Upload
raj-desai
View
213
Download
0
Embed Size (px)
DESCRIPTION
Introductions to operating system
Citation preview
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 1/36
95-752:6-1
Operating System Security
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 2/36
95-752:6-2
Users
• UNIX user -> username -> uid uid is systems rea! name "#r user
integer $ %%% 655&6 '(aries in s#me systems)
mapping is in *etc*pass+d
s,imea!!::5$$&:2$:.im:*users*s,imea!!:cs,
• /#re t,an #ne username may map t# a uid
0esired "#r s#me system purp#ses 'pr#gram tracing) r#3!em "#r #rdinary users 'c#n"used "i!e #+ners,ip)
Security pr#3!em ',acer maes dup!icate uid acc#unt)
• .emp#rary uid c,ange: su
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 3/36
95-752:6-&
4r#ups
• User - #ne #r m#re gr#ups
• 4r#up - er# #r m#re users
Used "#r "i!e permissi#ns 0e"ined 3y *etc*gr#ups and net+#r s,aring s#"t+are
ypcat gr#up%3yname
gid - integer system name "#r gr#up 'genera!!y uniue)
• isted "#r indi(idua! users +it, gr#ups• 8,ange gr#up #" "i!e +it, c,grp
c,grp ne+gr#up my"i!e
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 4/36
95-752:6-
S.UI0 and S.4I0
• Specia! mec,anisms: temp#rari!y use a uid #r gidduring t,e e;ecuti#n #" a pr#gram)
• art #" m#de 3its s in user ; "ie!d - setuid
s in gr#up ; "ie!d - setgid
• .# 3e e""ecti(e< 3#t, s and ; must 3e set
c,m#d a=; mypr#g c,m#d u=s mypr#g
c,m#d 755 mypr#g
• ?@NIN4: #ts #" su3t!e security ,#!esA
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 5/36
95-752:6-5
0anger#us ?cc#unts
• r##t superuser
• #pen< guest< p!ay< n#3#dy - c#urtesy
acc#unts
• ?cc#unts +it,#ut pass+#rds
• uucp< sync< psp - sing!e-c#mmand
acc#unts
• 4r#up acc#unts
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 6/36
95-752:6-6
User #!icy• @estricting access
c#mmands
"i!e access
!#gin times
net+#r access
termina! access
• Inacti(e users 0etecti#n
ass+#rd c,ange
#cing 'c,ange s,e!!)
0e!eti#n 'a"ter 3acup)
• U!timate!y - need mu!ti!e(e! security
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 7/36
95-752:6-7
/u!ti!e(e! Security
• Users +it, di""erent needs t# n#+ s,aring
c#mputer #r net+#r
• I" d#nBt need t# n#+ s,#u!dnBt e(en 3e
a3!e t# determine i" in"#rmati#n e;ists
• S,#u!d 3e a3!e t# "i!ter "uncti#na!ity 3ased
#n a!!#+a3!e in"#rmati#n
• /andat#ry and 0iscreti#nary pr#tecti#ns
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 8/36
95-752:6-C
/#nit#r /#de!
• 4enera! Sc,ema: .aes userDs reuest%
8#nsu!ts access c#ntr#! in"#rmati#n%
?!!#+s #r disa!!#+s reuest%
• ?d(antages asy t# imp!ement%
asy t# understand
• 0isad(antages E#tt!enec in system
8#ntr#!s #n!y direct accesses 'n#t in"erences)
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 9/36
95-752:6-9
4ra,am-0enning /#de!• Intr#duces pr#tecti#n ru!es t,at #perate #n:
? set #" su3Fects S
? set #" #3Fects O
? set #" rig,ts @
?n access c#ntr#! matri;
Su3Fects S1 S2 O1 O2
s1 8#ntr#! @ead O+ner read
s2 8#ntr#! O+ner
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 10/36
95-752:6-1$
4ra,am-0enning @ig,ts
ig,t primiti(e pr#tecti#n rig,ts
create< de!ete #3Fect
create< de!ete su3Fect
read< grant< de!ete< trans"er access rig,t
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 11/36
95-752:6-11
/i!itary Security /#de!
• In"#rmati#n is raned: Unc!assi"ied
8#n"identia!
Secret
.#p Secret
• east ri(i!ege: Su3Fect s,#u!d ,a(e access t# "e+est#3Fects needed "#r success"u! +#r
.,e system 3acup pr#gram may 3e a!!#+ed t# 3ypass readrestricti#ns #n "i!es< 3ut it +#u!d n#t ,a(e t,e a3i!ity t#m#di"y "i!es%
Need t# Gn#+H
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 12/36
95-752:6-12
8#mpartmenta!iati#nIn"#rmati#n may 3e!#ng t# #ne #r m#re
c#mpartments8#mpartments are used t# en"#rce need-t#-n#+%
• 8!assi"icati#n #" In"#rmati#n:ranJ c#mpartments>
• 8!earance: ranJ c#mpartments> an indicati#n #" a !e(e! #" trust
• ? su3Fect can access an #3Fect #n!y i"
.,e c!earance !e(e! #" t,e su3Fect is at !east as ,ig, ast,at #" t,e in"#rmati#n%
.,e su3Fect ,as a need t# n#+ a3#ut a!! c#mpartments"#r +,ic, t,e in"#rmati#n is c!assi"ied%
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 13/36
95-752:6-1&
In"#rmati#n K!#+ /#de!s
• ?cts as an inte!!igent "i!ter t# c#ntr#! t,e
trans"er #" in"#rmati#n permitted 3y access
t# a particu!ar #3Fect%
• In"#rmati#n "!#+ ana!ysis can assure t,at
#perating system m#du!es t,at ,a(e access
t# sensiti(e data cann#t !ea t,at data t#ca!!ing m#du!es%
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 14/36
95-752:6-1
Ee!!-aadu!a /#de!• ? "#rma! descripti#n #" t,e a!!#+a3!e pat,s #"
in"#rmati#n "!#+ in a secure system% ?pp!ies #n!y t# pri(acy
Identi"ies pat,s t,at c#u!d !ead t# inappr#priate
disc!#sures%
Is used as t,e 3asis "#r t,e design #" systems t,at
,and!e data #" mu!tip!e !e(e!s%
Inc!udes 3#t, discreti#nary and mandat#ry access ru!es
• E- 0iscreti#nary ?ccess 8#ntr#! Uses ?ccess /atri; simi!ar t# 4ra,am-0enning /#de!
Inc!udes "uncti#ns "#r dea!ing +it, t,e access matri;%
E !! d ! / d
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 15/36
95-752:6-15
Ee!!-aadu!a /andat#ry
8#ntr#!s
• Ki;ed security c!asses "#r eac, su3Fect andeac, #3Fect
• Security c!asses #rdered 3y a re!ati#n
.ranui!ity c#nstraint pre(ents access c!asses #"#3Fects "r#m c,anging
• Simp!e Security r#perty
• r#perty
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 16/36
95-752:6-16
Ee!!-aadu!a r#perties
Simp!e Security r#perty:
• Su3Fect may ,a(e read access #n!y i" #3Fect
c!assi"ied at same !e(e! #r !#+er%
- r#perty
• Su3Fect may ,a(e +rite access #n!y i" a!!
#3Fects read are at same !e(e! #r ,ig,er t,an
#3Fect t# 3e +ritten%
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 17/36
95-752:6-17
Ei3a /#de!
• 8#ncerned +it, integrity rat,er t,an
secrecy%
• 0e"ines integrity !e(e!s muc, !ie
sensiti(ity !e(e!s%
Ki;ed integrity c!asses "#r eac, su3Fect and
eac, #3Fect Ordered integrity c!asses
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 18/36
95-752:6-1C
Ei3a r#perties
Simp!e Integrity r#perty:
• Su3Fect can m#di"y #3Fect #n!y i" integrity c!ass at
!east as ,ig, as t,e #3Fect% 'untrusted su3Fectsreduce integrity c!ass +,en +riting)
- r#perty:
• Su3Fects may ,a(e +rite access #n!y i" t,e
integrity #" #3Fects t,ey are reading is at !east as,ig, as t,e #3Fect t# 3e +ritten% 'untrusted s#urcesreduce integrity #" resu!ts)
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 19/36
95-752:6-19
Integrity reser(ati#n
? ,ig, integrity "i!e is #ne +,#se c#ntents arecreated 3y ,ig,-integrity pr#cesses%
• ,ig,-integrity "i!e cann#t 3e c#ntaminated 3yin"#rmati#n "r#m !#+-integrity pr#cesses%
• ,ig,-integrity pr#cess cann#t 3e su3(erted 3y !#+integrity pr#cesses #r data%
.,e integrity c!ass !a3e! #n a "i!e guarantees t,at t,ec#ntents came #n!y "r#m s#urces #" at !east t,atdegree #" integrity%
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 20/36
95-752:6-2$
Secure Operating Systems
Easic Keatures #" a /u!tipr#gramming OS ?ut,enticati#n #" users%
r#tecti#n #" mem#ry%
Ki!e and I*O de(ice access c#ntr#!%
?!!#cati#n and access c#ntr#! t# genera! #3Fects%
n"#rcement #" s,aring%
4uarantee #" "air ser(ice%
Interpr#cess c#mmunicati#n and sync,r#niati#n%
•Easic 8#nsiderati#ns Security must 3e c#nsidered in e(ery aspect #" t,e
design #" #perating systems%
It is di""icu!t t# add #n security "eatures%
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 21/36
95-752:6-21
Easic 0esign rincip!es• east pri(i!ege - "e+est p#ssi3!e pri(i!eges "#r
user%• c#n#my #" mec,anism - sma!!< simp!e< straig,t
"#r+ard%
• Open design• 8#mp!ete mediati#n - c,ec e(ery access
• ermissi#n 3ased - de"au!t is denia! #" access%
• Separati#n #" pri(i!ege - n# sing!e super user%
• east c#mm#n mec,anism - a(#id s,ared #3Fects%
• asy t# use%
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 22/36
95-752:6-22
Security Gerne!• @esp#nsi3!e "#r imp!ementing t,e security
mec,anisms #" t,e entire #perating system%
• r#(ides t,e security inter"aces am#ng t,e
,ard+are< t,e #perating system< and t,e
#t,er parts #" t,e c#mputing system%• Imp!ementati#n #" a security erne!:
/ay degrade system per"#rmance '#ne m#re
!ayer)% /ay 3e !arge%
N# guarantees%
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 23/36
95-752:6-2&
Eacups
• Kirst !ine #" de"ense against denia!-#"-ser(ice andm#di"icati#n t,reats
• 0#nBt depend #n system 3acups "#r imp#rtant data• User 3acups
• ?dministrat#r 3acups: 0ay-er# 3acup
Upgrade 3acup Ku!! 3acup
Incrementa! 3acup
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 24/36
95-752:6-2
Eacup #!icy• One 3acup (#!ume per partiti#n
• .ime 3acup "#r rest#rati#n L#+ muc, +#r are +e +i!!ing t# !#seM
• eri"y 3acup at arc,i(e !#cati#n 8#ntent - n#t Fust "#rmat
nsure #perat#r training nsure arc,i(e en(ir#nment
• @#tate media Need m#re t,an m#st recent 3acup
• /aintain p,ysica! security #n 3acups
• /aintain !#gica! security #n 3acups
• Ee care"u! a3#ut !ega! issues #n 3acups
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 25/36
95-752:6-25
Integrity
• 8#mpr#mise #" integrity eua! t# c#mpr#mise #" pri(acy
• Integrity t,reats: 8,ange permissi#ns t# a!!#+ m#di"icati#n*reading
8,ange pass+#rd "i!e 8,ange de(ice * inter"ace c#n"igurati#ns
/#(e "i!es
@ep!ace system pr#grams +it, su3stitutes
@ep!ace !#g "i!es +it, sanitied (ersi#ns• 95 #" UNIX security incidents resu!t #"
misc#n"igurati#n
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 26/36
95-752:6-26
Integrity r#tecti#n Strategies
• re(enti#n
• 0etecti#n
• @ec#(ery
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 27/36
95-752:6-27
Uni; Operati#n /#des
• N#rma! Operating /#de:
?ny user !#gin
0i(erse c#mmand set
Net+#r #perati#ns
Imp#rt and e;p#rt "i!es• Sing!e User /#de:
Intended "#r system maintenance * "u!! 3acup
On!y r##t !#gin a!!#+ed
@estricted c#mmand set
N# net+#r #perati#ns
N# "i!e imp#rt*e;p#rt
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 28/36
95-752:6-2C
re(enti#n Strategies• S#"t+are 8#ntr#!s:
Ki!e permissi#ns
0irect#ry permissi#ns
@estricti#ns #n r##t access
• #+-!e(e! #perating system c#ntr#!s: Immuta3i!ity - #n!y c,ange in sing!e-user m#de
append - #n!y add t# "i!e< e;cept sing!e-user m#de
• Lard+are c#ntr#!s:
@ead-#n!y "i!e systems '80 @O/< O@/)
rite-pr#tect #pti#ns
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 29/36
95-752:6-29
0etecti#n Strategies• 8#mparis#n c#pies:
On read-#n!y media On standard media< rem#te st#rage
arge space< s!#+< e;pensi(e
• /etadata:
St#red !ist #" "i!es
at, t# "i!es
/#di"icati#n times
asy t# "##!
• 0igita! Signature ncrypt +it, pri(ate ey #" m#di"ier
Kast< sma!!< ,ard t# "##!< reuires e;tra +#r
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 30/36
95-752:6-&$
.@II@
• System t# c#mpute signatures #n a!! "i!es in
system
Eatc, m#de - c#mpare against st#red signatures P
rep#rt di""erences
Interacti(e m#de - c#mpare against st#red signatures P
c#n"irm updates
E#t, c#mmercia! and "ree+are pr#ducts
• 0etects:
8#rrupted "i!e systems Un!#gged administrat#r acti#ns
@ep!acement #" system pr#grams
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 31/36
95-752:6-&1
@ec#(ery Strategies
• @est#re "r#m 3acup - @#!!3ac '0ata #ss)
• I" data pr#3!em< may 3e a3!e t# rep!ay c,anges -
Se!ecti(e @#!!3ac 's#me data !#ss)• I" redundant "i!e system< (#te "i!e (ersi#ns -
/asing
• I" speci"ic c,anges "#und - c#rrect - @#!! "#r+ard
• In genera! -- t,e m#re detecti#n and pre(enti#n<
t,e easier t,e rec#(ery
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 32/36
95-752:6-&2
?uditing
• Insta!!ing security pr#tecti#n is #n!y a 3eginning
• Need t# m#nit#r systems
• /#nit#ring met,#ds: ?udits and #gs ?udit - acti(e scanning #" current state #" system
#g - rec#rd #" acti#ns taen in #perati#n #" system
•?udits #"ten use !#gs< and d# m#re
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 33/36
95-752:6-&&
#g Ki!e u!nera3i!ities
• ?!terati#n ?ppend m#de
N#n-re+rita3!e media 'print)
• 0e!eti#n N#n-re+rita3!e media
/#(e t# restricted !#g ,#st
8 !ined 3y seria! !ine
• K!##ding nsure !arge st#rage
@educe 3e"#re !#gging '!## "#r repeating patterns)
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 34/36
95-752:6-&
Sys!#g
• 4enera! purp#se !#gging uti!ity• ?ny pr#gram can generate sys!#g messages
S#cet c#nnect t# sys!#gd pr#cess .8 p#rt
• /essages t# "i!es< de(ices #r c#mputers
0ependent #n se(erity and ser(ice
• /essages mared +it, aut,enticati#n !e(e!
ern< user< mai!< !pr< aut,< dem#n< ne+s< uucp<
!#ca!$%%%!#ca!7< mar • /essages mared +it, pri#rity
emerg< a!ert< crit< err< +arning< n#tice< in"#< de3ug< n#ne
7/17/2019 Operating System
http://slidepdf.com/reader/full/operating-system-568e77824ca3c 35/36
95-752:6-&5
Sys!#g u!nera3i!ities
• Net+#r*0e(ice "!##ding
• Stac #(er+rites '#!d (ersi#ns)
• Ka!se !#g entries
• Need "#r c#nsistent< "reuent re(ie+