operating system security qiwen pan and hailei jiang
TRANSCRIPT
![Page 1: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/1.jpg)
Operating System SecurityQiwen Pan and Hailei Jiang
![Page 2: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/2.jpg)
VIDEO
•http://www.youtube.com/watch?v=nHERFh7OO8c
![Page 3: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/3.jpg)
Security ThreatsTrojan Horse: A piece of code that misuses its environment. The
program seems innocent enough, however when executed, unexpected behavior occurs.
Trap Doors: Inserting a method of breaching security in a system. For instance, some secret set of inputs to a program might provide special privileges.
Threat monitoring: Look for unusual activity. Once access is gained, how do you identify someone acting in an unusual fashion?
Audit Log: Record time, user, and type of access on all objects. Trace problems back to source.
Worms : Use spawning mechanism; standalone programs. Internet Worm: In the Internet worm, Robert Morse exploited UNIX
networking features (remote access) as well as bugs in finger and sendmail programs. Grappling hook program uploaded main worm program.
Viruses: Fragment of code embedded in a legitimate program. Mainly effects personal PC systems. These are often downloaded via e-mail or as active components in web pages.
![Page 4: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/4.jpg)
Typical Security Attacks
![Page 5: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/5.jpg)
Take measures at four levels to protect the system•Physical•Human•Network•Operating System
![Page 6: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/6.jpg)
Windows XP Security
![Page 7: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/7.jpg)
WINLOGON.exe• Windows Logon
Process - Winlogon.exe
• presses CTRL+ALT+DEL
![Page 8: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/8.jpg)
Logon and Security Subsystems
Security is based on user accounts Each user has unique security ID
Login to ID creates security access token
The local security authority subsystem(LSASS) generates access tokens represent users on the systems
The authentication package checks to see the password is correct
The security subsystem then generates the access token containing the privileges, quota limits and group IDs.
![Page 9: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/9.jpg)
Encrypting File System(EFS)
•Allows you to encrypt data stored on an NTFS drive
•Only enabling user can gain access to encrypted object
•Uses public and private key encryption method
•Encryption process is invisible to user
![Page 10: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/10.jpg)
Is there a file where password information is kept in Windows XP?
•C:\WINDOWS\system32\config\SAM
•C:\WINDOWS\system32\config\SYSTEM
• MD4----- a destructive algorithm
![Page 11: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/11.jpg)
Hack WinXP an Admins Passwords
Log in and go to DOS command prompt and enter these commands exactly: cd\ cd\windows\system32 mkdir temphack copy logon.scr temphack\logon.scr copy cmd.exe temphack\cmd.exe del logon.scr rename cmd.exe logon.scr exit
![Page 12: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/12.jpg)
Hack WinXP an Admins Passwords
•User Name: Andy•Password: 1234
enter “net user Andy 1234”
![Page 13: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/13.jpg)
TSL/SSL
•Secure Socket Layer/Transport Layer Security
• Authentication scheme often used by Web-based applications
• Supported on Windows XP through IIS (Internet Information Server).
![Page 14: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/14.jpg)
SSL/TLS Protocol Layers
![Page 15: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/15.jpg)
•Handshake: negotiate session information between the client and the server
•Change Cipher Spec. : change the keying material used for encryption between the client and server.
•Alert: indicate a change in status or an error condition to the peer.
![Page 16: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/16.jpg)
IP Security Policies
•Security measure added to TCP/IP •Protects communications between two
systems using that protocol•Can be used over a RAS or WAN link•Creates a secured point-to-point link
between two systems•Configured and enabled with Advanced
TCP/IP Settings dialog box
![Page 17: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/17.jpg)
IP Security Policies Modes
•Transport•Tunneling
![Page 18: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/18.jpg)
Internet Security
•Risks▫Unwittingly downloading Trojan horses or
viruses, ▫Accepting malicious e-mail▫Allowing a remote cracker to take complete
control of your computer•Protection:
▫Security features for standalone or LAN system
▫Internet Connection Firewall
![Page 19: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/19.jpg)
Defends Your Computer
•Act Safely Online•Install Self-Defense
Software(Firewall, anti-Virus, Anti-Malware……)
•Keep Your Programs Up-to-Date!•Don't Let Another User Compromise
Your Computer•Use Administrator Rights Sparingly•Use Strong Passwords•Always Back Up Your Data•Encrypt Your Data
![Page 20: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/20.jpg)
More information about defend your computer is on the website:http://www.osnews.com/story/19701/How_to_Secure_Your_Windows_Computer_and_Protect_Your_Privacy
![Page 21: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/21.jpg)
Linux Security
Linux has evolved into one of the mostpopular and versatile operating systemsmany features mean broad attack surfacecan create highly secure Linux systemswill review:
Discretionary Access Controlstypical vulnerabilities and exploits in Linuxbest practices for mitigating those threatsnew improvements to Linux security model
![Page 22: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/22.jpg)
Linux Security Model
Linux’s traditional security model is:people or proceses with “root” privileges cando anything
other accounts can do much less
hence attacker’s want to get root privileges
can run robust, secure Linux systems
crux of problem is use of DiscretionaryAccess Controls (DAC)
![Page 23: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/23.jpg)
Linux Security Transactions
![Page 24: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/24.jpg)
File System Security
in Linux everything as a filee.g. memory, device-drivers, named pipes,and other system resources
hence why filesystem security is so important
I/O to devices is via a “special” filee.g. /dev/ cdrom
have other special files like named pipesa conduit between processes / programs
![Page 25: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/25.jpg)
Users and Groups
a user-account (user)represents someone capable of using files
associated both with humans and processes
a group-account (group)is a list of user-accounts
users have a main group
may also belong to other groups
users & groups are not files
![Page 26: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/26.jpg)
Users and Groups
user's details are kept in/etc/passwordmaestro:x:200:100:Maestro EdwardHizzersands:/home/maestro:/bin/bash
additional group details in /etc/groupconductors:x:100:
pianists:x:102:maestro,volodya
use useradd, usermod, userdel to alter
![Page 27: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/27.jpg)
File Permissions
files have two owners: a user & a group
each with its own set of permissions
with a third set of permissions for other
permissions are to read/write/execute inorder user/group/other, cf.- rw- rw-r -- 1 maestrouser 35414 Mar25 01:38
baton.txt
set using chmod command
![Page 28: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/28.jpg)
Directory Permissions
read = list contentswrite = create or delete files in directoryexecute = use anything in or changeworking directory to this directorye.g.$ chmod g+rx extreme_casseroles$ ls -l extreme_casserolesdrwxr-x--- 8 biff drummers 288Mar 25 01:38 extreme_casseroles
![Page 29: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/29.jpg)
Sticky Bit
originally used to lock file in memorynow used on directories to limit delete
if set must own file or dir to deleteother users cannot delete even if have write
set using chmod command with +t flag, e.g.chmod +t extreme_casseroles
directory listing includes t or T flagdrwxrwx--T 8 biff drummers 288 Mar25 01:38 extreme_casseroles
only apply to specific directory not child dirs
![Page 30: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/30.jpg)
SetUID and SetGID
setuid bit means program "runs as" ownerno matter who executes it
setgid bit means run as a member of thegroup which owns it
again regardless of who executes it
"run as" = "run with same privileges as”are very dangerous if set on file owned byroot or other privileged account or group
only used on executable files, not shell scripts
![Page 31: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/31.jpg)
SetGID and Directories
setuid has no effect on directories
setgid does and causes any file created ina directory to inherit the directory's group
useful if users belong to other groups androutinely create files to be shared withother members of those groups
instead of manually changing its group
![Page 32: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/32.jpg)
Numeric File Permissions
![Page 33: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/33.jpg)
Kernel vs User Space
Kernel spacerefers to memory used by the Linux kerneland its loadable modules (e.g., device drivers)
User spacerefers to memory used by all other processes
since kernel enforces Linux DAC andsecurity critical to isolate kernel from user
so kernel space never swapped to disk
only root may load and unload kernel modules
![Page 34: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/34.jpg)
setuid root Vulnerabilities
a setuid root program runs as rootno matter who executes it
used to provide unprivileged users with accessto privileged resourcesmust be very carefully programmed
if can be exploited due to a software bugmay allow otherwise-unprivileged users to use it towield unauthorized root privileges
distributions now minimise setuid-root programssystem attackers still scan for them!
![Page 35: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/35.jpg)
Web Vulnerabilities
a very broad category of vulnerabilitiesbecause of ubiquity of world wide web have big andvisible attack surfaces
when written in scripting languagesnot as prone to classic buffer overflows
can suffer from poor input-handling
few “enabled-by-default” web applications
but users install vulnerable web applications
or write custom web applications having easily-identified and easily-exploited flaws
![Page 36: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/36.jpg)
Rootkits
allow attacker to cover their tracksif successfully installed before detection, all isvery nearly lostoriginally collections of hacked commands
hiding attacker’s files, directories, processes
now use loadable kernel modulesintercepting system calls in kernel-spacehiding attacker from standard commands
may be able to detect with chkrootkitgenerally have to wipe and rebuild system
![Page 37: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/37.jpg)
Linux System Hardening
consider how to mitigate Linux securityrisks at system and application levels
first look at OS-level security tools andtechniques that protect the entire system
![Page 38: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/38.jpg)
OS Installationsecurity begins with O/S installationespecially what software is run
since unused applications liable to be left in default,un-hardened and un-patched state
generally should not run:X Window system, RPC services, R-services, inetd,SMTP daemons, telnet etc
also have some initial system s/w configuration:setting root passwordcreating a non-root user accountsetting an overall system security levelenabling a simple host-based firewall policyenabling SELinux
![Page 39: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/39.jpg)
Patch Management
installed server applications must be:configured securelykept up to date with security patches
patching can never win “patch rat-race”have tools to automatically download andinstall security updates
e.g. up2date, YaST, apt-getnote should not run automatic updates onchange-controlled systems without testing
![Page 40: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/40.jpg)
Network Access Controls
network a key attack vector to secure
TCP wrappers a key tool to check accessoriginally tcpd inetd wrapper daemon
before allowing connection to service checks•
•
•
if requesting host explicitly in hosts.allow is ok
if requesting host explicitly in hosts.deny is blocked
if not in either is ok
checks on service, source IP, username
now often part of app using libwrappers
![Page 41: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/41.jpg)
Network Access Controls
also have the very powerful netfilter Linuxkernel native firewall mechanism
and iptables user-space front end
as useful on firewalls, servers, desktopsdirect config tricky, steep learning curvedo have automated rule generatorstypically for “personnal” firewall use will:
allow incoming requests to specified servicesblock all other inbound service requestsallow all outbound (locally-originating) requests
if need greater security, manually config
![Page 42: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/42.jpg)
Antivirus Software
historically Linux not as vulnerable to virusesmore to lesser popularity than securityprompt patching was effective for wormsbut viruses abuse users privilegesnon-root users have less scope to exploit
but can still consume resources
growing Linux popularity mean exploitshence antivirus software will more important
various commercial and free Linux A/V
![Page 43: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/43.jpg)
User Management
guiding principles in user-account security:need care setting file / directory permissionsuse groups to differentiate between rolesuse extreme care in granting / using root privs
commands: chmod, useradd/mod/del,groupadd/mod/del, passwd, chageinfo in files /etc/passwd & /etc/groupmanage user’s group membershipsset appropriate password ages
![Page 44: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/44.jpg)
Root Delegation
have "root can to anything, users do little” issue
“su” command allows users to run as rooteither root shell or single command
must supply root password
means likely too many people know this
SELinux RBAC can limit root authority, complex
“sudo” allows users to run as rootbut only need their password, not root password
/etc/sudoers file specifies what commands allowed
or configure user/group perms to allow, tricky
![Page 45: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/45.jpg)
Logging
effective logging a key resourceLinux logs using syslogd or Syslog-NG
receive log data from a variety of sourcessorts by facility (category) and severitywrites log messages to local/remote log files
Syslog-NG preferable because it has:variety of log-data sources / destinationsmuch more flexible “rules engine” to configurecan log via TCP which can be encrypted
should check and customized defaults
![Page 46: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/46.jpg)
Log Management
balance number of log files usedsize of few to finding info in many
manage size of log filesmust rotate log files and delete old copies
typically use logrotate utility run by cron
to manage both system and application logs
must also configure application logging
![Page 47: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/47.jpg)
Application Security
this is a large topicmany security features are implemented insimilar ways across different applicationswill review issues such as:
running as unprivileged user/grouprunning in chroot jailmodularityencryptionlogging
![Page 48: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/48.jpg)
Running As UnprivilegedUser/Group
every process “runs as” some user
extremely important this user is not rootsince any bug can compromise entire system
may need root privileges, e.g. bind porthave root parent perform privileged function
but main service from unprivileged child
user/group used should be dedicatedeasier to identify source of log messages
![Page 49: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/49.jpg)
Running in chroot Jail
chroot confines a process to a subset of /maps a virtual “/” to some other directory
useful if have a daemon that should onlyaccess a portion of the file system, e.g. FTP
directories outside the chroot jail aren’t visibleor reachable at all
contains effects of compromised daemon
complex to configure and troubleshootmust mirror portions of system in chroot jail
![Page 50: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/50.jpg)
Modularity
applications running as a single, large,multipurpose process can be:
more difficult to run as an unprivileged user
harder to locate / fix security bugs in source
harder to disable unnecessary functionality
hence modularity a highly prized featureproviding a much smaller attack surface
cf. postfix vs sendmail, Apache modules
![Page 51: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/51.jpg)
Encryption
sending logins & passwords or applicationdata over networks in clear text exposesthem to network eavesdropping attacks
hence many network applications nowsupport encryption to protect such data
often using OpenSSL library
may need own X.509 certificates to usecan generate/sign using openssl command
may use commercial/own/free CA
![Page 52: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/52.jpg)
Logging
applications can usually be configured tolog to any level of detail (debug to none)
need appropriate setting
must decide if use dedicated file or systemlogging facility (e.g. syslog)
central facility useful for consistent use
must ensure any log files are rotated
![Page 53: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/53.jpg)
Mandatory Access Controls
Linux uses a DAC security model
but Mandatory Access Controls (MAC) impose aglobal security policy on all users
users may not set controls weaker than policy
normal admin done with accounts without authority tochange the global security policy
but MAC systems have been hard to manage
Novell’s SuSE Linux has AppArmor
RedHat Enterprise Linux has SELinux
pure SELinux for high-sensitivity, high-security
![Page 54: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/54.jpg)
SELinuxis NSA's powerful implementation of mandatoryaccess controls for LinuxLinux DACs still applies, but if it allows the actionSELinux then evaluates it against its ownsecurity policies"subjects" are processes (run user cmds)actions are "permissions”objects not just files & dirsto manage complexity SELinux has:
"that which is not expressly permitted, is denied”groups of subjects, permissions, and objects
![Page 55: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/55.jpg)
Security Contextseach individual subject & object in SELinux isgoverned by a security context being a:
user - individual user (human or daemon)•••
SELinux maintains its own list of usersuser labels on subjects specify account's privilegesuser labels on objects specify its owner
role - like a group, assumed by users• a user may only assume one role at a time,• may only switch roles if and when authorized to do so
domain (type) - a sandbox being a combination ofsubjects and objects that may interact with each other
this model is called Type Enforcement (TE)
![Page 56: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/56.jpg)
Decision Making in SELinux
two types of decisions:
access decisionswhen subjects do things to objects that already exist,or create new things in expected domain
transition decisionsinvocation of processes in different domains than theone in which the subject-process is running
creation of objects in different types (domains) thantheir parent directories
transitions must be authorized by SELinux policy
![Page 57: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/57.jpg)
RBAC and MLS Controls
have Role Based Access Control (RBAC)rules specify roles a user may assume
other rules specify circumstances when a usermay transition from one role to another
and Multi Level Security (MLS)concerns handling of classified data
• “no read up, no write down”
MLS is enforced via file system labeling
![Page 58: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/58.jpg)
SELinux Policy Management
creating and maintaining SELinux policiesis complicated and time-consuming
a single SELinux policy may consist ofhundreds of lines of text
RHEL has a default “targeted” policydefines types for selected network apps
allows everything else to use DAC controls
have a range of SELinux commandssee additional references for details
![Page 59: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/59.jpg)
Novell AppArmor
Novell’s MAC for SuSE Linuxenforced at kernel levelusing Linux Security Modules
restricts behavior of selected applicationsin a very granular but targeted way
hence a compromised root application'saccess will be containedhas no controls addressing data classificationhence only a partial MAC implementation
non-protected apps just use Linux DAC
![Page 60: Operating System Security Qiwen Pan and Hailei Jiang](https://reader033.vdocuments.site/reader033/viewer/2022061515/551b38695503465c7e8b4d3e/html5/thumbnails/60.jpg)
Summary
reviewed Linux security model and DAC
vulnerabilities
O/S and application hardening
MAC, SELinux and AppArmor