Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preventing Privilege Escalation Presented By Chad Frommeyer.

Similar presentations

Presentation on theme: "Preventing Privilege Escalation Presented By Chad Frommeyer."— Presentation transcript:

1 Preventing Privilege Escalation Presented By Chad Frommeyer

2 Preventing Privilege Escalation Introduction Least Privilege Privilege Separation Privilege Separation in OpenSSH Security/Performance Analysis Related Work/Conclusion

3 Introduction Programming Errors result in unauthorized acquisition of privileges Privilege Separation allows an application to run with different levels of privilege Privilege Separation is useful for services that authenticate users Privilege Separation Illustration with OpenSSH

4 Least Privilege Privilege – a security attribute that is required for certain operations Least Privilege – every program and every user should operate using the least amount of privilege to complete the job Most approaches including least privilege are still susceptible to programming errors

5 Privilege Separation Separates applications into privileged and unprivileged parts Separation is independent of operating system protections Reduces the amount of code running under special privileges Accomplished by Monitor/Slave Techniques

6 Privilege Separation Reduces the number of programming errors in privileged sections Security source code audits can be more focused and thorough Abuse that is successful usually only results in denial of services not high privileged access

7 Privilege Separation Phases –Pre-Authentication Phase User has contacted the system service but is not yet authenticated –Post-Authentication Phase User has successfully authenticated to the system Child process maintains the privileges of the authenticated user

8 Privilege Separation Issues with Implementation –How to communicate from Monitor to Slave –How to pass data from Monitor to Slave –How to change user identity of the slave process –How to validate the slave’s request

9 Privilege Separation

10 Separating Privileges in OpenSSH

11 Pre-Authentication Phase –Key Exchange –Authenticated Key Exchange –User Validation –Password authentication –Public Key Authentication Slave changes identity after Pre- Authentication phase completes successfully

12 Separating Privileges in OpenSSH Post-Authentication Phase –Key Exchange –Pseudo terminal Creation Alternative Design –Add an additional Child process to handle network traffic –Child processes can communicate –Removes the need to export state and use shared memory

13 Separating Privileges in OpenSSH Separating Privileges had the following effects –Increased source code size, reduced code complexity –Interface improvement –Better code organization –Less complex and easier to understand –Opens ability to support security critical source code reusability (Libraries)

14 Security/Performance Analysis

15 Potential Problems Still exist by the slave being compromised –Use Signal or Ptrace to gain additional access –Gain access to the file system –Gain access to network connections –Gain access to privileged system information –Effect the Monitor by accessing the Monitor/Slave communication method –Starve the system by continually forking processes

16 Security/Performance Analysis Past Security Issues –A number of security issues in SSH-1 have been shown to be contained when privilege separation was implemented CRC32 Compensation Atack Off by one error Zlib compression security problem Kerberos ticket passing

17 Security/Performance Analysis

18 Related Work/Conclusion Least privilege allows privileged code to an adversary, Privilege separation doesn’t Other applications that use similar techniques –Postfix –Evans very secure FTP –Solar Designer

19 Related Work/Conclusion Programming errors in privileged services give an adversary unauthorized privileges With privilege separation, only unprivileged parts are accessible to adversaries OpenSSH is working proof to the success of this concept Performance is not compromised

Download ppt "Preventing Privilege Escalation Presented By Chad Frommeyer."

Similar presentations

Ads by Google