

214 views • 8 slides
Outline Authentication and Identity Management Computer Security: Security at Work

Outline Authentication and Identity Management Computer Security: Security at Work

Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions Outline

559 views • 8 slides
OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC

704 views • 27 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

588 views • 20 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

981 views • 39 slides
Integrating Flexible Support for Security Policies into the Linux Operating System

Integrating Flexible Support for Security Policies into the Linux Operating System

Integrating Flexible Support for Security Policies into the Linux Operating System http://www.nsa.gov/selinux Stephen D. Smalley sds@tycho.nsa.gov Information Assurance Research Group National Security Agency (Slight modifications by David

542 views • 19 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design Security Properties Confidentiality? Integrity? Availability? Authenticity? CS

437 views • 22 slides
Information security audits & certification Security in Organizations 2011 Eric Verheul 1

Information security audits & certification Security in Organizations 2011 Eric Verheul 1

Information security audits & certification Security in Organizations 2011 Eric Verheul 1 Literature Main literature for this lecture: 1. NOREA beroepsregels http://www.norea.nl/Norea/Thema's/Gedrags-

1.26k views • 69 slides
Knowledge Framework (PHKSF) Opportunity to COMMENT December 2015 This presentation gives you -

Knowledge Framework (PHKSF) Opportunity to COMMENT December 2015 This presentation gives you -

Revised Public Health Skills and Knowledge Framework (PHKSF) Opportunity to COMMENT December 2015 This presentation gives you - feedback on the consultation that took place earlier this year an outline of the work that we have done

567 views • 28 slides
PGC: Decentralized Confjdential Payment System with Auditability Yu Chen Shandong University

PGC: Decentralized Confjdential Payment System with Auditability Yu Chen Shandong University

PGC: Decentralized Confjdential Payment System with Auditability Yu Chen Shandong University Xuecheng Ma SKLOIS, CAS Cong Tang pgc.info Man Ho Au The University of Hong Kong ESORICS 2020 http://eprint.iacr.org/2019/319

871 views • 58 slides
Partial Interviews in the Consumer Expenditure Survey Laura Erhard, Supervisory Economist

Partial Interviews in the Consumer Expenditure Survey Laura Erhard, Supervisory Economist

Exploring the Characteristics of Partial Interviews in the Consumer Expenditure Survey Laura Erhard, Supervisory Economist Division of Consumer Expenditure Surveys DC-AAPOR/WSS Review-Preview Summer Conference July 10, 2019 1 U.S. B UREAU

458 views • 27 slides
Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi

Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi

Effpi concurrent programming with dependent behavioural types Alceste Scalas with Elias Benussi & Nobuko Yoshida VeTSS PhD school / FMATS workshop Microsoft Research Cambridge, 25 September 2018 Problem Introduction Calculus Types

870 views • 57 slides
Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters

Election Verifiability or Ballot Privacy Do We Need to Choose? Edouard Cuvelier Thomas Peters Olivier Pereira Universit e catholique de Louvain ICTEAM Crypto Group SecVote 2012 UCL Crypto Group PPAT - Jul. 2012 1

451 views • 16 slides
AFPEO BES MISSION Rapidly acquire, operate, sustain, and enable flexible w ar-w inning business

AFPEO BES MISSION Rapidly acquire, operate, sustain, and enable flexible w ar-w inning business

AFPEO BES MISSION Rapidly acquire, operate, sustain, and enable flexible w ar-w inning business system capabilities 80+ STAKEHOLDERS 24 AF AF/SGD AFPOA Joint Staff (J7) 33 NWS AFC2IC AFSC/LG Joint Staff (J8) BUSINESS AREAS 83 NOS

524 views • 27 slides
Hypothesis Tests using Excel T.TEST function V1e 11/12/2013 Two group hypothesis tests using

Hypothesis Tests using Excel T.TEST function V1e 11/12/2013 Two group hypothesis tests using

Hypothesis Tests using Excel T.TEST function V1e 11/12/2013 Two group hypothesis tests using Excel T.TEST Two group hypothesis tests using Excel T.TEST 1 2 Two-Group Hypothesis Tests Excel T.TEST Function Using Excel T.TEST Function

562 views • 28 slides

More recommend