security enhanced darwin enhanced darwin security porting
play

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting - PowerPoint PPT Presentation

Feb 11, 2024 •418 likes •700 views

Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting SELinux to Mac OS X SELinux Symposium 2007 ELinux Symposium 2007 S Chris Vance Information Systems Security Operation, SPARTA, Inc.

  1. Security- -Enhanced Darwin: Enhanced Darwin: Security Porting SELinux to Mac OS X Porting SELinux to Mac OS X SELinux Symposium 2007 ELinux Symposium 2007 S Chris Vance Information Systems Security Operation, SPARTA, Inc. Vance_20070312_01

  2. Results Results Recall my similar talk last year. What’s new? • – This year, work backwards - results now, discussion follows MAC Framework will likely be included in Leopard • – There were many performance “issues” that needed to be addressed – Hopefully intact – Took many iterations of re-engineering and maturing various Framework elements Completed coverage of IOKit, devfs, network stack, Mach IPC • SELinux tools now updated regularly • Policy rules still take time to develop • After a brief explanation of the technologies involved, will • talk about a few specific technical issues this year Vance_20070312_02

  3. The Parts Bin The Parts Bin • Mac OS X as a starting point – Kernel released with Open Source license – Kernel audit support – Prior version evaluated under CAPP/EAL3 • BSD code heritage (both user space and kernel) – We understood FreeBSD, Mac OS X was new – TrustedBSD MAC Framework from FreeBSD • Apple relationship • LSM Framework from Linux for comparison • SELinux provides mature access control • Mach access control research results from DTOS • Kernel debugger and serial console support (aka trial and error) Vance_20070312_03

  4. The Plan The Plan • Use MAC Framework to isolate policy from enforcement Linux FreeBSD Darwin • Build on Darwin’s source code and Kernel Kernel Kernel structural similarities to FreeBSD • Port FLASK components from MAC MAC LSM Framework Framework SELinux • Expand scope for Darwin-specific FLASK FLASK FLASK functionality (Mach IPC, Iokit, etc.) • Minimize Vendor diffs (OS & SELinux) Type Type Type • Leverage existing policy & tools Enforcement Enforcement Enforcement • Aim for near zero performance cost (with serious caveats..) Strong, useful security without sacrificing features, performance, or utility Vance_20070312_04

  5. Mac OS X Mac OS X • Mac OS X is Apple's next generation operating system – Builds on elements of Mach, NeXTStep, FreeBSD, and Mac OS 9, as well as other open source elements such as KDE – Continues Apple's tradition of user interface innovation • Leopard expected “Spring 2007” • Very user-centric experience • Good support for office application suites, programs people are familiar with, as well as traditional UNIX services • Good virtualization support via VMWare, Parallels Vance_20070312_05

  6. Mac OS X System Architecture Mac OS X System Architecture Applications Applications Carbon Cocoa Java(JDK) Closed source frameworks and Application Services daemons Core Services Open source MAC Framework Libinfo system_cmds DirectoryServices … mach_init libraries and Boundary daemons Libsystem System Call Boundary Processes UNIX IPC Networking VFS IOKit XNU BSD Kernel Kernel Scheduling Virtual Memory Mach IPC Mach Kernel Vance_20070312_06

  7. Unique To Darwin Unique To Darwin • Rich (GUI) applications, desktop integration – Provides motivation to use the system – Provides more challenges due to complexity – Inter-application messaging is ubiquitous – Many closed-source components • IOKit object oriented device driver framework • Mach IPC – Critical to secure – Performance/efficiency concerns – Didn’t have to start from scratch – Explore DTOS protections for Mach IPC Vance_20070312_07

  8. Darwin Complexity Darwin Complexity Three separate system boundaries (IOKit, Mach, BSD) and • each one must be adequately secured! Mach isn’t implemented as a microkernel, there is a blending • of the lines between BSD and Mach services – BSD is in the kernel address space, not user – Threads and the scheduler are Mach constructs while processes are a BSD construct – Even worse, virtual memory is shared amongst all three kernel subsystems History showed that the complexity of the Mach microkernel • led from DTOS to FLASK – Mach uses lots of opaque pointers and structures, can’t poke in like you can on Linux/FreeBSD – It’s no less complex than it was – Yet here were are trying to secure Mach IPC again… Vance_20070312_08

  9. Security Frameworks Security Frameworks We all agree - traditional UNIX security isn’t enough • Tight OS integration required for new security services • – Frameworks are key to vendor buy-in (FreeBSD, Linux, Apple) – Want vendors to support Framework, costs of locally maintaining security extensions are high – Framework offers extensibility so that policies may be enhanced without changing the base operating system – “Stable” user space APIs more critical than kernel changes Frameworks are tailored to vendor requirements • – LSM is lightweight – FreeBSD MAC heavier, supports composition, user space policy-agnostic label management – Darwin MAC less intrusive code, low performance overhead when not in use (policy provides per process/subsystem masks) Bottom Line: Frameworks for Linux, FreeBSD, Darwin • Vance_20070312_09

  10. MAC Framework Big Picture MAC Framework Big Picture mac_test System Call Interface VFS User Process mac_mls MAC Framework Socket IPC User Process Process SEDarwin Signaling User Process ... ... Mach IPC (proprietary) ... Vance_20070312_010

  11. SEDarwin Policy Module SEDarwin Policy Module • Kernel components ported easily MAC Framework – “normal” issues with allocators, Instruments kernel access control logic, locking primitives (no RCU provides label infrastructure, provides application security APIs locks), logging, printf, audit, etc. … • Likewise, user space tools ported easily, rule parsers and compilers SEDarwin • Added a thin compatibility layer to Maps between MAC Framework translate sysctls vs. selinuxfs abstractions and FLASK abstractions, invokes FLASK+AVC checks • Policy binary format unchanged Flask • Everything updated regularly (within last couple weeks) AVC Caches decisions • Started with Tresys Reference Policy, still working to develop Security Server better rules Processes policy TE (RBAC) (MLS) Vance_20070312_011

  12. Securing BSD Securing BSD • Applied same strategy for most BSD kernel subsystems (network, fd, sysv/posix IPC, etc.) • Straightforward? – Add access control on all access paths – Avoid layering and locking violations from vendor code • Consider performance and encapsulation System Call Layer • Example: put all access control in VFS File Descriptor Layer – Hardly any file system specific code (HFS+, DEVFS, NFS, AFP, etc.) VFS Implementation – Darwin locking, refcounts, caching made this tricky HFS+ UDF cd9660 – Don’t have sources for all file systems Vance_20070312_012

  13. Vance_20070312_013 Securing Mach IPC Securing Mach IPC

  14. Introduction to Mach IPC Introduction to Mach IPC • Mach IPC is the primary messaging service on Darwin – Messages are sent to ports – Tasks/processes have ports – The kernel has ports • Ports are unidirectional – Ports have one receiver, many senders – Use in pairs for bi-directional communication • Messages are structured – vs. socket data streams Vance_20070312_014

  15. Mach Port Rights Mach Port Rights Ports have “rights” associated with them • If you have the right, you can do what it • represents – Capability model – All or none, message types, content, meaning are ignored Two types: • – send/receive msgs – transfer rights Port rights can be transferred in messages • Root can request task ports (task_for_pid) • – kill/suspend process, create threads, read/write memory, etc. Vance_20070312_015

  16. Securing Mach IPC Securing Mach IPC • Messages shouldn’t flow freely between processes and each other, or to and from the kernel • Fine-grained in kernel access control – Add Mach per-method access permissions – Reduce root privilege • Provide support for security-aware user space Mach services • Example service: bootstrap nameserver – Lets you lookup services by name – Holds send rights for services, passes them out to processes – Need to control who gets send rights – Need better control over registration to avoid spoofing Vance_20070312_016

  17. Mach Kernel Access Controls Mach Kernel Access Controls • Add object labels and manage class mach_port { relabelfrom creation, deallocation relabelto • Verify per-method access send permissions at object usage recv make_send • Synchronize Mach Tasks/Threads make_send_once labels with BSD Process labels copy_send • Add new Mach server to handle move_send move_send_once label operations and provide move_recv generic access checks hold_send – Similar to interfaces provided with hold_send_once hold_recv selinuxfs on Linux } • Modify SELinux policy to add port label support allow kextd_t self:mach_port { copy_send make_send_once send }; allow kextd_t coreservicesd_t:mach_port hold_send; allow kextd_t init_t:mig_bootstrap { bootstrap_look_up bootstrap_register bootstrap_status }; Vance_20070312_017

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Darwin Initiative and DEFRA Eric Blencowe What is the Darwin Initiative? The Darwin

The Darwin Initiative and DEFRA Eric Blencowe What is the Darwin Initiative? The Darwin

The Darwin Initiative and DEFRA Eric Blencowe What is the Darwin Initiative? The Darwin Initiative was launched in 1992 at the Rio Earth Summit: to fund collaborative projects which use UK expertise to help countries rich in

495 views • 8 slides
Who are Darwin?

Who are Darwin?

The Darwin Leisure Property Fund Investment Overview Who are Darwin?

330 views • 16 slides
Darwin and Religion: Rumors of Warfare in a Post- Darwinian Age Darwin and Religion

Darwin and Religion: Rumors of Warfare in a Post- Darwinian Age Darwin and Religion

Darwin and Religion: Rumors of Warfare in a Post- Darwinian Age Darwin and Religion http://www.myjewishlearning.com/blog/wp-content/uploads/Richard_Dawkins_2.jpg Although atheism might have been logically tenable before Darwin,

384 views • 25 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco

M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco

M eeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco Information Assurance Research G roup National Security Agency Co-author: Stephen D. Smalley, NAI Labs 1 roup Inform ation A ssurance R esearch G

476 views • 43 slides
Charles Darwin (1809-1882) Charles Robert Darwin (1809-1882) was born the fifth of six children

Charles Darwin (1809-1882) Charles Robert Darwin (1809-1882) was born the fifth of six children

Charles Darwin (1809-1882) Charles Robert Darwin (1809-1882) was born the fifth of six children into a wealthy Shropshire gentry family in the small market town of Shrewsbury. His father Robert Waring Darwin (1766-1848) was a successful

671 views • 27 slides
Bernardo Obando Marine Pilot On 9 Sep 1839, 179 years ago, Darwin Port was named by officers

Bernardo Obando Marine Pilot On 9 Sep 1839, 179 years ago, Darwin Port was named by officers

PORT of DARWIN - Australias northern gateway Bernardo Obando Marine Pilot On 9 Sep 1839, 179 years ago, Darwin Port was named by officers from HMS BEAGLE in honour of Charles Darwin The Darwin Port facilities serve the following shipping

861 views • 35 slides
Policy Analysis for Security-Enhanced Linux Beata Sarna-Starosta and Scott D. Stoller Computer

Policy Analysis for Security-Enhanced Linux Beata Sarna-Starosta and Scott D. Stoller Computer

Policy Analysis for Security-Enhanced Linux Beata Sarna-Starosta and Scott D. Stoller Computer Science Department State University of New York at Stony Brook http://www.cs.sunysb.edu/stoller/ 1 Security-Enhanced Linux (SELinux) SELinux =

695 views • 21 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
L4/Darwin: Evolving UNIX Charles Gray Research Engineer, National ICT Australia

L4/Darwin: Evolving UNIX Charles Gray Research Engineer, National ICT Australia

L4/Darwin: Evolving UNIX Charles Gray Research Engineer, National ICT Australia charles.gray@nicta.com.au Outline 1. Project Overview 2. BSD on the Mach microkernel 3. Porting Darwin to the L4 microkernel 4. Project Status 2 Darbat

586 views • 29 slides
Internet Security Enhanced Security Services for S/MIME Thomas Gttlicher April 20, 2004

Internet Security Enhanced Security Services for S/MIME Thomas Gttlicher April 20, 2004

Internet Security Enhanced Security Services for S/MIME Thomas Gttlicher April 20, 2004 Agenda Basics Technical Signed receipts Security labels Secure mailing lists Signed certificates 1 Basics Basics

956 views • 74 slides
Background identification for neutrinoless double beta decay detection with the DARWIN

Background identification for neutrinoless double beta decay detection with the DARWIN

Background identification for neutrinoless double beta decay detection with the DARWIN experiment Yanina Biondi on behalf of the DARWIN collaboration, Universitt Zrich 12.09.2019 www.darwin-observatory.org THE WIMP LANDSCAPE 2019 Spin

634 views • 31 slides
Charles Darwin 1809 - 1882 Charles Most influential contributor to thoughts about Darwin

Charles Darwin 1809 - 1882 Charles Most influential contributor to thoughts about Darwin

Charles Darwin 1809 - 1882 Charles Most influential contributor to thoughts about Darwin evolution The Origin of Species 1859 Presented evidence for changes in species through Natural Selection 1 2 Contrast of Views

404 views • 5 slides
Darwin-SW: Darwin Core data for the Semantic Web Campbell Webb & Steven Baskauf Arnold

Darwin-SW: Darwin Core data for the Semantic Web Campbell Webb & Steven Baskauf Arnold

TDWG Annual Meeting; 2011-10-18 Darwin-SW: Darwin Core data for the Semantic Web Campbell Webb & Steven Baskauf Arnold Arboretum of Harvard University / Dept. of Biological Sciences, Vanderbilt University Version 0.2-2-ge7575a4 The

422 views • 17 slides
Welcome to Tronsec Security, an industry leader in Security Management Solutions Melbourne I

Welcome to Tronsec Security, an industry leader in Security Management Solutions Melbourne I

Welcome to Tronsec Security, an industry leader in Security Management Solutions Melbourne I Sydney I Canberra I Brisbane I Adelaide I Perth I Darwin I Hobart Who We Are & What We Stand For? Established in 2002 - Directors have over 20 Years

540 views • 11 slides
Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National Security Agency (NSA) A set of patches using the Linux Security Modules (LSM) Hardening GNU/Linux systems with extra security policies and

349 views • 15 slides
! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented Exploitation ! Techniques ! Demo ! Mac OS X x86_64 ! Conclusion ! Morris Worm (November 1988) ! Exploited a stack buffer overflow in BSD in.fingerd on VAX

1.02k views • 80 slides
EM-MAC: A Dynamic Multichannel Energy-Efficient MAC Protocol for Wireless Sensor Networks Lei

EM-MAC: A Dynamic Multichannel Energy-Efficient MAC Protocol for Wireless Sensor Networks Lei

EM-MAC: A Dynamic Multichannel Energy-Efficient MAC Protocol for Wireless Sensor Networks Lei Tang, Yanjun Sun, Omer Gurewitz, and David B. Johnson Presentation at ACM MobiHoc 2011, May 2011 The Objectives of EM-MAC Spread traffic to

614 views • 24 slides
Mac OS X : System Integrity Protection Nicolas RUFF - nruff(at)google(dot)com Proprietary

Mac OS X : System Integrity Protection Nicolas RUFF - nruff(at)google(dot)com Proprietary

Mac OS X : System Integrity Protection Nicolas RUFF - nruff(at)google(dot)com Proprietary Proprietary Introduction Proprietary Proprietary What is SIP? SIP: "System Integrity Protection", a.k.a. "rootless". SIP restricts

370 views • 15 slides
Multi-agent learning Multi-a rmed bandit algo rithms Gerard Vreeswijk , Intelligent Software

Multi-agent learning Multi-a rmed bandit algo rithms Gerard Vreeswijk , Intelligent Software

Multi-agent learning Multi-a rmed bandit algo rithms Gerard Vreeswijk , Intelligent Software Systems, Computer Science Department, Faculty of Sciences, Utrecht University, The Netherlands. Thursday 30 th April, 2020 Contents Author: Gerard

2k views • 173 slides
The Finite Element Method in Scientific Computing MATH 9830 Timo Heister (heister@clemson.edu)

The Finite Element Method in Scientific Computing MATH 9830 Timo Heister (heister@clemson.edu)

The Finite Element Method in Scientific Computing MATH 9830 Timo Heister (heister@clemson.edu) http://www.math.clemson.edu/~heister/math983-spring2014/ Goals of this course Learn about the software library deal.II understand practical

372 views • 34 slides
Porting an existing Qt-based Windows only application to Mac OS X Overview Introduction

Porting an existing Qt-based Windows only application to Mac OS X Overview Introduction

Porting an existing Qt-based Windows only application to Mac OS X Overview Introduction Where we started Apple Mac an unknown country With a little help from a friend Communication Version Control System

563 views • 22 slides
Session 18 Session 18 Tool Time Tuesday Tool Time Tuesday Zoom Tips Zoom Tips Hello! Hello!

Session 18 Session 18 Tool Time Tuesday Tool Time Tuesday Zoom Tips Zoom Tips Hello! Hello!

Session 18 Session 18 Tool Time Tuesday Tool Time Tuesday Zoom Tips Zoom Tips Hello! Hello! Laurissa Gann, MSLS, AHIP Lesli Moore, MLS Research Medical Library Research Medical Library www.mdanderson.org/library/ RML-Help@mdanderson.org

213 views • 19 slides
Poly1305-AES MAC Sami Vaarala Helsinki University of Technology sami.vaarala@iki.fi 1

Poly1305-AES MAC Sami Vaarala Helsinki University of Technology sami.vaarala@iki.fi 1

T-79.515 Cryptography: Special Topics Poly1305-AES MAC Sami Vaarala Helsinki University of Technology sami.vaarala@iki.fi 1 Background Security of MD5 and SHA1 is dubious, so a MAC with a security proof relative to a block cipher would be

3.43k views • 31 slides

More recommend