Operating Systems Security Security & Operating...
Transcript of Operating Systems Security Security & Operating...
- 1 - 524870, F’19
Seong-je Cho
Fall 2019
Computer Security & Operating Systems Lab, DKU
Operating Systems Security
Security & Operating Systems(Authentication, Permissions, Logging, …)
- 2 - 524870, F’19
Sources / References
Linux User & Programmer’s Manual – Man_pages COMS W4118 -- Operating Systems I – Lectures
https://www.cs.columbia.edu/~smb/classes/s06-4118/lectures.html
Access Control lists (Linux file systems), Security
CSCI 350 Ch. 2 - Kernel and User Mode, Mark Redekopp http://ee.usc.edu/~redekopp/cs350/slides/Ch2_Part1_UserKernelMode.pdf
Linux and UNIX overview, www.cs.sjsu.edu/~stamp/CS286/ppt/3_Linux_UNIX.ppt
Please do not duplicate and distribute
Computer Security & OS Lab, DKU
- 3 - 524870, F’19
Contents
Security and Operating Systems
What is OS?
User and Kernel mode
User authentication
File permissions (Access control list)
Virtual address space
Logging
Sandboxing
Computer Security & OS Lab, DKU
Security and Operating Systems
524870, F’18- 5 -
What is Operating Systems?
a collection of software that manages computer hardware resources and provides common services for computer programs Kernel provides the most basic level of control over all
of the computer’s hardware devices
OS must be capable of distinguishing between requests which should be allowed to be processed, and others which should not be processed
Computer Security & OS Lab.
524870, F’18- 6 -
User vs. Kernel Mode
Kernel mode is a special mode of the processor for executing trusted (OS) code
Certain features/privileges are only allowed to code running in kernel mode
OS and other system software should run in kernel mode
User mode is where user applications are designed to run to limit what they can do on their own
Provides protection by forcing them to use the OS for many services
User vs. kernel mode determined by some bit(s) in some processor control register
x86 Architecture uses lower 2-bits in the CS segment register (referred to as the Current Privilege Level bits [CPL])
0=Most privileged (kernel mode) and 3=Least privileged (user mode)
Levels 1 and 2 may also be used but are not by Linux
On an exception, the processor will automatically switch to kernel mode
Computer Security & OS Lab.
524870, F’18- 7 -
Kernel Mode Privileges
Privileged instructions
User apps. shouldn’t be allowed to disable/enable interrupts, change memory mappings, etc.
Privileged Memory or I/O access
Processor supports special areas of memory or I/O space that can only be accessed from kernel mode
Separate stacks and register sets
MIPS processors can use “shadow” register sets (alternate GPR’s when in kernel mode).
Computer Security & OS Lab.
524870, F’18- 8 -
Dual-Mode Operation
Want to stop buggy (or malicious) program from doing bad things.
⇒ provide hardware support to distinguish between (at least) two different modes of operation:
1. User Mode : when executing on behalf of a user (i.e. application programs).
2. Kernel Mode : when executing on behalf of the operating system.
Hardware contains a mode-bit, e.g. 0 means kernel, 1 means user.
Computer Security & OS Lab.
Make certain machine instructions only possible in kernel mode. . .
524870, F’18- 9 -
What is Security?
Informal: Security is keeping unauthorized entities from doing things you don’t want them to do.
More formal: Confidentiality, integrity, availability Protecting information/systems/assets against threats (STRIDE)
What is the operating system’s role?
Internal Roles
We’ve discussed a lot of internal features: privileged mode, memory protection, file access permissions, etc.
What do these accomplish?
What is the real goal?
Computer Security & OS Lab.
524870, F’18- 10 -
What is Security?
Protecting Whom?
Internal features protect the operating system against users
This necessary but not sufficient
File permissions protect users (and the OS) against other users
Again, this is necessary but not sufficient
User Authentication
File permissions are based on user identity, which is based on authentication
How does an OS authenticate users?
Many methods:
something you know
something you have
something you are
Computer Security & OS Lab.
524870, F’18- 11 -
User Authentication Something You Know: Passwords
Very common
Very easily guessed
Originally stored in plaintext, but that’s a very bad idea
Today, passwords are usually stored hashed
However — some network authentication schemes, such as challenge/response, require plaintext (or equivalent)
Related files under Linux
/etc/passwd
/etc/shadow
/etc/groups
☞ Lab environment: SEEDUbutu16.04 (Pre-built VM Image)
• https://seedsecuritylabs.org/lab_env.html
Computer Security & OS Lab.
524870, F’18- 12 -
User Authentication
Computer Security & OS Lab.
524870, F’18- 13 -
User Authentication
/etc/passwd
Computer Security & OS Lab.
524870, F’18- 14 -
User Authentication
/etc/shadow
Computer Security & OS Lab.
524870, F’18- 15 -
File Permissions
Besides user authentication, the most visible aspect of OS security
Read protection — provide confidentiality
Write protection — provide integrity protection
Other permissions as well
Computer Security & OS Lab.
524870, F’18- 16 -
File Permissions (Access Control List)
Computer Security & OS Lab.
$ id
$ ls –il
$ chmod 754
$ chown gdhong
$ chgrp class1
524870, F’18- 17 -
Access Control: File Permissions
File permissions (Authorization) Readable/Writeable/eXecutable by a user or group of users
In Unix-like OS’s, a file permission matrix shows who is allowed to do what to the file.
Files have owner permissions, which show what the owner can do, and group permissions, which show what some group id can do, and world permissions, which give default access rights.
Computer Security & OS Lab.
524870, F’18- 18 -
/etc/{passwd, shadow}
Computer Security & OS Lab.
524870, F’18- 19 -
Access Controls
MAC versus DAC
Who has the right to set file permissions?
Discretionary Access Control (DAC) — the file owner can set permissions
Mandatory Access Control (MAC) — only the security officer can set permissions
Note: viruses and other malware change change DAC permissions, but not MAC permissions
Privileged Users
Root or Administrator can override file permissions
This is a serious security risk — there is no protection if a privileged account has been compromised
There is also no protection against a rogue superuser. . .
Secure operating systems do not have the concept of superusers
Computer Security & OS Lab.
524870, F’18- 20 -
Virtual Address Space of a Linux Process
Computer Security & OS Lab.
524870, F’18- 21 -
Stack Segment
On i386 architecture, which information is stored?
When a function is called?
When a function returns, how is the state of stack changed?
Computer Security & OS Lab.
524870, F’18- 22 -
Race Conditions
Race conditions can be a security issue
Consider a privileged program that checks if a file is readable and then tries to open it as root
The attacker can pass it a symlink; in the interval between the two operations, the attacker removes the symlink and replaces it with a link to a protected file
The OS must provide (and the application must use) atomic operations to open the file as that user
Computer Security & OS Lab.
524870, F’18- 23 -
Logging
What’s going on your systems?
If there’s a penetration, will you know?
Will you be able to figure out how it happened?
What to log? Everything?
Possibly takes too much storage, though disk space is cheap
Serious potential privacy risk
Can you process that much data?
But — must log security-sensitive events
Computer Security & OS Lab.
524870, F’18- 24 -
Logging
Solaris Basic Security Module (BSM)
BSM can do a lot of logging
Some categories: login/logout, ioctl, file write, network events, mount/unmount, fork, exec, and more
Great care taken to protect log files
Again, though — can you process the data?
Crucial directory and files on Linux: /var/log/ syslog,
Linux commands
last, who, dmesg, uname
$ dmesg | less
$ tail –f /var/log/syslog
Computer Security & OS Lab.
524870, F’18- 25 -
Layers of A Computer System
Where should the security of the system be placed?
The security of a layer could normally be compromised by attacks from lower layers!
Computer Security & OS Lab.
524870, F’18- 26 -
OS Protection Principles
The basis of OS protection is separation.
The separation can be of four different kinds: physical (physical objects, such as CPU’s, printers, etc. )
temporal (execution at different times)
logical (domains, each user gets the impression the she is “alone” in the system)
cryptographic (hiding data, so that other users can not understand them)
“Computing is sharing and non-location –
- security is separation” In principle all objects in the OS need protection, but in particular
those that are shareable, e.g.:
Memory, I/O devices (disks, printers, tape drives, etc.),
programs/procedures, data
Computer Security & OS Lab.
524870, F’18- 27 -
Sandboxes
A better idea is for the OS to provide sandboxes — an enviornment where the program can execute but can’t affect the rest of the machine
Strong isolation is conceptually pretty easy — run the program on a separate machine, or under VMware or the like
There are other, more elegant mechanisms that attempt to provide the same feature at lower cost; most are limited to root
The trick — and it’s a very difficult one — is permitting limited interaction with the outside world while still protecting security
Computer Security & OS Lab.
File permissions
DEP (Data Execution Prevention)
Microsoft Windows
Computer Security & OS Lab.
524870, F’18-29-
Access Control: File Permissions
Authorization on Windows 7
Computer Security & OS Lab.
524870, F’18-30-
Mitigate threats by using Windows 10 security features
UEFI (Unified Extensible Firmware Interface) secure boot helps protect the platform from bootkits and rootkits
Credential Guard helps keep attackers from gaining access through Pass-the-Hash or Pass-the-Ticket attacks
Device Guard helps keep a device from running malware or other untrusted apps
Windows Defender SmartScreen helps prevent malicious applications from being downloaded
Enterprise certificate pinning helps prevent man-in-the-middle attacks that leverage PKI
Windows Defender Antivirus, which helps keep devices free of viruses and other malware
Blocking of untrusted fonts helps prevent fonts from being used in elevation-of-privilege attacks
Early Launch Antimalware (ELAM) helps protect the platform from rootkits disguised as drivers
Source: https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10
Windows 10 보안기능을사용한위협완화 https://docs.microsoft.com/ko-kr/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10
Computer Security & OS Lab.
524870, F’18-31-
Mitigate threats by using Windows 10 security features
Memory protections help prevent malware from using memory manipulationtechniques such as buffer overruns
Data Execution Prevention (DEP)
helps prevent exploitation of buffer overruns
ASLR (Address Space Layout Randomization)
helps mitigate malware attacks based on expected memory locations
SEHOP (Structured Exception Handling Overwrite Protection)
helps prevent overwrites of the Structured Exception Handler
Device Health Attestation helps prevent compromised devices from accessing an organization’s assets
Source: https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10
Computer Security & OS Lab.
524870, F’18-32-
Data Execution Prevention
To use Task Manager to see apps that use DEP
1. Open Task Manager: Press Ctrl+Alt+Del and select Task Manager, or search the Start screen.
2. Click More Details (if necessary), and then click the Details tab.
3. Right-click any column heading, and then click Select Columns.
4. In the Select Columns dialog box, select the last Data Execution Prevention check box.
5. Click OK.
https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10
Computer Security & OS Lab.
524870, F’18-33-
DEP in Windows
Computer Security & OS Lab.
524870, F’18-34-
DEP (Data Execution Prevention) in Windows
1. 시작 -> Windows 시스템 -> 실행을차례로누르고열기상자에 wbemtest를입력한다음확인
2. WMI 테스터대화상자에서연결
3. 연결대화상자의맨위에있는상자에 root\cimv2를입력한다음연결
4. 인스턴스열거
5. 클래스정보대화상자의수퍼클래스이름입력상자에
Win32_OperatingSystem을입력한다음확인
6. 쿼리결과대화상자에서맨위에있는항목을두번누름이항목의이름은 "Win32_OperatingSystem.Name=Microsoft..."로시작
7. 개체편집기대화상자의속성영역에서 DataExecutionPrevention_Available속성을찾음
8. DataExecutionPrevention_Available을두번누름
9. 속성편집기대화상자에서값상자에있는값을확인
이값이 TRUE이면하드웨어 DEP를사용할수있음.
https://support.microsoft.com/ko-kr/help/912923/how-to-determine-that-hardware-dep-is-available-and-configured-on-your
Computer Security & OS Lab.
524870, F’18-35-
ASLR
Computer Security & OS Lab.
524870, F’18-36-
ASLR
Figure illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts.
Computer Security & OS Lab.
- 37 - 524870, F’19
Android Permission and Kali Linux
Computer Security & OS Lab, DKU
524870, F’18-38-
Access Control: File Permissions
Android 2.2 defines 134 permissions
● Such as dialing (CALL_PHONE), taking pictures (CAMERA)
Ask which permissions is accepted at install time
Computer Security & OS Lab.
524870, F’18- 39 -
Kali Linux
a Debian-derived Linux distribution designed for digital forensics and penetration testing
Most Advanced Penetration Testing Distribution, Ever. (https://www.kali.org/ )
https://en.wikipedia.org/wiki/Kali_Linux
Kali Linux has over 600 preinstalled penetration-testing programs, including
Armitage (a graphical cyber attack management tool),
Nmap (a port scanner),
Wireshark (a packet analyzer),
John the Ripper password cracker,
Aircrack-ng (a software suite for penetration-testing wireless LANs),
Burp suite (tool for testing Web application security = Web vulnerability scanner)
OWASP ZAP web application security scanners.
ZAP: Zed Attack Proxy
…
Computer Security & OS Lab.
- 40 - 524870, F’19
Summary
Computer Security & OS Lab, DKU
• Security and OS
• Linux OS and Basic security concepts
- Linux commands
• Windows Security Status
• …