security at the operating system level (microsoft)
DESCRIPTION
Security at the Operating System Level (Microsoft). By Birinder Dhillon. Outline. Why need security at the OS level? Security features/concerns of Microsoft Windows NT. Security provided by Microsoft Windows 2000. “Next Generation Secure Computing Base for Windows” by Microsoft . - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/1.jpg)
Security at the Operating System Level
(Microsoft)
By
Birinder Dhillon
![Page 2: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/2.jpg)
Outline
Why need security at the OS level? Security features/concerns of Microsoft
Windows NT. Security provided by Microsoft Windows
2000. “Next Generation Secure Computing Base for
Windows” by Microsoft . Conclusion. Questions/Comments.
![Page 3: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/3.jpg)
Why need security at the OS level?
No more standalone computer system environments.
Any system can be globally accessible through a set of vast inter and intra-network connections.
Transition motivated by the need to work remotely, convenience in accessing personal records, online shopping etc.
![Page 4: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/4.jpg)
Why need security at the OS level? (contd.)
Convenience and efficiency with increased security risks.
Trust computers more than our life partners. A single security loophole in the OS design
known to a malicious attacker could do serious damage.
![Page 5: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/5.jpg)
Security Model of Microsoft Windows NT
Access Tokens: Evidence that the a user successfully logged-in.
Security Descriptors: Represent access rights of a logged-in user.
Object Manager: Reads the security descriptors and passes on the information to the Security Reference Monitor (SRM). SRM determines whether a user’s action is legal or illegal.
![Page 6: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/6.jpg)
Security features of Microsoft Windows NT
NTFS
- Allows system administrators to set global or very specific file access permissions.
- Sets up a virtual root directory to
prevent network users from accessing
higher nodes in the system.
![Page 7: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/7.jpg)
Security features of Microsoft Windows NT (contd.)
Minimum password length and frequent password change requirements.
Multiple levels of privilege, unlike UNIX. Challenge-response scheme for
authentication purposes during user log-on attempt.
Auditing.
![Page 8: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/8.jpg)
Loopholes in Microsoft Windows NT Security Model
Assumes a logged-in user is a legal user. Networking environment uses some old out-
of-date protocols (such as NetBEUI, DLC). Use of non-standard implementations of
security protocols. For example, Microsoft's implementation of PPTP.
Obvious relationships between clear text passwords and hash values. Tools like l0phtcrack can exploit this vulnerability.
![Page 9: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/9.jpg)
Security features of Microsoft Windows 2000
Technology based on Windows NT. Designed to address the security loopholes of
Windows NT. New Security features included with Windows
2000: Active Directory, ACLs for both the users and resources, Encrypting File System, Kerberos, Internet Protocol Security (IPSec), PKI.
![Page 10: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/10.jpg)
Kerberos
Windows 2000 replaces the NT LAN Manager with Kerberos version 5.
Network authentication protocol. Involves the participation of two principals
and a trusted third party called Key Distribution Center (KDC).
Uses symmetric key encryption. KDC provides the shared key for each session.
![Page 11: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/11.jpg)
Kerberos (contd.)
Scenario 1: A principle is trying to log-on to his/her workstation.
Scenario 2: A principle wants to communicate with another principle.
![Page 12: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/12.jpg)
Kerberos (contd.)Scenario 1 The following sequence of events occur:
Alice W : P, U
W KDC : U
KDC W : { SA, { SA, U, TS} KKDC } KA
W computes KA = hash (P) and decrypts
{SA, {SA, U, TS} KKDC } KA
Session key for communication between Alice’s workstation and KDC
Ticket-Granting Ticket (TGT)
![Page 13: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/13.jpg)
Kerberos (contd.)Scenario 2
The following sequence of events occur:
Alice KDC : {TGT}KKDC, Bob, {TS} SA
KDC decrypts TGT and obtains SA
KDC decrypts TS using SA
KDC Alice : {Alice, Bob, TS1, KAB, {Alice, Bob, TC, TE, KAB} KB} SA
Alice Bob : {Alice, Bob, TC, TE, KAB} KB, {TS2} KAB
Bob decrypts his ticket using KB to obtain KAB
Bob decrypts the authenticator using KAB
![Page 14: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/14.jpg)
Encrypting File System (EFS)
EFS is integrated with NTFS version 5. Allows Windows 2000 users to encrypt their
files and folders. Encrypting a folder encrypts all the subfolders
and files in that folder. Cannot be used to encrypt system files. A user needs to know the key to decrypt a
file, log-in password not enough.
![Page 15: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/15.jpg)
EFS (contd.)
Uses Public Key Encryption. Initial version uses DES as the encryption
algorithm. Randomly generated File Encryption Key
(FEK) used for encryption. Users/Recovery Agents encrypt the FEK
using their public key and decrypt using their private key.
![Page 16: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/16.jpg)
EFS (contd.)File Encryption Process
The following diagram illustrates the file encryption process:
Plain text
User’s Public Key
File Encryption (DES)
Data Decryption Field generation (DDF)
Encrypted Text
DDF
DRFRandomly generated FEK
Recovery Agent’s Public Key
Data Recovery Field generation (DRF)
![Page 17: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/17.jpg)
EFS (contd.)File Decryption Process
The following diagram illustrates the decryption process:
Encrypted Text File Decryption (DES) Plain Text
FEK
User’s Private Key
DDF
Data Decryption Field Extraction
![Page 18: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/18.jpg)
EFS (contd.)File Recovery Process
The following diagram illustrates the file recovery process:
Encrypted Text File Decryption (DES)
Plain Text
Recovery Agent’s private key
FEK
Data Recovery Field Extraction
DRF
![Page 19: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/19.jpg)
Public Key Infrastructure (PKI)
Primary components of Windows 2000 PKI are: Certificate Services: Businesses act as their
own Certificate Authorities (CAs). Active Directory directory service: Store
information about the network and used to publish keys.
PKI enabled applications. Exchange Key Management Service (KMS):
Used to manage email encryption keys.
![Page 20: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/20.jpg)
PKI (contd.)
Includes typical components of a PKI: CA, and Sub-CA.
Certificates are compliant with ITU-TX.508 standard.
Supports standard security protocols like IPSec, PKINIT, PC/SC etc. Enhances interoperability.
Users now have the capability of mixing public and private CAs in their environment.
![Page 21: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/21.jpg)
“Next Generation Secure Computing Base for Windows”
New set of features for a future operating system – previously codenamed “Palladium”
Promises to provide greater security, enhanced personal privacy, and system integrity.
Applications that would make use of “Palladium’s” security features are codenamed “Trusted Agents.”
![Page 22: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/22.jpg)
“Next Generation Secure Computing Base for Windows” (contd.)
“Palladium” enabled systems would offer the following security features: Protected Memory: Hide and protect the pages of main
memory being used by a “Trusted Agent.” Attestation: Data signed by a “Trusted Agent” to prove its
authenticity. Sealed Storage: The ability of a “Trusted Agent” to store
data securely. Secure input and output: Guarantee a trusted path from
the input devices to a “Trusted Agent” and from a “Trusted Agent” to the output devices.
![Page 23: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/23.jpg)
“Next Generation Secure Computing Base for Windows” (contd.)
“Palladium” requires both hardware and software support to implement the security features.
Hardware Support To provide trusted space in memory. To implement the sealed storage security feature. Intel has already scheduled the release of its
Prescott processor enabled with Le-Grande technology to provide hardware support.
![Page 24: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/24.jpg)
“Next Generation Secure Computing Base for Windows” (contd.)
Software Support Nexus (formerly codenamed “Trusted
Operating Root”) Technology to be used by the OS to provide trust
functionality. Executes in Kernel mode alongside “Trusted Agents”
that execute in user mode. Provides the APIs that the “Trusted Agents” can use
to communicate with Nexus.
![Page 25: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/25.jpg)
“Next Generation Secure Computing Base for Windows” (contd.)
Software Support (contd.) “Trusted Agents”
User applications that can make use of “Palladium’s” security features.
Execute in the user mode in trusted space. Call Nexus when need to make use of some security
feature. Able to store secrets using sealed storage and
authenticate themselves using attestation.
![Page 26: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/26.jpg)
“Next Generation Secure Computing Base for Windows” (contd.)
Examples Protection against virus attacks
Still need anti-virus software to catch a virus If the anti-virus software is a “Trusted Agent,” then
“Palladium” makes sure it executes in secure environment and infected code doesn’t affect it.
File encryption Files encrypted using system specific secrets
cryptographically locked into hardware. Files useless if maliciously copied or tampered with.
![Page 27: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/27.jpg)
Conclusion
High security promises prompt consumers to store important and private data carelessly.
No matter how high OS security promises are, someone’s always out there to break them.
An example is the Code-Red worm that hammered the Windows 2000 users by manipulating a loophole in IIS 4.0 and 5.0.
![Page 28: Security at the Operating System Level (Microsoft)](https://reader035.vdocuments.site/reader035/viewer/2022062422/56812e54550346895d93f948/html5/thumbnails/28.jpg)
Questions/Comments