View
6
Download
0
Category
Preview:
Citation preview
CYBR371/NWEN438: System and Network Security
CYBR371/NWEN438System and Network
School of Engineering and Computer ScienceTe Kura Mātai Pūkaha, Pūrorohiko
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Mandatory Access Policy• Access is based on the security level assigned to
objects and subjects
• The security level associated with object reflects– The sensitivity of the information contained in the object
• The security level associated with a subject (also called clearance) reflects– The user’s trustworthiness not to disclose sensitive information to
users not cleared to see it
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
MAC Confidentiality Policies• Bell-LaPadula Confidentiality Model (DoD multilevel
military security policy)• In this model, a subject’s (usually a user’s) access to an object
(usually a file) is allowed or disallowed by comparing the object’s security classification with the subject’s security clearance.– The three basic rules are as follows:
– The simple security condition – READ DOWN (No Read UP)
– The *-property (star property) – WRITE UP (No Write DOWN)
– The tranquillity property – No changes while processing
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
MAC Confidentiality Policies• Biba Integrity Model
– Sometimes called the Bell-LaPadula upside down model
– Based on “READ UP (no read down), WRITE DOWN (no write up)” principle
Example of usage?
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Issues with MAC• Information tends to becomes over classified
• No protection against violations that produce illegal information flow through indirect means – Inference Channels - A user at a low security class uses the
low data to infer information about high security class. Ex. Sudden assignment of low level soldiers to region could be an indication of a top secret mission.
– Covert channels - Require two active agents, one at a low level and the other at a high level and an encoding scheme
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Role Based Access Control• Neither DAC nor MAC approaches satisfy the needs of most
commercial enterprises
• Mandatory policies suitable for rigid environments such as military
• Discretionary policies come from cooperative yet autonomous environments, such as academia
• One alternative is Role-base Access Policies (RBAC)
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Role-based Policies• A role is a set of actions, privileges and responsibilities
associated with a particular working activity
• Instead of specifying all the accesses each user is allowed to execute, access authorizations are specified for roles
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Role-based Policies• Users are given authorization to adopt roles
• A user playing a role is allowed to execute all accesses for which the role is authorized.
• User may or may not be allowed to play multiple roles at the same time
• A user may take on different roles on different occasions
• Advantages?
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
RBAC Example – Oracle Database• Doctor Role•
• create role doctor identified by db;• grant connect to doctor;
• grant select on h.patient_personal_info to doctor;• grant select on h.patient_medical_history to doctor;• grant insert on h.patient_medical_history to doctor;• grant update on h.patient_medical_history to doctor;• commit;
• grant doctor to Emily, Sam;
• Nurse Role
• create role nurse identified by db;• grant connect to nurse;• grant select on h.patient_medical_history to nurse;• grant update (patient_medications) on h.patient_medical_history to nurse;• commit;
• grant nurse to Masood, Tom, Nancy, Bob, Michelle;
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Auditing• Access control is not a complete solution for securing a system. What is the missing service?
• Auditing (remember access control components from the last lecture)?...• policy, mechanism, assurance
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Auditing• Performs an analysis of all the requests and activities
of users in the system
• Requires logging all requests and activities
• How can auditing help? (example login)
• Acting as a deterrent
• Identifying attempted or actual violations
• Identifying flaws in the security system
• Preventing authorized users from misusing their privileges (accountability)
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
UNIX File Access Control
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
File and Directory Permissions• Three sections, based on the user(s) that
receive the permission:– User permissions: owner– Group permissions: group owner– Other permissions: everyone on system
• Three regular permissions may be assigned to each user:– Read– Write– Execute
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Interpreting Permissions
Linux permissions
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Changing Permissions• chmod (change mode) command: change
mode (permissions) of files or directories
– Two arguments at minimum
• Criteria used to change permissions
• Filenames to change
• Permissions stored in a file’s or a directory’s inode
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Changing Permissions (continued)
Numeric representation of the mode
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Special Permissions• Three more optional special permissions for
files and directories
– SUID (Set User ID)
– SGID (Set Group ID)
– Sticky bit
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Special Permissions• SUID
– If set on a file, user who executes the file becomes owner of the file during execution
• e.g., ping command
– No functionality when set on a directory
– Only applicable to binary compiled programs
• Cannot be used on shell scripts
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Special Permissions• SGID
– Applicable to files and directories
– If set on a file, user who executes the file becomes member of the file’s group during execution. It causesthe program to run with the file’s group, regardless of whether the user who runs it is in that group or not
– On directories, causes files created within the directory to have the same group as the directory, useful for directories shared by multiple users with different default groups
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Special Permissions• Sticky bit
– Previously used to lock files in memory
– Currently only applicable to directories
– Ensures that a user can only delete his/her own files when given write permissions in a directory
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Special Permissions• Properties:
– Mask the execute permission when displayed by the ls –l command
– May be set even if file or directory does not have execute permission
• Indicating letter in the mode will be capitalized
– Add special permissions via chmod command
• Add an extra digit at front of permissions argument
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Special Permissions
Representing special permissions in the mode
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Special Permissions
Representing special permissions in the absence of
the execute permissions
CYBR371/NWEN438: System and Network Security
Special Permissions
Numeric representation of regular and special
permissions
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Access Control Lists (ACLs) in UNIX
Modern UNIX systems support ACLsModern UNIX systems support ACLs
• FreeBSD, OpenBSD, Linux, Solaris
FreeBSDFreeBSD
• Setfacl command assigns a list of UNIX user IDs and groups
• Any number of users and groups can be associated with a file
• Read, write, execute protection bits
• A file does not need to have an ACL
• Includes an additional protection bit that indicates whether the file has an extended ACL
When a process requests access to a file system object two steps are performed:When a process requests access to a file system object two steps are performed:
• Step 1 selects the most appropriate ACL
• Step 2 checks if the matching entry contains sufficient permissions
CYBR371/NWEN438: System and Network SecurityCYBR371/NWEN438: System and Network Security
Additional Reading• Please refer to the reading notes for more information
on Linux permission and ACLs
• Special Permissions: – http://www.linuxnix.com/suid-set-suid-linuxunix/
Recommended