Download - The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
![Page 1: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/1.jpg)
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
presented by Toby
![Page 2: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/2.jpg)
![Page 3: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/3.jpg)
![Page 4: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/4.jpg)
Introduction
![Page 5: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/5.jpg)
![Page 6: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/6.jpg)
IntroductionPremise1. Ppl be debating lots of security additions• without much talk about the operating systems
![Page 7: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/7.jpg)
IntroductionPremise1. Ppl be debating lots of security additions• without much talk about the operating systems
2. Debates are flawed—assume that application level security can be attained• on current operating systems
![Page 8: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/8.jpg)
IntroductionPremise1. Ppl be debating lots of security additions• without much talk about the operating systems
2. Debates are flawed—assume that application level security can be attained• on current operating systems
3. Current (err.. 15 year old) operating systems are inadequate• from a security standpoint
![Page 9: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/9.jpg)
2 The Missing Link
![Page 10: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/10.jpg)
2 The Missing Link• Mandatory Security• Trusted Path
![Page 11: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/11.jpg)
2 The Missing LinkMandatory Security• Mandatory Security:• “...any security policy where the definition of the
policy logic and the assignment of security attributes is tightly controlled by a system security policy administrator.” –this paper• The user should have no influence over the security
policy• in theory
![Page 12: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/12.jpg)
2 The Missing LinkMandatory Security• Example systems that should have Mandatory
Security:• access control• authentication usage• cryptographic usage
![Page 13: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/13.jpg)
2 The Missing LinkMandatory Security• According to the big black box, Mandatory Security
has these general benefits:• Confinement of applications (from a security standpoint)• Lack of burden on individual users to manage security• Narrowing of bandwidth of channels for leaking private
information• Increased accountability of unauthorized private
information flow
![Page 14: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/14.jpg)
2 The Missing LinkMandatory Security• Example of 1998 state of OSes• Windows NT:• Two security domains:• Complete Privilege• Complete Unprivileged
• Pretty coarse-grained
![Page 15: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/15.jpg)
2 The Missing LinkTrusted Path• “A trusted path is a mechanism by which a user
may directly interact with trusted software, which can only be activated by either the user or the trusted software and may not be imitated by other software.” –this paper
![Page 16: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/16.jpg)
2 The Missing LinkTrusted Path• “A trusted path is a mechanism by which a user
may directly interact with trusted software, which can only be activated by either the user or the trusted software and may not be imitated by other software.” –this paper
![Page 17: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/17.jpg)
2 The Missing LinkTrusted Path• Example given:• Windows NT:• Trusted path given for stuff like password changing• But no means for extending to other trusted software
![Page 18: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/18.jpg)
3 General Examples
![Page 19: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/19.jpg)
3 General ExamplesAccess Control
![Page 20: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/20.jpg)
4 Concrete Examples
![Page 21: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/21.jpg)
4 Concrete ExamplesMobile Code• Mobile code probably meant something much
different in 1998• Here: Java• Mobile = portable• Does not equal iPhone
![Page 22: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/22.jpg)
4 Concrete ExamplesMobile Code• Java (1998):• “not tamperproof or unbypassable”
• i.e. you can break boundaries of abstraction• depends on the application-space access control for
security• e.g. executables could be tampered with
![Page 23: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/23.jpg)
4 Concrete ExamplesKerberos• Malicious software could spoof client-side
authentication• Need a trusted path to guarantee this can’t happen• Client’s password could be obtained
![Page 24: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/24.jpg)
4 Concrete ExamplesKerberos• Malicious software could spoof client-side
authentication• Need a trusted path to guarantee this can’t happen• Client’s password could be obtained
![Page 25: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/25.jpg)
6 Summary
![Page 26: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments](https://reader036.vdocuments.us/reader036/viewer/2022081422/568162ac550346895dd32f3e/html5/thumbnails/26.jpg)
6 Summary• No single security mechanism will be a solution to
security problems• but we knew that
• Modern (1998) computing threats cannot be addressed without secure operating systems• they were right
• Authors hoped to motivate interest in OS security• well, people are interested• don’t know if it’s their doing or not