Operating system security
|
|
- Brent French
- 6 years ago
- Views:
Transcription
1 Operating system security Tuomas Aura T Information security technology Aalto University, autumn 2011
2 Outline Access control models in operating systems: 1. Unix 2. Windows Acknowledgements: This lecture material is based on a joint course with Dieter Gollmann. 2
3 UNIX ACCESS CONTROL 3
4 Principals Users and groups are the principals Users have username and user identifier (UID) Groups have group name group identifier (GID) UID and GID are usually 16-bit numbers 0 = root = aura 100 = users Both names and identifiers are permanent; difficult to change once selected UID values differ from system to system Superuser (root) UID is always zero 4
5 User accounts User accounts are stored in /etc/passwd User account format: username:password:uid:gid:name:homedir:shell Example: root:7kssi2k.df:0:0:root:/root:/bin/bash mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news: ace:69gedfelkw:500:103:alice:/home/ace:/bin/bash carol:7fkkdefh3d:501:102:carol:/home/carol:/bin/nolo gin tuomas:*:502:102:tuomas Aura:/home/tuomas:/bin/tcsh al::503:102::/home/al:/bin/bash dieter:rt.qszeesxt92:10026:53:dieter Gollmann:/home/staff/dieter:/bin/bash 5
6 User account details User name: up to eight characters long Password: stored encrypted (really a hash) User ID: user identifier for access control group ID: user s primary group ID string: user's full name Home directory Login shell: the program started after successful log in 6
7 Superuser The superuser is a special privileged principal with UID 0 and usually the user name root There are few restrictions on the superuser All security checks are turned off for the superuser The superuser can become any other user Examples: The superuser cannot write to a read-only file system but can remount it as writeable The superuser cannot decrypt passwords (because they are hash values) but can reset them 7
8 Groups Users belong to one or more groups The file /etc/group contains a list of all groups; file entry format: groupname:password:gid:list of users Example: infosecwww:*:209:carol,al Every user belongs to a primary group; the group ID (GID) of the primary group is stored in /etc/passwd Depending on the Unix OS, user can belong to only one or many groups at the same time Usually only superuser can add groups and members 8
9 Subjects The subjects in Unix are processes; a process has a process ID (PID) Processes can create new processes Processes have a real UID and an effective UID (similarly for GID) Real UID/GID: inherited from the parent; typically UID/GID of the user logged in Effective UID/GID: inherited from the parent process or from the file being executed 9
10 Example UID GID Process real effective real effective /bin/login root root system system User dieter logs on; the login process verifies the password and (with its superuser rights) changes its UID and GID: /bin/login dieter dieter staff staff The login process executes the user s login shell: /bin/bash dieter dieter staff staff From the shell, the user executes a command, e.g. ls /bin/ls dieter dieter staff staff The user executes command passwd to change his password: /bin/passwd dieter root staff system 10
11 Objects Files, directories, devices are uniformly treated as resources These resources are the objects of access control The resources are organized in a tree-structured file system Each file entry in a directory is a pointer to a data structure called inode Inode stores information about the owner user and group, and permissions 11
12 Information about objects Example: directory listing with ls -l -rw-r--r-- 1 dieter staff 1617 Oct 28 11:01 my.tex drwx dieter staff 512 Oct 25 17:44 ads/ File type: first character - file d directory b block device file c character device file s socket l symbolic link p FIFO pipe File permissions: next nine characters Link counter: the number of links (i.e. directory entries pointing) to the inode 12
13 Information about objects -rw-r--r-- 1 dieter staff 1617 Oct 28 11:01 my.tex drwx dieter staff 512 Oct 25 17:44 ads/ Username of the owner: usually the user that has created the file Group: a newly created file usually belongs to its creator s group File size, modification time, filename Owner and root can change permissions (chmod); root can change the file owner and group (chown) Filename is stored in the directory, not in inode 13
14 File permissions Permission bits are grouped in three triples that define read, write, and execute access for owner, group, and other A - indicates that a right is not granted. rw-r--r-- read and write access for the owner, read access for group and other rwx read, write, and execute access for the owner, no rights to group and other 14
15 File permissions When ls l displays a SUID program, the execute permission of the owner is given as s instead of x: -rws--x x 3 root bin Nov passwd* When ls l displays a SGID program, the execute permission of the group is given as s instead of x 15
16 Octal representation File permissions can also be specified as octal numbers Examples: rw-r--r-- is equivalent to 644; rwxrwxrwx is equivalent to 777 Conversion table: 0040 read by group 4000 set UID on execution 0020 write by group 2000 set GID on execution 0010 execute by group 1000 set sticky bit 0004 read by other 0400 read by owner 0002 write by other 0200 write by owner 0001 execute by other 0100 execute by owner 16
17 Access control decisions Access control uses the effective UID/GID: If the subject s UID owns the file, the permission bits for owner decide whether access is granted If the subject s UID does not own the file but its GID does, the permission bits for group decide whether access is granted If the subject s UID and GID do not own the file, the permission bits for other (also called world) decide whether access is granted Note that although the permission bits may give the owner less access than to others, the owner can always change the permissions (discretionary access control) 17
18 Permissions for directories Read permission: to find which files are in the directory, e.g. for executing ls Write permission: to add files to and remove files from the directory Execute permission: to make the directory the current directory (cd) and for opening files inside the directory E.g. every user has a home directory for which correct permissions for the directory are required 18
19 Sticky bit Job queues for printing etc., are often implemented as a world-writable directories; anyone can add a file Problem: anyone can also delete files Solution: sticky bit on a directory restricts the deletion of files in that directory only to the file owners (and the superuser) Another problem: either the files in the print queue need to be readable to everyone or the print daemon needs to run as root Solution: in Linux, SGID bit on a directory means that new files inherit their group from the directory, not from the user who creates them; can create a special group for the print daemon (Sticky bit originally indicated that a process should not be swapped to disk. Its use varies between Unix versions.) 19
20 Default permissions Unix utilities typically use default permissions 666 for a new data file and 777 for a new program file Permissions can be restricted with umask: a three-digit octal number specifying the rights that should be withheld File permissions = default AND (NOT umask) Sensible umask values: 022: all permissions for the owner, read and execute permission for group and other 037: all permissions for the owner, read permission for group, no permissions for other 077: all permissions for the owner, no permissions for group and other Example: default permissions 666, umask 077 permissions for new file
21 Controlled Invocation Superuser privilege is required to execute certain operating system functions Example: only processes running as root can listen at the privileged ports Solution adopted in Unix: SUID (set user id) programs and SGID (set group id) programs SUID or SGID programs run with the effective user ID or group ID of their owner or group, giving controlled access to files not normally accessible to other users 21
22 SUID to root When root owns an executable file and the SUID bit is set, the process will get superuser status during execution Important SUID programs: /bin/passwd change password /bin/login login program /bin/at batch job submission /bin/su change UID program SUID programs need to be written very carefully so that their privileges cannot be misused and they only do what is intended 22
23 Unix access control dicsussion Limitations: Files have only one owner and group Complex policies, e.g. access to several groups, are impractical to implement Superuser needed for maintaining groups All access rights (e.g. shutdown, create user) must be mapped to files access and to read, write and execute permissions Relatively simple and widely understood Relatively easy to check the protection state Unix versions may implement additional access control features 23
24 WINDOWS ACCESS CONTROL 24
25 Windows Security Model Principals = users, machines, groups, Objects = files, Registry keys, printers, Each object has an discretionary access control list (DACL) The active subjects are processes and threads Each process (or thread) has an access token When is a process allowed to access an object? Object DACL is compared with the process s security token when creating a handle to the object 25
26 Security indentifier Principal names: machine\principal or domain\principal Aalto\Alice, pc3\administrators, plover\aura = Tuomas Aura Each principal has a unique security identifier (SID) Names may change; SID is permanent User SIDs: S = Alice S = Administrator Typical way to create unique use SIDs: S machine or domain id + relative id Well-known SIDs: S = Local System, S = Everyone, S-1-5-domain-513 = Domain Users, etc. 26
27 Windows domains Windows machine has a Local Security Authority (LSA), which can create local users and local groups (=aliases) Local principals are stored in Registry A Windows server can become a Domain Controller (DC), and other machines can join its domain Domain administrators manage the domain users and groups centrally at the DC Domain principals are stored in Active Directory Names: domain\principal or principal@domain DC provides authentication services to other machines Domain user can log into any domain-joined machine Kerberos protocol used for distributed authentication In large organizations, DCs and domains can form a hierarchy 27
28 Access token Each process has an access token (=security token) Token contains Login user account SID (the process runs as this user) SIDs of all groups in which the user is a member (recursively) All privileges assigned to these groups etc. Privileges are special local access rights: Backup, audit security log, take ownership, trusted for delegation, debugging, performance profiling, shutdown. etc. Groups can be built-in or defined by admins: Users, Administrators, Remote Desktop Users Sales, Security Lab, Researchers, Europe Employees Token never changes after it has been created Reliability, efficiency vs. revocation speed Tokens for child processes may be restricted 28
29 Creating subjects The machine is always running a logon process (winlogon.exe) as the principal SYSTEM When a user logs on to a machine, the logon process collects credentials (e.g. user password) and presents them to the LSA the LSA (lsass.exe) verifies the credentials the logon process starts a shell (explorer.exe) in a new logon session as the user (=principal) Shell spawns processes to the same logon session Logging off destroys the logon session and all processes in it 29
30 Creating more subjects A process can spawn a new local process (subject) by calling e.g. CreateProcess Each process has its own access token New process gets a copy of its parent s token Threads can be given their own tokens, so that they become independent subjects User s network credentials (e.g. password or Kerberos ticket) are cached in the logon session Processes can create network logon sessions for that user at other machines 30
31 Objects Objects: files, folder, Registry and AD objects, printers, processes... Objects can be containers for other objects Securable objects have a security descriptor, which contains the DACL Object also has an owner (identified by SID), who has the implicit right to read and write the DACL (discretionary access control) 31
32 Permissions Permissions are actions that apply to each object class Some generic permissions are defined for all objects: read, write, execute, all, delete, etc. Specific permissions are defined for each class: Append, AddSubDir, CreateThread,etc. Permissions are encoded as a 32-bit mask Object DACL specifies which principals (SIDs) have which permissions 32
33 Access control lists DACL is a list of access control entries (ACEs) ACE format: Type: positive or negative (grant or deny) Permissions Principal (SID): who the ACE applies to Flags Object Type Inherited Object Type 33
34 DACL example ACE1 - Tuomaura ACE2 + Diego ACE2 + Lecturers ACE4 + EVERYONE Write Full Control Read, Write Read This ACL grants read access but no write access to the user Tuomaura Negative access control entries (ACEs) are placed before positive ones 34
35 Viewing the DACL and ACEs Right-click on a file; select Properties/ Security DACL (ACEs) Click on Advanced to see the entire security descriptor Permissions for the selected ACE 35
36 Access check algorithm Process specifies the desired access (requested permissions) when creating a handle to the object Privileges or implicit owner permissions may alone be sufficient to grant access Otherwise, check DACL as follows: Look for ACEs that match (1) any SID in the subjects token and (2) any desired access right If any negative ACE matches, deny access If positive ACEs are found for all requested permissions, grant access If the end of DACL is reached, deny access 36
37 Performance and reliability Access rights are determined at login time The user s group SIDs are cached in the token of the login process, and sub-processes get a copy of the token The token contents will not change even if a membership or privilege is revoked from a SID Desired access is compared against the token and DACL when creating a handle to the object not at access time Changing file DACL does not affect open file handles Consequences: Better performance Better reliability because a process knows in advance whether it has sufficient access rights for a task No immediate revocation of access rights 37
38 ACE inheritance + Diego Read, Write Flags: OBJECT_INHERIT Folder File A + Diego Read, Write Flags: INHERITED_ACE File B - Diego Write + Diego Read, Write Flags: INHERITED_ACE Container objects can have inheritable ACEs Inherited ACEs are copied to the end of sub-object DACLs; aces on the sub-object can override them Inherited ACEs are updated if the original changes 38
39 Container hierarchy + Diego Read, Write Flags: OBJECT_INHERIT, INHERIT ONLY + Diego Read, Write Folder X Folder Y Folder Z Flags: INHERITED_ ACE, INHERIT ONLY, OBJECT_INHERIT - Diego Write Flags: OBJECT_INHERIT + Diego Read, Write Flags: INHERITED_ACE INHERIT_ONLY, OBJECT_INHERIT + Diego Read, Write Flags: INHERITED_ACE File A File B - Diego Write Flag: INHERITED_ACE + Diego Read, Write Flags: INHERITED_ACE 39
40 Inheriting negative ACEs - Tuomaura Read Flags: OBJECT_INHERIT Folder - Tuomaura Read File A Flags: INHERITED_ACE File B + Tuomaura Read - Tuomaura Read Flags: INHERITED_ACE Inherited negative ACEs can end up after positive ACEs; it is possible to override inherited negative ACEs 40
41 Flags on ACEs: Inheritance flags OBJECT_INHERIT_ACE CONTAINER_INHERIT_ACE NO_PROPAGATE_INHERIT_ACE INHERIT_ONLY_ACE INHERITED_ACE ACE applies to leaf objects ACE applies to container objects applies to immediate children only does not apply to the parent itself The ACE has been inherited (Inheritable ACEs can apply to leaf objects, to containers, or to both) Flags on DACLs: SE_DACL_PROTECTED inheritance from containers above this object is blocked 41
42 Blocking inheritance + Diego Read Flags: OBJECT_INHERIT Folder X + Diego Read Flag: INHERITED_ ACE, INHERIT_ONLY Folder Y Folder Z DACL_ PROTECTED + Diego Read, Write Flag: INHERITED_ACE File A File B 42
43 ACE Inheritance ACE1 DACL_ PROTECTED ACE2 ACE3 ACE1 inherited in the entire subtree ACE2 inherited in subtree in front of ACE1 ACE3 inherited in the subtree, ACE1 is blocked 43
44 Advanced inheritance Object hierarchies with inheritance: NTFS, Registry, Active Directory, Inheritable ACEs can apply to only leaf objects or only to containers Similarly, inheritable ACEs can apply to all objects or only to a specific object type Special CREATOR_OWNER SID indicates that the ACE matches to the owner of the object Inheritance simplifies system administration but very few people understand or use it Performance: Inherited ACEs are cached in sub-object DACLs to make access control decisions faster Changing permissions on the top levels of a deep object hierarchy is a slow process; done rarely in applications 44
45 How to see them Local users and aliases: > net user > net localgroup Run compmgmt.msc, see System Tools / Local user and Groups Domain users, groups and aliases: > net user /domain (slow!) > net group /domain > net localgroup /domain Members of a group, e.g.: > net group Researchers /domain User information: > net user alice /domain Privileges: Run secpol.msc, see Local Policies / User Rights Assignment Permissions: > icacls file.txt 45
46 Restricted tokens A process might not always need or want all the rights given by the token Process may create a restricted token remove privileges disable groups: change SIDs to deny-only groups, which are not deleted but marked as USE_FOR_DENY_ONLY add restricted SIDs; a second list of SIDs that is also compared against DACLs Process can assign restricted tokens to its child processes or threads (= impersonation) 46
47 EXAMPLE: IMPLEMENTING THE PRINCIPLE OF LEAST PRIVILEGE 47
48 Unix: applying controlled invocation Sensitive resources, like a web server, can be protected by combining ownership, permission bits, and SUID programs: Create a new UID that owns the resource and all programs that need access to the resource Only the owner gets access permission to the resource Define all the programs that access the resource as SUID programs 48
49 Windows: using restricted SIDs To limit a program s access to a set of objects create a new SID run the program with the new SID as a restricted SID add the new SID to the DACL on objects that the program is allowed to access 49
50 Reading material Dieter Gollmann: Computer Security, 2nd ed., chapter 6 Matt Bishop: Introduction to computer security, chapter 25 Ross Anderson: Security Engineering, 2nd ed., chapter 4 Online: Wayne Pollock, Unix File and Directory Permissions and Modes John R. Michener, Understanding Windows File And Registry Permissions, MSDN Magazine, Nov
51 Exercises: Unix Create a subdirectory in your home directory and put a file welcome.txt in this subdirectory. Set permission bits on the subdirectory so that the owner has execute access. Try to list the subdirectory display the contents of welcome.txt create a copy of welcome.txt in the subdirectory. make the subdirectory the current directory with cd Repeat the same experiment first with read permission and then with write permission on the subdirectory How would you protect a tty device from other users? 51
52 Exercises: Windows How can Unix file permissions can be expressed with Windows ACLs? Assume Fred is member of group Lecturers. Who gets access to an object with DACLs 1. [+,Fred,READ], [-, Lecturers,READ]? 2. [-,Fred,READ], [+, Lecturers,READ]? 3. [-, Lecturers,READ], [+,Fred,READ]? When a new object is created, how is its security descriptor populated? Tokens are objects. How does access control for tokens work? What is the time-of-check-to-time-of-use (TOCTTOU) issue? Where does this create potential problems in the Windows file system? There is no API for giving file ownership to others. Administrators have backup and restore privileges. What trick can they use to change file owner? Changing permissions on a top-level folder in the NTFS file system (such as C:\ or C:\Program Files) is very slow operation. This is actually a performance optimization. Explain why. 52
Introduction to Computer Security
Introduction to Computer Security UNIX and Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service)
More informationOperating system security models
Operating system security models Unix security model Windows security model MEELIS ROOS 1 General Unix model Everything is a file under a virtual root diretory Files Directories Sockets Devices... Objects
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationDatasäkerhet/Data security EDA625 Lect5
Ch. 6 Unix security Datasäkerhet/Data security EDA625 Lect5 Understand the security features of a typical operating system Users/passwords login procedure user superuser (root) access control (chmod) devices,
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service) a high-availability,
More informationCS 392/681 - Computer Security. Module 5 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 5 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm next Thursday!!! Read Chapter 2 and 15 of text 10/15/2002 Module 5 - Access Control
More informationCS 392/681 - Computer Security. Module 6 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 6 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm grades Thursday. Read Chapter 2 and 15 th of text Lab 4 postponed - due next week.
More informationTEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control Version 1.0, Last Edited 09/20/2005 Name of Students: Date of Experiment: Part I: Objective The objective of the exercises
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path TCP wrappers Race conditions NOTE: filenames may differ between OS/distributions
More information5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9
File Security, Setting and Using Permissions Chapter 9 To show the three protection and security mechanisms that UNIX provides To describe the types of users of a UNIX file To discuss the basic operations
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationIS 2150 / TEL 2810 Information Security and Privacy
IS 2150 / TEL 2810 Information Security and Privacy James Joshi Professor, SIS Access Control OS Security Overview Lecture 2, Sept 6, 2016 1 Objectives Understand the basics of access control model Access
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationFiles (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1
Files (review) and Regular Expressions Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 11 and April 1) Files and Permissions Regular Expressions 2 Sobel, Chapter 6 160_pathnames.html
More informationChapter 8: Security under Linux
Chapter 8: Security under Linux 8.1 File and Password security Linux security may be divided into two major parts: a) Password security b) File security 8.1.1 Password security To connect to a Linux system
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationOutline. Security. Security Ratings. TCSEC Rating Levels. Key Requirements for C2. Met B-Level Requirements
Outline Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Ratings System Components 2 Ratings TCSEC Rating Levels National Computer Center (NCSC) part of US Department of Defense
More informationSecurity. Outline. Security Ratings. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik
Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Outline Ratings System Components Logon Object (File) Access Impersonation Auditing 2 Ratings National Computer Center (NCSC) part
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationbash startup files Linux/Unix files stty Todd Kelley CST8207 Todd Kelley 1
bash startup files Linux/Unix files stty Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 27 and April 10) bash startup files More Linux Files review stty 2 We customize our
More informationTEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control Version 2.0, Last Edited 10/1/2006 Students Name: Date of Experiment: Part I: Objective The objective of the exercises
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 1 September 2, 2008 1 Objectives Understand the basic principles of
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Secure Design Principles OS Security Overview Lecture 2 September 4, 2012 1 Objectives Understand the basic principles of
More informationExercise 4: Access Control and Filesystem Security
Exercise 4: Access Control and Filesystem Security Introduction Duration: 90 min Maximum Points: 30 Note: The solutions of theorethical assignments should be handed out before the practical part in the
More informationDiscretionary Access Control
Operating System Security Discretionary Seong-je Cho ( 조성제 ) (sjcho at dankook.ac.kr) Fall 2018 Computer Security & Operating Systems Lab, DKU - 1-524870, F 18 Discretionary (DAC) Allows the owner of the
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationNetwork Security: Kerberos. Tuomas Aura
Network Security: Kerberos Tuomas Aura Kerberos authentication Outline Kerberos in Windows domains 2 Kerberos authentication 3 Kerberos Shared-key protocol for user login authentication Uses passwords
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationA Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
More informationWindows Server 2008 Active Directory Resource Kit
Windows Server 2008 Active Directory Resource Kit Stan Reimer, Mike Mulcare, Conan Kezema, Byron Wright w MS AD Team PREVIEW CONTENT This excerpt contains uncorrected manuscript from an upcoming Microsoft
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationUser accounts and authorization
User accounts and authorization Authentication vs authorization Authentication: proving the identity of someone Authorization: allowing a user to access certain resources 1 Government authorization documents
More informationOperating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Lesson 1 Quiz 1. What is the working definition of authentication? a. The ability for a person or system to prove identity. b. Protection of data on a system or host from unauthorized access.
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationCSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions
CSE 390a Lecture 3 Multi-user systems; remote login; editors; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1
More informationCSE 380 Computer Operating Systems
CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms 1 Policy vs. Mechanism q Access control policy is a specification
More informationWindows Access Control List (ACL) 2
What do we have in this session? Windows Access Control List (ACL) 2 1. Access Control Lists (ACLs) 2. Object-specific ACEs 3. Trustees 4. Access Rights and Access Masks 5. ACCESS_MASK 6. Access Mask format
More informationUnix Basics. UNIX Introduction. Lecture 14
Unix Basics Lecture 14 UNIX Introduction The UNIX operating system is made up of three parts; the kernel, the shell and the programs. The kernel of UNIX is the hub of the operating system: it allocates
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationUNIX File Hierarchy: Structure and Commands
UNIX File Hierarchy: Structure and Commands The UNIX operating system organizes files into a tree structure with a root named by the character /. An example of the directory tree is shown below. / bin
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationCST8207: GNU/Linux Operating Systems I Lab Six Linux File System Permissions. Linux File System Permissions (modes) - Part 1
Student Name: Lab Section: Linux File System Permissions (modes) - Part 1 Due Date - Upload to Blackboard by 8:30am Monday March 12, 2012 Submit the completed lab to Blackboard following the Rules for
More informationAccess Control Lists on Dell EMC Isilon OneFS
Access Control Lists on Dell EMC Isilon OneFS Abstract This document introduces access control lists (ACLs) on the Dell EMC Isilon OneFS operating system, and shows how OneFS works internally with various
More informationCS246 Spring14 Programming Paradigm Notes on Linux
1 Unix History 1965: Researchers from Bell Labs and other organizations begin work on Multics, a state-of-the-art interactive, multi-user operating system. 1969: Bell Labs researchers, losing hope for
More informationNetworks: Access Management Windows NT Server Class Notes # 10 Administration October 24, 2003
Networks: Access Management Windows NT Server Class Notes # 10 Administration October 24, 2003 In Windows NT server, the user manager for domains is the primary administrative tool for managing user accounts,
More informationPrivileges: who can control what
Privileges: who can control what Introduction to Unix May 24, 2008, Morocco Hervey Allen Goal Understand the following: The Unix security model How a program is allowed to run Where user and group information
More informationPolicy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems
Policy vs. Mechanism CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms q Access control policy is a specification
More informationUser Management. René Serral-Gracià Xavier Martorell-Bofill 1. May 26, Universitat Politècnica de Catalunya (UPC)
User Management René Serral-Gracià Xavier Martorell-Bofill 1 1 Universitat Politècnica de Catalunya (UPC) May 26, 2014 Lectures 1 System administration introduction 2 Operating System installation 3 User
More informationIntroduction to Linux
Introduction to Linux Mukesh Pund Principal Scientist, NISCAIR, New Delhi, India History In 1969, a team of developers developed a new operating system called Unix which was written using C Linus Torvalds,
More informationO/S & Access Control. Aggelos Kiayias - Justin Neumann
O/S & Access Control Aggelos Kiayias - Justin Neumann One system Many users Objects that require protection memory I/O devices (disks, printers) programs and processes networks stored data in general Separation
More informationFreeBSD Advanced Security Features
FreeBSD Advanced Security Features Robert N. M. Watson Security Research Computer Laboratory University of Cambridge 19 May, 2007 Introduction Welcome! Introduction to some of the advanced security features
More informationIT Service Delivery And Support Week Four - OS. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery And Support Week Four - OS IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 What is an Operating System (OS)? OS is a software that designed to run on specific hardware
More informationWorking with Basic Linux. Daniel Balagué
Working with Basic Linux Daniel Balagué How Linux Works? Everything in Linux is either a file or a process. A process is an executing program identified with a PID number. It runs in short or long duration
More informationCS/CIS 249 SP18 - Intro to Information Security
Lab assignment CS/CIS 249 SP18 - Intro to Information Security Lab #2 - UNIX/Linux Access Controls, version 1.2 A typed document is required for this assignment. You must type the questions and your responses
More informationInformation Security CS 526
Information Security CS 526 s Security Basics & Unix Access Control 1 Readings for This Lecture Wikipedia CPU modes System call Filesystem Permissions Other readings UNIX File and Directory Permissions
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: John Mitchell Basic idea: Isolation A Seaman's Pocket-Book, 1943 (public domain) http://staff.imsa.edu/~esmith/treasurefleet/treasurefleet/watertight_compartments.htm
More informationLab Authentication, Authorization, and Accounting
Objectives Given a scenario, select the appropriate authentication, authorization, or access control Install and configure security controls when performing account management, based on best practices
More informationAccess Control. Tom Chothia Computer Security, Lecture 5
Access Control Tom Chothia Computer Security, Lecture 5 The Crypto Wars 1993-1996: Clipper chip considered in US congress and rejected. Due partly to Matt Blaze s analysis and strongly attack by John Kerry
More informationUnix, History
Operating systems Examples from Unix, VMS, Windows NT on user authentication, memory protection and file and object protection. Trusted Operating Systems, example from PitBull Unix, History Unix, History
More informationServer. Client LSA. Winlogon LSA. Library SAM SAM. Local logon NTLM. NTLM/Kerberos. EIT060 - Computer Security 2
Local and Domain Logon User accounts and groups Access tokens Objects and security descriptors The Register Some features in Windows 7 and Windows 8 Windows XP evolved from Windows 2000 Windows 10, 8,
More informationAccess Control Lists. Don Porter CSE 506
Access Control Lists Don Porter CSE 506 Background (1) ò If everything in Unix is a file ò Everything in Windows is an object ò Why not files? ò Not all OS abstractions make sense as a file ò Examples:
More informationComputer Security Operating System Security & Access Control. Dr Chris Willcocks
Computer Security Operating System Security & Access Control Dr Chris Willcocks Lecture Content Access Control ACMs ACLs Introduction to *NIX security - we ll cover this more due to server popularity -
More informationPre-Assessment Answers-1
Pre-Assessment Answers-1 0Pre-Assessment Answers Lesson 1 Pre-Assessment Questions 1. What is the name of a statistically unique number assigned to all users on a Windows 2000 system? a. A User Access
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationCISNTWK-11. Microsoft Network Server. Chapter 5 Introduction Permissions i and Shares
CISNTWK-11 Microsoft Network Server Chapter 5 Introduction Permissions i and Shares 1 In a Nutshell Payroll Data? Payroll Data? Introduction A permission is a rule associated with an object, such as a
More informationUsers, Groups and Permission in Linux
Users, Groups and Permission in Linux A small company is using Linux as the main operating and has hired you as a consultant. You completed a site walk through and also met with various individuals for
More informationFaculty of Engineering Computer Engineering Department Islamic University of Gaza Network Lab # 7 Permissions
Faculty of Engineering Computer Engineering Department Islamic University of Gaza 2012 Network Lab # 7 Permissions Objective: Network Lab # 7 Permissions Define permissions. Explain the characteristics
More informationRoadmap for This Lecture
Windows Security 2 Roadmap for This Lecture Windows Security Features Components of the Security System Protecting Objects Security Descriptors and Access Control Lists Auditing and Impersonation Privileges
More information8. Files and File Systems
8. Files and File Systems 8. Files and File Systems File Storage Structure File System Implementation Kernel Abstraction Communication Through a Pipe 146 / 303 8. Files and File Systems Disk Operation
More informationPROCESS CONTROL BLOCK TWO-STATE MODEL (CONT D)
MANAGEMENT OF APPLICATION EXECUTION PROCESS CONTROL BLOCK Resources (processor, I/O devices, etc.) are made available to multiple applications The processor in particular is switched among multiple applications
More informationFiles and Directories
CSCI 2132: Software Development Files and Directories Norbert Zeh Faculty of Computer Science Dalhousie University Winter 2019 Files and Directories Much of the operation of Unix and programs running on
More informationHardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system Controls
More informationUser Commands chmod ( 1 )
NAME chmod change the permissions mode of a file SYNOPSIS chmod [-fr] absolute-mode file... chmod [-fr] symbolic-mode-list file... DESCRIPTION The chmod utility changes or assigns the mode of a file. The
More informationlsx [ls_options ] [names]
NAME ls, lc, l, ll, lsf, lsr, lsx - list contents of directories SYNOPSIS ls [-abcdefgilmnopqrstuxacfhlr1] [names] lc [-abcdefgilmnopqrstuxacfhlr1] [names] l [ls_options ] [names] ll [ls_options ] [names]
More informationSetting Access Controls on Files, Folders, Shares, and Other System Objects in Windows 2000
Setting Access Controls on Files, Folders, Shares, and Other System Objects in Windows 2000 Define and set DAC policy (define group membership, set default DAC attributes, set DAC on files systems) Modify
More informationOperating System Security
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system
More informationFile systems security: Shared folders & NTFS permissions, EFS Disk Quotas
File systems security: Shared folders & NTFS permissions, EFS Disk Quotas (March 23, 2016) Abdou Illia, Spring 2016 1 Learning Objective Understand Shared Folders Assign Shared Folder permissions NTFS
More informationOperating systems fundamentals - B10
Operating systems fundamentals - B10 David Kendall Northumbria University David Kendall (Northumbria University) Operating systems fundamentals - B10 1 / 12 Introduction Basics of protection and security
More informationCSE/ISE 311: Systems Administra5on Access Control and Processes
Access Control and Processes Por$ons courtesy Ellen Liu Outline Access control Tradi$onal UNIX access control File system access control; File permissions, Some commands; The root account Modern access
More informationOperating Systems Lab 1 (Users, Groups, and Security)
Operating Systems Lab 1 (Users, Groups, and Security) Overview This chapter covers the most common commands related to users, groups, and security. It will also discuss topics like account creation/deletion,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationIntroduction to Unix May 24, 2008
Introduction to Unix May 24, 2008 Exercises: Privileges REFERENCE Reference: Shah, Steve, "Linux Administration: A Beginner's Guide", 2nd. ed., Osborne press, New York, NY. If you look at files in a directory
More informationExercise Sheet 2. (Classifications of Operating Systems)
Exercise Sheet 2 Exercise 1 (Classifications of Operating Systems) 1. At any given moment, only a single program can be executed. What is the technical term for this operation mode? 2. What are half multi-user
More informationTable 12.2 Information Elements of a File Directory
Table 12.2 Information Elements of a File Directory Basic Information File Name File Type File Organization Name as chosen by creator (user or program). Must be unique within a specific directory. For
More informationImproving the Granularity of Access Control for Windows 2000
Improving the Granularity of Access Control for Windows 2000 MICHAEL M. SWIFT and ANNE HOPKINS University of Washington and PETER BRUNDRETT, CLIFF VAN DYKE, PRAERIT GARG, SHANNON CHAN, MARIO GOERTZEL,
More informationFile Properties and Permissions
File Properties and Permissions Managing File Access in Linux Peter Perry July 2009 What is it about? Open a shell (terminal) and type ls -l You get quite a bit of information about each file. Tonight,
More informationAccess Permissions. Agenda. chmod Command (Relative Method) File / Directory Permissions
Agenda The Linux File System (chapter 4 in text) Setting Access Permissions Directory vs File Permissions chmod Utility Symbolic Method Absolute Method umask Utility Access Permissions Limiting unauthorized
More informationAnswers to Even- Numbered Exercises
Answers to Even- 17 Numbered Exercises from page 1077 1. What option should you use with fsck if you want to review the status of your filesystems without making any changes to them? How does fsck determine
More informationBasic File Attributes
Basic File Attributes The UNIX file system allows the user to access other files not belonging to them and without infringing on security. A file has a number of attributes (properties) that are stored
More informationCommands are in black
Starting From the Shell Prompt (Terminal) Commands are in black / +--------+---------+-------+---------+---------+------ +------ +------ +------ +------ +------ +-- Bin boot dev etc home media sbin bin
More informationINSE 6130 Operating System Security. Overview of Design Principles
INSE 6130 Operating System Security Design Principles Prof. Lingyu Wang 1 Overview of Design Principles Design principles Time-proven guidelines For implementing security mechanisms/systems Rooted in simplicity
More information