SlideShare una empresa de Scribd logo

System Integrity

Vasily Sartakov
Vasily Sartakov

The lecture by Sartakov A. Vasily for Summer Systems School'12. Brief introduction to System Integrity. SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security. 1. http://ksyslabs.org/

Educación
1 de 26
Descargar para leer sin conexión
System Integrity Sartakov A. Vasily Summer Systems School’12
Software Hardening Methods Compile-time Run time Process Canaries Virtualization (Dalvik, Java VM) System Virtualization (KVM, Xen, L4) OS (Linux Kernel Ench.) HW support (MMU, Trust Zone)
1. Compiler time sw hardening 2. Linux operating system extension 1.1 Memory corruption 2.1 Container based os mitigation methods virtualization 2.2 Linux security modules 2.3 Gr security 3. Process virtualization and sandboxing 4. System virtualization 3.1 Byte-code 4.1 Hardware translation recruitment 3.2 Sandboxing 4.2 VM and VMMs untrusted native code 4.3 Use cases
1. Compile-time Software Hardening Memory Corruption Mitigation Methods: Code injection Arc injection Pointer Subterfuge Format String Attacks and Arithmetic Overflows
Code Injection void f1a(void *arg, size_t len) { char buff[100]; memcpy(buff, arg, len); /* buffer overrun if len > 100 */ /* ... */ return; } void f1b(void *arg, size_t len) { char *ptr = malloc(100); if (ptr == NULL) return; memcpy(ptr, arg, len); /* buffer overrun if len >100 */ /* ... */ return; }
Stackguard ProPolice
Pointer Subterfuge void SomeFunc() { void SomeFunc() { // do something EncodePointer // do something } } DecodePointer typedef void (*FUNC_PTR )(void); EncodeSystemPointer typedef void (*FUNC_PTR )(void); DecodeSystemPointer int DangerousFunc(char *szString) { int DangerousFunc(char *szString) { char buf[32]; char buf[32]; strcpy(buf,szString); strcpy(buf,szString); FUNC_PTR fp = (FUNC_PTR)(&SomeFunc); FUNC_PTR fp = (FUNC_PTR)(&SomeFunc); // Other code // Other code // Other code // Other code (*fp)(); (*fp)(); return 0; return 0; } }
Format String Attacks and Arithmetic Overflows Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. Pointguardtm: protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th conference on USENIX Security Symposium - Volume 12, pages 7–7, Berkeley, CA, USA, 2003. USENIX Association. Jonathan Pincus and Brandon Baker. Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy, 2:20–27, July 2004. Shacham, Hovav; Buchanan, Erik; Roemer, Ryan; Savage, Stefan. "Return-Oriented Programming: Exploits Without Code Injection". Retrieved 2009-08-12. http://gcc.gnu.org/bugzilla/show_bug.cgi?id=323c
2. Linux operating system extension 2.1 Container based os virtualisation Linux-vserver Virtuozzo and openvz Linux containers 2.2 Linux security modules SElinux Apparmor Smack Tomoyo Linux 2.3 Grsecurity Pax Role based access control
2.1 Container based os virtualisation Linux-Vserver Virtuozzo OpenVZ LXC (Linux Container Tools) The core concept of container-based operating system virtualization is to run completely isolated virtual servers sharing the same kernel. Compared to system virtualization, this reduces the required memory for additional kernels on the one hand but at the same time it might increase the vulnerability of the system. If an attacker gains full access to the kernel all virtual servers are compromised. System Virtualization would offer an additional level of isolation and therefore more security in this case.
Linux-VServer • Security contexts • Segmented routing • Chroot • Extended quotas • Further standard tools • High-performance computing (HPC) clusters • The Grid • Distributed hosting organizations like PlanetLab and Amazon EC2 The Host kernel should be patched The system provides a Shared OS Image consisting of a root file system and a set of system libraries and executables. This Start/Stop/Resume Shared OS Image together with a privileged host VM builds the Hosting Platform.
Virtuozzo and OpenVZ OpenVZ is operating system virtualization based on the Linux kernel. It is very similar to Linux-VServer. Like Linux- VServer it requires a patched Linux kernel. Here likewise Debian ships prebuilt kernel images. Unfortunately, the patches are not provided for each Linux kernel release. OpenVZ is the basis for Parallels Virtuozzo Containers, which is a commercial product by Parallels. Usage scenarios and evaluation are basically the same as for the Linux-VServer project.
Linux Containers (LXC) • Namespace isolation • Linux kernel control groups (cgroups) • PID namespace • Network namespace • UTS namespace (hostname) • Mount namespace • IPC namespace • Control (Restart, Freeze, etc.) • Resource limiting (Memory) • Priorization (CPU, I/O) • Accounting The best solution for lightweight isolation of Linux processes without much inter-process communication.
Terminology 1. Access control models * Discretionary access control * Mandatory access control * Role-based access control Subject -- Object
2.2 Linux security modules The Linux Security Modules (LSM) framework is part of the Linux Kernel. It provides lightweight, general support for access control by allowing modules to define security hooks: • Task Hooks • Program Loading Hooks • IPC Hooks • Filesystem Hooks • Network Hooks • Module hooks (e.g. module initialization) • System hooks (e.g. hostname setting) • AppArmor • SELinux • Smack • TOMOYO Linux
Security-Enhanced Linux MAC Part of Linux
Smack TOMOYO Linux TOMOYO Linux is another pathname-based Smack is the abbreviation for access control system for Linux. It also Simplified Mandatory Access implements Mandatory Access Control, but Control Kernel for Linux. It is part of additionally it is stated to be useful as a pure the MeeGo Security Architecture, system analysis tool. Like e.g. AppArmor, but not exclusively dedicated to it. TOMOYO Linux also provides tools for automatic policy generation and it is designed As the name already suggest, to be easy to use with a simple syntax for Smack provides Mandatory Access policies. Control in a simpler way than e.g. SELinux. The author states that simplicity is the primary design goal AppArmor of Smack. AppArmor is an alternative to SELinux. It is a Like AppArmor, Smack requires pathname-based access control system and extended file attributes. There it requires a file system with extended attributes stores labels for files which must support. The originally goal was to provide a match labels associated with SELinux like Mandatory Access Control processes to grant access. mechanism, which is simpler to manage for Additionally, special rules can be the typical user. Therefore, AppArmor added for file labels and process implements a learning mode to create profiles of the typical programs behavior. labels that do not match. While AppArmor is a simple and powerful solution for end-users, it seems that SELinux is more powerful to implement advanced security concepts on top of it.
2.3 Grsecurity GrSecurity is a set of security related patches for the Linux kernel. Some major security enhancements are: • Stack and Heap modification protection (PaX) • Role-based Access Control (RBAC) • Chroot restrictions • Auditing Pax RBAC PaX is a major component of GrSecurity. Amongst other things, the patch adds three While PaX implements the principle memory protection mechanisms: of least privileges for memory • Data memory is flagged as non-executable (NX management, another component of bit) GrSecurity (RBAC) implements it for • Program memory is flagged as non-writable users and processes. This means • Program memory is randomly arranged, known that users and processes get only as address space layout randomization (ASLR) the privileges which are required to Recent mainline kernel versions added some work correctly. It should be noted, similar protection mechanisms for suitable that besides this implementation memory regions on x86 systems. aspect, the RBAC concept can be applied in very different fields of applications.
3. Process virtualization and sandboxing Skip
4. System Virtualization 4.1 Hardware recruitment 4.2 VM and VMMs Linux KVM Hypervisor Xen Hypervisor L4 Microkernel based 4.3 Use cases
4.1 Hardware recruitment * HW support: Johannes Winter. Trusted computing building blocks for embedded linux-based arm trustzone platforms. In Proceedings of the 3rd ACM workshop on Scalable trusted computing, STC’08, pages 21–30, New York, NY, USA, 2008. ACM. * Intel VT-x * AMD-V * ARM TrustZone * ARM Cortex-A15 including full hardware virtualization * DMA and IOMMU
Terminology 2. Virtualization, Virtual machines * System virtualization or hardware virtualization allows to run multiple operating systems on one physical machine. * Guest and Host OS * VMM / hypervisor * Type 1 / Native – Bare Metal * Type 2 / Hosted – on top of OS * Paravirtualization – VMM doesn't provide an interface that is identical to real hardware
Linux KVM Hypervisor * Part of Linux kernel * QEMU * VT-x AMD-V extension * Big trusted computing base (TCB) * Low overhead
Xen hypervisor Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on Operating systems principles, SOSP ’03, pages 164–177, New York, NY, USA, 2003. ACM. Muli Ben-Yehuda, Jon Mason, Orran Krieger, Jimi Xenidis, Leendert Van Doorn, Asit Mallick, Jun Nakajima, and Elsie Wahlig. Utilizing iommus for virtualization in linux and xen. In Proceedings of the 2006 Ottawa Linux Symposium (OLS 2006), 2006. Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, and Reiner Sailer. Shamon: A system for distributed mandatory access control. In Proceedings of the 22nd Annual Computer Security Applications Conference, pages 23–32, Washington, DC, USA, 2006. IEEE Computer Society.
L4 microkenel * User-level components * Address spaces (tasks) * Threads * Scheduling * Inter-process communication * Reusing * TCB L4Linux L4Linux app Moe Mag Ned IO Fiasco.OC
4.3 Use Case Crypto L4Linux L4Linux (eth0) (eth1) app Moe Mag Ned IO Fiasco.OC

Recomendados

6.Distributed Operating Systems
6.Distributed Operating Systems6.Distributed Operating Systems
6.Distributed Operating Systems
Dr Sandeep Kumar Poonia
 
Critical section problem in operating system.
Critical section problem in operating system.Critical section problem in operating system.
Critical section problem in operating system.
MOHIT DADU
 
Distributed Mutual exclusion algorithms
Distributed Mutual exclusion algorithmsDistributed Mutual exclusion algorithms
Distributed Mutual exclusion algorithms
MNM Jain Engineering College
 
Distributed messaging with Apache Kafka
Distributed messaging with Apache KafkaDistributed messaging with Apache Kafka
Distributed messaging with Apache Kafka
Saumitra Srivastav
 
Classical problem of synchronization
Classical problem of synchronizationClassical problem of synchronization
Classical problem of synchronization
Shakshi Ranawat
 
Semaphore
Semaphore Semaphore
Semaphore
LakshmiSamivel
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
Haitham Ahmed
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 

Recomendados

6.Distributed Operating Systems
6.Distributed Operating Systems6.Distributed Operating Systems
6.Distributed Operating Systems
Dr Sandeep Kumar Poonia
 
Critical section problem in operating system.
Critical section problem in operating system.Critical section problem in operating system.
Critical section problem in operating system.
MOHIT DADU
 
Distributed Mutual exclusion algorithms
Distributed Mutual exclusion algorithmsDistributed Mutual exclusion algorithms
Distributed Mutual exclusion algorithms
MNM Jain Engineering College
 
Distributed messaging with Apache Kafka
Distributed messaging with Apache KafkaDistributed messaging with Apache Kafka
Distributed messaging with Apache Kafka
Saumitra Srivastav
 
Classical problem of synchronization
Classical problem of synchronizationClassical problem of synchronization
Classical problem of synchronization
Shakshi Ranawat
 
Semaphore
Semaphore Semaphore
Semaphore
LakshmiSamivel
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
Haitham Ahmed
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
MOM - Message Oriented Middleware
MOM - Message Oriented MiddlewareMOM - Message Oriented Middleware
MOM - Message Oriented Middleware
Peter R. Egli
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
Yisal Khan
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
4. system models
4. system models4. system models
4. system models
AbDul ThaYyal
 
Concepts of Real time Systems (RTS)
Concepts of Real time Systems (RTS)Concepts of Real time Systems (RTS)
Concepts of Real time Systems (RTS)
EngKarrarSMuttair
 
1.10. pumping lemma for regular sets
1.10. pumping lemma for regular sets1.10. pumping lemma for regular sets
1.10. pumping lemma for regular sets
Sampath Kumar S
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
Reza Pahlava
 
Fault tolerance and computing
Fault tolerance and computingFault tolerance and computing
Fault tolerance and computing
Palani murugan
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Mutual Exclusion
Mutual ExclusionMutual Exclusion
Mutual Exclusion
Rabin BK
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
Mohd Arif
 
Semophores and it's types
Semophores and it's typesSemophores and it's types
Semophores and it's types
Nishant Joshi
 
3. CPU virtualization and scheduling
3. CPU virtualization and scheduling3. CPU virtualization and scheduling
3. CPU virtualization and scheduling
Hwanju Kim
 
Quantum Cryptography abstract
Quantum Cryptography abstractQuantum Cryptography abstract
Quantum Cryptography abstract
Kalluri Madhuri
 
Lecture 1 introduction to language processors
Lecture 1 introduction to language processorsLecture 1 introduction to language processors
Lecture 1 introduction to language processors
Rebaz Najeeb
 
Proxy Servers
Proxy ServersProxy Servers
Proxy Servers
Sourav Roy
 
Role-of-lexical-analysis
Role-of-lexical-analysisRole-of-lexical-analysis
Role-of-lexical-analysis
Dattatray Gandhmal
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
Adam Reagan
 
message passing vs shared memory
message passing vs shared memorymessage passing vs shared memory
message passing vs shared memory
Hamza Zahid
 
[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland
Zoltan Balazs
 
Course lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented ProgrammingCourse lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented Programming
Jonathan Salwan
 

Más contenido relacionado

La actualidad más candente

Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
Mohd Arif
 

La actualidad más candente (20)

MOM - Message Oriented Middleware
MOM - Message Oriented MiddlewareMOM - Message Oriented Middleware
MOM - Message Oriented Middleware
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
4. system models
4. system models4. system models
4. system models
 
Concepts of Real time Systems (RTS)
Concepts of Real time Systems (RTS)Concepts of Real time Systems (RTS)
Concepts of Real time Systems (RTS)
 
1.10. pumping lemma for regular sets
1.10. pumping lemma for regular sets1.10. pumping lemma for regular sets
1.10. pumping lemma for regular sets
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Fault tolerance and computing
Fault tolerance and computingFault tolerance and computing
Fault tolerance and computing
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Mutual Exclusion
Mutual ExclusionMutual Exclusion
Mutual Exclusion
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
Semophores and it's types
Semophores and it's typesSemophores and it's types
Semophores and it's types
 
3. CPU virtualization and scheduling
3. CPU virtualization and scheduling3. CPU virtualization and scheduling
3. CPU virtualization and scheduling
 
Quantum Cryptography abstract
Quantum Cryptography abstractQuantum Cryptography abstract
Quantum Cryptography abstract
 
Lecture 1 introduction to language processors
Lecture 1 introduction to language processorsLecture 1 introduction to language processors
Lecture 1 introduction to language processors
 
Proxy Servers
Proxy ServersProxy Servers
Proxy Servers
 
Role-of-lexical-analysis
Role-of-lexical-analysisRole-of-lexical-analysis
Role-of-lexical-analysis
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
message passing vs shared memory
message passing vs shared memorymessage passing vs shared memory
message passing vs shared memory
 

Destacado

Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
lincolng
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
Ajit Gaddam
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
أحلام انصارى
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
Anne Nicolas
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
pankaj009
 

Destacado (20)

[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland[ENG] Hacktivity 2013 - Alice in eXploitland
[ENG] Hacktivity 2013 - Alice in eXploitland
 
Course lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented ProgrammingCourse lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented Programming
 
Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
 
Protection in Operating System Layer
Protection in Operating System LayerProtection in Operating System Layer
Protection in Operating System Layer
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
 
Jaundice
Jaundice Jaundice
Jaundice
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for Dummies
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
 
SELinux basics
SELinux basicsSELinux basics
SELinux basics
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
 

Similar a System Integrity

Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
kanedafromparis
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource Kernels
Silvio Cesare
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
WSO2
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
WSO2
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android Application
Kelwin Yang
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
 

Similar a System Integrity (20)

淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/Linux
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource Kernels
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security Features
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & docker
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security Overview
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century ThreatsLinux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
 
Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009Linux Kernel Security Overview - KCA 2009
Linux Kernel Security Overview - KCA 2009
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
 
Introduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android ApplicationIntroduction to Dynamic Analysis of Android Application
Introduction to Dynamic Analysis of Android Application
 
Factors Affecting the System Safety || Linux
Factors Affecting the System Safety || LinuxFactors Affecting the System Safety || Linux
Factors Affecting the System Safety || Linux
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
 

Más de Vasily Sartakov

Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
Vasily Sartakov
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4Re
Vasily Sartakov
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems Hardening
Vasily Sartakov
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnD
Vasily Sartakov
 

Más de Vasily Sartakov (20)

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памяти
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific Region
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4Re
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OS
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault Tolerance
 
Intro
IntroIntro
Intro
 
Genode OS Framework
Genode OS FrameworkGenode OS Framework
Genode OS Framework
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems Hardening
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnD
 
Genode Architecture
Genode ArchitectureGenode Architecture
Genode Architecture
 
Genode Components
Genode ComponentsGenode Components
Genode Components
 
Genode Programming
Genode ProgrammingGenode Programming
Genode Programming
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode Compositions
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
Intro
IntroIntro
Intro
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4Re
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 
Применение Fiasco.OC
Применение Fiasco.OCПрименение Fiasco.OC
Применение Fiasco.OC
 

Último

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Último (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 

System Integrity

  • 1. System Integrity Sartakov A. Vasily Summer Systems School’12
  • 2. Software Hardening Methods Compile-time Run time Process Canaries Virtualization (Dalvik, Java VM) System Virtualization (KVM, Xen, L4) OS (Linux Kernel Ench.) HW support (MMU, Trust Zone)
  • 3. 1. Compiler time sw hardening 2. Linux operating system extension 1.1 Memory corruption 2.1 Container based os mitigation methods virtualization 2.2 Linux security modules 2.3 Gr security 3. Process virtualization and sandboxing 4. System virtualization 3.1 Byte-code 4.1 Hardware translation recruitment 3.2 Sandboxing 4.2 VM and VMMs untrusted native code 4.3 Use cases
  • 4. 1. Compile-time Software Hardening Memory Corruption Mitigation Methods: Code injection Arc injection Pointer Subterfuge Format String Attacks and Arithmetic Overflows
  • 5. Code Injection void f1a(void *arg, size_t len) { char buff[100]; memcpy(buff, arg, len); /* buffer overrun if len > 100 */ /* ... */ return; } void f1b(void *arg, size_t len) { char *ptr = malloc(100); if (ptr == NULL) return; memcpy(ptr, arg, len); /* buffer overrun if len >100 */ /* ... */ return; }
  • 6. Stackguard ProPolice
  • 7. Pointer Subterfuge void SomeFunc() { void SomeFunc() { // do something EncodePointer // do something } } DecodePointer typedef void (*FUNC_PTR )(void); EncodeSystemPointer typedef void (*FUNC_PTR )(void); DecodeSystemPointer int DangerousFunc(char *szString) { int DangerousFunc(char *szString) { char buf[32]; char buf[32]; strcpy(buf,szString); strcpy(buf,szString); FUNC_PTR fp = (FUNC_PTR)(&SomeFunc); FUNC_PTR fp = (FUNC_PTR)(&SomeFunc); // Other code // Other code // Other code // Other code (*fp)(); (*fp)(); return 0; return 0; } }
  • 8. Format String Attacks and Arithmetic Overflows Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. Pointguardtm: protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th conference on USENIX Security Symposium - Volume 12, pages 7–7, Berkeley, CA, USA, 2003. USENIX Association. Jonathan Pincus and Brandon Baker. Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy, 2:20–27, July 2004. Shacham, Hovav; Buchanan, Erik; Roemer, Ryan; Savage, Stefan. "Return-Oriented Programming: Exploits Without Code Injection". Retrieved 2009-08-12. http://gcc.gnu.org/bugzilla/show_bug.cgi?id=323c
  • 9. 2. Linux operating system extension 2.1 Container based os virtualisation Linux-vserver Virtuozzo and openvz Linux containers 2.2 Linux security modules SElinux Apparmor Smack Tomoyo Linux 2.3 Grsecurity Pax Role based access control
  • 10. 2.1 Container based os virtualisation Linux-Vserver Virtuozzo OpenVZ LXC (Linux Container Tools) The core concept of container-based operating system virtualization is to run completely isolated virtual servers sharing the same kernel. Compared to system virtualization, this reduces the required memory for additional kernels on the one hand but at the same time it might increase the vulnerability of the system. If an attacker gains full access to the kernel all virtual servers are compromised. System Virtualization would offer an additional level of isolation and therefore more security in this case.
  • 11. Linux-VServer • Security contexts • Segmented routing • Chroot • Extended quotas • Further standard tools • High-performance computing (HPC) clusters • The Grid • Distributed hosting organizations like PlanetLab and Amazon EC2 The Host kernel should be patched The system provides a Shared OS Image consisting of a root file system and a set of system libraries and executables. This Start/Stop/Resume Shared OS Image together with a privileged host VM builds the Hosting Platform.
  • 12. Virtuozzo and OpenVZ OpenVZ is operating system virtualization based on the Linux kernel. It is very similar to Linux-VServer. Like Linux- VServer it requires a patched Linux kernel. Here likewise Debian ships prebuilt kernel images. Unfortunately, the patches are not provided for each Linux kernel release. OpenVZ is the basis for Parallels Virtuozzo Containers, which is a commercial product by Parallels. Usage scenarios and evaluation are basically the same as for the Linux-VServer project.
  • 13. Linux Containers (LXC) • Namespace isolation • Linux kernel control groups (cgroups) • PID namespace • Network namespace • UTS namespace (hostname) • Mount namespace • IPC namespace • Control (Restart, Freeze, etc.) • Resource limiting (Memory) • Priorization (CPU, I/O) • Accounting The best solution for lightweight isolation of Linux processes without much inter-process communication.
  • 14. Terminology 1. Access control models * Discretionary access control * Mandatory access control * Role-based access control Subject -- Object
  • 15. 2.2 Linux security modules The Linux Security Modules (LSM) framework is part of the Linux Kernel. It provides lightweight, general support for access control by allowing modules to define security hooks: • Task Hooks • Program Loading Hooks • IPC Hooks • Filesystem Hooks • Network Hooks • Module hooks (e.g. module initialization) • System hooks (e.g. hostname setting) • AppArmor • SELinux • Smack • TOMOYO Linux
  • 16. Security-Enhanced Linux MAC Part of Linux
  • 17. Smack TOMOYO Linux TOMOYO Linux is another pathname-based Smack is the abbreviation for access control system for Linux. It also Simplified Mandatory Access implements Mandatory Access Control, but Control Kernel for Linux. It is part of additionally it is stated to be useful as a pure the MeeGo Security Architecture, system analysis tool. Like e.g. AppArmor, but not exclusively dedicated to it. TOMOYO Linux also provides tools for automatic policy generation and it is designed As the name already suggest, to be easy to use with a simple syntax for Smack provides Mandatory Access policies. Control in a simpler way than e.g. SELinux. The author states that simplicity is the primary design goal AppArmor of Smack. AppArmor is an alternative to SELinux. It is a Like AppArmor, Smack requires pathname-based access control system and extended file attributes. There it requires a file system with extended attributes stores labels for files which must support. The originally goal was to provide a match labels associated with SELinux like Mandatory Access Control processes to grant access. mechanism, which is simpler to manage for Additionally, special rules can be the typical user. Therefore, AppArmor added for file labels and process implements a learning mode to create profiles of the typical programs behavior. labels that do not match. While AppArmor is a simple and powerful solution for end-users, it seems that SELinux is more powerful to implement advanced security concepts on top of it.
  • 18. 2.3 Grsecurity GrSecurity is a set of security related patches for the Linux kernel. Some major security enhancements are: • Stack and Heap modification protection (PaX) • Role-based Access Control (RBAC) • Chroot restrictions • Auditing Pax RBAC PaX is a major component of GrSecurity. Amongst other things, the patch adds three While PaX implements the principle memory protection mechanisms: of least privileges for memory • Data memory is flagged as non-executable (NX management, another component of bit) GrSecurity (RBAC) implements it for • Program memory is flagged as non-writable users and processes. This means • Program memory is randomly arranged, known that users and processes get only as address space layout randomization (ASLR) the privileges which are required to Recent mainline kernel versions added some work correctly. It should be noted, similar protection mechanisms for suitable that besides this implementation memory regions on x86 systems. aspect, the RBAC concept can be applied in very different fields of applications.
  • 19. 3. Process virtualization and sandboxing Skip
  • 20. 4. System Virtualization 4.1 Hardware recruitment 4.2 VM and VMMs Linux KVM Hypervisor Xen Hypervisor L4 Microkernel based 4.3 Use cases
  • 21. 4.1 Hardware recruitment * HW support: Johannes Winter. Trusted computing building blocks for embedded linux-based arm trustzone platforms. In Proceedings of the 3rd ACM workshop on Scalable trusted computing, STC’08, pages 21–30, New York, NY, USA, 2008. ACM. * Intel VT-x * AMD-V * ARM TrustZone * ARM Cortex-A15 including full hardware virtualization * DMA and IOMMU
  • 22. Terminology 2. Virtualization, Virtual machines * System virtualization or hardware virtualization allows to run multiple operating systems on one physical machine. * Guest and Host OS * VMM / hypervisor * Type 1 / Native – Bare Metal * Type 2 / Hosted – on top of OS * Paravirtualization – VMM doesn't provide an interface that is identical to real hardware
  • 23. Linux KVM Hypervisor * Part of Linux kernel * QEMU * VT-x AMD-V extension * Big trusted computing base (TCB) * Low overhead
  • 24. Xen hypervisor Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on Operating systems principles, SOSP ’03, pages 164–177, New York, NY, USA, 2003. ACM. Muli Ben-Yehuda, Jon Mason, Orran Krieger, Jimi Xenidis, Leendert Van Doorn, Asit Mallick, Jun Nakajima, and Elsie Wahlig. Utilizing iommus for virtualization in linux and xen. In Proceedings of the 2006 Ottawa Linux Symposium (OLS 2006), 2006. Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, and Reiner Sailer. Shamon: A system for distributed mandatory access control. In Proceedings of the 22nd Annual Computer Security Applications Conference, pages 23–32, Washington, DC, USA, 2006. IEEE Computer Society.
  • 25. L4 microkenel * User-level components * Address spaces (tasks) * Threads * Scheduling * Inter-process communication * Reusing * TCB L4Linux L4Linux app Moe Mag Ned IO Fiasco.OC
  • 26. 4.3 Use Case Crypto L4Linux L4Linux (eth0) (eth1) app Moe Mag Ned IO Fiasco.OC