Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Access Control Methodologies

Lecture 1: Overview modified from slides of Lawrie Brown.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Building Secure Software Chapter 9 Race Conditions.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

Incident Response Updated 03/20/2015

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

SEC835 Database and Web application security Information Security Architecture.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Operating Systems Protection & Security.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Information Systems Security Computer System Life Cycle Security.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

Software Security and Security Engineering (Part 2)

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Privilege separation in Condor Bruce Beckles University of Cambridge Computing Service.

CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.

Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Scott Teeters, Jr. MicroSolved, Inc. in partnership with Sogeti USA How to Fail A Penetration Test Concepts in Securing a Network.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

Academic Year 2014 Spring Academic Year 2014 Spring.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Module 10: Implementing Administrative Templates and Audit Policy.

Introduction to Security Dr. John P. Abraham Professor UTPA.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

Design Principles and Common Security Related Programming Problems

Chapter 23: Vulnerability Analysis Dr. Wayne Summers Department of Computer Science Columbus State University

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

Introduction to Operating System. 1.1 What is Operating System? An operating system is a program that manages the computer hardware. It also provides.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

Review of IT General Controls

Vulnerability Analysis

Working at a Small-to-Medium Business or ISP – Chapter 8

Chap 20. Vulnerability Analysis

Types for Programs and Proofs

Secure Software Confidentiality Integrity Data Security Authentication

Introduction to Networking

Security in Networking

CE Operating Systems Lecture 21

Chapter 23: Vulnerability Analysis

Operating System Security

Chapter 29: Program Security

Operating System Concepts

CSE 542: Operating Systems

Presentation transcript:

Unix Security Assessing vulnerabilities

Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses E.g., M. Bishop’s “A Taxonomy of UNIX System and Network Vulnerabilities’’ (95) Stated goals of The Taxonomy: Description should be useful for the purpose of designing intrusion detection mechanisms; Techniques provided for finding vulnerabilities of each type; Techniques provided for mitigating their threat

Dimensions of taxonomy The taxonomy considered: Vulnerability class Time of introduction Exploitation domain Effect domain Minimum component number Source

Vulnerability class From Protection Analysis study: 1. Improper protection (initialization and enforcement) 1a. Improper choice of initial protection domain 1b. Improper isolation of implementation detail 1c. Improper protection 1d. Improper naming 1e. Improper de-allocation or deletion 2. Improper validation 3. Improper synchronization 3a. Improper indivisibility 3b. Improper sequencing 4. Improper choice of operand or operation

Time and Domains Time of introduction 1. Development 2. Maintenance 3. Operation Exploitation domain/Effect domain: Numbering indicates: 1. Nothing else is affected 2. Network sessions are affected 3. Hardware is affected 4. Network sessions and hardware are affected

Number of components and source Minimum number of components: Refers to the number of software modules (programs) that must be involved for the vulnerability to be exploited Directly impacts the complexity of monitoring for attacks that exploit the vulnerability Source: Where the vulnerability was discovered and published Affects how likely is that the vulnerability will be exploited, e.g. if automated scripts are available

Example: The Xterm vulnerability mknod foo p Creates a device (file) that implements FIFO xterm -lf foo Launches an xterm with foo as its log file mv foo junk Renames foo as junk ln -s /etc/passwd foo Creates symbolic link (alias) to system password file cat junk Opens the other end of a FIFO file, effectively creating a pipe from xterm log to stdout through /etc/passwd

Classifying the xterm vulnerability Vulnerability class: 1c, Improper change Time of introduction: 1, development Exploitation domain: 1, UID of xterm program Effect domain: 1, any protection domain Minimum number: 2, xterm process; another process to move file & link password file to name Source: Posted to USENET

Reading passwords Type: 1e. Improper de-allocation or deletion Introduction time: 1. Development Exploitation domain: 1, Group kmem protection domain Effect Domain: 1, Any protection domain Minimum number: 1, Process reading terminal buffer Source: M. Bishop, USENET posting

Detection and mitigation Improper choice of initial protection domain Tools such as tripwire can be used to create a database of system files and their access rights Difficult to manually evaluate against abstract policies since there is no formal access control structure in UNIX Requires computation of the access control closure for a particular user class

Detection and mitigation (2) Improper isolation of implementation detail Each software component that may affect the protection architecture must be analyzed to decide whether it implements checks at the correct location Example: The NIS used to implement checks in the clients to prevent attempts to add (e.g. privileged) accounts in the system. However, anyone could write a program to directly connect to the daemon and perform the addition of accounts. Here, it was improper to delegate the check to clients; the operation should be protected by the daemon.

Detection and mitigation (3) Improper change Assumptions about data consistency are not valid in practice: e.g., the xterm attack E.g. of pairs of system call sequences that expose to improper change flaws: accessopen give read/write access to protected file accessunlink delete system-critical file accesschroot remove file-system visibility restrictions creatchown improper change of ownership openrename move file to system location Techniques from software testing and/or pattern matching are required

Detection and mitigation (4) Improper name Name collision (Trojan horses) Same object, two names (and permission sets) Files (hard links in UNIX) Process IDs (re-use of ID after termination) Simple scanning detects issues of name collision and hard links For process ID re-use, it becomes imperative to insert checks in programs to detect the termination of any processes it communicates with

Detection and mitigation (5) Improper de-allocation/deletion Memory de-allocated but not cleaned/erased Allow for programs to read contents written by other processes Auxiliary structures not cleaned at deletion Denial-of-service attack (historic attack on the Process table) Use of de-allocated memory Software testing techniques are useful in detecting such problems

Improper validation Verify return values from system calls Verify validity of arguments Switch statement have default cases Perform range-checking Use functions that return error checking information whenever available

Detection and mitigation (7) Improper indivisibility Not properly checking locking mechanisms Time-Of-Check-To-Time-Of-Use issues (TOCTTOU) Improper choice of operand/operation Violation of modularity in design Manipulation of data in practice does not correspond to requirements