SlideShare uma empresa Scribd logo

Least privilege, access control, operating system security

G
G Prachi

Least privilege, access control, operating system security

Tecnologia
1 de 52
Least Privilege, Access Control, Operating System Security
Contents • Principle of least privilege • Access control concepts • Operating system Mechanics • Unix Security in brief • Windows Security in brief • Qmail • Chromium • Android Security in brief
Security • Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats. This defense includes detection, prevention and response to threats through the use of security policies, software tools and IT service • In short, it means the protection of assets
Security Goals (general) • Confidentiality (Secrecy or Privacy) – Resources can be accessed only by authorized parties • Integrity – Resources can be modified only by authorized parties • Availability – Resources should be accessible to authorized parties at appropriate times.
CIA Triad Confidentiality Integrity Availability Security
Principle of Least Privilege[1] • An ideal security goal would be the ability to limit a process to only the set of operations necessary for its execution • The principle of least privilege is an important concept in computer security, promoting minimal user profile privileges on computers, based on user’s job necessities. • It can also be applied to processes on the computer • Each system component or process should have the least authority necessary to perform its duties.
Benefits • Better system stability. When code is limited in the scope of changes it can make to a system, it is easier to test its possible actions and interactions with other applications • Better system security. When code is limited in the system-wide actions it may perform, vulnerabilities in one application cannot be used to exploit the rest of the machine • Ease of deployment. In general, the fewer privileges an application requires the easier it is to deploy within a larger environment
Access Control Concepts[2][3] • Access control, in the context of information security, permits an organization’s management to define and control which systems or resources a user has access to, and what that user can do on that system or resource. • More formally, access control is the ability to permit or deny the use of an object (a passive entity, such as a system or file) by a subject (an active entity, such as an individual or process) • Such use is normally defined through sets of rules or permissions (such as Read, Write, Execute, List, Change, and Delete) and combinations of various security mechanisms (such as administrative, technical, and physical controls)
Control of Access to General Objects • Examples of kinds of objects for which protection is desirable • Memory • File • Process • Directory of files • Stack • Instructions, especially privileged instructions • Passwords and the user authentication mechanism
Control of Access to General Objects • These are the complementary goals in protecting objects. • Check every access • A previously authorized user intends to access an object. It is not necessary that the user should retain indefinite access to the object. • Enforce least privilege • A subject should have access to the smallest number of objects necessary to perform some task
Access Control • An access enforcement mechanism authorizes requests from multiple subjects (e.g. users, processes, etc.) to perform operations (e.g., read, write, etc.) on objects (e.g., files, sockets, etc.) • Two fundamental concepts of access control: • A protection system that defines the access control specification • A reference monitor that is the system’s access enforcement mechanism that enforces this specification
Protection Systems • A protection system consists of a protection state, which describes the operations that system subjects can perform on system objects, and a set of protection state operations, which enable modification of that state • A protection system enables the definition and management of a protection state. • A protection state consists of the specific system subjects, the specific system objects, and the operations that those subjects can perform on those objects. • A protection system also defines protection state operations that enable a protection state to be modified.
Protection Systems • The access matrix is used to define the protection domain of a process • A protection domain specifies the set of resources (objects) that a process can access and the operations that the process may use to access such resources • By examining the rows in the access matrix, one can see all the operations that a subject is authorized to perform on system resources
Mandatory Protection Systems • This access matrix model presents a problem for secure systems: untrusted processes can tamper with the protection system • Using protection state operations, untrusted user processes can modify the access matrix by adding new subjects, objects, or operations assigned to cells • Suppose Process 1 has ownership over File 1. It can then grant any other process read or write (or potentially even ownership) access over File 1 (Please see figure in previous slide) • A protection system that permits untrusted processes to modify the protection state is called a discretionary access control (DAC) system
Mandatory Protection Systems • A mandatory protection system is a protection system that can only be modified by trusted administrators via trusted software, consisting of the following state representations • A mandatory protection state is a protection state where subjects and objects are represented by labels where the state describes the operations that subject labels may take upon object labels • A labeling state for mapping processes and system resource objects to labels • A transition state that describes the legal ways that processes and system resource objects maybe relabeled.
Mandatory Protection Systems • The protection state is defined in terms of labels and is immutable. The immutable labeling state and transition state enable the definition and management of labels for system subjects and objects.
Discretionary Access Control (DAC) • In discretionary access control (DAC), the owner of the object specifies which subjects can access the object. This model is called discretionary because the control of access is based on the discretion of the owner. • Most operating systems such as all Windows, Linux, and Macintosh and most flavors of Unix are based on DAC models • In these operating systems, when you create a file, you decide what access privileges you want to give to other users; when they access your file, the operating system will make the access control decision based on the access privileges you created
Mandatory Access Control (MAC) • In mandatory access control (MAC), the system (and not the users) specifies which subjects can access specific data objects • The MAC model is based on security labels. Subjects are given a security clearance (secret, top secret, confidential, etc.), and data objects are given a security classification (secret, top secret, confidential, etc.). The clearance and classification data are stored in the security labels, which are bound to the specific subjects and objects • The MAC model is usually used in environments where confidentiality is of utmost importance, such as a military institution
Role Based Access Control (RBAC) • Role-based access control (RBAC) is a method of regulating based on the roles of individual users within a system • Roles are defined according to job competency, authority, and responsibility within the system • When properly implemented, RBAC enables users to carry out a wide range of authorized tasks by dynamically regulating their actions according to flexible functions, relationships, and constraints • In RBAC, roles can be easily created, changed, or discontinued as the needs of the system evolve, without having to individually update the privileges for every user.
Reference Monitors • A reference monitor is the classical access enforcement mechanism. • We identify three distinct components of a reference monitor: • (1) its interface • (2) its authorization module • (3) its policy store • A reference monitor is a component that authorizes access requests at the reference monitor interface defined by individual hooks that invoke the reference monitor’s authorization module to submit an authorization query to the policy store. The policy store answers authorization queries, labeling queries, and label transition queries using the corresponding states
Reference Monitors • The following presents a generalized view of a reference monitor. It takes a request as input, and returns a binary response indicating whether the request is authorized by the reference monitor’s access control policy.
Reference Monitor Interface • The reference monitor interface defines where protection system queries are made to the reference monitor. • In particular, it ensures that all security-sensitive operations are authorized by the access enforcement mechanism. • A security-sensitive operation means an operation on a particular object (e.g.,file,socket, etc.) whose execution may violate the system’s security requirements. • For example, an operating system implements file access operations that would allow one user to read another’s secret data (e.g., private key) if not controlled by the operating system
Authorization Module • The core of the reference monitor is its authorization module. The authorization module takes interface’s inputs (e.g., process identity, object references, and system call name), and converts these to a query for the reference monitor’s policy store • The challenge for the authorization module is to map the process identity to a subject label, the object references to an object label, and determine the actual operations to authorize (e.g., there may be multiple operations per interface) • The protection system determines the choices of labels and operations, but the authorization module must develop a means for performing the mapping to execute the “right” query
The Policy Store • The policy store is a database for the protection state, labeling state, and transition state. An authorization query from the authorization module is answered by the policy store. • These queries are of the form {subject_label, object_label, operation_set} and return a binary authorization reply. Labeling queries are of the form {subject_label, resource} where the combination of the subject and, optionally, some system resource attributes determine the resultant resource label returned by the query. • The resource may be either be an active entity (e.g., a process) or a passive object (e.g., a file). Some systems also execute queries to authorize transitions as well.
File System Security • A file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. • File systems exist on hard drives, pen drives, cds, dvds and any other form of data storage medium • Most data storage devices have an array of fixed-size blocks, sometimes called sectors, and the file system is in charge of organizing these sectors into files and directories. • It is also in charge of indexing the media so it knows where and what each file is
Types of File Systems • Disk file systems – FAT (File Allocation Table), NTFS, HFS (Hierarchical File System), ext2, ext3, ISO9660 and UDF • FAT(FAT12, FAT16, FAT32), and especially NTFS are primarily used on Windows operating systems. • FAT is also the standard file system for floppy drives and is still used today • HFS is used by Mac OS, and ext2, ext3 are used on various Linux operating systems • ISO9660 and UDF are used on optical media
How does the file system handle security? • The file system is crucial to data integrity. Main method of protection is through access control • Accessing file system operations (ex. modifying or deleting a file) are controlled through access control lists or capabilities • Capabilities are more secure so they tend to be used by operating systems on file systems like NTFS or ext3. • Secondary method of protection is through the use of backup and recovery systems
Access Control in Files • Access Control plays a huge part in file system security • System should only allow access to files that the user is permitted to access • Almost all major file systems support ACLs or capabilities in order to prevent malicious activity on the file system • Depending on the users rights they can be allowed to read, write and/or execute and object. • In some file systems schemes only certain users are allowed to alter the ACL on a file or see if a file even exists. • Ultimately less the user has access to less can go wrong and the integrity can be more guaranteed
Access Lists (ACL) • There is one ACL for each object • ACL shows all subjects who should have access to the object and what their access is. • One access control list per object; a directory is created for each subject. • ACL of a file is a representation of its access control information • Contains the non-null entries that the file’s column would have contained in the ACM
Access Lists (ACL)
Access Control Matrix • An access control matrix is a protection structure that provides efficient access to: • Access privileges of users to various files • Access control information for files • It is a table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object.
Access Control Matrix
Operating System Mechanisms[3][4] • An operating system (OS) is the program that, after being initially loaded into the computer by a boot program, manages all the other programs in a computer. The other programs are called applications or application programs. • Protection and security problem - ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do • OS designer faces challenge of creating a protection scheme that cannot be bypassed by any software that may be created in the future
Secure Operating System Definition • A secure operating system is an operating system where its access enforcement satisfies the reference monitor concept. The reference monitor concept defines the necessary and sufficient properties of any system that securely enforces a mandatory protection system, consisting of three guarantees: • Complete Mediation: The system ensures that its access enforcement mechanism mediates all security-sensitive operations. • Tamperproof: The system ensures that its access enforcement mechanism, including its protection system, cannot be modified by untrusted processes. • Verifiable: The access enforcement mechanism, including its protection system, “must be small enough to be subject to analysis and tests, the completeness of which can be assured” That is, we must be able to prove that the system enforces its security goals correctly.
Security methods of OS - Classification • Separation between the different modules of the same system is a key aspect • It can be done in the following ways: • Physical Separation: Each module / process is given a separate physical terminal or device • Temporal Separation: The processes may be executed at different times without any overlap • Logical Separation: The operating system abstracts the inner working of the system where the end user is given only a separate logical workspace to execute • Cryptographic Separation: Cryptographic techniques are applied to conceal data
Security Kernel • Responsible for implementing the security mechanisms of the entire operating system • Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system. • It may degrade system performance or may increase the size of the file. • A security kernel is defined as the hardware and software necessary to realize the reference monitor abstraction • The first security kernel was prototyped by MITRE in 1974
Security Kernel • Responsible for implementing the security mechanisms of the entire operating system • Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system. • It may degrade system performance or may increase the size of the file. • A security kernel is defined as the hardware and software necessary to realize the reference monitor abstraction • The first security kernel was prototyped by MITRE in 1974
UNIX Security in brief[4] • UNIX is a multiuser operating system developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs • UNIX adopted several of the Multics security features, such as password storage, protection ring usage, access control lists, etc. • A running UNIX system consists of an operating system kernel and many processes each running a program • A protection ring boundary isolates the UNIX kernel from the processes. • Each process has its own address space, that defines the memory addresses that it can access.
UNIX Security in brief • Modern UNIX systems define address spaces primarily in terms of the set of memory pages that they can access • UNIX uses the concept of a file for all persistent system objects, such as secondary storage, I/O devices, network, and interprocess communication. • A UNIX process is associated with an identity, based on the user associated with the process, and access to files is limited by the process’s identity. • UNIX security aims to protect users from each other and the system’s trusted computing base (TCB) from all users.
UNIX Security in brief • Informally, the UNIX TCB consists of the kernel and several processes that run with the identity of the privileged user,root or superuser. • These root processes provide a variety of services, including system boot, user authentication, administration, network services, etc. • Both the kernel and root processes have full system access. • All other processes have limited access based on their associated user’s identity.
Windows Security in brief[4] • The history of the Microsoft Windows operating system goes back to the introduction of MS-DOS, which was the original operating system for IBM personal computers introduced in 1981 • The Windows 2000 protection system, like the UNIX protection system, provides a discretionary access control model for managing protection state, object labeling, and protection domain transitions. The two protection systems manly differ in terms of flexibility (e.g., the Windows system is extensible) and expressive power (e.g., the Windows system enables the description of a wider variety of policies).
Windows Security in brief • When we compare the Windows protection system to the definition of a secure protection system, it is found that improvements in flexibility and expressive power actually make the system more difficult to secure • Specifically, the Windows protection system differs from UNIX mainly in the variety of its objects and operations and the additional flexibility it provides for assigning them to subjects • Subjects in Windows are similar to subjects in UNIX. In Windows, each process is assigned a token that describes the process’s identity. • A Windows identity is still associated with a single user identity, but a process token for that user may contain any combination of rights.
Windows Security in brief • Unlike UNIX, Windows objects can belong to a number of different data types besides files • Applications may define new data types, and add them to the active directory, the hierarchical name space for all objects known to the system • From an access control perspective, object types are defined by their set of operations • The other major difference between a Windows and UNIX protection state is that Windows supports arbitrary access control lists (ACLs) rather than the limited mode bits approach of UNIX
Qmail • qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program • When first published, qmail was the first security-aware mail transport agent; since then, other security-aware MTAs have been published. • When it was released, qmail was significantly faster than Sendmail, particularly for bulk mail tasks such as mailing list servers • At the time of qmail's introduction, Sendmail configuration was notoriously complex, while qmail was simple to configure and deploy.
Chromium • Chromium is an open-source Web browser project started by Google, to provide the source code for the proprietary Google Chrome browse • The two browsers share the majority of code and features, though there are some minor differences in features and logos, and they have different licensing • It is possible to download the source code and build it manually on many platforms • The Google-authored portion of Chromium is released under the BSD license
Android • Android is a mobile operating system developed by Google, based on a modified version of the Linux kernel and other open source software and designed primarily for touchscreen mobile devices such as smartphones and tablets • Android's default user interface is mainly based on direct manipulation, using touch inputs that loosely correspond to real-world actions, like swiping, tapping, pinching, and reverse pinching to manipulate on-screen objects, along with a virtual keyboard
Android Security in brief[5] • Android applications run in a sandbox, an isolated area of the system that does not have access to the rest of the system's resources, unless access permissions are explicitly granted by the user when the application is installed • Android uses Security-Enhanced Linux (SELinux) to apply access control policies and establish mandatory access control (mac) on processes • Android 2.2 and later provide the Android Device Administration API, which provides device administration features at the system level
Android Security in brief • As the base for a mobile computing environment, the Linux kernel provides Android with several key security features, including: • A user-based permissions model • Process isolation • Extensible mechanism for secure IPC • The ability to remove unnecessary and potentially insecure parts of the kernel
Android Security in brief • As a multiuser operating system, a fundamental security objective of the Linux kernel is to isolate user resources from one another. The Linux security philosophy is to protect user resources from one another. Thus, Linux: • Prevents user A from reading user B's files • Ensures that user A does not exhaust user B's memory • Ensures that user A does not exhaust user B's CPU resources • Ensures that user A does not exhaust user B's devices (e.g. telephony, GPS, Bluetooth)
Android Security in brief • System Partition and Safe Mode • The system partition contains Android's kernel as well as the operating system libraries, application runtime, application framework, and applications. This partition is set to read-only. When a user boots the device into Safe Mode, third-party applications may be launched manually by the device owner but are not launched by default • Filesystem Permissions • In a UNIX-style environment, filesystem permissions ensure that one user cannot alter or read another user's files. In the case of Android, each application runs as its own user. Unless the developer explicitly shares files with other applications, files created by one application cannot be read or altered by another application
Android Security in brief • Security-Enhanced Linux • Android uses Security-Enhanced Linux (SELinux) to apply access control policies and establish mandatory access control (mac) on processes • Verified boot • Android 6.0 and later supports verified boot and device-mapper-verity. Verified boot guarantees the integrity of the device software starting from a hardware root of trust up to the system partition. During boot, each stage cryptographically verifies the integrity and authenticity of the next stage before executing it • Android 7.0 and later supports strictly enforced verified boot, which means compromised devices cannot boot
References [1] https://kb.iu.edu/d/amsv [2] Charles P. Pfleeger, Shari Lawrence Pfleeger, Analysing Computer Security, 4th Edition, ISBN: 9780132390774, Prentice Hall [3] http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch2.pdf [4] http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch4.pdf [5] https://source.android.com/security/overview/kernel-security

Recomendados

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security models
Security models Security models
Security models LJ PROJECTS
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 

Recomendados

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security models
Security models Security models
Security models LJ PROJECTS
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systemsSecurePass
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryHanno Ekdahl
 
Chapter 12 Access Management
Chapter 12 Access ManagementChapter 12 Access Management
Chapter 12 Access ManagementDr. Ahmed Al Zaidy
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Protection
ProtectionProtection
ProtectionMohanlal Sukhadia University (MLSU)
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.pptMohammedMohammed578197
 

Mais conteúdo relacionado

Mais procurados

Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systemsSecurePass
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access managementVandana Verma
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryHanno Ekdahl
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyArti Ambokar
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 

Mais procurados (20)

Types of access control systems
Types of access control systemsTypes of access control systems
Types of access control systems
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Identity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and RecoveryIdentity & Access Management
 Project Challenges and Recovery
Identity & Access Management
 Project Challenges and Recovery
 
Chapter 12 Access Management
Chapter 12 Access ManagementChapter 12 Access Management
Chapter 12 Access Management
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Access_Control_Systems_and_methodology
Access_Control_Systems_and_methodologyAccess_Control_Systems_and_methodology
Access_Control_Systems_and_methodology
 
Security policies
Security policiesSecurity policies
Security policies
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Software security
Software securitySoftware security
Software security
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 

Semelhante a Least privilege, access control, operating system security

Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxechnrketan
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxrahulkumarcscsf21
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxXhamiiiCH
 

Semelhante a Least privilege, access control, operating system security (20)

Protection
ProtectionProtection
Protection
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
Topic 7 access control
Topic 7 access controlTopic 7 access control
Topic 7 access control
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating System
 
Os8
Os8Os8
Os8
 
Os8
Os8Os8
Os8
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating system
 
Database managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxeDatabase managementsystemes_Unit-7.pptxe
Database managementsystemes_Unit-7.pptxe
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protection
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Firewalls
FirewallsFirewalls
Firewalls
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
ch02.ppt
ch02.pptch02.ppt
ch02.ppt
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
 

Mais de G Prachi

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architectureG Prachi
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security modelsG Prachi
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02G Prachi
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 
Basic web security model
Basic web security modelBasic web security model
Basic web security modelG Prachi
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Program security
Program securityProgram security
Program securityG Prachi
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Information security introduction
Information security introductionInformation security introduction
Information security introductionG Prachi
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedomG Prachi
 

Mais de G Prachi (20)

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Administering security
Administering securityAdministering security
Administering security
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
Program security
Program securityProgram security
Program security
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 

Último

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Último (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Least privilege, access control, operating system security

  • 1. Least Privilege, Access Control, Operating System Security
  • 2. Contents • Principle of least privilege • Access control concepts • Operating system Mechanics • Unix Security in brief • Windows Security in brief • Qmail • Chromium • Android Security in brief
  • 3. Security • Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, malicious and accidental threats. This defense includes detection, prevention and response to threats through the use of security policies, software tools and IT service • In short, it means the protection of assets
  • 4. Security Goals (general) • Confidentiality (Secrecy or Privacy) – Resources can be accessed only by authorized parties • Integrity – Resources can be modified only by authorized parties • Availability – Resources should be accessible to authorized parties at appropriate times.
  • 6. Principle of Least Privilege[1] • An ideal security goal would be the ability to limit a process to only the set of operations necessary for its execution • The principle of least privilege is an important concept in computer security, promoting minimal user profile privileges on computers, based on user’s job necessities. • It can also be applied to processes on the computer • Each system component or process should have the least authority necessary to perform its duties.
  • 7. Benefits • Better system stability. When code is limited in the scope of changes it can make to a system, it is easier to test its possible actions and interactions with other applications • Better system security. When code is limited in the system-wide actions it may perform, vulnerabilities in one application cannot be used to exploit the rest of the machine • Ease of deployment. In general, the fewer privileges an application requires the easier it is to deploy within a larger environment
  • 8. Access Control Concepts[2][3] • Access control, in the context of information security, permits an organization’s management to define and control which systems or resources a user has access to, and what that user can do on that system or resource. • More formally, access control is the ability to permit or deny the use of an object (a passive entity, such as a system or file) by a subject (an active entity, such as an individual or process) • Such use is normally defined through sets of rules or permissions (such as Read, Write, Execute, List, Change, and Delete) and combinations of various security mechanisms (such as administrative, technical, and physical controls)
  • 9. Control of Access to General Objects • Examples of kinds of objects for which protection is desirable • Memory • File • Process • Directory of files • Stack • Instructions, especially privileged instructions • Passwords and the user authentication mechanism
  • 10. Control of Access to General Objects • These are the complementary goals in protecting objects. • Check every access • A previously authorized user intends to access an object. It is not necessary that the user should retain indefinite access to the object. • Enforce least privilege • A subject should have access to the smallest number of objects necessary to perform some task
  • 11. Access Control • An access enforcement mechanism authorizes requests from multiple subjects (e.g. users, processes, etc.) to perform operations (e.g., read, write, etc.) on objects (e.g., files, sockets, etc.) • Two fundamental concepts of access control: • A protection system that defines the access control specification • A reference monitor that is the system’s access enforcement mechanism that enforces this specification
  • 12. Protection Systems • A protection system consists of a protection state, which describes the operations that system subjects can perform on system objects, and a set of protection state operations, which enable modification of that state • A protection system enables the definition and management of a protection state. • A protection state consists of the specific system subjects, the specific system objects, and the operations that those subjects can perform on those objects. • A protection system also defines protection state operations that enable a protection state to be modified.
  • 13. Protection Systems • The access matrix is used to define the protection domain of a process • A protection domain specifies the set of resources (objects) that a process can access and the operations that the process may use to access such resources • By examining the rows in the access matrix, one can see all the operations that a subject is authorized to perform on system resources
  • 14. Mandatory Protection Systems • This access matrix model presents a problem for secure systems: untrusted processes can tamper with the protection system • Using protection state operations, untrusted user processes can modify the access matrix by adding new subjects, objects, or operations assigned to cells • Suppose Process 1 has ownership over File 1. It can then grant any other process read or write (or potentially even ownership) access over File 1 (Please see figure in previous slide) • A protection system that permits untrusted processes to modify the protection state is called a discretionary access control (DAC) system
  • 15. Mandatory Protection Systems • A mandatory protection system is a protection system that can only be modified by trusted administrators via trusted software, consisting of the following state representations • A mandatory protection state is a protection state where subjects and objects are represented by labels where the state describes the operations that subject labels may take upon object labels • A labeling state for mapping processes and system resource objects to labels • A transition state that describes the legal ways that processes and system resource objects maybe relabeled.
  • 16. Mandatory Protection Systems • The protection state is defined in terms of labels and is immutable. The immutable labeling state and transition state enable the definition and management of labels for system subjects and objects.
  • 17. Discretionary Access Control (DAC) • In discretionary access control (DAC), the owner of the object specifies which subjects can access the object. This model is called discretionary because the control of access is based on the discretion of the owner. • Most operating systems such as all Windows, Linux, and Macintosh and most flavors of Unix are based on DAC models • In these operating systems, when you create a file, you decide what access privileges you want to give to other users; when they access your file, the operating system will make the access control decision based on the access privileges you created
  • 18. Mandatory Access Control (MAC) • In mandatory access control (MAC), the system (and not the users) specifies which subjects can access specific data objects • The MAC model is based on security labels. Subjects are given a security clearance (secret, top secret, confidential, etc.), and data objects are given a security classification (secret, top secret, confidential, etc.). The clearance and classification data are stored in the security labels, which are bound to the specific subjects and objects • The MAC model is usually used in environments where confidentiality is of utmost importance, such as a military institution
  • 19. Role Based Access Control (RBAC) • Role-based access control (RBAC) is a method of regulating based on the roles of individual users within a system • Roles are defined according to job competency, authority, and responsibility within the system • When properly implemented, RBAC enables users to carry out a wide range of authorized tasks by dynamically regulating their actions according to flexible functions, relationships, and constraints • In RBAC, roles can be easily created, changed, or discontinued as the needs of the system evolve, without having to individually update the privileges for every user.
  • 20. Reference Monitors • A reference monitor is the classical access enforcement mechanism. • We identify three distinct components of a reference monitor: • (1) its interface • (2) its authorization module • (3) its policy store • A reference monitor is a component that authorizes access requests at the reference monitor interface defined by individual hooks that invoke the reference monitor’s authorization module to submit an authorization query to the policy store. The policy store answers authorization queries, labeling queries, and label transition queries using the corresponding states
  • 21. Reference Monitors • The following presents a generalized view of a reference monitor. It takes a request as input, and returns a binary response indicating whether the request is authorized by the reference monitor’s access control policy.
  • 22. Reference Monitor Interface • The reference monitor interface defines where protection system queries are made to the reference monitor. • In particular, it ensures that all security-sensitive operations are authorized by the access enforcement mechanism. • A security-sensitive operation means an operation on a particular object (e.g.,file,socket, etc.) whose execution may violate the system’s security requirements. • For example, an operating system implements file access operations that would allow one user to read another’s secret data (e.g., private key) if not controlled by the operating system
  • 23. Authorization Module • The core of the reference monitor is its authorization module. The authorization module takes interface’s inputs (e.g., process identity, object references, and system call name), and converts these to a query for the reference monitor’s policy store • The challenge for the authorization module is to map the process identity to a subject label, the object references to an object label, and determine the actual operations to authorize (e.g., there may be multiple operations per interface) • The protection system determines the choices of labels and operations, but the authorization module must develop a means for performing the mapping to execute the “right” query
  • 24. The Policy Store • The policy store is a database for the protection state, labeling state, and transition state. An authorization query from the authorization module is answered by the policy store. • These queries are of the form {subject_label, object_label, operation_set} and return a binary authorization reply. Labeling queries are of the form {subject_label, resource} where the combination of the subject and, optionally, some system resource attributes determine the resultant resource label returned by the query. • The resource may be either be an active entity (e.g., a process) or a passive object (e.g., a file). Some systems also execute queries to authorize transitions as well.
  • 25. File System Security • A file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. • File systems exist on hard drives, pen drives, cds, dvds and any other form of data storage medium • Most data storage devices have an array of fixed-size blocks, sometimes called sectors, and the file system is in charge of organizing these sectors into files and directories. • It is also in charge of indexing the media so it knows where and what each file is
  • 26. Types of File Systems • Disk file systems – FAT (File Allocation Table), NTFS, HFS (Hierarchical File System), ext2, ext3, ISO9660 and UDF • FAT(FAT12, FAT16, FAT32), and especially NTFS are primarily used on Windows operating systems. • FAT is also the standard file system for floppy drives and is still used today • HFS is used by Mac OS, and ext2, ext3 are used on various Linux operating systems • ISO9660 and UDF are used on optical media
  • 27. How does the file system handle security? • The file system is crucial to data integrity. Main method of protection is through access control • Accessing file system operations (ex. modifying or deleting a file) are controlled through access control lists or capabilities • Capabilities are more secure so they tend to be used by operating systems on file systems like NTFS or ext3. • Secondary method of protection is through the use of backup and recovery systems
  • 28. Access Control in Files • Access Control plays a huge part in file system security • System should only allow access to files that the user is permitted to access • Almost all major file systems support ACLs or capabilities in order to prevent malicious activity on the file system • Depending on the users rights they can be allowed to read, write and/or execute and object. • In some file systems schemes only certain users are allowed to alter the ACL on a file or see if a file even exists. • Ultimately less the user has access to less can go wrong and the integrity can be more guaranteed
  • 29. Access Lists (ACL) • There is one ACL for each object • ACL shows all subjects who should have access to the object and what their access is. • One access control list per object; a directory is created for each subject. • ACL of a file is a representation of its access control information • Contains the non-null entries that the file’s column would have contained in the ACM
  • 31. Access Control Matrix • An access control matrix is a protection structure that provides efficient access to: • Access privileges of users to various files • Access control information for files • It is a table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object.
  • 33. Operating System Mechanisms[3][4] • An operating system (OS) is the program that, after being initially loaded into the computer by a boot program, manages all the other programs in a computer. The other programs are called applications or application programs. • Protection and security problem - ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do • OS designer faces challenge of creating a protection scheme that cannot be bypassed by any software that may be created in the future
  • 34. Secure Operating System Definition • A secure operating system is an operating system where its access enforcement satisfies the reference monitor concept. The reference monitor concept defines the necessary and sufficient properties of any system that securely enforces a mandatory protection system, consisting of three guarantees: • Complete Mediation: The system ensures that its access enforcement mechanism mediates all security-sensitive operations. • Tamperproof: The system ensures that its access enforcement mechanism, including its protection system, cannot be modified by untrusted processes. • Verifiable: The access enforcement mechanism, including its protection system, “must be small enough to be subject to analysis and tests, the completeness of which can be assured” That is, we must be able to prove that the system enforces its security goals correctly.
  • 35. Security methods of OS - Classification • Separation between the different modules of the same system is a key aspect • It can be done in the following ways: • Physical Separation: Each module / process is given a separate physical terminal or device • Temporal Separation: The processes may be executed at different times without any overlap • Logical Separation: The operating system abstracts the inner working of the system where the end user is given only a separate logical workspace to execute • Cryptographic Separation: Cryptographic techniques are applied to conceal data
  • 36. Security Kernel • Responsible for implementing the security mechanisms of the entire operating system • Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system. • It may degrade system performance or may increase the size of the file. • A security kernel is defined as the hardware and software necessary to realize the reference monitor abstraction • The first security kernel was prototyped by MITRE in 1974
  • 37. Security Kernel • Responsible for implementing the security mechanisms of the entire operating system • Provides the security interfaces among the hardware, the operating system, and the other parts of the computing system. • It may degrade system performance or may increase the size of the file. • A security kernel is defined as the hardware and software necessary to realize the reference monitor abstraction • The first security kernel was prototyped by MITRE in 1974
  • 38. UNIX Security in brief[4] • UNIX is a multiuser operating system developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs • UNIX adopted several of the Multics security features, such as password storage, protection ring usage, access control lists, etc. • A running UNIX system consists of an operating system kernel and many processes each running a program • A protection ring boundary isolates the UNIX kernel from the processes. • Each process has its own address space, that defines the memory addresses that it can access.
  • 39. UNIX Security in brief • Modern UNIX systems define address spaces primarily in terms of the set of memory pages that they can access • UNIX uses the concept of a file for all persistent system objects, such as secondary storage, I/O devices, network, and interprocess communication. • A UNIX process is associated with an identity, based on the user associated with the process, and access to files is limited by the process’s identity. • UNIX security aims to protect users from each other and the system’s trusted computing base (TCB) from all users.
  • 40. UNIX Security in brief • Informally, the UNIX TCB consists of the kernel and several processes that run with the identity of the privileged user,root or superuser. • These root processes provide a variety of services, including system boot, user authentication, administration, network services, etc. • Both the kernel and root processes have full system access. • All other processes have limited access based on their associated user’s identity.
  • 41. Windows Security in brief[4] • The history of the Microsoft Windows operating system goes back to the introduction of MS-DOS, which was the original operating system for IBM personal computers introduced in 1981 • The Windows 2000 protection system, like the UNIX protection system, provides a discretionary access control model for managing protection state, object labeling, and protection domain transitions. The two protection systems manly differ in terms of flexibility (e.g., the Windows system is extensible) and expressive power (e.g., the Windows system enables the description of a wider variety of policies).
  • 42. Windows Security in brief • When we compare the Windows protection system to the definition of a secure protection system, it is found that improvements in flexibility and expressive power actually make the system more difficult to secure • Specifically, the Windows protection system differs from UNIX mainly in the variety of its objects and operations and the additional flexibility it provides for assigning them to subjects • Subjects in Windows are similar to subjects in UNIX. In Windows, each process is assigned a token that describes the process’s identity. • A Windows identity is still associated with a single user identity, but a process token for that user may contain any combination of rights.
  • 43. Windows Security in brief • Unlike UNIX, Windows objects can belong to a number of different data types besides files • Applications may define new data types, and add them to the active directory, the hierarchical name space for all objects known to the system • From an access control perspective, object types are defined by their set of operations • The other major difference between a Windows and UNIX protection state is that Windows supports arbitrary access control lists (ACLs) rather than the limited mode bits approach of UNIX
  • 44. Qmail • qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program • When first published, qmail was the first security-aware mail transport agent; since then, other security-aware MTAs have been published. • When it was released, qmail was significantly faster than Sendmail, particularly for bulk mail tasks such as mailing list servers • At the time of qmail's introduction, Sendmail configuration was notoriously complex, while qmail was simple to configure and deploy.
  • 45. Chromium • Chromium is an open-source Web browser project started by Google, to provide the source code for the proprietary Google Chrome browse • The two browsers share the majority of code and features, though there are some minor differences in features and logos, and they have different licensing • It is possible to download the source code and build it manually on many platforms • The Google-authored portion of Chromium is released under the BSD license
  • 46. Android • Android is a mobile operating system developed by Google, based on a modified version of the Linux kernel and other open source software and designed primarily for touchscreen mobile devices such as smartphones and tablets • Android's default user interface is mainly based on direct manipulation, using touch inputs that loosely correspond to real-world actions, like swiping, tapping, pinching, and reverse pinching to manipulate on-screen objects, along with a virtual keyboard
  • 47. Android Security in brief[5] • Android applications run in a sandbox, an isolated area of the system that does not have access to the rest of the system's resources, unless access permissions are explicitly granted by the user when the application is installed • Android uses Security-Enhanced Linux (SELinux) to apply access control policies and establish mandatory access control (mac) on processes • Android 2.2 and later provide the Android Device Administration API, which provides device administration features at the system level
  • 48. Android Security in brief • As the base for a mobile computing environment, the Linux kernel provides Android with several key security features, including: • A user-based permissions model • Process isolation • Extensible mechanism for secure IPC • The ability to remove unnecessary and potentially insecure parts of the kernel
  • 49. Android Security in brief • As a multiuser operating system, a fundamental security objective of the Linux kernel is to isolate user resources from one another. The Linux security philosophy is to protect user resources from one another. Thus, Linux: • Prevents user A from reading user B's files • Ensures that user A does not exhaust user B's memory • Ensures that user A does not exhaust user B's CPU resources • Ensures that user A does not exhaust user B's devices (e.g. telephony, GPS, Bluetooth)
  • 50. Android Security in brief • System Partition and Safe Mode • The system partition contains Android's kernel as well as the operating system libraries, application runtime, application framework, and applications. This partition is set to read-only. When a user boots the device into Safe Mode, third-party applications may be launched manually by the device owner but are not launched by default • Filesystem Permissions • In a UNIX-style environment, filesystem permissions ensure that one user cannot alter or read another user's files. In the case of Android, each application runs as its own user. Unless the developer explicitly shares files with other applications, files created by one application cannot be read or altered by another application
  • 51. Android Security in brief • Security-Enhanced Linux • Android uses Security-Enhanced Linux (SELinux) to apply access control policies and establish mandatory access control (mac) on processes • Verified boot • Android 6.0 and later supports verified boot and device-mapper-verity. Verified boot guarantees the integrity of the device software starting from a hardware root of trust up to the system partition. During boot, each stage cryptographically verifies the integrity and authenticity of the next stage before executing it • Android 7.0 and later supports strictly enforced verified boot, which means compromised devices cannot boot
  • 52. References [1] https://kb.iu.edu/d/amsv [2] Charles P. Pfleeger, Shari Lawrence Pfleeger, Analysing Computer Security, 4th Edition, ISBN: 9780132390774, Prentice Hall [3] http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch2.pdf [4] http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch4.pdf [5] https://source.android.com/security/overview/kernel-security

Notas do Editor

  1. The principle of least privilege (PoLP; also known as the principle of least authority) is an important concept in computer security, promoting minimal user profile privileges on computers, based on users' job necessities. It can also be applied to processes on the computer; each system component or process should have the least authority necessary to perform its duties. This helps reduce the "attack surface" of the computer by eliminating unnecessary privileges that can result in network exploits and computer compromises. You can apply this principle to the computers you work on by ordinarily operating without administrative rights.
  2. The security requirements of a operating system are defined in its protection system. Definition 2.1. A protection system consists of a protection state, which describes the operations that system subjects can perform on system objects, and a set of protection state operations, which enable modification of that state. A protection system enables the definition and management of a protection state. A protection state consists of the specific system subjects, the specific system objects, and the operations that those subjects can perform on those objects. A protection system also defines protection state operations that enable a protection state to be modified. For example, protection state operations are necessary to add new system subjects or new system objects to the protection state.