i f information security ti s it cs 526
play

I f Information Security ti S it CS 526 Lecture 20 UMIP & - PowerPoint PPT Presentation

Dec 21, 2022 •101 likes •517 views

I f Information Security ti S it CS 526 Lecture 20 UMIP & IFEDAC CS526 Spring 2009/Lecture 20 1 Access Control Check Access Control Check Given an access request, return an access control decision based on the policy allow / deny

  1. I f Information Security ti S it CS 526 Lecture 20 UMIP & IFEDAC CS526 Spring 2009/Lecture 20 1

  2. Access Control Check Access Control Check • Given an access request, return an access control decision based on the policy – allow / deny allow / deny Access Control A Request q Allow / Deny / y Check The Policy CS526 Spring 2009/Lecture 20 2

  3. Access Request Access Request • Examples E l – Operating system: process A wants to read file B – Browser: the script in webpage X wants to access webpage Y Browser: the script in webpage X wants to access webpage Y • A request – Subject: the entity who issues the request • A piece of code • E g E.g., a process in operating systems, a webpage in browsers a process in operating systems a webpage in browsers – Action: object + access mode • Check whether the subject has the privilege to perform the action based on the policy action, based on the policy CS526 Spring 2009/Lecture 20 3

  4. Policy Policy • Grant privileges to principals • Examples of principals – Operating system: user accounts CS526 Spring 2009/Lecture 20 4

  5. The Gap The Gap • A request: a subject wants to perform an action • The policy: each principal has a set of privileges • To fill the gap between the subjects and the principals – relate the subject to the principals CS526 Spring 2009/Lecture 20 5

  6. Origin Origin • The origins of a request – The set of principals on whose behalf the subject is executing at the time when the request is issued time when the request is issued • Origin links the subjects with the principals g j p p – The origins cause the subject to issue the request – The origins should be responsible for the request • Check whether the origins have the privilege to perform the action based on the policy ti b d th li CS526 Spring 2009/Lecture 20 6

  7. Identifying the Origins Identifying the Origins • Properly identifying the origins is critical to making correct P l id if i h i i i i i l ki access control decisions • Some real ‐ world access control systems are vulnerable because of their limitations in identifying the origins – Incompleteness • E amine t o real • Examine two real ‐ world access control systems orld access control s stems – DAC in the operating system – SoP in the browser • Propose enhancements CS526 Spring 2009/Lecture 20 7

  8. Discretionary Access Control (DAC) Discretionary Access Control (DAC) • Implemented in almost all modern operating systems • No precise definition N i d fi iti • Features – Restrict access based on the identity of subjects R t i t b d th id tit f bj t – Each object has a unique owner – Owner decides who can access O e dec des o ca access CS526 Spring 2009/Lecture 20 8

  9. Origins in DAC Origins in DAC • Principals – User accounts • The origin of a request – The user account who starts the subject process The user account who starts the subject process – E.g., euid in UNIX – invoker CS526 Spring 2009/Lecture 20 9

  10. DAC is NOT enough DAC is NOT enough • Vulnerable to Trojan Horses – Malicious software • When a user executes a Trojan program – The origin in DAC: the victim user The origin in DAC: the victim user – The process (adversary) gains the victim user’s privileges CS526 Spring 2009/Lecture 20 10

  11. DAC is NOT enough (cont’) DAC is NOT enough (cont ) • Vulnerable to buggy software – The adversary can exploit the vulnerability and inject malicious code • When a program is exploited – The origin is the invoker The origin is the invoker – The injected code gains the invoker’s privileges • Server daemons are attractive targets – commonly vulnerable – Started by administrator CS526 Spring 2009/Lecture 20 11

  12. Why DAC is vulnerable? Why DAC is vulnerable? • Implicit assumptions – Software are benign, i.e., behave as intended – Software are correct, i.e., bug ‐ free Software are correct i e bug free • The reality The reality – Malware are popular – Software are vulnerable CS526 Spring 2009/Lecture 20 12

  13. Why DAC is Vulnerable? (cont ) Why DAC is Vulnerable? (cont’) • Fundamental reason – A single invoker is not enough to capture the origins of a process • When the program is a Trojan – The program ‐ provider should be responsible for the requests Th id h ld b ibl f th t • When the program is vulnerable When the program is vulnerable – It may be exploited by input ‐ providers – The requests may be issued by injected code from input ‐ providers CS526 Spring 2009/Lecture 20 13

  14. Usable Mandatory Integrity Protection (UMIP) Usable Mandatory Integrity Protection (UMIP) • Preserve host integrity against the remote adversary – Remote exploitation – Downloaded malware Downloaded malware • Idea: add an integrity level to the origin of a process Idea: add an integrity level to the origin of a process – Either high or low • Low integrity means the process may have been contaminated – be exploited by remote attackers – executing a downloaded malware CS526 Spring 2009/Lecture 20 14

  15. Basic UMIP Model Basic UMIP Model • Each process is associated with one bit to denote its integrity level, either high or low – A process having low integrity level might have been contaminated • A low integrity process by default cannot perform any sensitive • A low ‐ integrity process by default cannot perform any sensitive operations that may compromise the system • Three questions – How to do process integrity tracking? – What are sensitive operations? – What kinds of exceptions do we need? CS526 Spring 2009/Lecture 20 15

  16. Process Integrity Tracking Process Integrity Tracking • Based on information flow CS526 Spring 2009/Lecture 20 16

  17. Sensitive Operations: File Access Sensitive Operations: File Access • Asking users to label all files is a labor intensive and error ‐ prone process • Our Approach: Use DAC information to identify sensitive files • Read ‐ protected files – Owned by system accounts and not readable by world y y y – E.g., /etc/shadow • Write ‐ protected files W i d fil – Not writable by world – Including files owned by non ‐ system accounts Including files owned by non system accounts CS526 Spring 2009/Lecture 20 17

  18. Sensitive Operations: Capabilities Sensitive Operations: Capabilities • Sensitive non ‐ file operations – E.g., loading a kernel module, administration of IP firewall, … • Using the Capability system – Break the root privileges down to smaller pieces Break the root privileges down to smaller pieces – In Linux Kernel 2.6.20, 31 different capabilities • Identify each capability as one kind of sensitive non ‐ file operation CS526 Spring 2009/Lecture 20 18

  19. Exception Policies: Process Integrity Tracking Exception Policies: Process Integrity Tracking Default policy for process integrity tracking Default policy for process integrity tracking • • Exceptions: Exceptions: • Examples p • – RAP programs: SSH Daemon – LSP programs: X server, desktop manager – FPP programs: vim, cat FPP i t CS526 Spring 2009/Lecture 20 19

  20. Exception Policies: Low ‐ integrity Processes Performing Sensitive Operations • Some low ‐ integrity processes need to perform sensitive S l i i d f i i operations normally • Exception: • Examples: – FTP Daemon Program: /usr/sbin/vsftpd / / bi / f d – Use capabilities: CAP_NET_BIND_SERVICE, CAP_SYS_SETUID CAP SYS SETGID, CAP SYS CHROOT _ _ , _ _ – Read read ‐ protected files: /etc/shadow – Write write ‐ protected files: /etc/vsftpd, /var/log/xferlog CS526 Spring 2009/Lecture 20 20

  21. Implementation & Performance Implementation & Performance • Implemented using Linux Security Module • Implemented using Linux Security Module – no change to Linux file system • Performance – Use the Lmbench 3 and the Unixbench 4.1 benchmarks – Overheads are less than 5% for most benchmark results CS526 Spring 2009/Lecture 20 21

  22. Usability Evaluation Usability Evaluation • Experimental Settings – Establish a server with Fedora Core 5 – Enable UMIP implementation during system boot Enable UMIP implementation during system boot – Install several commonly used services • E.g., http, ftp, samba, svn, smtp, ntp, … g , p, p, , , p, p, • Results – The system works with a small and easily ‐ understood policy – The system has been used by our group for about one year – With the policy, remote administration through SSH and X h h l d h h d administration are enabled CS526 Spring 2009/Lecture 20 22

  23. Evaluation: Part of the Sample Policy Evaluation: Part of the Sample Policy CS526 Spring 2009/Lecture 20 23

  24. Limitations of UMIP Limitations of UMIP • Policy Model in UMIP – Trust the local users – Defeat remote attackers Defeat remote attackers • Local users are not trustworthy Local users are not trustworthy – Multi ‐ user systems – User may exploit vulnerabilities CS526 Spring 2009/Lecture 20 24

  25. Revisit: The Origins of a Process Revisit: The Origins of a Process • DAC DAC – Origin: the invoker • Who may control a process? – Invoker – Program provider – Input provider • UMIP – Add the program ‐ provider and input ‐ providers to the origins – High / Low: whether it comes from network or has received network input • Information Flow Enhanced DAC • Information Flow Enhanced DAC CS526 Spring 2009/Lecture 20 25

Recommend

Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

778 views • 22 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security

The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security

The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security Aside from Fame, Fortune and the Pursuit of Members of the Appropriate Sex What is Information Security? 1. Information Integrity Persistence

543 views • 11 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

291 views • 10 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

460 views • 8 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

357 views • 12 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

264 views • 24 slides
Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1 Outline The lectures I will give Information Security events in the media What is Information Security? Recap Study for next

749 views • 45 slides
CS6265: Information Security Lab Taesoo Kim 2 CS6265: Information Security Lab A special

CS6265: Information Security Lab Taesoo Kim 2 CS6265: Information Security Lab A special

1 CS6265: Information Security Lab Taesoo Kim 2 CS6265: Information Security Lab A special course: supervised, hands-on laboratory Designed for seniors and above (including InfoSec MS, fresh PhDs) Prerequisite: OS, system

404 views • 26 slides
Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne

Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne

Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne University Maureen Bertocci, Director of Information Security @ Robert Morris University What is C-CUE C-CUE is a Western-PA regional association of

433 views • 11 slides
Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information Security Services Mark Martens Security Risk Management Analyst 1 Areas for Review Commonwealth ISO Certification IT Security

832 views • 40 slides
INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 1 - Elements of Information Theory Matthieu Bloch December 2, 2019 1 CONTEXT AND OBJECTIVES CONTEXT AND OBJECTIVES Context Security is an increasingly problematic

480 views • 27 slides
Information Security Recent UK experiences Paul J Jackson Information Security and Legal

Information Security Recent UK experiences Paul J Jackson Information Security and Legal

Information Security Recent UK experiences Paul J Jackson Information Security and Legal Services Division ONS Timeline 18 October 2007 25m records sent to National Audit Office On 2 unencrypted CDs Sent in standard internal

893 views • 46 slides
Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu Everyone has a role in securing their part of cyberspace, including the devices and networks they use. Todays Topics Impact on Universities

936 views • 59 slides
Information Security Forum Fall 2018 Gary McCrillis & Jon Vazquez Information Security

Information Security Forum Fall 2018 Gary McCrillis & Jon Vazquez Information Security

Information Security Forum Fall 2018 Gary McCrillis & Jon Vazquez Information Security Analysts, Cal Poly Information Security Office 9/28/18 1 Better Passwords, with 9/28/18 2 Ninjio Video 9/28/18 3 Passwords Are (Still) Hard

387 views • 10 slides
INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 4 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 4 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 4 - Elements of Information Theory Matthieu Bloch December 5, 2019 1 SOURCE CODING SOURCE CODING One-shot source coding with side information Coding consists of encoder

237 views • 6 slides
INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 2 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 2 - Elements of Information

INFORMATION-THEORETIC SECURITY INFORMATION-THEORETIC SECURITY Lecture 2 - Elements of Information Theory Matthieu Bloch December 3, 2019 1 TOOLS: TOOLS: CONCENTRATION INEQUALITIES CONCENTRATION INEQUALITIES Lemma (Markov's inequality) Let

340 views • 14 slides
Document Hierarchy of Information Security Corporate Security Policy Policy General commitment

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment to Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard

355 views • 8 slides
Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012 Introduction

353 views • 12 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Information Theory and Security: Quantitative Information Flow Pasquale Malacaria

Information Theory and Security: Quantitative Information Flow Pasquale Malacaria

Information Theory and Security: Quantitative Information Flow Pasquale Malacaria pm@dcs.qmul.ac.uk School of Electronic Engineering and Computer Science Queen Mary University of London Information Theory and Security: Quantitative Information

835 views • 54 slides
Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the

Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the

Information Security A Fresh Approach [Based on material from Kevin Day's book: Inside the Security Mind: Making the Tough Decisions , Prentice-Hall, 2003, ISBN: 0-13-111829-3] Why? Why concentrate on Information Security (or IT Security) when

152 views • 11 slides

More recommend