1 / 90

安全操作系统

安全操作系统. 中国科学技术大学计算机系 陈香兰( 0512 - 87161312 ) xlanchen@ustc.edu.cn 助教:裴建国 Autumn 2008. 主流操作系统的安全技术. Linux/Unix 安全技术 Windows 安全技术. Windows 的发展历史 1. From : http://blog.chinaunix.net/photo/19782_071112183558.jpg. Windows 的发展历史 2. From : http://www.xuecs.com/img/upload/osx/windows.jpg.

onslow
Télécharger la présentation

安全操作系统

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 安全操作系统 中国科学技术大学计算机系 陈香兰(0512-87161312) xlanchen@ustc.edu.cn 助教:裴建国 Autumn 2008

  2. 主流操作系统的安全技术 • Linux/Unix安全技术 • Windows安全技术

  3. Windows的发展历史1 From:http://blog.chinaunix.net/photo/19782_071112183558.jpg

  4. Windows的发展历史2 From:http://www.xuecs.com/img/upload/osx/windows.jpg

  5. Windows NT 4.0 architecture

  6. Windows 2000 architecture From: http://upload.wikimedia.org/wikipedia/commons/5/5d/Windows_2000_architecture.svg

  7. Windows安全:NT是分水岭 • NT设计目标:TCSEC标准的C2级 • 在用户级实现自主访问控制 • 提供对客体的访问的审计机制 • 实现客体重用 • Windows NT 4.0 • 1999年11月通过美国国防部TCSEC C2级安全认证 • Windows NT安全子系统 • 提供身份鉴别、自主访问控制、客体共享和安全审计等安全特性。 • 主要由本地安全授权(LSA)、安全账户管理(SAM)和安全参考监视器(SRM)等组成

  8. “[security]… really is a journey rather than a destination.” From:Hacking Exposed Windows: Windows Security Secrets & Solutions Bill Gates,“Trustworthy Computing”,January 2002 Refer:http://www.microsoft.com/mscorp/execmail/2002/07-18twc.mspx

  9. security wheel From:Hacking Exposed Windows: Windows Security Secrets & Solutions

  10. The Windows Security Architecture from the Hacker’s Perspective 物理/逻辑 Attacking Windows security using both kernel and user mode approaches

  11. Windows安全技术 • Windows NT/2000/XP中的常用安全技术 • Windows身份验证与访问控制 • Windows审核机制 • Windows注册表 • Windows加密文件系统 • Windows基准安全注意事项 • Windows 2003中的新安全技术简介

  12. Windows NT Security Components 4 1 2 From:http://www.windowsecurity.com/whitepapers/Network_Strategy_Report_Windows_NT_Security.html

  13. Windows NT的安全模型 • Windows NT的安全模型包括5个主要部分 • 登录(WinLogon) • 本地安全认证子系统(LSA) • msv1_0 • 安全帐户管理器(SAM) • NT LAN Manager(NTLM)

  14. Windows 2000安全模型 FROM:http://technet.microsoft.com/en-us/library/cc751429.aspx Windows 2000 Security Gains ,Article from 《Windows 2000 Magazine》

  15. Windows安全性组件 • 安全引用监视器,SRM • 本地安全认证 • LSA策略数据库 • 安全帐号管理器服务 • SAM数据库 • 默认身份认证包 • 登录进程 • 网络登录服务

  16. SRM, Security Reference Monitor • To create or gain access to an object, a request must first flow through the SRM • the SRM operates in both kernel and user modes http://www.windowsitlibrary.com/Content/717/02/files/Fig3.gif

  17. LSA • Local Security Authority • a process • the Local Security Authority Subsystem Service • lsass.exe • The primary security gateway into Windows

  18. The SAM and Active Directory • On all Windows computers, the SAM contains user account name and password information. • 口令,以密文形式存放(scrambled value) • The scrambling procedure:one-way function • 采用哈希算法,密文就是一个哈希值 • On Windows Server 2000 and later domain controllers, user account/hash data for the domain is kept in the Active Directory

  19. Active Directory (AD) • 从windows server 2000开始 • provides a variety of network services, including: • LDAP-like Directory services • Kerberos based authentication • DNS based naming and other network information • 采用层次结构来组织对象 • 3种对象种类 • resources (e.g., printers) • services (e.g., email) • and users (user accounts and groups)

  20. The AD provides • information on the objects • organizes the objects • controls access and sets security • Forests, trees, and domains • the logical parts in an AD network

  21. 基本概念:主体和客体 In Windows • Subjects • processes (associated with access tokens) • Objects • securable objects (associated with security descriptors)

  22. 访问相关 http://technet.microsoft.com/en-us/library/bb496995.aspx

  23. 基本概念:访问令牌 • When a user logs on to Windows • an access token containing security identifiers (SIDs) is created, correlated with • the user’s account • and any group accounts to which the user belongs • a list of the privileges held by the user or the user’s groups • The access token is associated with every process created by the user

  24. 安全标识符SID revision number relative identifier The 5th account created in the domain SID示例 RID 500:the true Administrator account on a local machine On a domain, RIDs starting with 1001 indicate user accounts. RID 501:the Guest account

  25. 访问令牌 NTLM logon process http://technet.microsoft.com/en-us/library/bb457114.aspx

  26. Token • The token contains a list of all of the SIDs associated with the user account • The account’s SID • the SIDs of all groups • special identities of which the user account is a member (for example, Domain Admins or INTERACTIVE). • Server 2003开始,缺省带whoami命令

  27. Whoami截图,from 《hacking …》

  28. 基本概念:安全描述符 • When a securable object is created • a security descriptor that contains a discretionary access control list (DACL) is assigned • Which user and group SIDs may access the object, and how (read, write, execute, and so on). • Access control • Compare SID • Find a match? Permit : not permit

  29. 安全描述符,访问控制表和访问控制项 http://microsoft.apress.com/asptodayarchive/73607/c-to-uml-reverse-engineering

  30. Windows 2000的访问控制表 • 表头+访问控制项(多个) • 访问控制项ACE=SID或GSID+访问掩码 • 访问掩码定义SIG或GSID被授予的权限 ACL 结构

  31. 基本概念:SECURITY PRINCIPALS • three types of fundamental accounts • Users • Groups • Computers

  32. 用户账户,user accounts • an account is a reference context in which the operating system executes code • all user mode code executes in the context of a user account. • Some code that runs automatically before anyone logs on (such as services) • runs in the context of an account (often as the special and all-powerful SYSTEM, or LocalSystem, account)

  33. 用户账户, user accounts • 本地用户账户 • 访问本地计算机 • SAM (NT) • 域用户账户 • 访问网络资源 • Active Directory

  34. 组,groups • logical containers for aggregating user accounts • Groups are also used to allocate privileges in bulk • 组内账户继承组的权限 • Example:local Administrators group • NT中 • 本地组 • 域组

  35. Windows系统常用的组

  36. Windows Server 2003中新加的组

  37. Computers (Machine Accounts) • When a Windows system joins a domain, a computer account is created.

  38. User Rights • User rights are a finite set of basic capabilities, such as logging on locally or debugging programs. • 非自主访问控制 • typically assigned to groups • the group is typically the unit of privilege assignment • Two types of user rights • logon rights and privileges • Longhorn:>40个

  39. 基本概念:强制登录 • 要求所有的用户使用系统前必须登录,通过验证后才可以访问资源

  40. Windows登录验证模型 WinLogon GINA SSPI NTLM SSP Kerberos SSP 协 商 L S A

  41. Windows NT/2000/XP的系统登录过程 • 登录是通过登录进程WinLogon、LSA、一个或多个身份认证包和SAM的相互作用发生的 • 身份认证包:执行身份验证检查的动态链接库。 • Msvl_0:用于交互式登录的身份认证包 • WinLogon:一个受托进程,负责管理与安全性相关的用户相互作用 • 是从键盘截取登录请求的唯一进程

  42. Windows登录验证过程(以NT为例) 1 2 3 4 5 6 8 7

  43. Windows远程登录身份验证 • 早期:SMB验证协议,在网络上传输明文口令 • LMLM Manager Challenge/Response验证机制验证机制简单,容易被破解 • NTLMWindows NT挑战/响应验证机制 • NTLM v2 • Kerberos LM Manager Challenge/Response

  44. The Windows access control model

  45. Network Authentication,以NTLM为例 由于没有口令(加密或者非加密)通过网络传输,极大地提高了远程登录身份验证的安全性 NTLM安全验证过程

  46. 关于Kerberos • Version 1,2,3, MIT • Version 4,Steve Miller and Clifford Neuman,late 1980s • Version 5, John Kohl and Clifford Neuman, • RFC 1510 in 1993 • RFC 4120 in 2005 • Windows 2000 and later use Kerberos as their default authentication method • Apple's Mac OS X • Red Hat Enterprise Linux 4 and later • ……

More Related