1 / 26

The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments

The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. presented by Toby. Introduction. Introduction Premise. Ppl be debating lots of security additions without much talk about the operating systems. Introduction Premise.

chill
Télécharger la présentation

The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments presented by Toby

  2. Introduction

  3. IntroductionPremise • Ppl be debating lots of security additions • without much talk about the operating systems

  4. IntroductionPremise • Ppl be debating lots of security additions • without much talk about the operating systems • Debates are flawed—assume that application level security can be attained • on current operating systems

  5. IntroductionPremise • Ppl be debating lots of security additions • without much talk about the operating systems • Debates are flawed—assume that application level security can be attained • on current operating systems • Current (err.. 15 year old) operating systems are inadequate • from a security standpoint

  6. 2 The Missing Link

  7. 2 The Missing Link • Mandatory Security • Trusted Path

  8. 2 The Missing LinkMandatory Security • Mandatory Security: • “...any security policy where the definition of the policy logic and the assignment of security attributes is tightly controlled by a system security policy administrator.” –this paper • The user should have no influence over the security policy • in theory

  9. 2 The Missing LinkMandatory Security • Example systems that should have Mandatory Security: • access control • authentication usage • cryptographic usage

  10. 2 The Missing LinkMandatory Security • According to the big black box, Mandatory Security has these general benefits: • Confinement of applications (from a security standpoint) • Lack of burden on individual users to manage security • Narrowing of bandwidth of channels for leaking private information • Increased accountability of unauthorized private information flow

  11. 2 The Missing LinkMandatory Security • Example of 1998 state of OSes • Windows NT: • Two security domains: • Complete Privilege • Complete Unprivileged • Pretty coarse-grained

  12. 2 The Missing LinkTrusted Path • “A trusted path is a mechanism by which a user may directly interact with trusted software, which can only be activated by either the user or the trusted software and may not be imitated by other software.” –this paper

  13. 2 The Missing LinkTrusted Path • “A trusted path is a mechanism by which a user may directly interact with trusted software, which can only be activated by either the user or the trusted software and may not be imitated by other software.” –this paper

  14. 2 The Missing LinkTrusted Path • Example given: • Windows NT: • Trusted path given for stuff like password changing • But no means for extending to other trusted software

  15. 3 General Examples

  16. 3 General ExamplesAccess Control

  17. 4 Concrete Examples

  18. 4 Concrete ExamplesMobile Code • Mobile code probably meant something much different in 1998 • Here: Java • Mobile = portable • Does not equal iPhone

  19. 4 Concrete ExamplesMobile Code • Java (1998): • “not tamperproof or unbypassable” • i.e. you can break boundaries of abstraction • depends on the application-space access control for security • e.g. executables could be tampered with

  20. 4 Concrete ExamplesKerberos • Malicious software could spoof client-side authentication • Need a trusted path to guarantee this can’t happen • Client’s password could be obtained

  21. 4 Concrete ExamplesKerberos • Malicious software could spoof client-side authentication • Need a trusted path to guarantee this can’t happen • Client’s password could be obtained

  22. 6 Summary

  23. 6 Summary • No single security mechanism will be a solution to security problems • but we knew that • Modern (1998) computing threats cannot be addressed without secure operating systems • they were right • Authors hoped to motivate interest in OS security • well, people are interested • don’t know if it’s their doing or not

More Related