SystemSecurityOverview.pptVIP

System Security Overview Security is a Broad Area Prevent attacks Authentication and Access control Remove software bugs Signature generation and filtering Protect secrete Encryption (RSA, public-private key, ..) Detect attacks Intrusion detection Information flow tracking Diagnose attacks Vulnerability analysis Recovery from attacks Sandboxing Motivation for Sandbox Often have to take applications from outside sources and execute them locally: To trade stocks, you must download a JAVA applet To share files you must run a P2P client To view a file you must download and run the viewer Even programs coming for reputable sources may have bugs or unintended side effects: Systems are too diverse, developer cannot possibly know about all possible side effects End result, a great deal of code we run today is deemed “unreliable” Sandbox Goal Limitations of Conventional OS protection Not enough isolation Programs can still see what other processes are running on machines Can see the entire file system All programs running on the system have the same level of access to the system call interface No fine-grain isolation Either programs are running on the system and have access to all facilities that other programs have, or they aren’t on the system at all OS’s can’t protect themselves very well Once you get root, you can install drivers, change configurations, etc…You only need to compromise 1 root process to do this. UNIX chroot chroot command chroot changes root directory Confines code to limited portion of file system Example use chdir /tmp/ghostview chroot /tmp/ghostview sutmpuser (or su nobody) Caution chroot changes root directory, but not current dir If forget chdir, program can escape from changed root If you forget to change UID (process is still root), process could escape Limitations with chroot/jail Other Sandboxing Approaches Software Fault Isolation Modify binaries to catch memory errors Wrap/trap system calls Check interaction between application and OS Detect