Presentation is loading. Please wait.

Presentation is loading. Please wait.

4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.

Published byCleopatra Sherman Modified over 8 years ago

Similar presentations

Presentation on theme: "4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation."— Presentation transcript:

1 4P13 Week 5 Talking Points 1

2 Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation and process separation based on virtual memory; authentication and multiplexing of multiple simultaneous users; discretionary and mandatory access-control models; sandboxing facilities to contain potentially malicious code; a range of mitigation techniques such as stack protection; security-event auditing for accountability and intrusion detection; Yarrow-based /dev/random supporting hardware and software entropy sources; support for Trusted Platform Modules (TPMs); a cryptographic framework supporting hardware and software implementations; support for full-disk encryption and cryptographic integrity protection; distributed authentication models (e.g., Kerberos, x.509 certificates); cryptographically protected network protocols (e.g., ssh, TLS, IPSec); and binary updates to remedy vulnerabilities discovered after release. 2

3 3

4 4

5 5

6 Explicit Privilege granted to user Processes Kernel management operations that have global consequences across the system, such as rebooting, or configuring IPv4 addresses on a network interface. Kernel management operations that effectively grant kernel privilege, such as the loading of kernel modules. Misuse of these functions would violate integrity of the TCB. System management operations that imply system privileges, such as maintenance of system binaries (including the kernel). Configuring access-control policies and, particularly, setting up process credentials during the login process. Higher-level management operations that depend on bypassing per-object protections, such as backing up the system, or changing the owner or permissions on a file in the role of system administrator. Certain classes of debugging operations that offer insight into global behaviors normally limited to avoid information leaks, such as using DTrace or hardware-performance-monitoring counters on the kernel itself. 6

7 7

8 8

9 9

10 10

11 11

12 12

13 ACL Evaluation Algorithm 1. The file or directory’s access ACL (type ACL_TYPE_ACCESS) is searched for object-owner, mask, and “other” entries, to be consulted at various points in evaluation. 2. If the credential’s effective UID matches the object-owner ACL entry, then the access request is checked against the entry’s permissions. If sufficient, success is returned. If insufficient, appropriate privilege is checked to supplement the entry’s permissions; if sufficient, success is returned. Otherwise, access is denied and no further entries are consulted. 3. If the credential’s effective UID matches an additional user ACL entry, then the access request is checked against the entry’s permissions—limited to those also granted by the ACL mask entry. If sufficient, success is returned. If insufficient, appropriate privilege is checked to supplement the entry’s permissions; if sufficient, success is returned. Otherwise, access is denied and no further entries are consulted. 4. If either one of the credential’s effective or additional GIDs matches the object-group entry or any of the additional group ACL entries, then the access request is checked against the entry’s permissions—limited to those also granted by the ACL mask entry. If any entry is sufficient, success is returned. 5. If no group entries were sufficient without privilege, then any matching group entries will be retried with appropriate privilege checked to supplement the entry’s permissions; if sufficient, success is returned. Otherwise, if there were any matching groups, access is denied and no further entries are consulted. 6. Finally, the ACL “other” entry will be consulted; if sufficient, success is returned. If insufficient, appropriate privilege is checked to supplement the entry’s permissions; if sufficient, success is returned. Otherwise, access is denied. 13

14 14

15 15

16 16

17 NFSv4 ACL evaluation 17

18 18

19 19

20 20

21 21

22 22

23 23

24 24

25 Framework Startup 1.Framework data structures, locks, and memory allocation are initialized. 2.Policies compiled into the kernel or loaded before boot are registered. 3.The global mac_late is set, indicating that from this point onward, kernel objects controlled by the framework may be allocated. 4.The MAC framework steady state is entered and kernel boot continues. 25

26 26

27 27

28 Policy Entry-Point Considerations Object life-cycle events, such as socket creation and destruction Access-control requests checking a subject’s use of a method on an object General and sometimes subject-free decision requests 28

29 29

30 30

31 31

32 32

33 33

34 34

35 35

Download ppt "4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation."

Similar presentations

Operating-System Structures

Operating-System Structures
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.

Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Operating-System Structures

Operating-System Structures
Access Control Methodologies

Access Control Methodologies
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Sharing Files Richard Newman based on Smith “Elementary Information Security”

Sharing Files Richard Newman based on Smith “Elementary Information Security”
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Similar presentations

Ads by Google