Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Operating Systems Lesson 4: Access Control.

Published byBryan Dorsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Operating Systems Lesson 4: Access Control."— Presentation transcript:

1 Secure Operating Systems Lesson 4: Access Control

2 Where are we?  Now that we have a model of the OS in our heads, it’s time to layer in really the most important part of security: the access control model  Key Points: how access control works (Lampson) and the “Safety Problem”  Look at OSC Ch 14… we’ll be here a lot over the next few weeks

3 The OS doesn’t HAVE TO…  First, there’s the DOS model… anything can do anything  All well and good, but has a lot of problems too

4 Access Control  We think of it as a security thing, but it’s also a stability thing  Protection schemes help protect from accidents too

5 Formally  Decide if a principal can perform a requested operation on a target (object)  Typically: Principal = user, process, … Operation = read, write, execute, … Object = file, memory, process, …  The theory for this is by Lampson – it’s old, but the conclusions are solid

6 Why does this matter?  In many ways, exploitation of a system is about elevating our rights – gaining access to objects we should not have access to  Two ways: faulty access control rules, faulty access control implementation (sort of)  Example: incorrect privileges on /dev/swap used to be exploitable

7 Policy  The policy is the idealization for how the system makes access decisions  Can’t be too restrictive (availability)  Must be restrictive enough (confidentiality, integrity)  Ideally, the policy should be easy to understand (but see later…)

8 Why is Access Control Hard?  Things change – I need access to today Example: look at the rules on a firewall sometime Continuing with our firewall example, defaults really matter (ip-directed-broadcast)  Worst of all: the safety problem

9 Safety Problem  In the general case, it’s impossible to determine the properties of protection for all possible access control lists  This is all about undecidability – given a system and permissions,

10 Access Control Models  Basic Models – ACLs etc.  Aggregate Models – RBAC  Lattice – Bell-LaPadula

11 Basic Models  Basic models are more common than we tend to think  Lots of examples in the “real world”  Limited by complexity, flexibility, ease of maintenance

12 RBAC  Evan is a student – he gets student rights to the course  Mark is a student and a grader… he has more than one role  Richard has full admin access to everything What principle does this violate?  Exists in the real world, and quite powerful

13 Administering this…  Discretionary – object owner (usually) picks access  Mandatory – no choice on the part of the owner, the policy decides

14 Bell-LaPadula  What does our access control model tell us about protection from a Trojan Horse? What’s the risk?  Cannot write to data which has lower classification – that his, it protects against information leaking out (exfiltration, if you like) Can’t read up, can’t write down…

15 Biba  Biba for integrity – can’t write up, can’t read down… protects contamination of data from lower levels  Note how this is the reverse of Bell- LaPadula… Are you starting to see how gnarly this is yet?

16 Quick Example: UAC  UAC covers a few different things – but let’s talk about the part which prevents admin access from normal processes  Here’s the problem: the matrix for protection still isn’t good enough due to whitelisting of certain programs…

17 Things to Do  Read the Harrison “Protection in Operating Systems” paper and make sure you understand the safety problem and its implications for this class!  This will likely feature in an exam…

18 Questions & Comments  What do you want to know?

Download ppt "Secure Operating Systems Lesson 4: Access Control."

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Vinay Kumar Madhadi 10/28/2009 CSC-8320. Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
User Domain Policies.

User Domain Policies.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.
Lecture 7 Access Control

Lecture 7 Access Control
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.
Computer Security An overview of terms and key concepts.

Computer Security An overview of terms and key concepts.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.

CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.

Similar presentations

Ads by Google