Intro to Computer & Network Security: OS Security & Access Control in UNIX & Windows - Pro, Study notes of Computer Science

An overview of computer and network security, focusing on operating system security and access control mechanisms in unix and windows. Topics include memory and file protection, access authentication, unix filesystem rights, windows tokens and access control entries, setuid vulnerabilities, sandboxing, and capabilities. Students will learn about the importance of secure operating systems and the role of access control in protecting files and processes.

Typology: Study notes

Pre 2010

Uploaded on 09/24/2009

koofers-user-y3i-1
koofers-user-y3i-1 🇺🇸

10 documents

1 / 49

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
3YSTEMSAND)NTERNET
)NFRASTRUCTURE3ECURITY
I
I
.ETWORKAND3ECURITY2ESEARCH#ENTER
$EPARTMENTOF#OMPUTER3CIENCEAND%NGINEERING
0ENNSYLVANIA3TATE5NIVERSITY5NIVERSITY0ARK0!
CSE543 - Introduction to Computer and Network Security Page
CSE543 - Introduction to
Computer and Network Security
Module:
Operating System Security
Professor Patrick McDaniel
Fall 2009
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31

Partial preview of the text

Download Intro to Computer & Network Security: OS Security & Access Control in UNIX & Windows - Pro and more Study notes Computer Science in PDF only on Docsity!

3YSTEMSAND)NTERNET )NFRASTRUCTURE3ECURITY I I .ETWORKAND3ECURITY2ESEARCH#ENTER $EPARTMENTOF#OMPUTER3CIENCEAND%NGINEERING 0ENNSYLVANIA3TATE5NIVERSITY 5NIVERSITY0ARK0!

CSE543 - Introduction to

Computer and Network Security

Module: Operating System Security

Professor Patrick McDaniel Fall 2009 1

OS Security

• An secure OS should provide (at least) the

following mechanisms

‣ Memory protection

‣ File protection

‣ General object protection

‣ Access authentication

• How do we go about designing a trusted OS?

• “Trust” in this context means something

different from “Secure”

2

Access Control Lists

  • (^) ACL: a list of the principals that are authorized to have access to some object.
  • (^) Eg., O 2 S 1 Y S 2 Y S 3 Y
  • Or more correctly: O 1 : S 1 O 2 : S 1 , S 2 , S 3 O 3 : S 3
  • We are going to see a lot of examples of these throughout the semester. 4

ACL in systems

  • (^) ACLs are typically used to implement discretionary access control
  • (^) For example: you define the UNIX file system ACLs using the chmod utility …. 5

UNIX filesystem rights …

  • (^) There are three rights in the UNIX filesystem ‣ (^) READ - allows the subject (process) to read the contents of the file. ‣ (^) WRITE - allows the subject (process) to alter the contents of the file. ‣ (^) EXECUTE - allows the subject (process) to execute the contents of the file (e.g., shell program, executable, …)
  • Q: why is execute a right?
  • (^) Q: does the right to read a program implicitly give you 7

The UNIX FS access policy

  • (^) Really, this is a bit string encoding an access matrix
  • (^) E.g.,

rwx rwx rwx

  • (^) And a policy is encoded as “r”, “w”, “x” if enabled, and “-” if not, e.g,

rwxrw--x

  • Says user can read, write and execute, group can read and write, and world can execute only. World Group Owner 8

Windows grows up ...

  • (^) Windows 2000 marked the beginning of real OS security for the windows systems ... 10

Tokens

  • (^) Like the UID/GID in a UNIX process ‣ (^) User ‣ Group ‣ (^) Aliases ‣ Privileges (predefined sets of rights)
  • (^) May be specific to a domain
  • (^) Composed into global SID
  • Subsequent processes inherit access tokens ‣ Different processes may have different rights 11

Access Checking with ACEs

  • (^) Example 13

Window Vista Integrity

  • (^) Integrity protection for writing
  • Defines a series of protection level of increasing protection ‣ untrusted (lowest) ‣ low (Internet) ‣ medium (user) ‣ (^) high (admin) ‣ system ‣ installer (highest)
  • Semantics: If subject’s (process’s) integrity level dominates the object’s integrity level, then the write is allowed 14

And now back to UNIX ...

16

UID Transition: Setuid

  • (^) A special bit in the mode bits
  • (^) Execute file ‣ Resulting process has the effective (and fs) UID/GID of file owner
  • (^) Enables a user to escalate privilege ‣ For executing a trusted service
  • Downside: User defines execution environment ‣ (^) e.g., Environment variables, input arguments, open descriptors, etc.
  • Service must protect itself or user can gain root access
  • (^) All UNIX services involves root processes -- many via setuid 17

Other Vulnerabilities

  • (^) Objects w/o sufficient control ‣ Windows registry, network
  • (^) Libraries ‣ Load order permits malware defined libraries
  • (^) Executables are everywhere ‣ (^) Web content, Email, Documents (Word)
  • (^) Labeling is wrong ‣ Mount a new file system; device
  • Malware can modify your permissions ‣ (^) Inherent to discretionary model 19

Sandboxing

  • (^) An execution environment for programs that contains a limited set of rights ‣ A subset of your permissions (meet secrecy and integrity goals) ‣ Cannot be changed by the running program (mandatory) 20