goals for today
play

Goals for Today Learning Objective: Contrast strengths/weaknesses - PowerPoint PPT Presentation

Aug 16, 2023 •222 likes •489 views

Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives Understand design concepts of OS-layer Access Control Announcements, etc: MP3 Soft Extension: Submit by April 25th for -10pts MP4 due

  1. Goals for Today • Learning Objective: • Contrast strengths/weaknesses of security primitives • Understand design concepts of OS-layer Access Control • Announcements, etc: • MP3 Soft Extension: Submit by April 25th for -10pts • MP4 due May 7th Deadline provides more time than necessary; wanted to give you flexibility • • Schedule: • Apr 25 — Final Exam Overview + Review Session • Apr 27 — Energy + Power in Operating Systems • Apr 30 — Operating System Auditing (feat. Wajih Ul Hassan) • May 02 — Final Exam Q&A CS 423: Operating Systems Design 1

  2. Reference Monitor Cool. But how do we implement these models in an operating system? Entry Points System Interface Access Hook Authorize Request? Security-sensitive Access Operation Access Monitor Hook Hook Policy Security-sensitive Security-sensitive Operation Operation Yes/No CS 423: Operating Systems Design 2

  3. Reference Monitor • Where to make access control decisions? (Mediation) • Which access control decisions to make? (Authorization) • Decision function: Compute decision based on request and the active security policy • Reference Monitor Concept (i.e., Goals): • Complete Mediation • Tamper Proof • Verifiable CS 423: Operating Systems Design 3

  4. SELinux Designed by the NSA • A more flexible solution than MLS • SELinux Policies are comprised of 3 components: • Labeling State defines security contexts for every file • (object) and user (subject). Protection State defines the permitted • <subject,object,operation> tuples. Transition State permits ways for subjects and objects to • move between security contexts. Enforcement mechanism designed to satisfy reference • monitor concept CS 423: Operating Systems Design 4

  5. SELinux Labeling State • Files and users on the system at boot-time must are associated with their security labels (contexts) • Map file paths to labels via regular expressions • Map users to labels by names by name • User labels pass on to their initial processes • How are new files labeled? Processes? CS 423: Operating Systems Design 5

  6. SELinux Protection State • MAC Policy based on Type Enforcement • Access Matrix Policy • Processes with subject label… • Can access file of object label • If operations in matrix cell allow • Focus: Least Privilege • Only provide permissions necessary CS 423: Operating Systems Design 6

  7. SELinux Protection State • Permissions in SELinux can be produced with runtime analysis. • Step 1 : Run programs in a controlled (no attacker) environment without any enforcement. • Step 2 : Audit all of the permissions used during normal operation. • Step 3 : Generate policy file description • Assign subject and object labels associated with program • Encode all permissions used into access rules CS 423: Operating Systems Design 7

  8. SELinux Transition State • Premise: Processes don’t need to run in the same protection state all of the time. • Borrows concepts from Role-Based Access Control • Example: passwd starts in user context, transitions to privileged context to update /etc/passwd, transitions back to user. CS 423: Operating Systems Design 8

  9. @ 2001 Linux Kernel Summit… Include SELinux in Linux 2.5! CS 423: Operating Systems Design 9

  10. @ 2001 Linux Kernel Summit… Include SELinux in Linux 2.5! I’m just not that into you… CS 423: Operating Systems Design 10

  11. Linux Security circa 2000 CS 423: Operating Systems Design 11

  12. Linus’s Dilemma CS 423: Operating Systems Design 12

  13. Linus’s Dilemma The answer to all computer science problems… add another layer of abstraction! CS 423: Operating Systems Design 13

  14. Linux Security Models CS 423: Operating Systems Design 14

  15. Linux Security Modules CS 423: Operating Systems Design 15

  16. LSM Requirements CS 423: Operating Systems Design 16

  17. LSM Architecture CS 423: Operating Systems Design 17

  18. Opaque Security Fiels CS 423: Operating Systems Design 18

  19. Security Hooks CS 423: Operating Systems Design 19

  20. Security Hooks CS 423: Operating Systems Design 20

  21. Security Hook Details CS 423: Operating Systems Design 21

  22. LSM Hook Architecture CS 423: Operating Systems Design 22

  23. LSM Hook Architecture Process User Space Kernel Space open System Call Process file path Lookup down to inode inode (resolving directories/ links) DAC checks LSM hook LSM Policy Engine "Is user_process allowed to perform Access operation on inode?" inode CS 423: Operating Systems Design 23

  24. Conclusions • Access Control is supported in operating systems through the “Reference Monitor” concept • LSM is a framework for designing reference monitors • Today, many security modules exist • Must define authorization hooks to mediate access • Must expose a policy framework for specifying which accesses to authorize • Policy Challenges • Is language expressive enough to capture the goals of the user? • Is language simple/intuitive enough for ease of use? • Policy misconfiguration breaks security!! CS 423: Operating Systems Design 24

  25. LSM Performance CS 423: Operating Systems Design 25

  26. LSM Use CS 423: Operating Systems Design 26

Recommend

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

Wilder Research One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will understand The purpose of the One-on-Ones The One-on-One process The tools The ways to protect the privacy of

363 views • 19 slides
Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the mission and goals - June 2013 Mission &amp; goals development included a wide array of stakeholders In addition to the CSCU Mission , each

314 views • 15 slides
Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4 Announcements, etc: MP4 is out! Due May 6th (UTC-11) Final Exam MAY 9TH @ 7PM, SIEBEL 1404 Its fine to use electronics today CS 423: Operating

922 views • 34 slides
Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures Announcements, etc: Informal Early Feedback at end of class today Midterm debrief forthcoming on Friday MP2 extension: now due on

726 views • 21 slides
Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in storage!! Announcements, etc: MP3 is out! Due April 18th . MP3 Walkthrough on Monday, slides up later today Reminder : Please put away devices

909 views • 47 slides
Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

2015 Annual Countywide Escheatment Kick-off Meeting Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment Overview 2014 Recap Policy and Procedure Summary 2015 Timeline Q&amp;A 3 Goals

661 views • 17 slides
Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content Announcements, etc: MP3 Soft Extension: Submit by TODAY for -10pts MP4 due May 7th Deadline provides more time than necessary; wanted to give you

648 views • 49 slides
Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals for Today 2 Agenda and Goals for today &gt; Big Picture: Launch of 3-year Phase-in of Modified RCM Budget Model &gt; Goals: Review Process to

502 views • 31 slides
Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some disk performance exercises Announcements, etc: C4: I removed 2 papers from your reading list No longer need to read Multics Security Eval

421 views • 27 slides
E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled, Please Take a Minute to Think about Examples You Can Share with the Group. Feel Free to Talk Amongst Yourselves... How to Write a Great Very

269 views • 13 slides
2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements: Thank you for your Early Informal Feedback Composite, Visitor, HW3 Phase 2, peer reviews due this Thu at Template Method, Faade, 5pm

104 views • 8 slides
Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask) Char/ascii String constants, string as abstraction (albeit a leaky one) C library functions &lt;string.h&gt; Under the hood: C-string as

331 views • 6 slides
OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Member Forums 2015 OCLC Update So, what are our goals for today? Hear what OCLC is doing governance, participation, products and services Talk to each other about what you are doing share best practices, tips and tricks

1.57k views • 102 slides
Marina Industry Our goal today Who we are What are our strategic goals Give you three

Marina Industry Our goal today Who we are What are our strategic goals Give you three

The Voice of the Marina Industry Our goal today Who we are What are our strategic goals Give you three reasons for joining AMIs affiliate program Answer your questions Who are we? Association of Marina Industries The

360 views • 17 slides
Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload and grading Computer Programming II Resources Welcome! This information is largely included in todays handouts, Course Overview and

288 views • 7 slides
AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department is going to focus on that link to the Academic Master Plan AMP connects to multiple items such as performance indicators, enrollment via

333 views • 6 slides
Goals for Today ARE YOU OFF YOUR ROCKER? Discuss the functional demands of the lower extremity

Goals for Today ARE YOU OFF YOUR ROCKER? Discuss the functional demands of the lower extremity

5/7/2013 Goals for Today ARE YOU OFF YOUR ROCKER? Discuss the functional demands of the lower extremity What are they? Absorption vs. Propulsion vs. Transition Muscles Clinical Techniques for Joints Timing Gait Rockers

186 views • 3 slides
Goals for Today Learning Objective: Understand primitives for interpretation versus

Goals for Today Learning Objective: Understand primitives for interpretation versus

Goals for Today Learning Objective: Understand primitives for interpretation versus translation Announcements, etc: Midterm debrief will have to happen after spring break; sorry! MP2 extension: now due on March 25th MP3

669 views • 19 slides
Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures Announcements, etc: Midterm debrief forthcoming (please do not post to piazza yet) C4 summaries due Friday (as always) MP2 due March 18th

549 views • 30 slides
Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures Announcements, etc: C4 Submission for 3/9, 3/15 open (sorry for the delay) Request for Informal Early Feedback forthcoming, probably on

544 views • 25 slides
System Unit 5, Lesson 2 Learning Goals Today we will be learning: The EA sound

System Unit 5, Lesson 2 Learning Goals Today we will be learning: The EA sound

The Respiratory System Unit 5, Lesson 2 Learning Goals Today we will be learning: The EA sound Reviewing Transition Words Ordinal Numbers The Respir iratory ry System By: Helen Frost Lets take a BIG, DEEP, BREATHE

518 views • 18 slides
Costly and/or Complex Orthopedic Surgeries Goals for Today 1. Understand the problem; 2.

Costly and/or Complex Orthopedic Surgeries Goals for Today 1. Understand the problem; 2.

Costly and/or Complex Orthopedic Surgeries Goals for Today 1. Understand the problem; 2. Identify the most common orthopedic problems affecting commercial groups; and, 3. Describe the effectiveness of traditional and newer treatments.

454 views • 24 slides
Ki Kicking goals wi cking goals with W th Wat atson; son; for student or students s Lucy

Ki Kicking goals wi cking goals with W th Wat atson; son; for student or students s Lucy

Ki Kicking goals wi cking goals with W th Wat atson; son; for student or students s Lucy Schulz, ATEM Student Service Centres conference 29 th May 2015 Today: Our vision and strategy at

559 views • 31 slides
Goals Today IT420: Database Management Reminder IT/CS Dinner Meal Registration and

Goals Today IT420: Database Management Reminder IT/CS Dinner Meal Registration and

Goals Today IT420: Database Management Reminder IT/CS Dinner Meal Registration and Organization Storing and Checking Passwords Sessions Session Control in PHP (Chapter 22 PHP and MySQL Web Development) Authentication Step 1:

392 views • 4 slides

More recommend