outline operating system security
play

Outline Operating System Security, Buffer overflows Continued - PDF document

Nov 18, 2023 •452 likes •553 views

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 23, 2005 Lecture 11 Lecture 11 Page 1 Page 2

  1. Outline Operating System Security, • Buffer overflows Continued • Designing secure operating systems CS 239 • Assuring OS security Computer Security • Logging and auditing February 23, 2005 Lecture 11 Lecture 11 Page 1 Page 2 CS 239, Winter 2005 CS 239, Winter 2005 Buffer Overflows What Is a Buffer Overflow? • One of the most common causes for • A program requests input from a user compromises of operating systems • It allocates a temporary buffer to hold • Due to a flaw in how operating the input data systems handle process inputs • It then reads all the data the user –Or a flaw in programming languages provides into the buffer, but . . . –Or a flaw in programmer training • It doesn’t check how much was provided –Depending on how you look at it Lecture 11 Lecture 11 Page 3 Page 4 CS 239, Winter 2005 CS 239, Winter 2005 For Example, Well, What If the User Does? int main(){ • The code continues reading data into char name[31]; memory printf(“Please type your name: “); gets(name); –That’s how gets() works printf(“Hello, %s”, name); • The first 32 bytes go into name return (0); } • Where do the remaining bytes go? • Onto the stack • What if the user enters more than 32 characters? Lecture 11 Lecture 11 Page 5 Page 6 CS 239, Winter 2005 CS 239, Winter 2005 1

  2. Using Buffer Overflows to Munging the Stack Compromise Security • The temporary variable name is allocated • Carefully choose what gets written into on the stack the instruction pointer – Close to the record of the function • So that the program jumps to currently being run something you want to do • The overflow will spill into whatever’s next –Under the identity of the program on the stack that’s running • Commonly, that’s effectively going to • Such as, execute a command shell overwrite the instruction pointer Lecture 11 Lecture 11 Page 7 Page 8 CS 239, Winter 2005 CS 239, Winter 2005 Effects of Buffer Overflows Are Buffer Overflows Common? • Remote or unprivileged local user gets • You bet! to run a program with greater • Weekly occurrences in major privileges systems/applications • If buffer overflow is in a root program, • Probably one of the most common gets all privileges, essentially security bugs • Common mechanism to allow attackers to break into machines Lecture 11 Lecture 11 Page 9 Page 10 CS 239, Winter 2005 CS 239, Winter 2005 Desired Security Features of a Fixing Buffer Overflows Normal OS • Check the length of the input • Authentication of users • Use programming languages that prevent • Memory protection them • File and I/O access control • Put in OS controls that prevent overwriting • General object access control the stack • Enforcement of sharing • Why aren’t these things commonly done? • Fairness guarantees • Presumably because programmers and • Secure IPC and synchronization designers neither know nor care about • Security of OS protection mechanisms security Lecture 11 Lecture 11 Page 11 Page 12 CS 239, Winter 2005 CS 239, Winter 2005 2

  3. Extra Features for a Trusted OS How To Achieve OS Security • Mandatory and discretionary access • Kernelized design control • Separation and isolation mechanisms • Object reuse protection • Virtualization • Complete mediation • Layered design • Audit capabilities • Intruder detection capabilities Lecture 11 Lecture 11 Page 13 Page 14 CS 239, Winter 2005 CS 239, Winter 2005 Advantages of Kernelization Reference Monitors • An important security concept for OS • Smaller amount of trusted code design • Easier to check every access • A reference monitor is a subsystem • Separation from other complex pieces that controls access to objects of the system –It provides (potentially) complete • Easier to maintain and modify security mediation features • Very important to get this part right Lecture 11 Lecture 11 Page 15 Page 16 CS 239, Winter 2005 CS 239, Winter 2005 Assurance of Trusted Operating Assurance Methods Systems • How do I know that I should trust • Testing someone’s operating system? • Formal verification • What methods can I use to achieve the • Validation level of trust I require? Lecture 11 Lecture 11 Page 17 Page 18 CS 239, Winter 2005 CS 239, Winter 2005 3

  4. Secure Operating System Some Security Standards Standards • If I want to buy a secure operating • U.S. Orange Book system, how do I compare options? • European ITSEC • Use established standards for OS • U.S. Combined Federal Criteria security • Common Criteria for Information • Several standards exist Technology Security Evaluation Lecture 11 Lecture 11 Page 19 Page 20 CS 239, Winter 2005 CS 239, Winter 2005 The U.S. Orange Book Purpose of the Orange Book • To set standards by which OS security • The earliest evaluation standard for could be evaluated trusted operating systems • Fairly strong definitions of what features • Defined by the Department of Defense and capabilities an OS had to have to in the late 1970s achieve certain levels • Allowing “head-to-head” evaluation of • Now largely a historical artifact security of systems – And specification of requirements Lecture 11 Lecture 11 Page 21 Page 22 CS 239, Winter 2005 CS 239, Winter 2005 Some Important Orange Book Orange Book Security Divisions Divisions and Subdivisions • A, B, C, and D • C2 - Controlled Access Protection – In decreasing order of degree of security • B1 - Labeled Security Protection • Important subdivisions within some of the • B2 - Structured Protection divisions • Requires formal certification from the government (NCSC) – Except for the D level Lecture 11 Lecture 11 Page 23 Page 24 CS 239, Winter 2005 CS 239, Winter 2005 4

  5. The C2 Security Class The B1 Security Class • Discretionary access • Includes mandatory access control –At fairly low granularity –Using Bell-La Padula model • Requires auditing of accesses –Each subject and object is assigned a • And password authentication and security level protection of reused objects • Requires both hierarchical and non- • Windows NT has been certified to this hierarchical access controls class Lecture 11 Lecture 11 Page 25 Page 26 CS 239, Winter 2005 CS 239, Winter 2005 The B3 Security Class The Common Criteria • Requires careful security design • Modern international standards for computer systems security –With some level of verification • Covers more than just operating systems • And extensive testing • Design based on lessons learned from • Doesn’t require formal verification earlier security standards –But does require “a convincing • Lengthy documents describe the Common argument” Criteria • Trusted Mach is in this class Lecture 11 Lecture 11 Page 27 Page 28 CS 239, Winter 2005 CS 239, Winter 2005 Basics of Common Criteria Another Bowl of Common Approach Criteria Alphabet Soup • TOE – Target of Evaluation • Something of an alphabet soup – • TSP – TOE Security Policy • The CC documents describe – Security policy of system being evaluated –The Evaluation Assurance Levels • TSF – TOE Security Functions (EAL) – HW, SW used to enforce TSP • PP – Protection Profile • The Common Evaluation Methodology – Implementation-dependent set of security (CEM) details guidelines for requirements evaluating systems • ST – Security Target – Predefined sets of security requirements Lecture 11 Lecture 11 Page 29 Page 30 CS 239, Winter 2005 CS 239, Winter 2005 5

  6. What’s This All Mean? Logging and Auditing • Highly detailed methodology for • An important part of a complete specifying : security solution 1. What security goals a system has • Practical security depends on knowing 2. What environment it operates in what is happening in your system 3. What mechanisms it uses to achieve its • Logging and auditing is required for security goals that purpose 4. Why anyone should believe it does so Lecture 11 Lecture 11 Page 31 Page 32 CS 239, Winter 2005 CS 239, Winter 2005 Logging Access Logs • No security system will stop all attacks • One example of what might be logged –Logging what has happened is vital for security purposes to dealing with the holes • Listing of which users accessed which • Logging also tells you when someone objects is trying to break in –And when and for how long –Perhaps giving you a chance to close • Especially important to log failures possible holes Lecture 11 Lecture 11 Page 33 Page 34 CS 239, Winter 2005 CS 239, Winter 2005 Other Typical Logging Actions Problems With Logging • Logging failed login attempts • Dealing with large volumes of data – Can help detect intrusions or password • Separating the wheat from the chaff crackers –Unless the log is very short, auditing • Logging changes in program permissions it can be laborious – Often done by intruders • System overheads and costs • Logging scans of ports known to be dangerous Lecture 11 Lecture 11 Page 35 Page 36 CS 239, Winter 2005 CS 239, Winter 2005 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 27, 2006 Lecture 12 Lecture 12 Page 1 Page 2

329 views • 9 slides
Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection Interprocess communications protection Security for Networks and File protection System Software Authentication May 20, 2002 Lecture 13 Lecture

348 views • 12 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Outline Introduction Operating System Security Memory protection CS 239

Outline Introduction Operating System Security Memory protection CS 239

Outline Introduction Operating System Security Memory protection CS 239 Interprocess communications protection File protection Computer Security February 16, 2005 Lecture 10 Lecture 10 Page 1 Page 2 CS 239, Winter 2005

406 views • 8 slides
Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems Where does the operating system fjt in a computing system? User mode and kernel mode What are the general operating system functions? 1 What is

450 views • 26 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Operating System Security It is also important to understand the operations and the

Operating System Security It is also important to understand the operations and the

Security risks exist for all operating systems and are not new. It is important to know the existing threats. Operating System Security It is also important to understand the operations and the vulnerabilities of your OS. Try to

214 views • 8 slides
Outline Authentication and Identity Management Computer Security: Security at Work

Outline Authentication and Identity Management Computer Security: Security at Work

Authentication and Identity Management Authentication and Identity Management Operating System and Network Security Operating System and Network Security Radboud University Nijmegen Radboud University Nijmegen Conclusions Conclusions Outline

559 views • 8 slides
OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC

704 views • 27 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

588 views • 20 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

981 views • 39 slides
Integrating Flexible Support for Security Policies into the Linux Operating System

Integrating Flexible Support for Security Policies into the Linux Operating System

Integrating Flexible Support for Security Policies into the Linux Operating System http://www.nsa.gov/selinux Stephen D. Smalley sds@tycho.nsa.gov Information Assurance Research Group National Security Agency (Slight modifications by David

542 views • 19 slides
Protection and Security Threat is potential security violation Attack is attempt to breach

Protection and Security Threat is potential security violation Attack is attempt to breach

CSC 4103 - Operating Systems The Security Problem Spring 2007 Security must consider external environment of the system, and protect the system resources Lecture - XX Intruders (crackers) attempt to breach security Protection and

195 views • 4 slides
CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design Security Properties Confidentiality? Integrity? Availability? Authenticity? CS

437 views • 22 slides
IMPROVING $PORT PERFORMANCE ON $ARCH PLATFORM-BASED PERFORMANCE TUNING OF WEBKIT (PORT=QT

IMPROVING $PORT PERFORMANCE ON $ARCH PLATFORM-BASED PERFORMANCE TUNING OF WEBKIT (PORT=QT

IMPROVING $PORT PERFORMANCE ON $ARCH PLATFORM-BASED PERFORMANCE TUNING OF WEBKIT (PORT=QT ARCH=MIPS74KF) Adrin Prez de Castro Embedded Linux Conference April 29 May 1, 2014 WHOAMI aperez@igalia.com +AdrianPerezDeCastro @aperezdc

399 views • 22 slides
ImprovingtheMachineLearningPipelineatDuke Dima Fayyad Sean Holt David Rein Project Leads: AJ

ImprovingtheMachineLearningPipelineatDuke Dima Fayyad Sean Holt David Rein Project Leads: AJ

ImprovingtheMachineLearningPipelineatDuke Dima Fayyad Sean Holt David Rein Project Leads: AJ Overton Ricardo Henao B ACKGROUND T RADITIONAL VS . S PARK The large amounts of data that hospitals collect can make health data science projects

205 views • 3 slides
Concept Mix : Self-Service Analytical Data Integration Based on the Concept-Oriented Model

Concept Mix : Self-Service Analytical Data Integration Based on the Concept-Oriented Model

Concept Mix : Self-Service Analytical Data Integration Based on the Concept-Oriented Model Alexandr Savinov Database Technology Group Technische Universitt Dresden, Germany Data Commander - http://conceptoriented.com 1 Concept Mix :

213 views • 8 slides
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent

CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent

782 views • 42 slides
Scalable Machine Learning in R with H2O Erin LeDell @ledell DSC July 2016 Introduction

Scalable Machine Learning in R with H2O Erin LeDell @ledell DSC July 2016 Introduction

Scalable Machine Learning in R with H2O Erin LeDell @ledell DSC July 2016 Introduction Statistician & Machine Learning Scientist at H2O.ai in Mountain View, California, USA Ph.D. in Biostatistics with Designated Emphasis in

514 views • 30 slides
Introduction to NumPy Maryam Tavakol Machine Learning Group Winter semester 2016/17 1 What is

Introduction to NumPy Maryam Tavakol Machine Learning Group Winter semester 2016/17 1 What is

Introduction to NumPy Maryam Tavakol Machine Learning Group Winter semester 2016/17 1 What is NumPy? Short for Numerical Python Wikipedia : NumPy is an extension to the Python programming language, adding support for large,

690 views • 45 slides
Recollecting Haskell, Part I (Based on Chapters 1 and 2 of LYH ) CIS 352: Programming

Recollecting Haskell, Part I (Based on Chapters 1 and 2 of LYH ) CIS 352: Programming

Recollecting Haskell, Part I (Based on Chapters 1 and 2 of LYH ) CIS 352: Programming Languages January 15, 2019 LYH = Learn You a Haskell for Great Good CIS 352 Recollecting Haskell, Part I January 15, 2019 1 / 24 Two (too?) big

795 views • 54 slides
P2P Loan Performance on Lending Club Peter Jin November 25, 2014 phj@cs.berkeley.edu Objectives

P2P Loan Performance on Lending Club Peter Jin November 25, 2014 phj@cs.berkeley.edu Objectives

P2P Loan Performance on Lending Club Peter Jin November 25, 2014 phj@cs.berkeley.edu Objectives My questions to you: 1. Did I skip over some background knowledge? 2. What other plots am I missing and should add? 3. Hows my driving

710 views • 56 slides

More recommend