• Home

  • Documents

  • Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work
23
Least Privilege Separation Kernel (LPSK) Accomplishments and Current Work

Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

Tags:

Embed Size (px)

Citation preview

Page 1: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

Least Privilege Separation Kernel

(LPSK)

Accomplishments andCurrent Work

Page 2: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

2

Outline

Why are we talking about this here?

What is a separation kernel? What is the LPSK? Progress with the LPSK Future work Demo

Page 3: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

3

Digression…

I think PowerPoint (and its ilk) are greatly misused.

Therefore…

Page 4: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

4

What is the relevance?

Page 5: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

5

What is a Separation Kernel?

OSSecurityKernel

SeparationKernel

Page 6: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

6

Partition Flow

Page 7: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

7

As a VMM

Separation Kernel

OS #1 OS #2 OS #3 OS #4

Page 8: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

8

Separation Kernel Protection Profile (SKPP)

Page 9: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

9

Least Privilege Separation Kernel (LPSK)

Page 10: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

10

Phase 1 LPSK Architecture

Page 11: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

11

LPSK Config (1)

Audit Enabled? Size of internal audit buffer Action when audit is full

Run-time LPSK How shall kernel use the

screen? Reserved memory locations

Page 12: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

12

LPSK Config (2)

Partitions Round robin duration for all

partitions For each partition

Active? Percent of round robin duration Percent of system RAM

Partition with initial I/O focus Partition to handle SAK

Page 13: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

13

LPSK Config (3)

Partition flow rules Processes in Partition ‘x’ can

access Partition ‘y’ (RO or RW) Acyclic flow rules

Page 14: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

14

LPSK Config (4)

Imported files from disk Location on disk Home partition Assigned PL Audited events

Page 15: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

15

LPSK Config (5)

RAM segments Size Home partition Assigned PL Audited events

Page 16: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

16

LPSK Config (6)

Devices Data channel or control channel Home partition Multiplexed or dedicated Device specific attributes

(e.g., keyboard buffer size) Audited events

Page 17: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

17

LPSK Config (7)

Processes Home partition % of partition time slice Subject defintions

Code location and PL assignment Kernel APIs allowed to use Subject-to-resource flows allowed (e.g., subject x can access device y) Audited events

Page 18: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

18

Funded Objective

Page 19: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

19

Progress Report

Page 20: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

20

Kernel config options

Multitasking processes

Segmented memory Device drivers for:

Disk drives (PATA/SATA)

Hardware clock Software clock (low

res) Video (text mode) Keyboard (PS/2)

Configuration security policies

Inter-process communication using: Eventcounts Sequencers Signals Shared memory

Kernel event auditing

I/O focus switching between processes

What the Prototype has now

Page 21: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

21

Outside the LPSK

Page 22: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

22

Future Work

Page 23: Least Privilege Separation Kernel (LPSK ) Accomplishments and Current Work

23

Demo


Privilege on the Precipice Privilege on the Precipice ... · 02/05/2019  · Privilege on the Precipice Privilege on the Precipice: Perceived Racial Status Threats Lead White Americans

Privilege on the Precipice Privilege on the Precipice ... · 02/05/2019  · Privilege on the Precipice Privilege on the Precipice: Perceived Racial Status Threats Lead White Americans

Documents
Privilege workshop

Privilege workshop

Documents
fi ce of the Superintendent - Socorro Independent School ...€¦ · It is my honor and privilege to report the successes and accomplishments of our students and staff during the

fi ce of the Superintendent - Socorro Independent School ...€¦ · It is my honor and privilege to report the successes and accomplishments of our students and staff during the

Documents
SERVING THE POLITICAL PARTIES: ISSUES OF FRAGMENTED …kumoro.staff.ugm.ac.id/file_artikel/Full paper-Serving the Political Parties.pdf · the Eligibility for Members of LPSK (Lembaga

SERVING THE POLITICAL PARTIES: ISSUES OF FRAGMENTED …kumoro.staff.ugm.ac.id/file_artikel/Full paper-Serving the Political Parties.pdf · the Eligibility for Members of LPSK (Lembaga

Documents
MRT 2150 Privilege Plus ST4 S2 MRT 2550 Privilege Plus ST4 ...delpin.dk/files/Maskiner/LiftOgTrailer...MRT 2150 Privilege Plus ST4 S2 MRT 2550 Privilege Plus ST4 S2 MRT 3255 Privilege

MRT 2150 Privilege Plus ST4 S2 MRT 2550 Privilege Plus ST4 ...delpin.dk/files/Maskiner/LiftOgTrailer...MRT 2150 Privilege Plus ST4 S2 MRT 2550 Privilege Plus ST4 S2 MRT 3255 Privilege

Documents
White privilege

White privilege

Documents
Attorney-Client Privilege in Insurance Disputes: Preserving ...media.straffordpub.com/products/attorney-client-privilege-in... · Attorney-Client Privilege in Insurance Disputes:

Attorney-Client Privilege in Insurance Disputes: Preserving ...media.straffordpub.com/products/attorney-client-privilege-in... · Attorney-Client Privilege in Insurance Disputes:

Documents
Least Privilege Separation Kernel (LPSK )

Least Privilege Separation Kernel (LPSK )

Documents
Drive Sober or Get Pulled Overfiles.ctctcdn.com/57b55f5d301/09624716-1289-430e-a03d-a09cf8736d22.pdfacademic accomplishments and other achievements and it is our privilege to hon-or

Drive Sober or Get Pulled Overfiles.ctctcdn.com/57b55f5d301/09624716-1289-430e-a03d-a09cf8736d22.pdfacademic accomplishments and other achievements and it is our privilege to hon-or

Documents
PRIVILEGE PRIVILEGE 465 SERIAL 75, 2002, 660.000 € For Sale

PRIVILEGE PRIVILEGE 465 SERIAL 75, 2002, 660.000 € For Sale

Documents
White Privilege Hokum20 White Privilege Hokum (CF).pdf · 2017-04-20 · White privilege, so called, is not remedied by black privilege. ! Personally, I see no privilege for me in

White Privilege Hokum20 White Privilege Hokum (CF).pdf · 2017-04-20 · White privilege, so called, is not remedied by black privilege. ! Personally, I see no privilege for me in

Documents
Active Directory Privilege Escalation - Paramount Defenses€¦ · Active Directory Privilege Escalation often involves successively escalating privilege multiple times over, gaining

Active Directory Privilege Escalation - Paramount Defenses€¦ · Active Directory Privilege Escalation often involves successively escalating privilege multiple times over, gaining

Documents
PRIVILEGE OFFERS

PRIVILEGE OFFERS

Documents
Folder privilege

Folder privilege

Documents
Protecting Privilege - Association of Corporate Counsel … · • Strategies for protecting privilege during internal investigations ... • Technically not a type of privilege –

Protecting Privilege - Association of Corporate Counsel … · • Strategies for protecting privilege during internal investigations ... • Technically not a type of privilege –

Documents
501 MRE 501 Privilege; General Rule · 2013-11-08 · C. Attorney Work-Product Privilege §501.12 D. Clergy-Penitent Privilege §501.13 E. Deliberative Process Privilege §501.14

501 MRE 501 Privilege; General Rule · 2013-11-08 · C. Attorney Work-Product Privilege §501.12 D. Clergy-Penitent Privilege §501.13 E. Deliberative Process Privilege §501.14

Documents
Reporter's Privilege

Reporter's Privilege

Law
PARLIAMENTARY SOVEREIGNTY AND PARLIAMENTARY PRIVILEGE … · PARLIAMENTARY SOVEREIGNTY AND PARLIAMENTARY PRIVILEGE ... privilege and the seizure of documents by ICAC ... Following

PARLIAMENTARY SOVEREIGNTY AND PARLIAMENTARY PRIVILEGE … · PARLIAMENTARY SOVEREIGNTY AND PARLIAMENTARY PRIVILEGE ... privilege and the seizure of documents by ICAC ... Following

Documents
Pathology privilege

Pathology privilege

Health & Medicine
ACCOMPLISHMENTS ACCOMPLISHMENTS CONT

ACCOMPLISHMENTS ACCOMPLISHMENTS CONT

Documents
OA4 - McIntosh (1993) - White Privilege and Male Privilege

OA4 - McIntosh (1993) - White Privilege and Male Privilege

Documents
John P. J. Dussich, Ph. D. Tokiwa International Victimology Institute Victimology Victim Assistance LPSK Bogor, Indonesia March 28, 2013

John P. J. Dussich, Ph. D. Tokiwa International Victimology Institute Victimology Victim Assistance LPSK Bogor, Indonesia March 28, 2013

Documents
Director's Privilege

Director's Privilege

Documents
Meireles Privilege

Meireles Privilege

Documents
Victims’ Rights – Why is a Victims’ Rights Commissioner / an Ombudsman necessary? Michael O’Connell Commissioner for Victims’ Rights TOT – LPSK Maret 2013

Victims’ Rights – Why is a Victims’ Rights Commissioner / an Ombudsman necessary? Michael O’Connell Commissioner for Victims’ Rights TOT – LPSK Maret 2013

Documents
Adoption of the Least Privilege Separation Kernel …faculty.nps.edu/cdprince/mwc/docs/PAPERS/AdoptionOfLPSK...Adoption of the Least Privilege Separation Kernel (LPSK) for the Atom

Adoption of the Least Privilege Separation Kernel …faculty.nps.edu/cdprince/mwc/docs/PAPERS/AdoptionOfLPSK...Adoption of the Least Privilege Separation Kernel (LPSK) for the Atom

Documents
Reporter’s Privilege

Reporter’s Privilege

Documents
Privilege Management

Privilege Management

Documents
LONG-TERM ACCOMPLISHMENTS TIME-SPECIFIC …Greatest CREC accomplishments dlie LONG-TERM ACCOMPLISHMENTS TIME-SPECIFIC ACCOMPLISHMENTS Citrus Research and Education Center personnel

LONG-TERM ACCOMPLISHMENTS TIME-SPECIFIC …Greatest CREC accomplishments dlie LONG-TERM ACCOMPLISHMENTS TIME-SPECIFIC ACCOMPLISHMENTS Citrus Research and Education Center personnel

Documents
Polluter Privilege

Polluter Privilege

Documents