PRECIP: Towards Practical and Retrofittable Confidential Information Protection XiaoFeng Wang (IUB), Zhuowei Li (IUB), Ninghui Li (Purdue) and Jong Youl.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

Chapter 6 Security Kernels.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Information Systems Security Security Architecture Domain #5.

Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Operating Systems.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

INTRUSION DETECTION SYSTEM

Operating System.

Installing and Troubleshooting Hardware Device and Drivers Chapter 6 powered by dj.

Dr. XiaoFeng Wang © SpyShield: Preserving Privacy from Spy Add-ons Zhuowei Li, XiaoFeng Wang and Jong Youl Choi Indiana University at Bloomington.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Group 6 Comp 129 Chapter 4.  An operating system s a set of programs made to manage the resources of a computer.  The OS performs five basic functions:

Dr. XiaoFeng Wang AGIS: Towards Automatic Generation of Infection Signatures Zhuowei Li 1,3, XiaoFeng Wang 1, Zhenkai Liang 4 and Mike Reiter 2 1 Indiana.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.

Operating Systems  A collection of programs that  Coordinates computer usage among users  Manages computer resources  Handle Common Tasks.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

Bob Gilber, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara RAID 2011,9 報告者：張逸文 1.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Chapter 8: Operating Systems and Utility Programs Catherine Gifford Dan Falgares.

Identity-Based Secure Distributed Data Storage Schemes.

Windows XP. History Windows XP is based on the NT kernel developed in 1988 Windows XP is based on the NT kernel developed in 1988 XP was originally sold.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

Application Software System Software.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

Trevor Jim Nikhil Swamy Michael Hicks Defeating Script Injection Attacks with Browser-Enforced Embedded Policies Jason FroehlichSeptember 24, 2008.

Trusted Operating Systems

Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.

Understand Malware LESSON Security Fundamentals.

CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.

SANS Top 25 Most Dangerous Programming Errors Catagory 1: Insecure Interaction Between Components These weaknesses are related to insecure ways.

Introduction to Network Systems Security Mort Anvari.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Windows Vista Configuration MCTS : Network Security.

ICAICT201A USE COMPUTER OPERATING SYSTEM. USING THE CONTROL PANEL The Control Panel contains many options for configuring your computer, including: adding.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

BY S.S.SUDHEER VARMA (13NT1D5816)

Secure your complete data lifecycle using Azure Information Protection

Operating Systems & System Software

Secure your complete data lifecycle using Azure Information Protection

Chapter 17: Confinement Problem

Functions of an operating system

Implementing Client Security on Windows 2000 and Windows XP Level 150

Shielding applications from an untrusted cloud with Haven

Operating System Concepts

Presentation transcript:

PRECIP: Towards Practical and Retrofittable Confidential Information Protection XiaoFeng Wang (IUB), Zhuowei Li (IUB), Ninghui Li (Purdue) and Jong Youl Choi (IUB)

How to protect your information from spyware? Prevent it ! Detect it ! However…

The last defense line  Contain unauthorized surveillance

Spyware containment  Existing access control mechanisms are insufficient  Spyware can watch authorized party’s access to a secret  Alternative: information flow security  Track sensitive data  Prevent them from flowing into unauthorized parties

Information flow security  The Bell-LaPadula model sensitive highly sensitive public

However, this is insufficient for a modern OS  User input object  keyboard, mouse…  When does it become sensitive?  Other shared object  screen, clipboard …  sensitive? public?  Multitasked subject  Work concurrently on public and sensitive data  Which output is sensitive?

Requirements for a usable IF model  Work on a modern OS  Efficient enough for online operation  Instruction-level tracking can be too slow  Retrofittable to legacy systems  Avoid modifying the source code of app, of OS

PRECIP A first step towards practical and retrofittable confidential information protection  Track an application’s input/output dependence  Model input object and shared object  Designed for online operations  Retrofittable to legacy applications and OS

The model  Subjects and objects  Local objects (files, buffers, keyboard, screen,…)  Remote objects (website…)  User input objects (UIO): objects for transferring inputs (keyboard)  Channels  Connect subject to subject, subject to object, object to subject  A path is composed of multiple channels  Messages  Information on a channel in the form of “messages”  Examples: keyboard events, mouse events, data through a “read” call

The model (cont’d)  Dependency relation  Output messages depend on some input messages  An input to the PRECIP model  Sensitivity levels  high: “sensitive”, low: “public”  Trusted and untrusted subjects  Untrusted: unknown dependency relations  Trusted: all dependency relations are known

Security objective  Information is sensitive if  it depends (directly or transitively) upon a message from an sensitive object, or sensitive inputs from an UIO  Information leakage happens if  Sensitive info gets into an untrusted subject or a remote public object  Objective: Sensitive information shouldn’t be leaked

Policies achieving the objective  Tracing rules  Sensitive msg: either from a sensitive obj or dependent upon a sensitive msg  Obj  sensitive if it receives a sensitive msg  UIO  sensitive iff a path connects it to a sensitive obj  Obj  public if it is cleaned  Control rules  Block sensitive msg to public remote obj and untrusted sub  Sensitive info to a local obj  block the msg or mark the obj sensitive

Application of PRECIP to Windows XP

Adversary model  Spyware is not inside the kernel when PRECIP is installed  However, our integrity protector can preventspyware to be installed through system calls  PRECIP is not designed for preventing exploit of software vulnerabilities  We use existing tools to do the job

Classification and labeling  Trust levels  Classify applications according to dependency rules  Mark an executable using its NTFS file stream  Sensitivity levels  Automatic classification: using a file’s DAC

Dependency rules for editing/viewing App Sensitive Public Sensitive Public

Dependency rules for web browsers

Management of hooks

Integrity protection  Prevent unauthorized access of subject’s and object’s labels, contents and PRECIP settings  Regulate calls related to file system, auto-start extensibility points and process  Only allow signed kernel drivers to be loaded  A policy also used in Windows Vista

Evaluation  Dependency rules  Test dependency rules on Microsoft office, Adobe Acrobat and Notepad  Quite effective in most cases  Effectiveness  Performance

Effectiveness

Performance  Performance of hook management  Baseline (no proxy): microseconds  PRECIP: microseconds  Overhead: 13.57%  Performance of the kernel driver  Evaluated using WorldBench 5.0

Limitations  Dependency rules are empirical  Research: automatic analysis of an application to generate rules  Integrity model as a complementary  Model is incomplete  Multiple sensitivity levels  Compartmentalization

Related research  Language-based information flow security  For design of a new program  Instruction-level tracking  Hard to use online without hardware support  New systems such as Abestos, IX, Flume,…  Need to modify OS  Sandboxing techniques  Too coarse-grained

Conclusions  Propose a new confidentiality model for practical and retrofittable IF protection  Application of the model to Windows XP  Future research  Improve the model  Improve the techniques for enforcing the model