mikro sina
play

Mikro-SINA Bastei's stacked policies Overlay window management - PDF document

Aug 09, 2023 •264 likes •347 views

So far ... Faculty of Computer Science Institute for System Architecture, Operating Systems Group Basics Device Drivers Real time Naming Secure Systems Resource Management Stefan Kalkowski Virtualization / Legacy

  1. So far ... Faculty of Computer Science Institute for System Architecture, Operating Systems Group • Basics • Device Drivers • Real time • Naming Secure Systems • Resource Management Stefan Kalkowski • Virtualization / Legacy Container • Secure Systems Dresden, 2008-01-08 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 2 von 39 Outline • Secure Systems: ● Detailed example: Mikro-SINA ● Definitions ● Security policies Mikro-SINA ● Bastei's stacked policies ● Overlay window management ● Demo TU Dresden, 2008-01-08 MOS - Secure Systems Slide 3 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 4 von 39 Secure Internet Network Architecture SINA Box • VPN based security architecture by 'Bundes- • Minimized & hardened Linux amt für Sicherheit in der Informationstechnik' • IPSec and PKI • Intrusion detection & response • Complex real world scenario TU Dresden, 2008-01-08 MOS - Secure Systems Slide 5 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 6 von 39

  2. Linux complexity Project Mikro-SINA • Linux is complex! • Goals: ● Reduce Trusted Computing Base of VPN • SLOC for kernel 2.6.18 gateway ● All: 4.983.723 ● Enable high level evaluation (e.g.: Common ● Architecture specific: 817.880 Criteria) ● x86 specific: 55.463 • Objectives: ● Driver code: 2.365.256 ● Confidentiality and integrity of sensitive ● Common: 1.800.587 network data inside the VPN • Running kernel > 2 millions lines of code • Exploit microkernel features • Minimized & hardened version > 500.000 LOC TU Dresden, 2008-01-08 MOS - Secure Systems Slide 7 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 8 von 39 IPSec – the heart of VPN security Easy approach • IPSec is a protocol suite for securing the • Use paravirtualized L4Linux as a tool Internet protocol • Identify the security relevant parts in the • Authentication header insecure application and separate them ● Guarantees integrity Application • 'Viaduct' is used for authentication, key and authentication management and en- and decryption TCP/UDP • Encapsulating Security L 4 Linux L 4 Linux Payload IP ● Also confidentiality TCP/IP IPSec TCP/IP „Viaduct“ • Two different modes IPSec IPSec ● Tunnel vs. transport Data Link Layer Fiasco Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 9 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 10 von 39 Viaduct in details Fragmentation of IP packets • IP packets must be passed to the Viaduct • Encrypted IP packets get fragmented ● Use TUN/TAP driver in Linux to tunnel IP ● Problem for decryption • IP packets have to be unfragmented before they are passed to the Viaduct L 4 Linux TCP/IP μ-SINA μ-SINA Viaduct Gateway Gateway IP router IP router L4Linux Viaduct L4Linux Viaduct eth0 l4tun0 Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 11 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 12 von 39

  3. Let Linux do the dirty work ... What about confidentiality? • Register new transport protocol • L4Linux is untrusted ● but handles encrypted and unencrypted data • IP stack will unfragment IP packets • Use a second L4Linux instance ● Each L4Linux instance drives its own ethernet L 4 Linux card exclusively AH/ESP TCP/IP Viaduct Internet LAN Viaduct L 4 Linux L 4 Linux eth0 l4tun0 eth0 eth1 Fiasco Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 13 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 14 von 39 Mikro-SINA so far Mikro-SINA: Multi Level Security • 'Outer' L4Linux instance handles encrypted • Different security levels for data from different data only organizational levels • 'Inner' L4Linux instance handles unencrypted • Use an own L4Linux instance for each level, data and cannot communicate to the other that handle the unencrypted data instance or the 'outgoing' network device L 4 Linux Internet Viaduct LAN L 4 Linux L 4 Linux L 4 Linux Viaduct L 4 Linux L 4 Linux eth0 eth1 eth0 Fiasco Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 15 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 16 von 39 Reduce untrusted code size Techniques • Do we need two L4Linux instances for a VPN • Fine grained isolation  Microkernel feature gateway?  Linux user level, process management,  Enables implementation of principle of least scheduling, file systems etc. are not necessary privilege • Use FLIPS (Flexible IP Stack): standalone • Minimize complexity of TCB for security TCP/IP stack relevant code  Split applications in security relevant and nonrelevant parts Viaduct  Use trusted wrappers (e.g.: Viaduct) FLIPS FLIPS  Minimize common code (microkernel approach) eth0 eth1 • Usage of legacy code Fiasco TU Dresden, 2008-01-08 MOS - Secure Systems Slide 17 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 18 von 39

  4. Nizza - security architecture • Beyond Mikro-SINA: greater vision Nizza Terms & Models Common secure platform TU Dresden, 2008-01-08 MOS - Secure Systems Slide 19 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 20 von 39 Secure system Policy and Mechanism Secure System * : Security Policy:  A secure system is a system that starts in an  A security policy is a statement of what is, and authorized state and cannot enter an what is not allowed.  e.g.: SELinux policy, pagetable, /etc/passwd unauthorized state. Security Policy * : Security Mechanism:  A security policy is a statement that partitions  A security mechanism is a method, tool, or the states of the system into a set of procedure for enforcing a security policy authorized, or secure, states and a set of  e.g.: Capabilities, paging hardware unauthorized, or nonsecure, states. * Matt Bishop: Computer Security – Art and Science TU Dresden, 2008-01-08 MOS - Secure Systems Slide 21 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 22 von 39 Formal security model: Bell-LaPadula Formal security model: Bell-LaPadula • Subjects and objects have a security label , • Example: Label L 1 : (Topsecret, {National}) consisting of a security level and category set dominates L 2 (Secret, {}) • A security label dominates another one, if its • Simple Security Condition: S can read O if S security level is greater or equal than the dominates O (no reads up) other one and its category set is a superset of • *-Property: S can write to O if and only if O the other one dominates S (no writes down) Top Secret {National,Foreign} Secret {National} {Foreign} Confidential {} Unclassified TU Dresden, 2008-01-08 MOS - Secure Systems Slide 23 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 24 von 39

  5. Bell-LaPadula summary More flexible security models • Information flow policy, that preserves • Type Enforcement  Subjects and objects have types confidentiality  Types can be compounded to other types • Very simple model, proof of model's security  Explicit rules state what types can access properties is also trivial (read, write) what other types • No integrity concerns in the model (use Biba) • Very general model • Problem: information flows only in one • In general: its more hard to prove specific direction security properties in such a policy  A lot of underlying system software (e.g. device drivers) has to be used by all different • SELinux is an example for TE in practice security levels  Mostly these parts are excluded from the model TU Dresden, 2008-01-08 MOS - Secure Systems Slide 25 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 26 von 39 SELinux Decompose security policies • Developed by the NSA • Szenario: Content Management System + typical web services • Based on Linux Security Modules (LSM) TCP/IP User User Web • Linux functionality leads to complex security Document Passwd SSL Stack Alice Bob Getty Store Auth Auth policy • Standard (NSA) policy Content Ethernet Intel 100 TPM 1000 Card Pro System  over 300 domains TCP/IP Mailserver Webserver DNS  ~ 50.000 rules Stack PCI Host LPC ATA Driver Controller Controller  Tools might help to keep the overview Audit DMZ • Problem: monolithic kernel leads to monolithic Device Manager reference monitor with one big policy inside Init TU Dresden, 2008-01-08 MOS - Secure Systems Slide 27 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 28 von 39 Decompose security policies Use Bastei sessions • Application specific policy stack • In Bastei every task dominates its children with respect to sessions outside the child's • Diverse security policy types can be combined own subtree TCP/IP User User Web Document Passwd SSL Stack Alice Bob Getty Store Auth Auth • Eases up multilateral security Grand- – Every organization unit can Child integrate its own policy Ethernet Intel 100 TE + TPM Roles 1000 Card Pro dominates first policy TCP/IP decision Mailserver Webserver DNS Stack Child 1 Child 2 ATA PCI Host LPC Controller Controller Driver dominates Audit iptables second policy just ACM decision do it! Init ACM TU Dresden, 2008-01-08 MOS - Secure Systems Slide 29 von 39 TU Dresden, 2008-01-08 MOS - Secure Systems Slide 30 von 39

Recommend

mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc & Julien

mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc & Julien

mikro - Introducing a C ++ Mikro Kernel Victor Aperc & Julien Freche Introduction Kernel types mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc & Julien Freche considerations Features and

642 views • 49 slides
Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 |

Perimeter Intrusion Detection Mikro Tek Detection Technologies Ltd | +44 (0) 1773 744750 | info@detection-technologies.com | www.detection-technologies.com Mikro Tek Key Advantages One analyzer - up to 300m detection range! A single Mikro Tek

874 views • 6 slides
mikro - Multiprocessor Init in Kernel CPU init Percpu variables Conclusion Julien Freche

mikro - Multiprocessor Init in Kernel CPU init Percpu variables Conclusion Julien Freche

mikro - Multiprocessor Init in Kernel Julien Freche Introduction Interruptions mikro - Multiprocessor Init in Kernel CPU init Percpu variables Conclusion Julien Freche julien.freche@lse.epita.fr http://lse.epita.fr/ Outline I mikro -

543 views • 39 slides
Southside Institutions Neighborhood Alliance (SINA) SINA is a partnership between three anchor

Southside Institutions Neighborhood Alliance (SINA) SINA is a partnership between three anchor

Southside Institutions Neighborhood Alliance (SINA) SINA is a partnership between three anchor institutions, the Connecticut Childrens Medical Center, Hartford Hospital and Trinity College Incorporated as a 501 (c) (3) in 1978

451 views • 27 slides
BANK WAKAF MIKRO AHMAD BUCHORI Triyono Advisor Strategic Committee What is Bank Wakaf Mikro

BANK WAKAF MIKRO AHMAD BUCHORI Triyono Advisor Strategic Committee What is Bank Wakaf Mikro

BANK WAKAF MIKRO AHMAD BUCHORI Triyono Advisor Strategic Committee What is Bank Wakaf Mikro (BWM)? Mi c r o Wa q f B a n k o r B a n k Wa k a f Mi k r o ( B WM) i s a b r a n d i n g n a me o f I s

376 views • 9 slides
pathophysiology Prof. Sina Aziz PhD (Paediatrics) KMDC/ASH 6/30/2012 PNDS/sina aziz 1

pathophysiology Prof. Sina Aziz PhD (Paediatrics) KMDC/ASH 6/30/2012 PNDS/sina aziz 1

IBD (Inflammatory bowel disease) pathophysiology Prof. Sina Aziz PhD (Paediatrics) KMDC/ASH 6/30/2012 PNDS/sina aziz 1 Contents of this presentation GI anatomy Prevalence of IBD IBD definition layman IBS and IBD Signs

613 views • 37 slides
Color perception SINA 11/12 Color adds another dimension to visual perception

Color perception SINA 11/12 Color adds another dimension to visual perception

Color perception SINA 11/12 Color adds another dimension to visual perception Enhances our visual experience Increase contrast between objects of similar lightness Helps recognizing objects SINA 11/12 However, it

728 views • 47 slides
Color perception SINA 08/09 Color adds another dimension to visual perception

Color perception SINA 08/09 Color adds another dimension to visual perception

Color perception SINA 08/09 Color adds another dimension to visual perception Enhances our visual experience Increase contrast between objects of similar lightness Helps recognizing objects SINA 08/09 However, it

448 views • 44 slides
Clinicopathologic Conference (CPC) (Neurology) Sina Hospital Tehran 95/8/18 Presentation of

Clinicopathologic Conference (CPC) (Neurology) Sina Hospital Tehran 95/8/18 Presentation of

Clinicopathologic Conference (CPC) (Neurology) Sina Hospital Tehran 95/8/18 Presentation of Case A 63-year-old, right-handed woman was transferred from a local hospital to our neurological unit after a witnessed generalized tonic-clonic

243 views • 5 slides
Affordable Deep Learning on the Cloud The Perks of Being a (KTH) Student Sina Sheikholeslami

Affordable Deep Learning on the Cloud The Perks of Being a (KTH) Student Sina Sheikholeslami

Affordable Deep Learning on the Cloud The Perks of Being a (KTH) Student Sina Sheikholeslami Distributed Computing Group KTH Royal Institute of Technology November 8, 2019 KTH ID2223 Scalable ML & DL sinash@kth.se This session is about

744 views • 15 slides
Connectedness and inverse limits with set-valued functions on intervals Sina Greenwood

Connectedness and inverse limits with set-valued functions on intervals Sina Greenwood

Connectedness and inverse limits with set-valued functions on intervals Sina Greenwood Coauthors: Judy Kennedy and Michael Lockyer July 25, 2016 Outline CC-sequences and components bases Applications of component bases Large and

705 views • 31 slides
Satisfaction Algorithm for Dynamic Reconfiguration Sina Entekhabi Ahmet Serkan Karata Halit O

Satisfaction Algorithm for Dynamic Reconfiguration Sina Entekhabi Ahmet Serkan Karata Halit O

An Incremental Constraint Satisfaction Algorithm for Dynamic Reconfiguration Sina Entekhabi Ahmet Serkan Karata Halit O uztzn ODT, Ankara IZTECH Dependability, 8 May 2017 Supported by TBTAK -ARDEB-1001 program under project

659 views • 31 slides
Asynchronous Hyperparameter Tuning and Ablation Studies with Apache Spark Sina Sheikholeslami

Asynchronous Hyperparameter Tuning and Ablation Studies with Apache Spark Sina Sheikholeslami

Asynchronous Hyperparameter Tuning and Ablation Studies with Apache Spark Sina Sheikholeslami Distributed Computing Group, KTH Royal Institute of Technology @cutlash CASTOR Software Days 2019 October 16 2019 sinash@kth.se The Machine

891 views • 43 slides
DETECTION USING SENTENCE CORRELATIONS Muharram Mansoorizadeh and Taher Rahgooy Bu-Ali Sina

DETECTION USING SENTENCE CORRELATIONS Muharram Mansoorizadeh and Taher Rahgooy Bu-Ali Sina

PERSIAN PLAGIARISM DETECTION USING SENTENCE CORRELATIONS Muharram Mansoorizadeh and Taher Rahgooy Bu-Ali Sina University Hamedan, Iran Outline Plagiarism Detection The Proposed Approach Results and Discussion

297 views • 14 slides
Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018

Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018

Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018 1 / 15 Constrained Pseudorandom Functions [KPTZ13,BW13,BGI14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 / 15 Constrained

916 views • 60 slides
Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+ 1 May 2019 1 / 15 Zero Knowledge [GoldwasserMicaliRackoff85] Zero-knowledge (interactive) proof for language L : allows a prover P to

1.21k views • 89 slides
of Word Sense Alignment: Portuguese Language Resources Ana Salgado, Sina Ahmadi, Alberto Simes,

of Word Sense Alignment: Portuguese Language Resources Ana Salgado, Sina Ahmadi, Alberto Simes,

Challenges of Word Sense Alignment: Portuguese Language Resources Ana Salgado, Sina Ahmadi, Alberto Simes, John Philip McCrae, Rute Costa 7th Workshop on Linked Data in Linguistics: Building tools and infrastructure 23rd June 2020 This

548 views • 37 slides
Bose-Einstein condensation and a two-dimensional walk model Farhad H. Jafarpour Bu-Ali Sina

Bose-Einstein condensation and a two-dimensional walk model Farhad H. Jafarpour Bu-Ali Sina

Bose-Einstein condensation and a two-dimensional walk model Farhad H. Jafarpour Bu-Ali Sina University (BASU) Physics Department Hamedan Iran Collaborator: S. Zeraati F. H. Jafarpour (BASU) MPIPKS, LAFNES11 1 / 19 Motivation If we

810 views • 37 slides
Massive Address Datasets Department of Computer Science, Stony Brook University Sina Rashidian ,

Massive Address Datasets Department of Computer Science, Stony Brook University Sina Rashidian ,

Effective Scalable and Integrative Geocoding for Massive Address Datasets Department of Computer Science, Stony Brook University Sina Rashidian , Xinyu Dong, Amogh Avadhni, Prachi Poddar, Fusheng Wang November 2017 INTRODUCTION Open Data

644 views • 45 slides
Model Architectures and Training Techniques for High-Precision Landmark Localization Sina Honari

Model Architectures and Training Techniques for High-Precision Landmark Localization Sina Honari

Model Architectures and Training Techniques for High-Precision Landmark Localization Sina Honari Pavlo Molchanov Jason Yosinski Stephen Tyree Pascal Vincent Jan Kautz Christopher Pal KEYPOINT DETECTION / LANDMARK LOCALIZATION The problem

605 views • 37 slides
Hopsworks Dr. Jim Dowling Sina Sheikholeslami Nov 2019 Hopsworks Technical Milestones First

Hopsworks Dr. Jim Dowling Sina Sheikholeslami Nov 2019 Hopsworks Technical Milestones First

Hopsworks Dr. Jim Dowling Sina Sheikholeslami Nov 2019 Hopsworks Technical Milestones First non-Google ML Worlds fastest Worlds First Worlds first Hadoop Platform with HDFS Published at Open Source Feature platform to support

989 views • 35 slides
Spectral Synthesis in Fourier Algebras of Double Coset Hypergroups (joint work with Sina

Spectral Synthesis in Fourier Algebras of Double Coset Hypergroups (joint work with Sina

Spectral Synthesis in Fourier Algebras of Double Coset Hypergroups (joint work with Sina Degenfeld-Schonburg and Rupert Lasser, Technical University of Munich) Eberhard Kaniuth University of Paderborn, Germany Granada, May 20, 2013 Eberhard

283 views • 27 slides
BenutzBar An Interactive Cocktail Menu By Sina Busch & Carsten Meier Interaction Engineering

BenutzBar An Interactive Cocktail Menu By Sina Busch & Carsten Meier Interaction Engineering

BenutzBar An Interactive Cocktail Menu By Sina Busch & Carsten Meier Interaction Engineering Summer term 2015 Prof. Dr. Michael Kipp Motivation Motivation Ordering drinks at a cocktail bar exactly as it has been for decades

610 views • 16 slides
through Indigenous Self-Governance in BC, Canada By Elle Sina Raanes Srensen Wetsuweten

through Indigenous Self-Governance in BC, Canada By Elle Sina Raanes Srensen Wetsuweten

Indigenous Sovereignty: Redefining Colonial Perceptions of Sovereignty through Indigenous Self-Governance in BC, Canada By Elle Sina Raanes Srensen Wetsuweten 1) How do settler states assert sovereignty over Indigenous nations,

838 views • 8 slides

More recommend