Transcript Processes

Controlling Files
Richard Newman
based on Smith “Elementary Information Security”
File System
File = persistent, logically named storage
–
–
–
Random access files
Sequential files
Indexed files
Naming – directory systems
–
–
–
–
–
–
–
Flat file system
Two-level
Hierarchical
... with multiple links to same file
... with multiple directory links
Mounted systems
Distributed file systems
File Name Resolution
Names
–
–
Absolute
Relative – requires state - CWD
Name resolution
–
–
–
–
–
Get next path element
Find path element in current directory
If directory, load directory into memory
Check access control permissions
Continue until fail or find file
Steps of Access Control
I & A – Identification and authentication
–
–
–
Username/password
Biometrics
Key
Authorization
–
–
–
Object & operation
Access control structure
Inescapable mediation
Perform
–
–
–
Relay authenticated message to service
Provide process with capability
Provide process with key
File Ownership & Access Rights
Access Types
–
–
–
–
–
–
–
–
–
–
Create
Delete
Read
Write
Update
Append
Truncate
Rename
Change properties
Execute
File Ownership
–
–
DAC – owner, group
MAC – label (classification = level, category set)
File Ownership & Access Rights 2
Specifying Access – DAC
–
–
–
–
ACL & variants
CL & variants
Initial permissions
•
Default
•
Inherited
Changing access permissions
Specifying Access – MAC
–
–
–
Object labels = classification
Process labels = clearance
Rules for comparing object and process labels
•
–
Dominance
Rules for generating new labels
•
Default
•
“Label float”
Directory Access Rights
Directory Rights
–
–
–
–
–
–
Read (list contents)
Seek (use in path if match)
Create directory
Delete directory
Create files in directory
Delete files in directory
File Types
Ways to distinguish types
–
–
–
Extension
Property in FCB
Header in file (e.g., “magic number”)
File types
–
–
–
Data
Executable
Others
Executable files – file header
–
–
–
Magic number (avoid running on mismatched system)
Program size
Layout info
Executable File Types
Application programs
–
–
Useful “machines”
Utilities
Operating system kernel
Device drivers
–
Access to I/O devices
Shared libraries
–
–
Common functions that may be shared among many processes
dlls
Scripts
–
Requires interpreter
Viruses
Virus types
–
–
–
Boot sector
Application program
Macro (infect “data” files)
Virus MO
–
–
–
–
Look for new files to infect
Insert virus code into new file
Do other stuff
Execute host code
Virus propagation
–
–
–
–
Infect files on removable media (disks, USB drives, etc.)
Drive-by download
Email
Worm propagation
Sharing and Protecting Files
Least Privilege
–
If process running Trojan or virus can't access files, it can't
damage them
Objectives
–
–
–
Provide computing facilities to authorized users
Preserve Chain of Control
Permit or prevent general info sharing (default)
Virus propagation
–
–
–
–
Infect files on removable media (disks, USB drives, etc.)
Drive-by download
Email
Worm propagation
Risks for Files (example)
1)
2)
3)
4)
5)
6)
Denial of service
Subversion (malware)
Masquerade
Disclosure
Forgery
Unauthorized modification (Bob's suitemates)
Policy for User Isolation (example)
Policy Statement
1) All users shall be able to use normal apps/services
2) Each user shall have a separate login, optional p/w
3) Programs shall be protected from damage or other
mods by regular users
4) Files belonging to one user shall be protected from
any access by another user
Specific to Bob
1) The system shall have two regular users: Bob and
Suitemates
2) Bob shall have a password to protect his login
3) Suitemates shall not need a password to log in
Risks
1
4
1,3
1,2,5
4,6
2,4,5,6
1
Policy for File Sharing (example)
Policy Statement
1) All users shall be able to use normal apps/services
2) Each user shall have a separate login, optional p/w
3) Programs shall be protected from damage or other
mods by regular users
4) Files belonging to one user shall be readable by
other users
5) Files belonging to one user shall be protected from
writing by other users
Risks
1
4
1,3
1
1, 3, 5
Security Controls for Files
Access matrix (logically)
–
–
–
What we are sharing (objects)
With whom we are sharing them (subjects)
How each subject may access each object (rights)
Chain of Control Properties
–
–
OS protections always invoked when accessing files
There is no way to bypass the OS to access files
Basic Security Principles
Deny by default
–
No access allowed unless specifically granted
Allow by default
–
Access allowed unless specifically denied
Compacting the ACM
Groups
–
–
Logical sets of subjects
May associate one with object, or just use as logical subject
Object Types
–
–
–
–
Logical sets of objects with identical access policies
Becomes object attribute
May “personalize” relative to other object attributes (e.g., owner,
group owner, etc.)
May be used for logical organization if not supported by system
Information States
Processing
(in use)
save
open
Storage
(at rest)
Remove
From
transit
Move to
transit
Transmission
(in motion)
Software Vulnerability States
Flawed
Flaw found
Hardened
Flaw
patched
Flaw
patched
Patch released
Patchable
Exploit created
Unprotected
Exploit created
Patch released
Vulnerable