First Principles of Cybersecurity

Slides:



Advertisements
Similar presentations
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Advertisements

Threads, SMP, and Microkernels
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Operating System Organization
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Virtualization for Cloud Computing
5205 – IT Service Delivery and Support
Virtualization 101.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Operating System A program that controls the execution of application programs An interface between applications and hardware 1.
Virtualization. Virtualization  In computing, virtualization is a broad term that refers to the abstraction of computer resources  It is "a technique.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
Device Drivers.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
INTRODUCTION TO VIRTUALIZATION KRISTEN WILLIAMS MOSES IKE.
High Performance Computing on Virtualized Environments Ganesh Thiagarajan Fall 2014 Instructor: Yuzhe(Richard) Tang Syracuse University.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Processes Introduction to Operating Systems: Module 3.
VMware vSphere Configuration and Management v6
Operating Systems Security
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Security Vulnerabilities in A Virtual Environment
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Operating-System Structures
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.
Cloud Computing – UNIT - II. VIRTUALIZATION Virtualization Hiding the reality The mantra of smart computing is to intelligently hide the reality Binary->
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
Virtualization Neependra Khare
Chapter 2 Operating System Overview Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.
Computer System Structures
Virtualization for Cloud Computing
Virtual Machine Monitors
Chapter 6: Securing the Cloud
Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.
Module 3: Operating-System Structures
Cybersecurity First Principles
What is Virtualization Last Update
Chapter 1: Introduction
Operating System Structure
Cybersecurity: Threat Matrix
KERNEL ARCHITECTURE.
Chapter 1: Introduction
Chapter 3: Windows7 Part 1.
First Principles of Cybersecurity
Virtualization Layer Virtual Hardware Virtual Networking
Virtualization 101.
Virtualization Techniques
Chapter 2: System Structures
Chapter 3: Operating-System Structures
Chapter 1 Introduction to Operating System Part 5
Basic Concepts Protection: Security:
Partition Starter Find out what disk partitioning is, state key features, find a diagram and give an example.
Chapter 2: Operating-System Structures
Introduction to Operating Systems
Outline Chapter 2 (cont) OS Design OS structure
Java Programming Introduction
Introduction to Virtual Machines
Outline Operating System Organization Operating System Examples
System calls….. C-program->POSIX call
Introduction to Virtual Machines
Chapter 2 Operating System Overview
Chapter-1 Computer is an advanced electronic device that takes raw data as an input from the user and processes it under the control of a set of instructions.
Chapter 2: Operating-System Structures
Presentation transcript:

First Principles of Cybersecurity

Domain Separation Separating areas where resources are located prevents accidents and loss of data, keeping information worlds from colliding. A domain could be an area of control, a computer system or a website. In a programming department, there are programmers (developers, maintainers etc), testers and system administrators. When the developers wish to test their code, they test data that is similar to real data, but obviously not live data. Keeping the test data separate from the operational data is one example of domain separation . Inside a computer system, there are also domains. Most hardware microprocessors have a supervisor domain (sometimes referred to as a supervisor state or privileged state) and a user domain. In supervisor state, privileged hardware instructions can be executed. These hardware domains are used to implement mechanisms that protect the system from interference by user written programs and purchased applications. The operating system code runs in supervisor state, while the user programs run in the user domain.

Process Isolation A process occurs when a task is executed. Keeping processes separate prevents the failure of one process from negatively impacting another. A process is a program running in a computer. Programs have their own portion of memory called address space. The address space can only be accessed by running programs. If a word processor, a database and a browser are running on a computer, they are all running in different address spaces. This is done to ensure correct operation, security and protection. In addition to process isolation, we also have operating isolation. Programs such as VMWare or Virtual Box enable multiple operating systems to execute on the same computer without interfering with other program.

Resource Encapsulation Resources – hardware, system objects, or processes – must be separated and used as intended. An example, assume a flag pole is the object. There are fixed methods on how the flag pole is to be used. Put the flag on, take the flag off, raise or lower the flag. Nothing else can be done to the flag pole. A resource can be hardware such as memory, disk drives, or a monitor. It can also be system objects such as semaphores, a linked list, or shared memory. Encapsulation is an object oriented concept where all data and functions required to use the resource are packaged into a single self-contained component. The goal is to only allow access or manipulation of the resource in the way the designer intended. In addition to controlling what operations can be performed on the resource, the system can also control which users can perform these operations on the resource.

Least Privilege Limits what access people have to your resources and what they can do with them. Allows the minimum number of privileges necessary to accomplish the task. When a person gets a new computer, s/he installs or logs onto the computer using an administrative account. This account has privileges to install software, add users, add hardware, and add and delete almost any program or file. The account is all powerful and must be used wisely. If a person uses a browser to access a website that contains malware and they are running as administrator, it is more likely that malware could be installed. If the person was running as a regular user with minimal privileges, the malware would not have been installed.  

Layering Multiple layers of defense protect information. If one layer is defeated, the next layer should catch it. Consider a typical Windows-based workstation: At the core, there is a microprocessor with a well defined interface (instruction set). On top of the microprocessor is a layer of running software that provides an interface to the OS called the Hardware Abstraction Layer (HAL). OS developers do not need to understand the details of the microprocessor implementation. On top of the HAL runs a microkernel and presents a simple set of kernel calls to OS programmers. Thus OS programmers do need to know the details of the HAL. The OS runs on top of the microkernel, hiding the kernel complexity and providing application developers with a simple system call interface . Applications run on top of the OS and provide users with useful services without requiring the user to have any knowledge of the system call interface to the OS. Defense in depth uses a layering approach, that involves physical, technical and administrative controls.

Abstraction A representation of an object or concept that decouples the design from the implementation. The goal in abstraction, from a computer security viewpoint is to remove any clutter that can distract and possibly be used in an incorrect way. Abstraction provides only the essential details of what is being modeled and provide the minimum information necessary to accomplish the task.  

Information Hiding Prevent any attempt to see information. A technique that does not allow certain aspects of an object to be observed or accessed. Keeps the programmer from having complete access to data structures. Allows access to only what is necessary. In computer programming, manipulating a stack requires three operations. Push, pop and view the data item on the top of the stack. The programmer should not be concerned with how the stack is implemented. The stack could be a linked list, tree structure, or an array. None of the details of how the stack is implemented are necessary.

Modularity Able to be inserted or removed from a project; each module has its own function, interchangeable with other modules. Modular programming is a software design technique that emphasizes separating the functionality of a program into independent, interchangeable modules. Each module contains everything necessary to execute a unique part of the desired functionality through well designed interfaces, that provide the details needed for one module to replace another. Most desktop computers can be modified to add hardware and increase performance. Memory, sound and video cards can be added. All of the components have a well defined interface. If one fails one can easily replace it. Current mobile phones are not modular. If a part breaks, the device will most likely have to be replaced. iPhone is a good example: if a hardware part breaks, it cannot easily be fixed.

Simplicity If something is less complicated, it’s less likely to have problems and easier to troubleshoot and fix. When designing a product, hardware of software, simplicity should be a goal. Simplicity makes it possible to better understand hardware and software. It is easier for software engineers to update the code when requirements change without the clutter of unnecessarily complicated code and interfaces. It is easier for testers to understand the code and spot problems sooner. By keeping software simple and focused, reliability and security are greatly increased.

Minimization Minimization’s goal is to simplify and decrease the number of ways the software can be exploited. Improves security by reducing the number of things that can go wrong: the number of points open to attack the duration of high-risk exposure the value of the assets that have to be protected,1 and the consequences of failures. Every piece of information stored and every bit of complexity added comes at a cost, that must be weighed against the benefits provided. 

Virtualization and Cloud Computing an application

Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the underlying hardware resources It is the process by which one computer hosts the appearance of many computers. Virtualization is used to improve IT throughput and costs by using physical resources as a pool from which virtual resources can be allocated.

Virtualization Architecture A Virtual machine (VM) is an isolated runtime environment (guest OS and applications) Multiple virtual systems (VMs) can run on a single physical system A hypervisor, or virtual machine manager/monitor (VMM), is a program that allows multiple OS to share a single hardware host. Each Guest OS appears to have the host's processor, memory, and other resources all to itself. However, the hypervisor is actually controlling the host processor and resources, allocating what is needed to each operating system in turn and making sure that the OS systems (VMs) cannot disrupt each other.

Benefits of Virtualization Sharing of resources helps cost reduction Domain Separation: Process Isolation: VMs are isolated from each other as if they are virtually separated Resource Encapsulation: VMs encapsulate a complete computing environment Hardware Independence: VMs run independently of underlying hardware Modularity-Portability: VMs can be migrated between different hosts.

Virtualization in Cloud Computing Cloud computing takes virtualization one step further: You don’t need to own the hardware Resources are rented as needed from a cloud Various providers allow creating virtual servers: Choose the OS and software that each instance will have The chosen OS will run on a large server farm Instantiate more virtual servers or shut down existing ones within minutes You get billed only for what you used.

Virtualization Security Challenges The trusted computing base (TCB) of a virtual machine is too large. TCB: A small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security Smaller TCB implies more security

Xen Virtualization Architecture & Threat Model Xen project hypervisor: open source Management VM0 – Dom0 Hypervisor is in Dom0 and runs directly on the hardware. Is responsible for handling CPU, memory, timers and interrupts. Guest VMi – DomUi Dom0 may be malicious Vulnerabilities Device drivers Careless/malicious administration Dom0 is in the TCB of DomU because it can access the memory of DomU, which may cause information leakage/modification SMP = Symmetric Multiprocessing (multiple processors in one computer system) X86 = CPU instruction set, ENET = Ethernet, SCSI/IDE = interface that allows PCs to communicate with peripheral hardware

Virtualization Security Requirements Scenario: A client uses the service of a cloud computing company to build a remote VM A secure network interface A secure secondary storage A secure run-time environment Build, save, restore, destroy A secure run-time environment is the most fundamental The first two problems already have solutions: Network interface: Transport layer security (TLS) Secondary storage: Network file system (NFS) The security mechanism in the first two rely on a secure run-time environment All the cryptographic algorithms and security protocols reside in the run-time environment

Smaller TCB Solution Smaller TCB Actual TCB