Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Operating System SecuritySusan HinrichsCyber Security Spring 200609/15/06 Cyber Security Spring 2006 2Outline•Unix/Linux Access Control–Users and groups–File system controls•Windows NT/XP Security Executive–Access tokens–Security descriptors–ACLs•Windows Vista–Security additions09/15/06 Cyber Security Spring 2006 3Unix Reading Material•Man pages–Groups, newgroup–Chmod, chown, chgrp•Unix and Security: The Influences of History–ftp://coast.cs.purdue.edu/pub/doc/misc/spaf-influences-of-history.ps.Z09/15/06 Cyber Security Spring 2006 4Basic Unix Security Model•User authenticated on logon–User ID associated with process–Default Group ID associated with process–Default Process listed in passwd file•Groups defined in /etc/groups–Set of users listed with each group definition–User can be member of multiple groups09/15/06 Cyber Security Spring 2006 5Shadow Files•/etc/passwords and /etc/group must be readable by everyone•Both files contain crypt’ed passwords–Access enable offline attacks•Add shadow versions of each file–Password obscured in passwords and group–Stored in more restricted shadow versions of these files09/15/06 Cyber Security Spring 2006 6Unix Access Control•Three permission octets associated with each file and directory–Owner, group, and other –Read, write, execute•For each file/directory–Can specify RWX permissions for one owner, one group, and one other09/15/06 Cyber Security Spring 2006 7Unix Access Check•First test effective user ID against owner–If match, then use owner rights•Then test all groups user is a member of against group–If match, then use group rights•Otherwise, use other rights•Can view as rwx, or a value from 0-7–E.g. rx = 5 and rw = 609/15/06 Cyber Security Spring 2006 8Constraining Control of New Objects•Umask can be set to constrain allowed access on new objects created by user•Expressed as a 3 octet mask–E.g. 0022•Inverse of umask anded by requested access for new object–E.g. open requests 0666 (read and write for all)–0666 & ~0022 = 0666 & 755 = 64409/15/06 Cyber Security Spring 2006 9Other Bits•Set UID and Set GUID bits–When set, the process created by executing file takes on user ID or group ID associated with file•Sticky bit–On directories, prevents anyone but owner of file removing file in directory09/15/06 Cyber Security Spring 2006 10File System Extensions•Ext2 extra attributes–a – append only–c – compressed–s – secure deletion–u – undeletable–i - immutable09/15/06 Cyber Security Spring 2006 11Unix Security Problems•Created as a subset of more complete Multics model–Expedient at the time–Limits modern expressibility•Security evolved over 30 years–Inconsistencies•Early evolution occurred in open university environments–Encourages bad habits09/15/06 Cyber Security Spring 2006 12Windows Reading Material•Inside Windows NT, Helen Custer–Chapter 3 section 3•Windows NT Security in Theory and Practice•Vista Security Features–http://www.microsoft.com/technet/windowsvista/evaluate/feat/secfeat.mspx09/15/06 Cyber Security Spring 2006 13NT Security Model•Ultimately NT security controls access and auditing•Implements the standard subject/object security model–Designed into NT. Implemented a security constrained executive•Controls applied to core OS objects like processes and sockets in addition to the more tradition file system elements (NTFS)–Everything that can be named is an object–All objects can have same security controls applied09/15/06 Cyber Security Spring 2006 14NT Security Elements•Subject – Process or thread running on behalf of the system or an authenticated user•Security ID (SID) – A globally unique ID that refers to the subject (user or group)•Access token – the runtime credentials of the subject•Privilege – ability held by the subject to perform “system” operations. Usually breaks the standard security model–Associated with the access token–Generally disabled by default.–Can be enabled and disabled to run at least privilege–Example powerful privileges•SeAssignPrimaryTokenPrivilege – Replace process token•SeBackupPrivilege – Ignore file system restrictions to backup and restore•SeIncreaseQuotaPrivilege - Add to the memory quota for a process•SeTcbPrivilege – Run as part of the OS09/15/06 Cyber Security Spring 2006 15Windows User/Group Definitions•Control Panel/Computer Management–Contains the User/Group definition•Control Panel/Local Security Settings–Under user rights–Lets the user associate users and groups with privileges09/15/06 Cyber Security Spring 2006 16Access Token09/15/06 Cyber Security Spring 2006 17Example subjectAccessTokensid=123456Privileges=SeBackup/disabled SeTcb/disabledAmer/shinrichAuthentication ExchangeDomainControllerWordprocessDB of usersSID and privs09/15/06 Cyber Security Spring 2006 18More security elements•Object – Individually secured entity such as a file, pipe, or even a process•Rights – actions associated between object and subject. –Read, write, execute, audit•Access control list (ACL)–Associated with an object–Ordered list–Each access control entry (ACE) contains a subject and a right–Evaluated by the security subsystem to determine access to protected objects.–Discretionary ACLs control access–System ACLs control audit09/15/06 Cyber Security Spring 2006 19Access Control List09/15/06 Cyber Security Spring 2006 20Still more security elements•Security Descriptor – represents an object in the system. Contains the following information:–Object’s owner–Object’s group–Object’s DACL–Object’s SACL•AccessCheck evaluates an ACL, subject, object triple–Called by many system calls–Can be called from user code too09/15/06 Cyber Security Spring 2006 21Security Descriptor09/15/06 Cyber Security Spring 2006 22Example ACL\mydocs\hw1.docSecurity Descriptor:sid=123456gid=78910DACL=SACL=nullSID=Everyone:readSID=123456:read,writeSID=22222:denySID=Everyone:readSID=123456:read,write09/15/06 Cyber Security Spring 2006 23Example Evaluation09/15/06 Cyber Security Spring 2006 24Working with ACLs•Accessed via FileExplorer. Right-click
View Full Document
Unlocking...