toward automated authorization policy enforcement
play

Toward Automated Authorization Policy Enforcement Vinod Ganapathy - PowerPoint PPT Presentation

Jan 01, 2023 •387 likes •792 views

Toward Automated Authorization Policy Enforcement Vinod Ganapathy Trent Jaeger Somesh Jha vg@cs.wisc.edu tjaeger@cse.psu.edu jha@cs.wisc.edu March 1 st , 2006 Second Annual Security-enhanced Linux Symposium Baltimore, Maryland Introduction

  1. Toward Automated Authorization Policy Enforcement Vinod Ganapathy Trent Jaeger Somesh Jha vg@cs.wisc.edu tjaeger@cse.psu.edu jha@cs.wisc.edu March 1 st , 2006 Second Annual Security-enhanced Linux Symposium Baltimore, Maryland

  2. Introduction • SELinux helps meet information-flow goals Request Allowed? User Yes/No Yes/No App • Expressive access-control policy language • Security-enhanced operating system SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 2

  3. Security-aware Applications • Need for security-aware applications Request Allowed? User Yes/No Yes/No App • Can we build applications that can enforce mandatory access control policies? SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 3

  4. Security-aware Applications • Need for security-aware applications Request Allowed? Server Client Yes/No Yes/No Allowed? Yes/No SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 4

  5. Security-aware Applications • Need for security-aware applications Request Allowed? Server Client Yes/No Yes/No • Our work: How to build security-aware applications? • Focus is on mechanism, not policy SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 5

  6. Motivating Example Remote Client: Alice Alice Local X Server SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 6

  7. Motivating Example Remote Client: Bob Remote Client: Alice Alice Bob X Server SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 7

  8. Motivating Example Remote Client: Bob Remote Client: Alice Remote Client: Alice Alice X Server Keyboard input Malicious client can snoop on input violating Alice’s confidentiality SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 8

  9. Motivating Example Remote Client: Bob Remote Client: Alice Remote Client: Alice Alice X Server Malicious client can alter settings on other client windows SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 9

  10. Motivating Example Remote Client: Bob Remote Client: Alice Remote Client: Alice Alice X Server No mechanism to enforce authorization policies on client interactions SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 10

  11. Motivating Example Remote Client: Bob Remote Client: Alice Remote Client: Alice Alice Input Goal of the Security enhanced Request X server project [Kilpatrick et al., 2003] X Server Keyboard input Disallowed SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 11

  12. Need for Security-awareness • More examples: user-space servers – Samba – Web servers – Proxy and cache servers – Middleware • Common features – Manage multiple clients simultaneously – Offer shared resources to clients – Perform services on behalf of their clients SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 12

  13. Main Claim To effectively meet security-goals, all applications managing shared resources must be made security-aware SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 13

  14. Focus of our work Request Allowed? Server Client Yes/No Yes/No • How to build security-aware applications? • Focus is on mechanism, not policy – Can use tools like Tresys’ SELinux Policy Management Toolkit SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 14

  15. Security-aware Applications Our work: • How to build security-aware applications? Tool support to retrofit legacy • Proactively design code for security servers – MULTICS project [Corbato et al ., 1965] for authorization policy enforcement – Postfix mail server [Venema] • Retrofit existing, legacy code – Linux Security Modules project [Wright et al ., 2002] – Security-enhanced X project [Kilpatrick et al ., 2003] – Privilege separated OpenSSH [Provos et al ., 2003] SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 15

  16. Our Work Legacy Security-aware server server • Tools to analyze and retrofit legacy code • Two case studies: – Retrofitting the X server [IEEE S&P 2006] – Retrofitting Linux [ACM CCS 2005] SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 16

  17. Main Goal • Tool support to add reference monitoring Main challenge: Where to place to user-space servers reference monitor hooks? Security-Event Yes/No Reference Server Monitor SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 17

  18. Authorization Policies • Access-control matrix [Lampson’71] /etc/passwd /usr/vg/a.out /var/log root r/w r/w/x r/w vg r/w/x r • Three entities: ‹ subject, object, operation › – Subject (user or process) – Object (resource, such as file or socket) – Security-sensitive operation (access vectors) SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 18

  19. Main Goal • Analysis techniques to find where server performs security-sensitive operations Security-Event Yes/No Reference Server Monitor SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 19

  20. Key Insight: Fingerprints • Each security-sensitive operation has a fingerprint • Intuition: Denotes key code-level steps to achieve the operation SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 20

  21. Examples of Fingerprints • Three access vectors from SELinux • DIR_WRITE :- – Set inode->i_ctime & – Call address_space_ops->prepare_write() • DIR_RMDIR : - – Set inode->i_size TO 0 & – Decrement inode->i_nlink • SOCKET_BIND :- – Call socket->proto_ops->bind() SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 21

  22. Examples of Fingerprints • Access vectors for the X server • WINDOW_MAP :- – Set WindowPtr->mapped TO TRUE & – Set xEvent->type TO MapNotify • WINDOW_ENUMERATE:- – Read WindowPtr->firstChild & – Read WindowPtr->nextSib & – Compare WindowPtr ≠ 0 SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 22

  23. Key Insight: Fingerprints • How to find fingerprints? • How to use fingerprints to place hooks? SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 23

  24. Using Fingerprints: An Example • X server function MapSubWindows MapSubWindows(Window *pParent, Client *pClient) { xEvent event; Window *pWin; … pWin = pParent->firstChild; … for (;pWin != 0; pWin=pWin->nextSib) { pWin->mapped = TRUE; … event.type = MapNotify; } } SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 24

  25. Examples of Fingerprints • Access vectors for the X server • WINDOW_MAP :- – Set WindowPtr->mapped TO TRUE & – Set xEvent->type TO MapNotify • WINDOW_ENUMERATE:- – Read WindowPtr->firstChild & – Read WindowPtr->nextSib & – Compare WindowPtr ≠ 0 SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 25

  26. Using Fingerprints: An Example • X server function MapSubWindows MapSubWindows(Window *pParent, Client *pClient) { xEvent event; Window *pWin; … pWin = pParent->firstChild; … for (;pWin != 0; pWin=pWin->nextSib) { pWin->mapped = TRUE; … Performs event.type = MapNotify; Window_Map } } SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 26

  27. Examples of Fingerprints • Access vectors for the X server • WINDOW_MAP :- – Set WindowPtr->mapped TO TRUE & – Set xEvent->type TO MapNotify • WINDOW_ENUMERATE:- – Read WindowPtr->firstChild & – Read WindowPtr->nextSib & – Compare WindowPtr ≠ 0 SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 27

  28. Using Fingerprints: An Example • X server function MapSubWindows MapSubWindows(Window *pParent, Client *pClient) { Performs xEvent event; Window_Enumerate Window *pWin; … pWin = pParent->firstChild; … for (;pWin != 0; pWin=pWin->nextSib) { // Code to map window on screen pWin->mapped = TRUE; … event.type = MapNotify; } } SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 28

  29. Using Fingerprints • Fingerprints located using static analysis • Key advantage: statically find all locations where fingerprints occur • Can add hooks to all these locations SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 29

  30. Adding Hooks: An Example • X server function MapSubWindows MapSubWindows(Window *pParent, Client *pClient) { xEvent event; Window *pWin; // Code to enumerate child windows avc_has_perm(pClient, pParent, WINDOW_ENUMERATE); pWin = pParent->firstChild; … for (;pWin != 0; pWin=pWin->nextSib) { // Code to map window on screen avc_has_perm(pClient, pWin, WINDOW_MAP); pWin->mapped = TRUE; … event.type = MapNotify; } } SELinux 2006 Ganapathy/Jaeger/Jha: Toward Automated Authorization Policy Enforcement 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Biocide enforcement in EU MARISTELLA RUBBIANI HEAD OF UNIT SUBSTANCES AND PRODUCTS AUTHORIZATION

Biocide enforcement in EU MARISTELLA RUBBIANI HEAD OF UNIT SUBSTANCES AND PRODUCTS AUTHORIZATION

Biocide enforcement in EU MARISTELLA RUBBIANI HEAD OF UNIT SUBSTANCES AND PRODUCTS AUTHORIZATION ISS ITALY The BPR enforcement in EU On 29 September 2016 a Biocidal products Regulation, Biocides, Enforcement, Europe was created A

366 views • 32 slides
ACE Automated Broker Interface Automated Interface Requirements ACH Debit Authorization/Entry

ACE Automated Broker Interface Automated Interface Requirements ACH Debit Authorization/Entry

ACE Automated Broker Interface Automated Interface Requirements ACH Debit Authorization/Entry Summary Presentation September 10, 2019 Contents Table of Changes

516 views • 13 slides
AUTOMATED TRAFFIC ENFORCEMENT April 23, 2019 Overview Summary of what is changing

AUTOMATED TRAFFIC ENFORCEMENT April 23, 2019 Overview Summary of what is changing

AUTOMATED TRAFFIC ENFORCEMENT April 23, 2019 Overview Summary of what is changing Council Policy What is Different? Provincial Changes Impacting the City Post rationale for sites on website Annual Traffic Safety Plan

559 views • 6 slides
AUTOMATED TRAFFIC ENFORCEMENT April 15, 2019 Overview Updated information on approved

AUTOMATED TRAFFIC ENFORCEMENT April 15, 2019 Overview Updated information on approved

AUTOMATED TRAFFIC ENFORCEMENT April 15, 2019 Overview Updated information on approved motions and recommendations. Further information on revenue allocation. Introduce Council Policy. Updated Information Failure to Stop AJSG

437 views • 19 slides
SJR 21: Illegal Cigarette Trafficking November 13, 2012 Overview Study Authorization

SJR 21: Illegal Cigarette Trafficking November 13, 2012 Overview Study Authorization

SJR 21: Illegal Cigarette Trafficking November 13, 2012 Overview Study Authorization Summary Virginia Dept. of Taxation Data Enforcement and Conviction Data Policy Considerations Discussion VIRGINIA STATE CRIME COMMISSION

581 views • 46 slides
AUTOMATED TRAFFIC ENFORCEMENT March 18, 2019 OVERVIEW Highlights from the report 53

AUTOMATED TRAFFIC ENFORCEMENT March 18, 2019 OVERVIEW Highlights from the report 53

AUTOMATED TRAFFIC ENFORCEMENT March 18, 2019 OVERVIEW Highlights from the report 53 pages of detail Try to take main points/story for presentation Focus discussion on recommendations Enough overall information for

895 views • 63 slides
Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University

Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University

Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University Daniel Olm edilla L3S Research Center Frank SiebenList Argonne National Laboratory 8 th IEEE POLICY Bologna, Italy, 15 th June 20 0 7 Outline

414 views • 19 slides
Planning Enforcement Adrian Duffield Head of Planning 1 The planning process Enforcement

Planning Enforcement Adrian Duffield Head of Planning 1 The planning process Enforcement

Planning Enforcement Adrian Duffield Head of Planning 1 The planning process Enforcement Policy Applications 2 National Planning Policy NPPF Paragraph 207 Important in maintaining public confidence in planning system Discretionary

171 views • 14 slides
Navigating Emergency Use Authorization: FDA Policy for COVID- 19 Diagnostic Tests Ian McGill,

Navigating Emergency Use Authorization: FDA Policy for COVID- 19 Diagnostic Tests Ian McGill,

Navigating Emergency Use Authorization: FDA Policy for COVID- 19 Diagnostic Tests Ian McGill, PSM, ASQ CBA April 2020 AGENDA EUA Background COVID-19 Policy Guidance Document Test Type and Pathways to distribution Key

454 views • 11 slides
Enforcement Policy Presented by Cris Carrigan David Boyers, & Dr. Matthew Buffleben State

Enforcement Policy Presented by Cris Carrigan David Boyers, & Dr. Matthew Buffleben State

2017 Update: Enforcement Policy Presented by Cris Carrigan David Boyers, & Dr. Matthew Buffleben State Water Resources Control Board Office of Enforcement February 7, 2017 Board Meeting Item 5 2017 Enforcement Policy Highlights

570 views • 20 slides
AUTOMATED TRAFFIC ENFORCEMENT March 25, 2019 Overview Request for Decision March 18,

AUTOMATED TRAFFIC ENFORCEMENT March 25, 2019 Overview Request for Decision March 18,

AUTOMATED TRAFFIC ENFORCEMENT March 25, 2019 Overview Request for Decision March 18, 2019 COW report and subsequent feedback from Council Strong desire to provide clear direction to administration and community Motion as

343 views • 13 slides
Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracles

Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracles

Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracles Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is intended to outline our general product

408 views • 17 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Automated Red Light Enforcement Commission Performance & Program Update April 30, 2019

Automated Red Light Enforcement Commission Performance & Program Update April 30, 2019

Automated Red Light Enforcement Commission Performance & Program Update April 30, 2019 Towfiq Khan, Executive Manager Department of Transportation Program History The City of Dallas implemented Safelight program to reduce high number of

453 views • 12 slides
FPPC Enforcement Retrospective & Prospective Policy Meeting November 22, 2019 2019

FPPC Enforcement Retrospective & Prospective Policy Meeting November 22, 2019 2019

FPPC Enforcement Retrospective & Prospective Policy Meeting November 22, 2019 2019 Enforcement Trends Resource Allocation 2019/2020 Penalties 2019/2020 Streamline/WL Discussion Program Roadblocks to Enforcement Legislative Proposals

633 views • 39 slides
Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules

Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules

Deriving Enforcement Mechanisms from Policies Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules Helge Janicke, Antonio Cau, Fran cois Siewe, Enforcement Hussein Zedan Summary Software

550 views • 16 slides
NASA-Rio UCCRN Training Partnership: Sea Level Rise, Urban Heat Islands, and Water Quality SEA

NASA-Rio UCCRN Training Partnership: Sea Level Rise, Urban Heat Islands, and Water Quality SEA

NASA-Rio UCCRN Training Partnership: Sea Level Rise, Urban Heat Islands, and Water Quality SEA LEVEL RISEPart 2: Future sea level and coastal storm projections Vivien Gornitz and Daniel Bader Columbia University/NASA Goddard Institute for

308 views • 27 slides
NETWORK-BASED HTTPS CLIENT IDENTIFICATION USING SSL/TLS FINGERPRINTING Monday 24 th August, 2015

NETWORK-BASED HTTPS CLIENT IDENTIFICATION USING SSL/TLS FINGERPRINTING Monday 24 th August, 2015

NETWORK-BASED HTTPS CLIENT IDENTIFICATION USING SSL/TLS FINGERPRINTING Monday 24 th August, 2015 Martin Husk Milan ermk Tom Jirsk Pavel eleda Introduction Rising popularity of encrypted traffic secures the transmission, but

662 views • 18 slides
(VALSE webinar, 2016.1.13)

(VALSE webinar, 2016.1.13)

(VALSE webinar, 2016.1.13) http://ivg.au.tsinghua.edu.cn/~jfeng/ 1. 2. 3. Human

918 views • 52 slides
AniFilter: Parallel and Failure-Atomic Cuckoo Filter for Non-Volatile Memories Hyungjun Oh 1 ,

AniFilter: Parallel and Failure-Atomic Cuckoo Filter for Non-Volatile Memories Hyungjun Oh 1 ,

AniFilter: Parallel and Failure-Atomic Cuckoo Filter for Non-Volatile Memories Hyungjun Oh 1 , Bongki Cho 1 , Changdae Kim 2 , Heejin Park 1 , Jiwon Seo 1 1 2 1 Ou Outline NVM and AMQs Cuckoo Filter Optimizations in AniFilter

1.18k views • 58 slides
Basic MPI Tom Murphy, Dave Joiner, Paul Gray, Henry Neeman, Charlie Peck, Alex Lemann, Kristina

Basic MPI Tom Murphy, Dave Joiner, Paul Gray, Henry Neeman, Charlie Peck, Alex Lemann, Kristina

Basic MPI Tom Murphy, Dave Joiner, Paul Gray, Henry Neeman, Charlie Peck, Alex Lemann, Kristina Wanous, Kevin Hunter 1 Preliminaries What is a Supercomputer? MPI Version 2 Resources http://www-unix.mcs.anl.gov/mpi/ Or, just

242 views • 22 slides
Dance and Mathematics Karl Schaffer MATH Dr. Schaffer and Mr. Stern Dance Ensemble and De Anza

Dance and Mathematics Karl Schaffer MATH Dr. Schaffer and Mr. Stern Dance Ensemble and De Anza

Dance and Mathematics Karl Schaffer MATH Dr. Schaffer and Mr. Stern Dance Ensemble and De Anza College Mathdance.org karl_schaffer@yahoo.com Materials developed with Erik Stern and Scott Kim 2012 Joint Mathematics Meetings Boston Jan. 4

1.09k views • 82 slides
Machine learning for tactile manipulation Jan Peters with Filipe Veiga, Herke van Hoof, Oliver

Machine learning for tactile manipulation Jan Peters with Filipe Veiga, Herke van Hoof, Oliver

Machine learning for tactile manipulation Jan Peters with Filipe Veiga, Herke van Hoof, Oliver Kroemer, Roberto Calandra, Tucker Hermans, Yevgen Chetobar, Yilei Zheng, Zhengkun Yi Intelligent Autonomous Systems Dept. of Computer Science

643 views • 51 slides
Fingering instability down the outside Fingering instability down the outside of a vertical

Fingering instability down the outside Fingering instability down the outside of a vertical

Fingering instability down the outside Fingering instability down the outside of a vertical cylinder of a vertical cylinder Linda Smolka Bucknell University joint work with Marc SeGall Workshop on Surfactant Driven Thin Film Flows The

266 views • 23 slides

More recommend