Introduction to Information Security
|
|
- Regina Warner
- 5 years ago
- Views:
Transcription
1 Introduction to Information Security , Spring 2013 Lecture 5: Information flow control (cont.), process confinement Eran Tromer 1 Slides credit: Dan Boneh and John Mitchell, Stanford Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
2 Information Flow Control example Alice s Data Bob s Data DB Alice s Data Alice s Data Gateway 1. Data tracking 2. Isolated declassification 4 4
3 Information Flow Control at the Process Level Goal: track which secrets a process has seen Mechanism: each process gets a secrecy label Label summarizes which categories of data a process is assumed to have seen. Examples: { Financial Reports } label { HR Documents } { Financial Reports and HR Documents } tag 5
4 Distributed Information Flow Control at the Process Level Goals: Let processes define new tags (create new compartments ) and have then enforce Controlled declassification Mechanism: Each process gets a declassification label Each process can get create a new tag Creating a new tag adds it to that process s declassification label Declassification capabilities (tags) can be delegated to other processes 6
5 7 DIFC, tags and labels by example (1) Process p S p = {} D p = {} Secrecy label Declassification label Universe of Tags: Finance SecretProjects Legal
6 8 DIFC, tags and labels by example (2) Process p S p = {Finance} D p = {} Universe of tags: change_label({finance}); Any process can add any tag to its label. (OK if there s a gatekeeper at outout. Alternative: require specific permissions.) Finance SecretProjects Legal
7 9 DIFC, tags and labels by example (3) Process p S p = {Finance} D p = {} change_label({finance}); change_label({}); Cannot remove arbitrary tags from label Universe of tags: Finance SecretProjects Legal
8 10 DIFC, tags and labels by example (4) Process p S p = {Finance} D p = { HR } change_label({finance}); tag_t HR = create_tag(); DIFC Rule: A process can create a new tag; gets ability to declassify it. Universe of tags: HR Legal Finance SecretProjects
9 11 DIFC, tags and labels by example (5) Process p S p = {Finance,HR} D p = { HR } change_label({finance}); tag_t HR = create_tag(); change_label({finance,hr}); Can add tags. Universe of tags: HR Legal Finance SecretProjects
10 12 DIFC, tags and labels by example (6) Process p S p = {Finance} D p = { HR } change_label({finance}); tag_t HR = create_tag(); change_label({finance,hr}); change_label({finance}); Declassification allowed because HR Universe of tags: HR Legal Finance SecretProjects in D p
11 13 DIFC, tags and labels by example (7) Process p S p = {Finance} D p = { HR } Universe of tags: change_label({finance}); tag_t HR = create_tag(); change_label({finance,hr}); change_label({finance}); send_declass_cap(q,{hr}); HR Finance SecretProjects Add HR to D q of process Legal q
12 Alice s Data p Alice s Data q DIFC OS declassi fier S q = {} S p = {a} S q = {a} S d = {a} D d = {a} KERNEL 14
13 Communication Rule Process p Process q S p = { HR } S q = { HR, Finance } p can send to q iff S p S q 15
14 Question: What interface should the kernel expose to applications? Easier question than is my OS implementation secure Easy to get it wrong! 16
15 Approach 1: Taint propegation / Floating Labels [IX,Asbestos] p S {} p = {a} S q = {a} q KERNEL 17
16 Floaters Leaks Data Alice s Data attacker b 0 S = {} Leak file S = {a} S = {a} {} b 1 S = {a} {} S = {} 1001 b 2 S = {a} {} b 3 S = {} 18
17 Approach 2: Set Your Own [HiStar/Flume] p S p = {a} D p = {a} S q = {} D q = {} q KERNEL 19
18 Approach 2: Set Your Own [HiStar/Flume] p S p = {a} D p = {a} S q = {a} D q = {} q KERNEL Rule: S p S q necessary precondition for send 20
19 Case study: Flume Goal: User-level implementation apt-get install flume Approach: System Call Delegation [Ostia by Garfinkel et al, 2003] Use Linux 2.6 (or OpenBSD 3.9) 21
20 System Call Delegation open( /hr/layoffplans, O_RDONLY); Web App glibc Linux Kernel Layoff Plans 22
21 System Call Delegation open( /hr/layoffplans, O_RDONLY); Web App Flume Libc Flume Reference Monitor Linux Kernel Layoff Plans 23
22 System Calls IPC: read, write, select Process management: fork, exit, getpid DIFC: create tag, change label, fetch label, send capabilities, receive capabilities 24
23 How To Prove Security Property: Noninterference 25
24 Noninterference [Goguen & Meseguer 82] Experiment #1: p q S p = {a} S q = {} Experiment #2: HIGH = LOW p S p = {a} S q = {} q 26
25 How To Prove Security (cont.) 7 27 Property: Noninterference Process Algebra model for a DIFC OS Communicating Sequential Processes (CSP) Prove that the model fits the definition Consider any possible system (with arbitrary user applications) Induction over all possible sequences of moves a system can make (i.e., traces) At each step, case-by-case analysis of all system calls in the interface. Prove that the code fits the model
26 28 Results on Flume Allows adoption of Unix software? 1,000 LOC launcher/declassifier 1,000 out of 100,000 LOC in MoinMoin changed Python interpreter, Apache, unchanged Solves security vulnerabilities? Without our knowing, we inherited two ACL bypass bugs from MoinMoin Both are not exploitable in Flume s MoinMoin Performance? Performs within a factor of 2 of the original on read and write benchmarks Example App: MoinMoin Wiki
27 What are we trusting? Proof of noninterference Platform Hardware Virtual machine manager Kernel Reference monitor Declassifier Human decisions Covert channels Physical access User authentication The code owning each label 29 29
28 Practical barriers to deployment of Information Flow Control systems Programming model confuses programmers Lack of support: Applications Libraries Operating systems People don t care about security until it's too late 30 30
29 Quantitative information flow control Quantify how much information (#bits) is leaking from (secret) inputs to outputs Approach: dynamic analysis (extended tainting) followed by flow graph analysis Example: battleship online game 31 31
30 32 Process Confinement
31 Running untrusted code We often need to run buggy/unstrusted code: Programs from untrusted Internet sites: toolbars, viewers, codecs for media players, rich content, secure banking Old or insecure applications: ghostview, Outlook Legacy daemons: sendmail, bind Honeypots Goal: if application misbehaves, kill it 33
32 Confinement Confinement: ensure application does not deviate from pre-approved behavior Can be implemented at many levels: Hardware: isolated hardware ( air gap ) Difficult to manage Sufficient? Virtual machines: isolate OSs on single hardware System call interposition: Isolates a process in a single operating system Isolating threads sharing same address space: Software Fault Isolation (SFI), e.g., Google Native Code Interpreters for non-native code JavaScript, JVM,.NET CLR 34
33 Implementing confinement Key component: reference monitor Mediates requests from applications Implements protection policy Enforces isolation and confinement Must always be invoked: Every application request must be mediated Tamperproof: Reference monitor cannot be killed or if killed, then monitored process is killed too Small enough to be analyzed and validated 35
34 A simple example: chroot Often used for guest accounts on ftp sites To use do: (must be root) # chroot /home/guest root dir / is now /home/guest # su guest EUID set to guest Now /home/guest is added to file system accesses for applications in jail open( /etc/passwd, r ) open( /home/guest/etc/passwd, r ) 36 application cannot access files outside of jail
35 Jailkit Problem: all utility programs (ls, ps, vi) must live inside jail 37 jailkit project: auto builds files, libs, and dirs needed in jail environment jk_init: creates jail environment jk_check: checks jail env for security problems checks for any modified programs, checks for world writable directories, etc. jk_lsh: restricted shell to be used inside jail Restricts only filesystem access. Unaffected: Network access Inter-process communication Devices, users, (see later)
36 Escaping from jails Early escapes: relative paths open(../../etc/passwd, r ) open( /tmp/guest/../../etc/passwd, r ) chroot should only be executable by root otherwise jailed app can do: create dummy file /aaa/etc/passwd run chroot /aaa run su root to become root (bug in Ultrix 4.0) 38
37 39 Many ways to escape jail as root Create device that lets you access raw disk mknod sda b 8 0 cat malicious-boot-record > sda Send signals to non chrooted process Reboot system Bind to privileged ports (e.g., usurp incoming packets to TCP port 80)
38 40 FreeBSD jail Stronger mechanism than simple chroot To run: jail jail-path hostname IP-addr cmd calls hardened chroot (no../../ escape) can only bind to sockets with specified IP address and authorized ports can only communicate with process inside jail root is limited, e.g. cannot load kernel modules
39 Problems with chroot and jail Coarse policies: All-or-nothing access to file system Inappropriate for apps like web browser Needs read access to files outside jail (e.g. for sending attachments in gmail) Do not prevent malicious apps from: Accessing network and messing with other machines Trying to crash host OS 41
40 42 System call interposition: a better approach to confinement
41 43 System call interposition Observation: to damage host system (i.e. make persistent changes) app must make system calls To delete/overwrite files: unlink, open, write To do network attacks: socket, bind, connect, send Monitor app system calls and block unauthorized calls Implementation options: Completely kernel space (e.g. GSWTK) Completely user space Capturing system calls via dynamic loader (LD_PRELOAD) Dynamic binary rewriting (program shepherding) Hybrid (e.g. Systrace)
42 Initial implementation (Janus) Linux ptrace: process tracing tracing process calls: ptrace (, pid_t pid, ) and wakes up when pid makes sys call. monitored application (Outlook) monitor user space open( /etc/passwd, r ) OS Kernel Monitor kills application if request is disallowed 44
43 45 Complications Monitor must maintain all OS state associated with app current-working-dir (CWD), UID, EUID, GID Whenever app does cd path monitor must also update its CWD otherwise: relative path requests interpreted incorrectly If app forks, monitor must also fork Forked monitor monitors forked app Monitor must stay alive as long as the program runs Unexpected/subtle OS features: file description passing, core dumps write to files, process-specific views (chroot, /proc/self)
44 Problems with ptrace ptrace is too coarse for this application Trace all system calls or none e.g. no need to trace close system call Monitor cannot abort sys-call without killing app Security problems: race conditions Example: symlink: me -> mydata.dat time proc 1: open( me ) monitor checks and authorizes proc 2: me -> /etc/passwd OS executes open( me ) not atomic Classic TOCTOU bug: time-of-check / time-of-use 46
Secure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationIsolation/Confinement
Isolation/Confinement Some slides taken/modified from Dan Boneh 1 Overview Next few classes Can we provide security by isolation? If so, how do we provide isolation Two general approaches: containment
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationThe confinement principle
Isola&on The confinement principle Original slides were created by Prof. Dan Boneh 1 Running untrusted code We often need to run buggy/unstrusted code: programs from untrusted Internet sites: apps, extensions,
More informationInformation Flow Control For Standard OS Abstractions
Information Flow Control For Standard OS Abstractions Maxwell Krohn, Alex Yip, Micah Brodsky, Natan Cliffer, Frans Kaashoek, Eddie Kohler, Robert Morris MIT SOSP 2007 Presenter: Lei Xia Mar. 2 2009 Outline
More informationSoftware Security: Vulnerability Analysis
Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More information6.858 Lecture 4 OKWS. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS.
6.858 Lecture 4 OKWS Administrivia: Lab 1 due this Friday. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS. Privilege separation
More informationSandboxing. (1) Motivation. (2) Sandboxing Approaches. (3) Chroot
Sandboxing (1) Motivation Depending on operating system to do access control is not enough. For example: download software, virus or Trojan horse, how to run it safely? Risks: Unauthorized access to files,
More informationRunning Unreliable Code. Many uses for extensibility. Several Historical Applications. Conventional OS. This lecture
CS155 Topic Running Unreliable Code How can you run code that could contain a dangerous bug or security vulnerability? John Mitchell Examples: Run web server, may have buffer overflow attack Run music
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationConfinement. Steven M. Bellovin November 1,
Confinement Steven M. Bellovin November 1, 2016 1 Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationSecuring Untrustworthy Software Using Information Flow Control
Securing Untrustworthy Software Using Information Flow Control Nickolai Zeldovich Joint work with: Silas Boyd-Wickizer, Eddie Kohler, David Mazières Problem: Bad Code PayMaxx divulges social security numbers
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationSandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018
Sandboxing CS-576 Systems Security Instructor: Georgios Portokalidis Sandboxing Means Isolation Why? Software has bugs Defenses slip Untrusted code Compartmentalization limits interference and damage!
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationDiscretionary Access Control
Operating System Security Discretionary Seong-je Cho ( 조성제 ) (sjcho at dankook.ac.kr) Fall 2018 Computer Security & Operating Systems Lab, DKU - 1-524870, F 18 Discretionary (DAC) Allows the owner of the
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: John Mitchell Basic idea: Isolation A Seaman's Pocket-Book, 1943 (public domain) http://staff.imsa.edu/~esmith/treasurefleet/treasurefleet/watertight_compartments.htm
More informationAn introduction to Docker
An introduction to Docker Ing. Vincenzo Maffione Operating Systems Security Container technologies on Linux Several light virtualization technologies are available for Linux They build on cgroups, namespaces
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationI run a Linux server, so we re secure
Silent Signal vsza@silentsignal.hu 18 September 2010 Linux from a security viewpoint we re talking about the kernel, not GNU/Linux distributions Linux from a security viewpoint we re talking about the
More informationWedge: Splitting Applications into Reduced-Privilege Compartments
Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko Mark Handley Brad Karp University College London April 17, 2008 Vulnerabilities threaten sensitive data Exploits
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationCS61 Scribe Notes Date: Topic: Fork, Advanced Virtual Memory. Scribes: Mitchel Cole Emily Lawton Jefferson Lee Wentao Xu
CS61 Scribe Notes Date: 11.6.14 Topic: Fork, Advanced Virtual Memory Scribes: Mitchel Cole Emily Lawton Jefferson Lee Wentao Xu Administrivia: Final likely less of a time constraint What can we do during
More informationProgramming Project # 2. cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel)
Programming Project # 2 cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel) Background context Unix permissions model Prof Mitchell will cover during OS security (next week
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationDocker A FRAMEWORK FOR DATA INTENSIVE COMPUTING
Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING Agenda Intro / Prep Environments Day 1: Docker Deep Dive Day 2: Kubernetes Deep Dive Day 3: Advanced Kubernetes: Concepts, Management, Middleware Day 4:
More informationCS61 Scribe Notes Lecture 18 11/6/14 Fork, Advanced Virtual Memory
CS61 Scribe Notes Lecture 18 11/6/14 Fork, Advanced Virtual Memory Roger, Ali, and Tochi Topics: exploits fork shell programming rest of course announcements/ending (for later info) final (not as time
More informationCS261 Scribe Notes: Secure Computation 1
CS261 Scribe Notes: Secure Computation 1 Scriber: Cameron Rasmussen October 24, 2018 1 Introduction It is often the case that code is being run locally on our system that isn t completely trusted, a prime
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.893 Fall 2009 Quiz I Solutions All problems are open-ended questions. In order to receive credit you must
More informationSysSec. Aurélien Francillon
SysSec Aurélien Francillon francill@eurecom.fr https://www.krackattacks.com/ https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-ofhigh-security-keys-750k-estonian-ids/
More informationPractical DIFC Enforcement on Android
Practical DIFC Enforcement on Android Adwait Nadkarni 1, Benjamin Andow 1, William Enck 1, Somesh Jha 2 1 North Carolina State University 2 University of Wisconsin-Madison The new Modern Operating Systems
More informationOutline. Last time. (System) virtual machines. Virtual machine technologies. Virtual machine designs. Techniques for privilege separation
Outline CSci 5271 Introduction to Computer Security Day 9: OS security basics Stephen McCamant University of Minnesota, Computer Science & Engineering Last time (System) virtual machines Restrict languages,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationAn Overview of Security in the FreeBSD Kernel. Brought to you by. Dr. Marshall Kirk McKusick
An Overview of Security in the FreeBSD Kernel Brought to you by Dr. Marshall Kirk McKusick 2013 BSDCan Conference May 17, 2013 University of Ottawa Ottawa, Canada Copyright 2013 Marshall Kirk McKusick.
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationSoftware security in the Internet of things
Software security in the Internet of things Silas Boyd-Wickizer, Pablo Buiras*, Daniel Giffin, Stefan Heule, Eddie Kohler, Amit Levy, David Mazières, John Mitchell, Alejandro Russo*, Amy Shen, Deian Stefan,
More informationD. Delete the /var/lib/slocate/slocate.db file because it buffers all search results.
Volume: 230 Questions Question No: 1 You located a file created in /home successfully by using the slocate command. You found that the slocate command could locate that file even after deletion. What could
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Secure Design Principles OS Security Overview Lecture 2 September 4, 2012 1 Objectives Understand the basic principles of
More informationJava Security HotJava to Netscape and Beyond
Java Security HotJava to Netscape and Beyond Drew Dean Ed Felten Dan Wallach Department of Computer Science Princeton University 4/5/96 Introduction Q Remote Code is Everywhere Q Java - A new language
More informationTizen-Meta as Security and Connectivity Layers For Yocto Project
Tizen-Meta as Security and Connectivity Layers For Yocto Project () dominig.arfoll@fridu.net October 2014 Tizen-Meta What is Tizen How to build Tizen with Yocto tools Which Connectivity is available with
More informationComputer Security. 05. Confinement. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 05. Confinement Paul Krzyzanowski Rutgers University Spring 2018 1 Last Time chroot FreeBSD Jails Linux namespaces, capabilities, and control groups Control groups Allow processes to
More informationSecurity when applications become web sites
1/20 Security when applications become web sites Andrea Bittau, Arti Gupta, and David Mazières April 30, 2010 Web and apps perceived differently 2/20 Users know software can do bad things. Conservative:
More informationLeast-Privilege Isolation: The OKWS Web Server
Least-Privilege Isolation: The OKWS Web Server Brad Karp UCL Computer Science CS GZ03 / M030 14 th December 2015 Can We Prevent All Exploits? Many varieties of exploits Stack smashing, format strings,
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 1 September 2, 2008 1 Objectives Understand the basic principles of
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationInformation Flow Control for Standard OS Abstractions
Information Flow Control for Standard OS Abstractions Maxwell Krohn Alexander Yip Micah Brodsky Natan Cliffer M. Frans Kaashoek Eddie Kohler Robert Morris MIT CSAIL UCLA http://flume.csail.mit.edu/ ABSTRACT
More informationOvershadow: Retrofitting Protection in Commodity Operating Systems
Overshadow: Retrofitting Protection in Commodity Operating Systems Mike Chen Tal Garfinkel E. Christopher Lewis Pratap Subrahmanyam Carl Waldspurger VMware, Inc. Dan Boneh Jeffrey Dwoskin Dan R.K. Ports
More informationSecurity and the Average Programmer
Security and the Average Programmer Silas Boyd-Wickizer, Pablo Buiras*, Daniel Giffin, Stefan Heule, Eddie Kohler, Amit Levy, David Mazières, John Mitchell, Alejandro Russo*, Amy Shen, Deian Stefan, David
More informationOS Containers. Michal Sekletár November 06, 2016
OS Containers Michal Sekletár msekleta@redhat.com November 06, 2016 whoami Senior Software Engineer @ Red Hat systemd and udev maintainer Free/Open Source Software contributor Michal Sekletár msekleta@redhat.com
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2016 Lecture 5 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 User Operating System Interface - CLI CLI
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationSTING: Finding Name Resolution Vulnerabilities in Programs
STING: Finding Name Resolution ulnerabilities in Programs Hayawardh ijayakumar, Joshua Schiffman, Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department
More informationAsbestos Operating System
Asbestos Operating System Presented by Sherley Codio and Tom Dehart This Talk Recap on Information Flow Asbestos Overview Labels Special Rules Discretionary Contamination Declassification/Decontamination
More informationOperating Systems Security
Operating Systems Security CS 166: Introduction to Computer Systems Security 1 Acknowledgements Materials from the CS167 lecture slides by Tom Doeppner included with permission Some slides 2016-2018 J.
More informationLecture 15 Designing Trusted Operating Systems
Lecture 15 Designing Trusted Operating Systems Thierry Sans 15-349: Introduction to Computer and Network Security Anatomy of an operating system Concept of Kernel Definition Component that provides an
More informationExploiting Unix File-System Races via Algorithmic Complexity Attacks
Exploiting Unix File-System Races via Algorithmic Complexity Attacks Xiang Cai, Yuwei Gui, and Rob Johnson (Stony Brook University). IEEE Symposium on Security and Privacy, May 2009. Agenda Introduction
More informationChapter 2. Operating-System Structures
Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationExploiting Concurrency Vulnerabilities in System Call Wrappers
Exploiting Concurrency Vulnerabilities in System Call Wrappers Robert N. M. Watson Security Research Group Computer Laboratory University of Cambridge USENIX WOOT07 August 6, 2007 The Plan A brief history
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationOutline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines
Outline Operating System Security CS 239 Computer Security February 23, 2004 Introduction Memory protection Interprocess communications protection File protection Page 1 Page 2 Introduction Why Is OS Security
More informationCHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.
CHAPTER 2: SYSTEM STRUCTURES By I-Chen Lin Textbook: Operating System Concepts 9th Ed. Chapter 2: System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationIS 2150 / TEL 2810 Information Security and Privacy
IS 2150 / TEL 2810 Information Security and Privacy James Joshi Professor, SIS Access Control OS Security Overview Lecture 2, Sept 6, 2016 1 Objectives Understand the basics of access control model Access
More informationCS642: Computer Security
Low- level soeware vulnerability protecgon mechanisms CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642 How can we help
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 Reference Monitor Observes execution of the program/process At what level? Possibilities:
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ slide 1 X. Chen, T, Garfinkel, E. Lewis, P. Subrahmanyam, C. Waldspurger, D. Boneh, J. Dwoskin,
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationProgram Structure. Steven M. Bellovin April 3,
Program Structure We ve seen that program bugs are a major contributor to security problems We can t build bug-free software Can we build bug-resistant software? Let s look at a few examples, good and
More informationChapter 2: Operating-System Structures
Chapter 2: Operating-System Structures Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationProgramming with Explicit Security Policies. Andrew Myers Cornell University
Programming with Explicit Security Policies Andrew Myers Cornell University Information security Amazon.com Privacy Notice: We reveal only the last five digits of your credit card numbers when confirming
More information[Docker] Containerization
[Docker] Containerization ABCD-LMA Working Group Will Kinard October 12, 2017 WILL Kinard Infrastructure Architect Software Developer Startup Venture IC Husband Father Clemson University That s me. 2 The
More informationLecture 21. Isolation: virtual machines, sandboxes Covert channels. The pump Why assurance? Trust and assurance Life cycle and assurance
Lecture 21 Isolation: virtual machines, sandboxes Covert channels Detection Mitigation The pump Why assurance? Trust and assurance Life cycle and assurance May 17, 2013 ECS 235B Spring Quarter 2013 Slide
More informationSELinux. Don Porter CSE 506
SELinux Don Porter CSE 506 MAC vs. DAC By default, Unix/Linux provides Discretionary Access Control The user (subject) has discretion to set security policies (or not) Example: I may chmod o+a the file
More informationCase Study: Access Control. Steven M. Bellovin October 4,
Case Study: Access Control Steven M. Bellovin October 4, 2015 1 Case Studies in Access Control Joint software development Mail Steven M. Bellovin October 4, 2015 2 Situations Small team on a single machine
More informationProgram Structure I. Steven M. Bellovin November 14,
Program Structure I Steven M. Bellovin November 14, 2010 1 Program Structure We ve seen that program bugs are a major contributor to security problems We can t build bug-free software Can we build bug-resistant
More information