Privilege Escalation

Similar documents
The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

CSC 5930/9010 Cloud S & P: Virtualization

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Chapter 5 C. Virtual machines

ECE 471 Embedded Systems Lecture 22

Operating System Security

CSE543 - Computer and Network Security Module: Virtualization

Operating system hardening

Data Security and Privacy. Unix Discretionary Access Control

CS 290 Host-based Security and Malware. Christopher Kruegel

Sandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

Advanced Systems Security: Ordinary Operating Systems

Secure Containers with EPT Isolation

Virtual Machine Security

CSE543 - Computer and Network Security Module: Virtualization

C1: Define Security Requirements

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

Lecture 5: February 3

CSE543 - Computer and Network Security Module: Virtualization

Module 1: Virtualization. Types of Interfaces

Back To The Future: A Radical Insecure Design of KVM on ARM

CSE 565 Computer Security Fall 2018

CS 356 Operating System Security. Fall 2013

Security Architecture

Inline Reference Monitoring Techniques

Virtualization (II) SPD Course 17/03/2010 Massimo Coppola

CprE Virtualization. Dr. Yong Guan. Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

LINUX KVM FRANCISCO JAVIER VARGAS GARCIA-DONAS CLOUD COMPUTING 2017

CIT 480: Securing Computer Systems. Operating System Concepts

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

Virtualization. Dr. Yingwu Zhu

64-bit ARM Unikernels on ukvm

Virtualization. Pradipta De

Operating Systems 4/27/2015

Secure Architecture Principles

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Multi-tenancy Virtualization Challenges & Solutions. Daniel J Walsh Mr SELinux, Red Hat Date

CSE 544 Advanced Systems Security

CNIT 127: Exploit Development. Ch 3: Shellcode. Updated

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

COS 318: Operating Systems

LINUX Virtualization. Running other code under LINUX

Chapter 13: Protection. Operating System Concepts Essentials 8 th Edition

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

CIS 5373 Systems Security

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

System Configuration as a Privilege

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

Copyright

Software Security and Exploitation

CS370 Operating Systems

Chapter 14: Protection. Operating System Concepts 9 th Edition

Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.

LIA. Large Installation Administration. Virtualization

Operating System. Operating System Overview. Structure of a Computer System. Structure of a Computer System. Structure of a Computer System

CSE Computer Security

Virtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader

Confinement (Running Untrusted Programs)

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions

COS 318: Operating Systems

Network+ Guide to Networks 6 th Edition

Virtualization. Michael Tsai 2018/4/16

HP SDN Document Portfolio Introduction

CSCE 410/611: Virtualization!

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Advanced Systems Security: Multics

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

Spring It takes a really bad school to ruin a good student and a really fantastic school to rescue a bad student. Dennis J.

CSCE 410/611: Virtualization

The Case for Security Enhanced (SE) Android. Stephen Smalley Trusted Systems Research National Security Agency

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

6.858 Lecture 4 OKWS. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS.

Meltdown and Spectre - understanding and mitigating the threats (Part Deux)

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

OS security mechanisms:

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

Outline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Cloud and Datacenter Networking

0x1A Great Papers in Computer Security

Sandboxing. (1) Motivation. (2) Sandboxing Approaches. (3) Chroot

Virtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

Virtualization Introduction

Introduction to Operating. Chapter Chapter

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

Advanced Systems Security: Ordinary Operating Systems

Networks and Operating Systems Chapter 11: Introduction to Operating Systems

Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces

Virtualization. Adam Belay

Meltdown and Spectre - understanding and mitigating the threats

Introduction to Operating Systems. Chapter Chapter

Micro VMMs and Nested Virtualization

Secure Architecture Principles

Distributed Systems COMP 212. Lecture 18 Othon Michail

I/O and virtualization

Nested Virtualization and Server Consolidation

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

Transcription:

Privilege Coleman Kane Coleman.Kane@ge.com February 9, 2015 Security Vulnerability Assessment Privilege 1 / 14

root, or Privilege or Elevation is the act of gaining access to resources which were intended to be protected by authorization mechanisms built into the targeted system. Generally, these are divided into two families: Vertical Security Vulnerability Assessment Privilege 2 / 14

root, or Generally speaking, this type of escalation occurs when the human-computer or computer-computer interface is intended to serve as "gate keeper" for access to internal-only resources on the system. In other words, the attacker exploits flaws in the UI to gain unrestricted access to everything that the underlying application would be able to access. Some examples: SQL Injection attacks XSS attacks Escape to shell Security Vulnerability Assessment Privilege 3 / 14

root, or Use of existing access (whether granted or illicit) to gain resource access beyond what the current user or role is supposed to have access to. In many cases, the act being described is elevating from "normal user" to "administrator" or "root" privileges on a system. Examples: Win7Elevate / UAC Bypass "setuid" root binary UNIX exploit Device Driver exploits syscall exploits Security Vulnerability Assessment Privilege 4 / 14

root, or Implemented by modern CPUs to enable arbitrary execution of native code while protecting systems HW offers multiple run modes, or "rings", where direct access to some features are permitted Code "asks permission" to switch to more privileged "ring" HW verifies authorization criteria are met In most systems, 2 modes: Supervisor & User Don t confuse with "root"/"administrator" and "" user processes Security Vulnerability Assessment Privilege 5 / 14

root, or General OS division of code execution: Supervisor: Bootloader, kernel code, device driver code User: Applications, user commands, event "root" user programs Some exceptions include Windows NT & Mac OS X (XNU kernel), which both can run "device drivers" as limited userland service applications that make kernel requests for their device interactions. However, they continue to offer the option to run as supervisor as well. Security Vulnerability Assessment Privilege 6 / 14

root, or Most OS s conceptualize permission groups based upon "privileged" and "unprivileged" user accounts Applications and services are executed by user, retaining privileges of the starting user, with the option to "downgrade" permission for security OS provides "API" for secure device/resource interactions by user ring code "Root" user typically granted access to whatever is asked for, while "" is forced to operate with a limited set of privileges "setuid" and similar typically provide controlled temporary task-specific privilege elevation Security Vulnerability Assessment Privilege 7 / 14

root, or Common local-system privileges consist of: Starting new processes Reading/writing data controlled by the user or access-granted to the user Process mgmt for any processes running by that user Initiating network communications, or listening on TCP/UDP ports >1024 Access to local OS APIs & libraries Security Vulnerability Assessment Privilege 8 / 14

root root, or In addition to all privileges, root generally has expanded privileges: Adding/removing users, setting passwords, privileges Read/write ANY file (regardless of whether access explicitly granted) Installing/removing device drivers Replacing programs, libraries, etc... OS grants special access when root uses APIs / libraries Access to all devices, memory Process management across entire system Security Vulnerability Assessment Privilege 9 / 14

root, or This structure presents us with two common vectors to gain vertical privilege escalation: Using OS APIs/syscall vulnerabilities to inject arbitrary code into Supervisor mode Using user-mode vulnerabilities in applications running as "root" to inject arbitrary code/commands as "root" Security Vulnerability Assessment Privilege 10 / 14

, or root, or is an increasingly popular feature of modern consumer CPUs, however it has been around for a long time. This feature adds a new super-supervisor level to the management of the operating system(s). The isolation enables a system owner to host multiple full OS s with fine-grained resource access control, where a complete compromise of one OS cannot escape into other hosted operating systems. Security Vulnerability Assessment Privilege 11 / 14

root, or Generally speaking, virtualization is facilitated by a hypervisor, which can be configured to selectively grant access to the following resources (among others): Number of CPU s and % of CPU time Upper bound on virtual-physical memory (HV will allocate virt mem that VM thinks is physical mem) Virtualized I/O devices Direct hardware access (controlled) APIs provided by hypervisor available for each VM Security Vulnerability Assessment Privilege 12 / 14

root, or Here are some examples of hypervisors: VirtualBox http://virtualbox.org (will frequently be used for examples) VMWare http://www.vmware.com Xen http://www.xenproject.org KVM http://www.linux-kvm.org bhyve http://bhyve.org Some vulnerabilities: http://cromwell-intl.com/security/virtualization.html Security Vulnerability Assessment Privilege 13 / 14

root, or The isloation and abstraction layers in hypervisors are the primary elements enabling "cloud computing". This provisioning approach also relies upon the inherent "Ring -1" security features to allow multiple customers the flexibility of executing virtual systems on shared hardware owned by a third party. However, some new exposure risks may present themselves if you are making assumptions common to traditional "bare metal" systems. Security Vulnerability Assessment Privilege 14 / 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback