Operating System security - PowerPoint PPT Presentation

About This Presentation
Title:

Operating System security

Description:

Operating System security Ge Zhang ge.zhang_at_kau.se Karlstad University Outline Operating system Basic access control schemes Examples: Unix/Linux Operating systems ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 33
Provided by: csKauSec
Category:

less

Transcript and Presenter's Notes

Title: Operating System security


1
Operating System security
  • Ge Zhang
  • ge.zhang_at_kau.se
  • Karlstad University

2
Outline
  • Operating system
  • Basic access control schemes
  • Examples Unix/Linux

3
Operating systems
User Applications my sql, apache, calc, firefox,
etc
Operating system windows, linux, unix
Hardware memory, CPU, HD, etc
  • Process management
  • File access
  • Memory management
  • Security (authentication, authorization,)

4
Objects and Subjects
  • Subject
  • Active entity in a computer system
  • User, process
  • Object
  • Passive entity or resource in a computer system
  • Files, network devices, printers
  • In defining access controls, you can either
    specify
  • what a subject is allowed to do
  • or
  • what may be done with an object

5
Who can define the permissions
  • Discretionary - the owner of the resource decides
    who is allowed to have access
  • Mandatory - the system-wide policy decides who is
    allowed to have access

6
Permissions
  • Permissions for files may include
  • read
  • write
  • execute
  • append
  • delete
  • change permission
  • change ownership

7
Access Control Matrix
  • Subjects Alice, BobObjects bill.doc, edit.exe,
    fun.batOperations read (r),,write (w),execute
    (e)
  • Not suitable for direct implementation
  • The matrix is likely to be extremely sparse and
    therefore implementation is inefficient
  • Management of the matrix is likely to be
    extremely difficult if there are 10,000 of files
    and 100 of users (resulting in 1,000,000 of
    matrix entries)

8
Capabilities
  • Access rights are kept with the subjects
  • i.e.,
  • Alices capability edit.exe execute fun.com
    execute, read
  • Problem
  • It is difficult to get an overview of who has
    permission to access a given object
  • It is difficult to revoke a capability

9
Access Control Lists
  • Access rights can be kept with the objects
    (Access Control Lists).
  • i.e. ACL for fun.com Alice execute, read
    Bill execute, read, write
  • A fitting concept for O.S.
  • But problem?

10
Image such a ACL
  • ACL for exam11.txt Alice read, write Bill
    read, write Charlie read, write Dan read,
    write Eva read, write Frank read, write .
    (another 200 students)

11
Intermediate Controls Groups
  • Groups and Negative permissions
  • ACL for exam11.txt Student_group read, write

12
Protection rings
  • A simple intermediate layer of hardware based
    access control
  • 2 bit field in status register (0-3)
  • Defines 4 privilege levels (protection rings)
  • Each subject (process) and each object is
    assigned a number
  • It is mainly for integrity protection for
    operating system kernel

13
  • Now we take Unix/Linux system as an example

14
Security schemes in Unix/Linux
  • Account security
  • User authentication
  • File system security
  • File access control
  • Management issues
  • Audit log
  • Environment variables
  • Manage the superuser

15
Account security (1)
  • User Accounts (/etc/passwd)
  • User name a string up to 8 characters
  • User identities (UIDs) and group identities
    (GIDs) Superuser (Root, UID0)
  • Unix does not distinguish between users with the
    same UID!!!!
  • Home directory
  • Shell

rootx00root/root/bin/bash binx11bin/bin
/bin/bash jimx500100Jim Smith/home/jim/bin/
bash
16
Account security (2)
  • Shadow file (/etc/shadow) (only accessable to the
    users with root privilege)
  • User name
  • Password (algorithm, salt, hashed password)
  • login is disabled
  • Empty no password is required
  • Last password change
  • Minimum the number of days left before the user
    is allowed to change his/her password
  • Maximum The maximum number of days the password
    is valid (after that user is forced to change
    his/her password)

root1v3cNGjbWWEvnoW8Cniswn3d145230999997
bin109330999997 jim109330999997
17
Account security (3)
salt
Password (plaintext)
One-way function
Password (encrypted)
root1v3cNGjbWWEvnoW8Cniswn3d145230999997
bin109330999997 jim109330999997
18
Account security (4)
  • Groups
  • Users belong to one or more groups
  • To share files or other resource with a small
    number of users
  • Ease of user management (give privilege)
  • Group file (/etc/group)
  • Group name
  • Password
  • Group ID (GID)
  • Group list members

studentx24alice, bob, raj teacherx12raj,
nick
19
File system (1)
  • The inode each file entry in a directory is a
    pointer to a data structure
  • mode types of file and access rights
  • uid the owners id
  • gid the owners group id
  • atime last access time
  • mtime last modification time
  • itime last inode alteration time
  • block count size of file
  • physical location

20
File system (2)
  • The type of the file - for regular file, d
    for directory
  • File permissions
  • Link counter
  • Name of the owner and the group

- rw-r--r-- 1 nick staff 1617 Oct 28 1101
test.txt drwx------ 2 nick staff 512 Oct 25
1755 tmp/
21
File system (3)
  • Owner (r, w, x), group (r, w, x), other (r, w, x)
  • Two ways to represent
  • String rwxr--r--
  • Octal number 744
  • System default permissions 666 or 777
  • (umask) a three-digit number specifying the
    rights that should be withheld
  • System default permissions AND NOT umask
  • For example umask 777 (denies all)

22
File system (4)
  • Permission for directories
  • Read find which files are in the directory
    (e.g., ls)
  • Write add files, remove, or rename files in the
    directory
  • Execute enter the directory and open files in
    the directory (even for your own files)

23
File system (5)
  • a real pain if you try and install a permanent
    file in someones directory.
  • Sticky bit restrict the right to delete a file.
  • Only the file's owner, the directory's owner, or
    the root can rename or delete files.

drwxrwxrwx 4 root sys 485 Nov 10 0601 /tmp
drwxrwxrwt 4 root sys 485 Nov 10 0601 /tmp
24
File system (6)
  • Unix requires higher privilege temporarily to
    execute some operations
  • e.g., change password
  • SUID (set userID), SGID (set groupID)
  • A user who is executing this program will get the
    privilege of the owner temporarily

-rws--x--x 3 root root 16384 Nov 16 1996 passwd
25
Processes
  • Each process has a process ID (PID)
  • Two pairs of UID/GID for each process
  • A real UID/GID
  • An effective UID/GID
  • The login process

process Real UID Effective UID Real GID Effective GID
/bin/bash nick nick staff staff
/bin/passwd nick root staff root
/bin/ls nick nick staff staff
26
File system (7)
  • To change the attributes
  • chmod
  • who u, g, o, a
  • Permission r, w, x, s, t
  • chmod 777 file
  • chmod or file

27
File system (8)
  • How to set sticky bit, SUID, SGID?
  • Need a fourth number
  • 4??? set user ID on execution
  • 2??? set group ID on execution
  • 1??? set sticky bit

28
File system (9)
  • How to remove a file in a secure way?
  • Links
  • You removed the original link to the file, but
  • ncheck list all links to a file
  • Furthermore, the file is not really deleted!
  • User wipe

29
Changing the root of the filesystem
  • Sandbox access to objects outside the sandbox is
    prevented
  • chroot ltdirectorygt ltcommandgt
  • Changes the root directory from / to ltdirectorygt
    when ltcommandgt executes
  • For example, a web server

30
Search path
  • Shell a command line interpreter
  • For easy-to-use user input command without
    specifying the full pathname
  • Searchpath in the .profile
  • PATH.HOME/bin/usr/bin/usr/bin/usr/local/us
    r/new/usr/hosts

31
Manage the superuser
  • Superuser is the major weakness
  • Compromise the account
  • Weak password
  • Change UID to 0
  • Crash the process with root privillege
  • Presentation
  • Admin should not use root as their personal
    account (using SU, SUDO)
  • Strong password protection

32
Questions
Write a Comment
User Comments (0)
About PowerShow.com