the inevitability of failure: the flawed assumption of security in modern computing environments
DESCRIPTION
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. presented by Toby. Introduction. Introduction Premise. Ppl be debating lots of security additions without much talk about the operating systems. Introduction Premise. - PowerPoint PPT PresentationTRANSCRIPT
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
presented by Toby
Introduction
IntroductionPremise1. Ppl be debating lots of security additions• without much talk about the operating systems
IntroductionPremise1. Ppl be debating lots of security additions• without much talk about the operating systems
2. Debates are flawed—assume that application level security can be attained• on current operating systems
IntroductionPremise1. Ppl be debating lots of security additions• without much talk about the operating systems
2. Debates are flawed—assume that application level security can be attained• on current operating systems
3. Current (err.. 15 year old) operating systems are inadequate• from a security standpoint
2 The Missing Link
2 The Missing Link• Mandatory Security• Trusted Path
2 The Missing LinkMandatory Security• Mandatory Security:• “...any security policy where the definition of the
policy logic and the assignment of security attributes is tightly controlled by a system security policy administrator.” –this paper• The user should have no influence over the security
policy• in theory
2 The Missing LinkMandatory Security• Example systems that should have Mandatory
Security:• access control• authentication usage• cryptographic usage
2 The Missing LinkMandatory Security• According to the big black box, Mandatory Security
has these general benefits:• Confinement of applications (from a security standpoint)• Lack of burden on individual users to manage security• Narrowing of bandwidth of channels for leaking private
information• Increased accountability of unauthorized private
information flow
2 The Missing LinkMandatory Security• Example of 1998 state of OSes• Windows NT:• Two security domains:• Complete Privilege• Complete Unprivileged
• Pretty coarse-grained
2 The Missing LinkTrusted Path• “A trusted path is a mechanism by which a user
may directly interact with trusted software, which can only be activated by either the user or the trusted software and may not be imitated by other software.” –this paper
2 The Missing LinkTrusted Path• “A trusted path is a mechanism by which a user
may directly interact with trusted software, which can only be activated by either the user or the trusted software and may not be imitated by other software.” –this paper
2 The Missing LinkTrusted Path• Example given:• Windows NT:• Trusted path given for stuff like password changing• But no means for extending to other trusted software
3 General Examples
3 General ExamplesAccess Control
4 Concrete Examples
4 Concrete ExamplesMobile Code• Mobile code probably meant something much
different in 1998• Here: Java• Mobile = portable• Does not equal iPhone
4 Concrete ExamplesMobile Code• Java (1998):• “not tamperproof or unbypassable”
• i.e. you can break boundaries of abstraction• depends on the application-space access control for
security• e.g. executables could be tampered with
4 Concrete ExamplesKerberos• Malicious software could spoof client-side
authentication• Need a trusted path to guarantee this can’t happen• Client’s password could be obtained
4 Concrete ExamplesKerberos• Malicious software could spoof client-side
authentication• Need a trusted path to guarantee this can’t happen• Client’s password could be obtained
6 Summary
6 Summary• No single security mechanism will be a solution to
security problems• but we knew that
• Modern (1998) computing threats cannot be addressed without secure operating systems• they were right
• Authors hoped to motivate interest in OS security• well, people are interested• don’t know if it’s their doing or not