Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operating System Security CS460 Cyber Security Spring 2010.

Published byGiles Ramsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Operating System Security CS460 Cyber Security Spring 2010."— Presentation transcript:

1 Operating System Security CS460 Cyber Security Spring 2010

2 1/19/10Cyber Security Spring 20102 Outline Unix/Linux Access Control –Users and groups –File system controls Windows NT/XP/Vista/7 Security Executive –Access tokens –Security descriptors –ACLs –Integrity Controls (Vista)

3 1/19/10Cyber Security Spring 20103 Unix Reading Material Man pages –Groups, newgroup –Chmod, chown, chgrp Unix and Security: The Influences of History

4 1/19/10Cyber Security Spring 20104 Basic Unix Security Model User authenticated on logon –User ID associated with process –Default Group ID associated with process –Default Process listed in passwd file Groups defined in /etc/groups –Set of users listed with each group definition –User can be member of multiple groups

5 1/19/10Cyber Security Spring 20105 Shadow Files /etc/passwords and /etc/group must be readable by everyone Both files contain crypt’ed passwords –Access enable offline attacks Add shadow versions of each file –Password obscured in passwords and group –Stored in more restricted shadow versions of these files

6 1/19/10Cyber Security Spring 20106 Unix Access Control Three permission octets associated with each file and directory –Owner, group, and other –Read, write, execute For each file/directory –Can specify RWX permissions for one owner, one group, and one other

7 1/19/10Cyber Security Spring 20107 Unix Access Check First test effective user ID against owner –If match, then use owner rights Then test all groups user is a member of against group –If match, then use group rights Otherwise, use other rights Can view as rwx, or a value from 0-7 –E.g. rx = 5 and rw = 6

8 1/19/10Cyber Security Spring 20108 Constraining Control of New Objects Umask can be set to constrain allowed access on new objects created by user Expressed as a 3 octet mask –E.g. 0022 Inverse of umask anded by requested access for new object –E.g. open requests 0666 (read and write for all) –0666 & ~0022 = 0666 & 755 = 644

9 1/19/10Cyber Security Spring 20109 Other Bits Set UID and Set GUID bits –When set, the process created by executing file takes on user ID or group ID associated with file Sticky bit –On directories, prevents anyone but owner of file removing file in directory

10 1/19/10Cyber Security Spring 201010 Unix Security Problems Created as a subset of more complete Multics model –Expedient at the time –Limits modern expressibility Security evolved over 30 years –Inconsistencies Early evolution occurred in open university environments –Encourages bad habits

11 1/19/10Cyber Security Spring 201011 Windows Reading Material Windows NT Security in Theory and PracticeWindows NT Security in Theory and Practice –Old, but still a readable introduction Windows Access Control –Newer version of above Inside Windows NT Chapter 3 or Microsoft Windows Internals Chapter 8 Windows 7 security enhancements http://technet.microsoft.com/en- us/library/dd560691.aspx http://technet.microsoft.com/en- us/library/dd560691.aspx Windows Vista Integrity Mechanism

12 1/19/10Cyber Security Spring 201012 NT Security Model Ultimately NT security controls access and auditing Implements the standard subject/object security model –Designed into NT. Implemented a security reference monitor Controls applied to core OS objects like processes and sockets in addition to the more tradition file system elements (NTFS) –Everything that can be named is an object –All objects can have same security controls applied

13 1/19/10Cyber Security Spring 201013 NT Security Elements Subject – Process or thread running on behalf of the system or an authenticated user Security ID (SID) – A globally unique ID that refers to the subject (user or group) Access token – the runtime credentials of the subject Privilege – ability held by the subject to perform “system” operations. Usually breaks the standard security model –Associated with the access token –Generally disabled by default. –Can be enabled and disabled to run at least privilege –Example powerful privileges SeAssignPrimaryTokenPrivilege – Replace process token SeBackupPrivilege – Ignore file system restrictions to backup and restore SeIncreaseQuotaPrivilege - Add to the memory quota for a process SeTcbPrivilege – Run as part of the OS

14 1/19/10Cyber Security Spring 201014 Windows User/Group Definitions Control Panel/Computer Management –Contains the User/Group definition Control Panel/Local Security Settings –Under user rights –Lets the user associate users and groups with privileges

15 1/19/10Cyber Security Spring 201015 Access Token

16 1/19/10Cyber Security Spring 201016 Example subject AccessToken sid=123456 Privileges=SeBackup/disabled SeTcb/disabled Amer/shinrich Authentication Exchange Domain Controller Word process DB of users SID and privs

17 1/19/10Cyber Security Spring 201017 More security elements Object – Individually secured entity such as a file, pipe, or even a process Rights – actions associated between object and subject. –Read, write, execute, audit Access control list (ACL) –Associated with an object –Ordered list –Each access control entry (ACE) contains a subject and a right –Evaluated by the security subsystem to determine access to protected objects. –Discretionary ACLs control access –System ACLs control audit (and integrity control)

18 1/19/10Cyber Security Spring 201018 Still more security elements Security Descriptor – represents an object in the system. Contains the following information: –Object’s owner –Object’s group –Object’s DACL –Object’s SACL AccessCheck evaluates an ACL, subject, object triple –Called by many system calls –Can be called from user code too

19 1/19/10Cyber Security Spring 201019 Security Descriptor

20 1/19/10Cyber Security Spring 201020 Example ACL \mydocs\hw1.doc Security Descriptor: sid=123456 gid=78910 DACL= SACL=null SID=Everyone:read SID=123456:read,write SID=22222:deny SID=Everyone:read SID=123456:read,write

21 1/19/10Cyber Security Spring 201021 Example Evaluation

22 1/19/10Cyber Security Spring 201022 Working with ACLs Accessed via FileExplorer. Right-click file/directory an select sharing and security. Can programmatically create and traverse ACL’s –See MSDN for detailsMSDN

23 1/19/10Cyber Security Spring 201023 SACL controls auditing In addition to DACL that controls access, each object has a SACL to control auditing –Process access token is compared to SACL to determine whether to log –Also enabled by local policy SACL now also includes integrity label

24 1/19/10Cyber Security Spring 201024 Vista Security Descriptor Plus Integrity Label

25 1/19/10Cyber Security Spring 201025 Mandatory Integrity Controls SID representing Integrity Label –In Access Token –In SACL Policy controls execution –Mandatory Access Token Policies No Write Up – default- Cannot write higher integrity data New Process Min – default - Controls the label assigned to child processes –Mandatory Label Policies No Write Up – default No Read Up No Execute Up

26 1/19/10Cyber Security Spring 201026 Assigning Token Integrity Label Assigned by Group: –Local System -> System –Administrators -> High –Authenticated Users -> Medium Some programs designed to run at low integrity –Internet Explorer in protected mode -> Low Some privileges require integrity –e.g., backup, impersonate, relabel

27 1/19/10Cyber Security Spring 201027 Windows Security Problems Kernel level security model is reasonable –More consistent and complete than Unix So why do Windows installations have so many security problems? –Unix evolved from a multi-user environment –Windows came from a single user, stand alone environment –Security APIs clunky. The easy to program option (NULL DACL) is not the most secure.

28 1/19/10Cyber Security Spring 201028 Vista Security Additions The core security mechanisms are mostly unchanged –Addition of mandatory integrity control –Dual access tokens Important changes in user and service mode –Make it easier to run at low privilege –User Account Control Additional features –Host intrusion detection, Firewall improvements, Network quarantine

29 1/19/10Cyber Security Spring 201029 User Account Control Enable non-privileged users to perform many operations that require privilege today –Add printer, update WEP keys Prompt user to activate privileged account if privilege is needed Registry and file virtualization –Sandboxes unprivileged users

30 1/19/10Cyber Security Spring 201030 Windows Service Hardening In XP, most services are run as high privilege LOCAL SYSTEM –Can run as other user –Awkward to install because must create unprivileged user and prompt user to create password etc. This create a SID for each service –Like an unprivileged user that cannot login

31 1/19/10Cyber Security Spring 201031 Data Protection Uses secure co-processor, Trusted Platform Module, that is included with many of today’s laptops Use to implement Secure Startup –Detects changes to system on reboot –Protects from making changes to system made by mounting system from other OS –Doesn't seem to have made it into Vista release

32 1/19/10Cyber Security Spring 201032 Network Access Protection Network quarantine –Places restrictions on the characteristics of a computer that can connect to the network –For example can connect to the network only if the patches are up to date –Server version only

33 1/19/10Cyber Security Spring 201033 Summary Standard operating systems security elements –Unix shows security has been available for many decades –Windows shows security underpinnings exist in widely used OS perceived to be insecure –Vista security changes make it easier to use existing security mechanisms Security is continuing to evolve

Download ppt "Operating System Security CS460 Cyber Security Spring 2010."

Similar presentations

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows Vista Security model and vulnerabilities.

Windows Vista Security model and vulnerabilities.
© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei

© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Sharing Files Richard Newman based on Smith “Elementary Information Security”

Sharing Files Richard Newman based on Smith “Elementary Information Security”
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Access Control Lists and NTFS Permissions INFO333 – Lecture 4 2010 Mariusz Nowostawski Noria Foukia.

Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.

Similar presentations

Ads by Google