csce 790 computer systems security file system security
play

CSCE 790 Computer Systems Security File System Security Professor - PowerPoint PPT Presentation

Sep 03, 2023 •335 likes •821 views

CSCE 790 Computer Systems Security File System Security Professor Qiang Zeng Spring 2020 Outline Hard links vs. symbolic links File access permissions User and process credentials Special flags: setuid, sticky bit

  1. 
 CSCE 790 
 Computer Systems Security 
 File System Security Professor Qiang Zeng Spring 2020

  2. Outline • Hard links vs. symbolic links • File access permissions • User and process credentials • Special flags: setuid, sticky bit • TOCTTOU CIS 4360 – Secure Computer Systems 2

  3. Hard link and soft link • In Linux/Unix, a file consists of a block, called inode, for storing metadata (file type, size, owner, etc.) and zero or more data blocks • A hard link: a mapping from a file name to the id of an inode block • A soft/symbolic link: a mapping from a file name to another file name CIS 4360 – Secure Computer Systems 3

  4. Hard link Link count • When you create a hard link you simply create another link that points to the inode block. • Only after the last hard link is removed (and no runtime file descriptors point to it), will the underlying file be deleted CIS 4360 – Secure Computer Systems 4

  5. Symbolic link a • The inode of a symbolic file contains: – A flag saying that “I am symbolic link” – A file name of the target file • Symbolic links are very important for software upgrade – After upgrade, you just redirect the symbolic link to the new version • A symbolic link may get dangling if the target file has been deleted CIS 4360 – Secure Computer Systems 5

  6. Create hard link and soft (symbolic) link • We have created a file original.txt , and a hard link named hard.txt , and a symbolic link named soft.txt • Can you distinguish original.txt and soft.txt ? – Certainly • Can you distinguish original.txt and hard.txt ? – Hmmm… CIS 4360 – Secure Computer Systems 6

  7. Question • If you modify a file through a hard link, will the modification time of another hard link of the same file be updated as well? – Yes – They point to the same inode block, which stores the modification time and other metadata – Hard links of a file share the same piece of “metadata and data” of the file; the only difference is the names CIS 4360 – Secure Computer Systems 7

  8. Outline • Hard links vs. symbolic links • File access permissions • User and process credentials • Special flags: setuid, sticky bit • TOCTTOU CIS 4360 – Secure Computer Systems 8

  9. File permissions • File permissions are about who can access the file and how it can be accessed • Who: – U: the file owner – G: a group of user – O: other users – (A: everybody) • How: – Read, write and execute CIS 4360 – Secure Computer Systems 9

  10. Permission on Directories • Read: list the files in the directory • Write: create, rename, or delete files within it • Execute: lookup a file name in the directory CIS 4360 – Secure Computer Systems 10

  11. Questions • To read /a/b/c.txt, you need – the execute permission for /, a, and b – the read permission for c.txt • To remove /a/b/c.txt, you need – the execute permission for /, a and b – the write permission for b CIS 4360 – Secure Computer Systems 11

  12. Three subsets (for u, g, o) of bits; 
 each subset has three bits (for r, w, x) CIS 4360 – Secure Computer Systems 12

  13. Octal representation CIS 4360 – Secure Computer Systems 13

  14. Application of the octal representation • 755: rwxr-xr-x – chmod 755 dir – Specify the permissions of dir • 644: rw-r--r-- – chmod 644 a.txt – Specify the permissions of a.txt CIS 4360 – Secure Computer Systems 14

  15. Changing file permissions using symbolic-mode • To add x permissions for all – chmod a+x filename • To remove w permissions for g and o – chmod go-w filename • To overwrite the permissions for owner – chmod u=rw filename CIS 4360 – Secure Computer Systems 15

  16. Questions • Why is it dangerous to operate on files in a publicly writable directory? – “A directory is publicly writable” means anyone including the attacker can create, delete, rename files in that dir – When you open a file “x”, which you believe is what you have created previously, the attacker may first delete “x” and then create a file named “x” with permissions 777; consequently, • Integrity: “x”’s content is actually controlled by the attacker • Confidentiality: the attacker can read the file – There are other attacks, e.g., privilege escalation, DoS, race conditions CIS 4360 – Secure Computer Systems 16

  17. So, try you best not to use a publicly writable directory; files in such a directory should be treated untrusted CIS 4360 – Secure Computer Systems 17

  18. Outline • Hard links vs. symbolic links • File access permissions • User and process credentials • Special flags: setuid, sticky bit • TOCTTOU CIS 4360 – Secure Computer Systems 18

  19. User credentials • uid: user ID • gid: the ID of a user’s primary group • groups: supplementary groups • Collectively, they constitute the user credential CIS 4360 – Secure Computer Systems 19

  20. Process credentials • Each process has – Real, effective, saved user IDs (ruid, euid, suid) – Real, effective, saved group IDs (rgid, egid, sgid) – Supplementary group IDs • After a user login, its first process inherits all its IDs from the user – E.g., if a user (uid = 1000, gid=2000) logs in, then its first process’s ruid=euid=suid=1000 and rgid=egid=sgid=2000 • At fork(), all the IDs are inherited by the child CIS 4360 – Secure Computer Systems 20

  21. A little wrap-up User: uid, gid, supplementary groups After a user login, its first process inherits all IDs from the user File uid and gid are determined by process Process: euid and egid, respectively ruid, euid, suid File: rgid, egid, sgid uid (owner), gid supplementary groups When a process is forked, the child inherits all the IDs CIS 4360 – Secure Computer Systems 21

  22. Permission checking • Note that process’s credential is used (rather than the user’s) during permission checking • Recall that the permissions of each file has three groups of three bits (e.g., rwxr-x--x) – If process euid = file owner ID, the 1 st group (“rwx”) is used – If process egid or any of the supplementary group IDs = file group ID, the 2 nd group (“r-x”) is used – The 3 rd group (“--x”) is used if neither above holds CIS 4360 – Secure Computer Systems 22

  23. Outline • Hard links vs. symbolic links • File access permissions • User and process credentials • Special flags: setuid, sticky bit • TOCTTOU CIS 4360 – Secure Computer Systems 23

  24. Setuid programs • Setuid: short for “set user ID upon execution” • When a non-setuid program is executed, its user IDs are inherited from its parent • However, when a setuid program is executed, its effective and saved user ID will be set as the owner of the program – The process has the privileges of the program owner – If the program owner is root, we call it a setuid-root program, or the program is setuid to root; such processes have root privileges CIS 4360 – Secure Computer Systems 24

  25. Examples Take /usr/bin/passwd as an example; it is a setuid-root program CIS 4360 – Secure Computer Systems 25

  26. Why are setuid programs needed? • Consider the passwd example • It is to update the password file /etc/shadow • Obviously, its file permission is 640 and it is owned by root • Then, how can a process created by non-root user modify the sensitive file? • Answer: setuid program – So that when it is run, it has the effective ID = file owner, which enables it to modify /etc/shadow CIS 4360 – Secure Computer Systems 26

  27. Setgid • Setgid programs have similar effects as setuid ones – egid = program’s gid • Setuid only makes sense with executable files • Setgid makes sense with executable files; it also makes sense with directories – Any files created in that directory will have the same group as that directory. – Also, any directories created in that directory will also have their setgid bit set – The purpose is usually to facilitate file sharing through the directory among users • Setgid even makes sense with non-executable files to flag mandatory locking files. Please refer to the article – https://www.kernel.org/doc/Documentation/filesystems/ mandatory-locking.txt CIS 4360 – Secure Computer Systems 27

  28. Another little wrap-up User: uid, gid, supplementary groups After a user login, its first process inherits all IDs from the user File uid and gid are determined by process Process: euid and egid, respectively ruid, euid, suid File: rgid, egid, sgid uid (owner), gid When a stuid program is supplementary groups executed, the process’s euid = suid = file’s uid When a process is forked, the child inherits all the IDs CIS 4360 – Secure Computer Systems 28

  29. Sticky bit • Historically, it got the name because it makes the related files stick in main memory • Now it only makes sense with directories • Normally, if a user has write permission for a directory, he/she can delete or rename files in the directory regardless of the files’ owner • But, files in a directory with the sticky bit can only be renamed or deleted by the file owner (or the directory owner) CIS 4360 – Secure Computer Systems 29

  30. Example In the x-bit location for others: x + sticky = t - + sticky = T CIS 4360 – Secure Computer Systems 30

Recommend

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

302 views • 16 slides
CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1: Morris the first worm in history CSCE 790 Computer Systems Security 2 Story 2: Malware, Stuxnet , took down Irans nuclear facilities

344 views • 30 slides
CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020 Previous Class The CIA Triad as security objectives Threat: potential Attack: attempt Compromise: success Vulnerability: security

660 views • 29 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
CSCE 790 Computer Systems Security Security Policy Models Professor Qiang Zeng Spring

CSCE 790 Computer Systems Security Security Policy Models Professor Qiang Zeng Spring

CSCE 790 Computer Systems Security Security Policy Models Professor Qiang Zeng Spring 2020 Previous Class Concepts Access Control, Subject, Object Goals of Access Control Confidentiality, Integrity Access Matrix

702 views • 26 slides
OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers Cryptography Network security System security Web security (recap) Protection File systems implement a protection system Who

800 views • 30 slides
CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng Spring 2020 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors) Something

506 views • 24 slides
CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous

CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous

CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous Class Implementation Principles Policy and Mechanism Decoupling Reference Monitor Bell-LaPadula (BLP) Secrecy Model No read up

822 views • 34 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CSCE 790 Computer Systems Security Access Control Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Access Control Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Access Control Professor Qiang Zeng Spring 2020 Previous Class Biometrics Measurement and applications of human characteristics Applications Advantages and Disadvantages False

400 views • 28 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Exploiting Unix File-System Races via Algorithmic Complexity Attacks By Cai, Gui, Johnson

Exploiting Unix File-System Races via Algorithmic Complexity Attacks By Cai, Gui, Johnson

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Exploiting Unix File-System Races via Algorithmic Complexity

643 views • 31 slides
CSCE 790 Computer Systems Security Entity Authentication Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Entity Authentication Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Entity Authentication Professor Qiang Zeng Spring 2020 Previous Class PKI Digital Certificate Certificate Authority Verifying Certificates and Chain of Trust Revoking Certificates

310 views • 30 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
File System Needs Summary of Day #4 discussions from Dagstuhl Seminar #17202 Security Issues in

File System Needs Summary of Day #4 discussions from Dagstuhl Seminar #17202 Security Issues in

File System Needs Summary of Day #4 discussions from Dagstuhl Seminar #17202 Security Issues in User-level File Systems Stergios Anastasiadis University of Ioannina Rangetable: Deamortized compactions Arion: Client-side journal for

198 views • 7 slides
Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in

Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in

Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in File S Systems t User Access Control The operating system is fully trusted to enforce the security policy. Is it good enough? Is it

888 views • 44 slides
INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches, Fixes, Revisions Antivirus Software Post-Install Security Checklist: Windows/UNIX File System Security Issues Chapter 10 User

361 views • 8 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
CSE 543: Safe File Access Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CSE 543: Safe File Access Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CSE 543: Safe File Access Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1

765 views • 27 slides
System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 2) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Outline Part1. Bugs in File Systems Semantic inconsistency

1.27k views • 115 slides

More recommend