topics in systems and program security
play

Topics in Systems and Program Security Trent Jaeger Systems and - PowerPoint PPT Presentation

Nov 08, 2022 •206 likes •426 views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and Program Security Trent Jaeger Systems

  1. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and Program Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University August 29, 2008 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Operating Systems Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

  3. Systems Enable Interaction • If it was solely about isolating processes, security would be easy • However, process interaction is fundamental to operating systems How can processes interact? ‣ For what purposes? ‣ • Challenge: ensure security goals are met given all means of interaction Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. Secure Operating System • Provides security mechanisms that ensure that the system’s security goals are enforce despite threats from attackers Security mechanisms? ‣ Security goals? ‣ Threats? ‣ Attackers? ‣ • Can we build a truly secure operating system? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

  5. Security Goals • Lots of unsatisfying definitions Users can perform only authorized ‣ operations (safety) Processes perform only their necessary ‣ operations (least privilege) Operations can only permit information ‣ to be written to more secret levels (MLS) • We’ll discuss these Defining practical and achievable security ‣ goals is a difficult task Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  6. Trust Model • For operating system Trust model == TCB ‣ • What’s in a TCB? • What are we trusting? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  7. Threat Model • Threats are means that an attacker can use to violate security goals Where do threats come from? ‣ What mechanisms enable threats? ‣ What do threats threaten? ‣ • Secure OS must protect TCB against threats Why is this sufficient? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  8. Security Model • Composed from Trust Model and Threat Model • Can we state a security model for an idealized system? Two processes ‣ One root process ‣ OS provides information flow (interaction) ‣ mechanisms OS depends on the root process to identify the ‣ subjects for the processes Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  9. Protection System • Manages the access control policy for a system Security goal ‣ • It presents Protection state ‣ Protection state operations ‣ • It describes what operations each subject (via their processes) can perform on each object Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  10. Protection State Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  11. Protection State • Using an access matrix representation Current state of matrix ‣ • Can modify the protection state Via protection state operations ‣ E.g., can create subjects and objects ‣ E.g., owner can add a subject, operation ‣ mapping for their objects Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  12. Protection Domain • Specifies the objects that a subject can access and the operations the subject can perform upon those objects What is this in the access matrix? ‣ • Capabilities and Access Control Lists How do these define domains? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  13. Mandatory Protection System • Is a protection system that can be modified only by trusted administration that consists of ‣ A mandatory protection state where the protection state is defined in terms of a set of labels associated with subjects and objects • Label set is defined by trusted administration ‣ A labeling state that assigns system subjects and objects to those labels in the mandatory protection state ‣ A transition state that determines the legal ways that subjects and objects may be relabeled Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  14. Example • 2 subjects • Mandatory protection state Subject secret has a secret file ‣ Subject public has a public file ‣ • What happens when subject secret creates a new file? What happens to the access matrix? ‣ What if the subject public creates a file? ‣ • What happens when subject public executes a new process? Suppose the process is trusted to access secret files ‣ How does it obtain its label? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  15. Mandatory Protection System Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  16. Reference Monitor • Components ‣ Reference monitor interface (e.g., LSM) ‣ Authorization module (e.g., SELinux) ‣ Policy store (e.g., policy binary) Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  17. Reference Monitor • Purpose: Ensure enforcement of security goals Mandatory protection state defines goals ‣ Guarantees ensure enforcement ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  18. Secure Operating System • Possible? • Ideally, satisfies the reference monitor guarantees Is that so hard? ‣ • Mediation Challenges: what’s an operation? ‣ • Tamperproof Challenges: Trust is rampant ‣ • Verifiable: Challenges: Code verification? What’s the goal? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  19. Evaluation • Mediation : Does interface mediate correctly? • Mediation : On all resources? • Mediation : Verifably? • Tamperproof : Is reference monitor protected? • Tamperproof : Is system TCB protected? • Verifiable : Is TCB code base correct? • Verifiable : Does the protection system enforce the system’s security goals? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  20. Take Away • Identify core security approach Goals, trust model, threat model, security model ‣ • Secure OS analogues Goals == protection system ‣ Trust model == TCB ‣ Threat model -- Mediated by Reference Monitor ‣ Security model -- how the reference monitor of ‣ the TCB enforces the mandatory protection system Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CMPSC 497 Special Topics: Software Security Trent Jaeger Systems and Internet

CMPSC 497 Special Topics: Software Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Special Topics: Software Security Trent Jaeger

745 views • 27 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 10 Page 1 CS 236 Online Firewall Configuration and Administration Again, the firewall is the point of attack for intruders

375 views • 16 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks

Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks

Security Psychology Topics Weve Covered Ethics Distributed Systems (and attacks thereof) XSS CSRF SQL injection Most of these attacks are enabled by social engineering. Todays Class Pretexting Phishing

587 views • 25 slides
ITS Joint Program Office Updates Walton Fehr August 13, 2015 Topics Security and the Uniform

ITS Joint Program Office Updates Walton Fehr August 13, 2015 Topics Security and the Uniform

ITS Joint Program Office Updates Walton Fehr August 13, 2015 Topics Security and the Uniform Implementation of the Reference Architecture Bringing uniformity to the Connected Vehicle Pilots Support services for the long haul U.S.

280 views • 5 slides
Distributed Systems Security Topics Byzan7ne fault resistance BitCoin Course Wrap Up

Distributed Systems Security Topics Byzan7ne fault resistance BitCoin Course Wrap Up

Distributed Systems Security Topics Byzan7ne fault resistance BitCoin Course Wrap Up Fault Tolerance We have so far assumed fail-stop failures (e.g., power failures or system crashes) In other words, if the server is

739 views • 54 slides
Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed

Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed

Security of P2P Systems Faraz Makari March 6, 2008 Seminar on Advanced Topics in Distributed Computing WS 07/08 MPI-SWS (Saarland University), Petr Kuznetsov Motivation 1. Introduction 2. Secure Routing 3. Fairness and trust 4. Secure

989 views • 77 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Part II OS & Web Security OS Security Web

Dawn Song dawnsong@cs.berkeley.edu 1 Part II OS & Web Security OS Security Web

Safe Extension Dawn Song dawnsong@cs.berkeley.edu 1 Part II OS & Web Security OS Security Web Security More esoteric topics Click fraud, etc. Reputation systems & trust metrics Few papers, but local experts

420 views • 5 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Substation Security Blake Beale - Manager, CIP Compliance & Security Systems Jeff Imsdahl

Substation Security Blake Beale - Manager, CIP Compliance & Security Systems Jeff Imsdahl

Substation Security Blake Beale - Manager, CIP Compliance & Security Systems Jeff Imsdahl Director, Physical Security & Deputy CSO October 31, 2018 Substation Security Program Project established fall 2013 On site evaluations

235 views • 6 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Todays topics Computer Applications Computer Security Upcoming Operating Systems ( Great

Todays topics Computer Applications Computer Security Upcoming Operating Systems ( Great

Todays topics Computer Applications Computer Security Upcoming Operating Systems ( Great Ideas, Chapter 10) Reading Great Ideas, Chapter 11 32.1 CompSci 001 Computer Security: Problem The Problem: Billions in Losses Outright theft

280 views • 11 slides
Flavor Physics and CP Violation The 2013 European School Zoltan Ligeti of High-Energy

Flavor Physics and CP Violation The 2013 European School Zoltan Ligeti of High-Energy

Flavor Physics and CP Violation The 2013 European School Zoltan Ligeti of High-Energy (ligeti@lbl.gov) Physics Pardfrd, Hungary 5 18 June 2013 Lawrence Berkeley Laboratory Standing Committee Scientifjc Programme Discussion Leaders

971 views • 71 slides
Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Until now

Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Until now

CSC304 Lecture 7 Game Theory : Security games, Applications to security CSC304 - Nisarg Shah 1 Until now Simultaneous-move Games All players act simultaneously Nash equilibria = stable outcomes Each player is best responding

530 views • 24 slides
Games in Networks: the price of anarchy, stability and learning va Tardos Cornell University

Games in Networks: the price of anarchy, stability and learning va Tardos Cornell University

Games in Networks: the price of anarchy, stability and learning va Tardos Cornell University Why care about Games? Users with a multitude of diverse economic interests sharing a Network (Internet) browsers routers

584 views • 25 slides
JTSI METRONET Railcar Industry Meeting Introduction to the Concepts of Probity Presented by

JTSI METRONET Railcar Industry Meeting Introduction to the Concepts of Probity Presented by

JTSI METRONET Railcar Industry Meeting Introduction to the Concepts of Probity Presented by Kevin Donnelly CPA Principal, Probity and Procurement Some Definitions Probity Goodness, decency, honesty, integrity, honour, virtue Ethics

262 views • 4 slides
Computational Experiment Planning and the Future of Big Data Christopher Lee Departments of

Computational Experiment Planning and the Future of Big Data Christopher Lee Departments of

Computational Experiment Planning and the Future of Big Data Christopher Lee Departments of Computer Science, Chemistry and Biochemistry, UCLA Christopher Lee Computational Experiment Planning and the Future of Big Data Why Big Data? Not

1.42k views • 88 slides
Learning Neural Causal Models From Unknown Interventions Summary The relationship between

Learning Neural Causal Models From Unknown Interventions Summary The relationship between

Learning Neural Causal Models From Unknown Interventions Summary The relationship between each variable and its parents is modeled by a neural network, modulated by structural meta-parameters which capture the overall topology of a directed

517 views • 33 slides
Meeting Dynamic Challenges for Quality and Patient Safety SHARON S. EHRMEYER, PH.D., MT(ASCP)

Meeting Dynamic Challenges for Quality and Patient Safety SHARON S. EHRMEYER, PH.D., MT(ASCP)

Meeting Dynamic Challenges for Quality and Patient Safety SHARON S. EHRMEYER, PH.D., MT(ASCP) PROFESSOR EMERITUS, DEPARTMENT OF PATHOLOGY AND LABORATORY MEDICINE SCHOOL OF MEDICINE AND PUBLIC HEALTH UNIVERSITY OF WISCONSIN, MADISON, WI 1

612 views • 59 slides
Canyon Rim Academy Title I Targeted Assistance The purpose of Title I is to provide all

Canyon Rim Academy Title I Targeted Assistance The purpose of Title I is to provide all

Canyon Rim Academy Title I Targeted Assistance The purpose of Title I is to provide all children significant opportunity to receive a fair, equitable and high quality education and to close educational achievement gaps. Tile I is a

204 views • 6 slides

More recommend