Chapter 4

Access Control

Manage Principals operations in system

Resources

Access controlWhich principals have access to what

resources on the system and when

Applications

Middleware

Operating system

Hardware

Access control system

System authenticates principal using some method, then controls access to system resources.

Often a matrix of permissions Triple of User Program File See matrix page 53 Matrices grow very large

Control this through groups or roles Certificated based systems coming about

I have a certificate signed by some authority that I have a specific right.

Groups and roles

Do not assign rights individuallyAssign to groups that represents the

activities or job titles of employeesThey define the rules, you implement

themACL Access Control List

Column of the matrix who has what rights to resource

UNIX

Root can access everything.Not a good thing, even system admin

should not have access to certain files:Audit trailsLogs

Newer versions of UNIX have worked to separate out these dutiesMilitary versions even more so

Granularity

Security and Database Database is 1 file so OS must give access to this

one file Within in the database security is controlled by the

DBMS This creates various issues with passwords,

management and control Many systems, many passwords Companies striving for 1 central directory service This is why Microsoft wants it’s Active Directory

product to become a “standard”

Sandboxing

Java uses thisApplet runs in a virtual restricted

environmentDoes not have access to hard driveJVM has limited local access

Object Request Brokers

Mediates communications between objects

Outgrowth of Object Oriented programming

Common Object Request Broker Architecture (CORBA) Industry standard

Hardware protection

Protect one process from interfering with anotherMemoryMetadata (data about processes)

Hardware access controlRings of protection

Less privileged process (user program) needs to access more privileged process (device driver)

Processors

Intel processors page 63ARM processors page 63Security processors page 64QoS

Quality of Service issues.One process does not hog CPU

What goes wrong

Smashing the stackSyn floodingTrojan horseRoot kits

Single commandsFull root kits

Active web contentAnd many more programming defects

NSA

NSADeep distrust of application securityHeavy emphasis on trusted OS security

Environmental creep

UNIX original use was in trusted environment Todays use is in the most untrusted

environment (internet) Many tools also develop for trusted

environment FTP, SMTP, DNS… Used in most untrusted environment Code used to be buggy, now is malicious Script kiddies anyone can attack system

Discussion topics

Current stack smashing articleEnvironment Creep and OS attacksCurrent state of windows root kitWhere should security lie? OS,

applications, middleware?Certificate based security.

Articles

Root Kit articles: http://www.viruslist.com/en/analysis?

pubid=168740859http://

searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1086469,00.html

List of resources

Access control http://en.wikipedia.org/wiki/Access_control http://www.owasp.org/documentation/topten/a2.htm

l Groups roles

http://www.microsoft.com/windowsxp/evaluation/features/accesscntrl.mspx

http://www.tech-faq.com/role-based-access-control-rbac.shtml

http://technet2.microsoft.com/WindowsServer/en/Library/72b55950-86cc-4c7f-8fbf-3063276cd0b61033.mspx

List of resources

Sandboxinghttp://www.kernelthread.com/publications/se

curity/sandboxing.htmlhttp://internetweek.cmp.com/trends/

0825.htm

List of resources

Object Request Brokershttp://en.wikipedia.org/wiki/

Object_request_brokerhttp://www.sei.cmu.edu/str/descriptions/

corba_body.htmlRings

http://www.devx.com/Intel/Article/30125

List of Resources

NSAhttp://www.nsa.gov/selinux/http://www.nsa.gov/selinux/info/faq.cfm