CSE 565 Computer Security Fall 2018

Similar documents
Data Security and Privacy. Unix Discretionary Access Control

Information Security CS 526

Hardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users

Operating System Security

CIS 5373 Systems Security

CIS 5373 Systems Security

CSC 405 Introduction to Computer Security

Secure Architecture Principles

Secure Architecture Principles

Secure Architecture Principles

Operating system security models

Secure Architecture Principles

Access Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.

Secure Architecture Principles

OS Security III: Sandbox and SFI

We ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?

The golden age of hacking. OS UNIX GNU/Linux UNIX access control

PROCESS CONTROL BLOCK TWO-STATE MODEL (CONT D)

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

cs642 /operating system security computer security adam everspaugh

Outline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components

Shellbased Wargaming

OS security mechanisms:

Secure Programming Learning objectives. and Best Practices. Windows shells Launches programs, including other shells Provides

Secure Programming. Shell and Environment Flaws. Ahmet Burak Can Hacettepe University

CS 356 Operating System Security. Fall 2013

IS 2150 / TEL 2810 Information Security and Privacy

Datasäkerhet/Data security EDA625 Lect5

Protection and Security

412 Notes: Filesystem

Wrapup. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.

Securing Unix Filesystems - When Good Permissions Go Bad

Operating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07

19.1. Security must consider external environment of the system, and protect it from:

Unix Basics. UNIX Introduction. Lecture 14

CSE543 - Introduction to Computer and Network Security. Module: Operating System Security

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Introduction to Security

Policy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems

CPS221 Lecture: Operating System Protection

CIS Operating Systems File Systems Security. Professor Qiang Zeng Fall 2017

CSE 380 Computer Operating Systems

RBAC in Solaris 10. Darren J Moffat Staff Engineer, Networking & Security Sun Microsystems, Inc. 7 th October 2004

Introduction to Security

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Information Security Theory vs. Reality

CSE 127: Computer Security. Security Concepts. Kirill Levchenko

Operating system hardening

COS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy

Processes. Process Management Chapter 3. When does a process gets created? When does a process gets terminated?

CSE 565 Computer Security Fall 2018

2. INTRUDER DETECTION SYSTEMS

Security and Authentication

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

Operating systems and security - Overview

Operating systems and security - Overview

Secure Architecture Principles

Protection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger

HP-UX Security I. Ideal candidate for this course Experienced system and network administrators responsible for securing and monitoring HP-UX systems

Keys and Passwords. Steven M. Bellovin October 17,

6.033 Spring Lecture #6. Monolithic kernels vs. Microkernels Virtual Machines spring 2018 Katrina LaCurts

Introduction to Systems Security

Chapter 13: Protection. Operating System Concepts Essentials 8 th Edition

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Storage and File System

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

Software Security and Exploitation

Chapter 14: Protection. Operating System Concepts 9 th Edition

IT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

Pass Microsoft Exam

Operating system organizaton

CSE 565 Computer Security Fall 2018

Introduction: Context Switch

CS 161 Computer Security

Internet Security General Unix Security

Operating System Security

Security. Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018

e e Prof. Lingyu Wang

Cyber Security. General Unix Security

Discretionary Access Control

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

CSE 565 Computer Security Fall 2018

Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras

Privilege Escalation

ELEC 377 Operating Systems. Week 12 Class 2

Linux Capability Exploration Lab

Linux Forensics. Newbug Tseng Oct

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Processes are subjects.

Explicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières

Processes & Threads. Recap of the Last Class. Microkernel System Architecture. Layered Structure

HPE Intelligent Management Center

3. Operation Systems & Security

Operating System Structure

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

Capability and System Hardening

Why secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem

Introduction to Computer Security

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

Transcription:

CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1

Review Previous topics access control authentication session establishment and key management database security 2

Overview The next topics OS access controls and security mechanisms memory protection processor modes authentication and file access control process privileges software security input validation buffer overflow other vulnerabilities 3

Computer System Components Hardware provides basic computing resources, i.e., CPU, memory, I/O devices Operating system controls and coordinates the use of the hardware among various application programs System and application programs define the ways in which system resources are used to solve computing problems of users Users people, machines, other computers 4

Security Goals of OSs Goal 1: enable multiple users to securely share resources separation and sharing of processes, memory, files, devices, etc. what does it involve? memory protection, processor modes, authentication, file access control Goal 2: ensure secure operation in a networked environment what does it involve? authentication, access control, secure communication (using cryptography) logging and auditing intrusion detection and prevention recovery 5

Memory Protection The operating system enforces access control to memory The goal is to ensure that a user s process cannot access other processes memory fence relocation base/bounds registers segmentation paging The operating system and user processes need to have different privileges 6

CPU Modes System mode a.k.a. privileged mode, master mode, supervisor mode, kernel mode can execute any instruction and access any memory location e.g., accessing hardware devices, enabling and disabling interrupts, accessing memory management units, modifying registers, etc. User mode access to memory is limited, some instructions cannot be executed e.g., cannot disable interrupts, arbitrarily change processor state, access memory management units, etc. Transition from user mode to system mode must be done through well defined call gates (system calls) 7

Operating System Protection System calls are guarded gates from user mode into kernel mode they use a special CPU instruction (often an interrupt) to transfer control to a predefined entry point in more privileged code they allow to specify where the more privileged code will be entered and the processor state at the time of the entry privileged code examines the processor state and/or the stack set by less privileged code and determines whether to allow the request Part of the OS runs in the kernel mode (OS kernel) Other parts of the OS run in user mode, including service programs and user applications, as processes Superuser (or root) privileges are different from kernel mode rights 8

Types of Kernels Monolithic kernel one big kernel provides all services e.g., file system, network services, device drivers, etc. all kernel code is run in one address space different services directly affect each other example: Unix variants Linux kernel has over 25 million lines of code in 2018 advantages: efficiency disadvantages: complexity, bugs in one part affect the entire kernel kernels with loadable kernel modules are still monolithic 9

Types of Kernels Microkernel minimal kernel that provides only the mechanisms needed to implement OS services e.g., low-level address space management, threat management, and inter-process communication (IPC) operating system services are provided by user-mode servers these include device drivers, protocol stacks, file systems and user-interface code advantages: better achieves the least privilege, can tolerate failures/errors in device drivers, etc. disadvantages: performance, failure in key OS services still brings the system down 10

Example Architectures: Linux 11

Example Architectures: Windows 12

Security Mechanisms in User Space Types of security mechanisms authentication access control logging and auditing record system information to a log what should we record? full range of data and events, normal and suspicious e.g., every logon attempt, permission changes, network connection events, system calls, access to selected applications, system management events how can we record such data? 13

Security Mechanisms in User Space Types of security mechanisms (cont.) logging and auditing recording can be done at system level, application level, and user level examples include application logging, system call interception, packet sniffing, etc. audit trails must be protected! restricted access to the trails backing up to a different system enforcing write-only or write-once mechanisms 14

Security Mechanisms in User Space Types of security mechanisms (cont.) intrusion detection and prevention detect and report possible network and computer system intrusion or attacks passive intrusion detection provides only detection reactive intrusion detection provides intrusion prevention types of intrusion detection systems (IDSs) vary, e.g., host-based, network-based, etc. recovery if a break-in is detected, investigate the cause and assess the damage bring the system to a stable state 15

Permissions in Unix Recall that we are dealing with uid and gid permissions Processes are subjects associated with uid/gid pairs such as (ruid, rgid), (euid, egid), (suid, sgid) Objects are files 12 permission bits read/write/execute for user, group, and others suid, sgid, sticky There are associated system calls for read, write and execute operations 16

Permissions in Unix Process uid model in modern Unix systems each process has three user IDs real user ID owner of the process effective user ID used in most access control decisions saved user ID supported only on some systems similarly, there are three group IDs real group ID effective group ID saved group ID 17

Permissions in Unix What effect do suid, sgid, and sticky bits of files have? non-executable files executable files change euid when executing suid sgid sticky bit no effect affect locking not used any more change egid not used any when executing more the file the file only the owner of a file can delete directories no effect new files inherit group of the directory suid and sgid allow executables to inherit the uid and gid privileges, respectively, of the file owner when executed 18

Permissions in Unix When a process is created by using fork it inherits all three user IDs from its parent When a process executes a file using exec it inherits three user IDs unless the suid bit of the file is set if the suid bit is set, the effective uid and saved uid are assigned the user ID of the file owner Why do we need suid/sgid bits? some operations require higher (superuser) privileges than a process can have e.g., halting the system, listening on privileged ports (TCP/UDP port below 1024), etc. 19

Permissions in Unix Why do we need suid/sgid bits? some operations are not modeled as files system integrity requires not only controlling who can write, but also how it is written file level access control is not fine-grained enough Are there security implications of having programs with suid/sgid? setuid programs are typically setuid root this violates the least privilege principle why is it bad? how can an attacker exploit this problem? 20

Permissions in Unix Is there a way to make setuid programs safer? An existing solution is to change effective user IDs a process that executes a setuid program can drop its privilege there are two possibilities drop privilege permanently removes the privileged uid from all three user IDs drop privilege temporarily removes the privileged uid from it effective uid, but stores it in its saved id later the process may restore privilege by restoring privileged uid in its effective uid 21

Permissions in Unix Early Unix systems there were two user IDs: real uid and effective uid privileges could be dropped only permanently Later Unix systems saved uid was introduced privileges could be dropped temporarily There are different implementations with different system calls can be inconsistent, incompatible 22

Computer Break-Ins What happens in a typical computer break-in? get your foot in the door steal a password file and run dictionary attack sniff password off the network or through social engineering use input vulnerability in network-facing programs e.g., web server, mail server, browser, etc. use partial access to gain superuser privileges break some mechanism on the system often this means exploiting vulnerabilities in some local programs 23

Computer Break-Ins Steps involved in a typical computer break-in (cont.) setup some way to return install login program or web server with a back door cover your tracks disable intrusion detection, virus protection, system functions that show list of running programs,... perform desired attacks break into other machines take over the machine... 24

OS Hardening It is critical to setup the OS with adequate security and maintain it initial setup and patching removing unnecessary services and applications configuring users, groups, authentication configuring permissions installing additional security controls testing the system security 25

Summary Operating systems security covers memory protection restricting access to critical resources controlling process privileges Software security is next it is a large topic that covers different types of attacks buffer overflow is one of the most common software vulnerabilities we ll also look at safe code writing practices 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback