Security – Operating Systems

John

 

Computer System Components

 

  • Hardware
    • Provides basic computer resources (CPU, memory, I/O devics)
      • Maybe addons
      • Possible firmware
  • Operating System
    • Controls hardware and various apps
  • Application Programs
  • Users

What is an Operating System

  • Program that acts as an intermediary between user and computer hardware
  • Efficiency – better utilization of resources
  • Convenience – ease of use

 

History

  • Nothing
  • Mainframes
  • Time Sharing
  • PC
  • Multi-tasking PC

 

Time-sharing Systems

  • Interactive use of an computer
  • Several users can share simultaneously
    • Preemptive versus cooperative multitasking
  • Issues
    • Scheduling
    • Synchronization
    • File systems
    • Security

 

Security Threats?

  • What are security threats in this model?
    • User authentication (keep malicious users out)
      • Typically done with usernames/passwords
    • Access to resources
      • Files, memory, computer time
    • Protect users from each other and OS TCB (Kernel and system processes)

 

Modern Operating Systems

  • Operating system kernel
  • Many processes, each running a program
  • Files

 

Kernel Space vs User Space

  • Part of the OS runs kernel mode
    • OS Kernel
  • Part of OS run user mode, including service programs (daemon) user apps, etc
    • Run as processes
    • Form the user space

Processes

  • Each process has its own address space
  • Each process has a PID
  • Each process has a ‘protection state’ and set of operations to modify this state
    • UID, GID, supplementary groups
    • Protection state determines which files users may create/read/write
    • Child processes inherit their parents permissions

 

Files

  • Represent both real files and devices such as I/O devices, network and IPC
  • Have an owner UID and owner GUID
  • Owner can modify any aspects of the file
    • chmod a+r
    • Rwxr-x-wx = 111|101|011 = 753

 

SETUID

  • Changing the user ID of a running process
  • Special access bits attached to application programs that allow them to run as the UID of the file’s owner
  • ssh runs as root, ping runs as root (regardless of starts it)

 

SETUID Example

 

ls -l /bin/passwd

-rwsr-xr-x 1 root root 27768 Feb 11 2017 /bin/passwd

 

Changin local password for [user]

Old Password:

 

root 5211 0.0.0.2 3620 1724 2 I+ 2:09AM 0:00.01 

passwd 

 

How does UNIX break?

  • Vulnerabilities in high-privilege network facing daemons
  • Bad passwords, sending passwords in the clear (telnet / ftp)
  • Kernel vulnerabilities
  • Device driver vulnerabilities
  • Rowhammer!

 

The protection rings (of privilege)

  • Ring 0 – Kernel
  • Rings 1 & 2 – Device drivers (rarely used)
  • Ring 3 – Applications

Trusted Computing Base (TCB)

  • In UNIX this would be kernel or things root can do, things that can be trusted
  • The set of all hardware, software and procedural components that enforce the security policy
    • In order to break security, attacker must subvert them
    • The smaller TCB the more secure. Dont run everything as root
  • What consists of the conceptual Trusted Computing Based in a UNIX?
    • Hardware, kernel, system binaries, system configurations, setuid root, programs
  • One approach to improve security is to reduce the size of TCB
    • Reduce what one relies on for security

 

Trusted Platform Module (TPM)

  • User cant really access or touch, its native to the OS/Hardware
  • Secure cryptoprocessor – dedicated microcontroller designed to secure hardware through integrated crypto keys
  • Hold private keys for attestation
    • Platform key
    • Type key
  • Other key storage
    • For storage management (bitlocker)
  • Key generation
  • SHA-1
  • Public Key, HMAC

 

Attestation

  • Allows a program to authenticate itself/prove its identity
  • Of boot:
    • Generate rolling SHA-1 of binaries loaded into memory and provide as signed value
  • Of platform
    • Provide signed boot sequence + signed nonce with platform/type key

Sandboxing

  • Mechanism for separating running programs, usually in effort to mitigate system failures or software vulnerabilities from spreading
  • Frequently used to test unverified programs
  • Provides (strong) isolation for execution

 

Sandboxing – Special users

  • “Nobody”
  • User account which owns no files, no privileged groups, no abilities except those of others
  • Common to run daemons as nobody, especially servers, limits damage if it is malicious gained control
  • Limitations?

 

Sandboxing – chroot

  • Changes apparent root directory for current process and children
  • Program is cannot access files outside designated directory tree or environment
  • Limitations
    • Can chroot from a chroot.. Can change its home to be it’s original home

 

Virtualization

  • Allows the existence of multiple isolated user-space instances, called containers
  • Programs run inside container, can only see container contents and devices assigned to it
  • Operating system versus hardware

 

Hypervisors

The Confused Deputy

https://crypto.stanford.edu/cs155old/cs155-spring09/papers/ConfusedDeputy.html

 

Incident at Tymshare. OS allowed program to write to files it should not have access. Not fault of the program, its compiler or developer. OS should’ve controlled access. 

 

Android System and Kernel Security

https://source.android.com/docs/security/overview/kernel-security

 

Key points:

  • Linux Security – based on linux kernel, secure inter-porocess communication (IPC) and ability to remove insecure parts of the kernel
  • Application Sandbox – apps are isolated from each other by sandboxing, ensures apps cannot interfere with each other or OS without explicit permission
  • System Partition and Safe Mode – system partition is read only, safe mode allows boot with 3rd party apps disabled, 
  • Filesystem Permissions – unix style
  • Security Enhance Linux (SELinux) – uses SELinux
  • Verified boot – compromised devices cannot boot
  • Cryptography – crypto APIs for apps and protocols
  • Rooting of Devices – limited by default, SELinux constraints user space processes running root
  • User Security features – 
    • Storage encryption
    • File-based encryption
    • Metadata encryption

 

Apple Platform Security

https://support.apple.com/guide/security/welcome/web

 

Key Points:

  • Hardware Security – capabilities designed into their silicon, specific hardware security built in
  • System Security – during startup, updates, and operations – unique capabilities specific to the Apple hardware
  • Encryption and Data Protection – user data encrypted and can be wiped remotely
  • App Security – Apple checks for malware and tampering
  • Services Security – various services by Apple such as Apple ID, iCloud, Sign in with Apple, Apple Pay, iMessage, FaceTime, Find My
  • Network Security – security protocols for network related security – TLS, VPN, Wifi, Bluetooth etc
  • Developer kit Security – kits available to developers such as HomeKit, SiriKit, DriverKit, ReplayKit and ARKit
  • Secure Device management – Modible Device management (MDM) configuration profiles and Activation Lock