4040-840 Security and Trust

all-inOne, section 3.

3. Introduction

Security from here:

: (n.) In the computer industry, refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Most security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a user access to a particular program or system.

Trust: Trust is a judgement of unquestionable utility ( Marsh, S., Formalising Trust as a Computational Concept. Ph.D. Thesis. Department of Mathematics and Computer Science, University of Stirling, 1994)

3.1. Access

How can we get access to data which we should not? (Zugriff kann man nur bekommen ueber einen program in ausfuerung)
What hinders us? (Zugangsrechte)
Data send/received on a network (Verschluesselt oder nicht)?

3.2. Data

Data can only be modifed with a process
Data can be modified on the network

--: What protection does the content of an email have?

priviliges versus protection

Access Control:

Switch/Router
Process

--: user id
--: group id

Files

--

file permisson

-rwx------   1 hpb  admin  577 Aug 21 09:16 c.03
---xrwx---   1 hpb  admin  577 Aug 21 09:16 c.03
-------rwx   1 hpb  admin  577 Aug 21 09:16 c.03

--

directories: What does x or r or w mean?

aragorn 3 98 ls -l 
total 6
drwx------   2 hpb      fac          512 Aug 21 09:19 a
drw-------   2 hpb      fac          512 Aug 21 09:20 b
dr-x------   2 hpb      fac          512 Aug 21 09:20 c
aragorn 3 99 ls -l a
total 0
----------   1 hpb      fac            0 Aug 21 09:19 a_file
aragorn 3 100 rm a/a_file
rm: a/a_file: override protection 0 (yes/no)? y
aragorn 3 101 ls a 
aragorn 3 110 cd b
bash: cd: b: Permission denied
aragorn 3 112 ls -l b
b/b_file: Permission denied
aragorn 3 104 rm c/c_file
rm: c/c_file not removed: Permission denied

3.3. User ID 0

The user with id 0 has no restrictions

--: Assume: A super user would would not exist?
--: What would be the consequence?
--: Would you be restricted in your work?
--: Can a system work, without an administrator idea?

3.4. S-Bit

s-bit: Changes the effective uid/gid.
Is this needed? Give me an example

3.5. How could printing on a UNIX system work?

This was true in the past

lp file copies file in a spool directory /usr/spool/lp
print daemon -lpd- prints file

--: lpd has write access to /dev/lp
--: lpd has read access to file
--: lpd can remove file

What kind of problems do you see here?

: How can you print every file existing on the file system?

Solution?
Client-Server system

see at(1)

3.6. Compromising of a System

Code executed on the behalf of the user

--: libraries
--: attachments
--: executables

Modifing the system

--: s-bit programs
--: modifying system libraries

3.7. Compromising of a System

Password must be used, or something similar
Code can be executed as the user under a userid
userid can be changed
Code which will be executed is modified (PATH)
Protocols can be broken or misused

3.8. Security from a different Point of View

The problem

--: Unauthorized reading of data.
--: Unauthorized modification of data.
--: Unauthorized destruction of data.

Authentification

--: Password
--: Password vulnerabilities
--: Encrypyted passwords
--: One Time passwords

An other point of view:

1.: Security: To refer to overall problems.
2.: Privacy: Ro refer to specific operating system mechanisms used to safeguard information in the computer.

Security has many facets.

1.

Data loss/modification:

1.   Acts of God
2.   Hardware or software errors
3.   Human errors

2.

Passive/active Intruders:

1.   Nontechnical users
2.   Snooping by insiders
3.   Determined to make money
4.   Commercial/military espionages

3.9. Famous Security Flaws

Malware

lpr and remove
core and link /etc/passwd
The internet worm
Trojan horses

3.10. Attacks

PATH
password (crack)
Login system: Ask questions.
Keystroke Logging
Watching
X11
Protocol
Attachments

3.11. Generic Security Attacks

1.   request memory pages
2.   Try illegal system calls (or illegal arguments)
3.   Start logging and hit DEL ...
4.   Spoof user by writing programs like: login
5.   Look for manuals that say do not ...
6.   Trapdoor
7.   Money.

Passwords

Don't use your:

: name
car plate number
friends name
telephone number
...

Used instead: When the hurlyburly's done, When the battle's lost and won.

Wth'sdWtb'slaw

Please see also here http://shakespeare.mit.edu/macbeth/full.html and here and here.

3.12. Compilation and Execution

C Compiler

--: cpp
--: compiler ,Mp Linker

static vs dynamic

%  uname -a
Darwin spiegel.cs.rit.edu 11.2.0 Darwin Kernel Version 11.2.0: Tue Aug  9 20:54:00 PDT 2011; root:xnu-1699.24.8~1/RELEASE_X86_64 x86_64

load command 11
          cmd LC_LOAD_DYLIB
      cmdsize 56
         name /usr/lib/libcrypto.0.9.8.dylib (offset 24)
   time stamp 2 Wed Dec 31 19:00:02 1969
      current version 0.9.8
compatibility version 0.9.8
Load command 12
          cmd LC_LOAD_DYLIB
      cmdsize 56
         name /usr/lib/libSystem.B.dylib (offset 24)
   time stamp 2 Wed Dec 31 19:00:02 1969
      current version 159.0.0
compatibility version 1.0.0
Load command 13
         cmd LC_FUNCTION_STARTS
  cmdsize 16
     dataoff  25872
    datasize 40
Load command 14
         cmd LC_CODE_SIGNATURE
  cmdsize 16
     dataoff  27296
    datasize 5376

% uname -a
SunOS queeg 5.10 Generic_144500-19 sun4u sparc SUNW,Sun-Fire-880
% file route
route:		ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped
% ldd route
	libsocket.so.1 =>	 /lib/libsocket.so.1
	libnsl.so.1 =>	 /lib/libnsl.so.1
	libtsnet.so.1 =>	 /lib/libtsnet.so.1
	libc.so.1 =>	 /lib/libc.so.1
	libmp.so.2 =>	 /lib/libmp.so.2
	libmd.so.1 =>	 /lib/libmd.so.1
	libscf.so.1 =>	 /lib/libscf.so.1
	libsecdb.so.1 =>	 /lib/libsecdb.so.1
	libtsol.so.2 =>	 /lib/libtsol.so.2
	libdoor.so.1 =>	 /lib/libdoor.so.1
	libuutil.so.1 =>	 /lib/libuutil.so.1
	libgen.so.1 =>	 /lib/libgen.so.1
	libcmd.so.1 =>	 /lib/libcmd.so.1
	libm.so.2 =>	 /lib/libm.so.2
	/platform/SUNW,Sun-Fire-880/lib/libc_psr.so.1
	/platform/SUNW,Sun-Fire-880/lib/libmd_psr.so.1

3.13. Library Calls

Library calls can be substituted by a user
Library calls can be misused
Shared libraries are found on the LD_LIBRARY_PATH

What kind of a problem do you see here:

% echo $LD_LIBRARY_PATH
 .:/usr/local/gnu/lib:/usr/local/X11/lib:

Other environments have similar issues

3.14. Example

Goal: execute a unexpected library

main.c:

 1      #include <stdio.h>
 2      #include <math.h>
 3      
 4      int main() {
 5          printf("calling sin....\n");
 6          printf("result = %g\n", sin(1.0) );
 7          return 0;
 8      }

Source Code: Src/4/main.c

my_math.c:

 1      #include <stdio.h>
 2      #include <math.h>
 3      
 4      double sin(double x)    {
 5              printf("\t local sin ----> x = %g\n", x);
 6              return 0.0;
 7      }
 8

Source Code: Src/4/my_math.c

math_not_nice.c:

 1      #include <stdio.h>
 2      #include <math.h>
 3      
 4      double sin(double x)    {
 5              printf("\tSay Bye Bye to your files");
 6              return 0.0;
 7      }
 8

Source Code: Src/4/math_not_nice.c

run:

 1      set -x
 2      gcc -fpic -c my_math.c 
 3      gcc -shared -o libm.so.3 my_math.o
 4      LD_LIBRARY_PATH=/home/fac/hpb/Lectures/20102/S_T/Notes/Src/4:$LD_LIBRARY_PATH
 5      export LD_LIBRARY_PATH
 6      gcc main.c libm.so.3 -lm
 7      ldd ./a.out
 8      ./a.out 
 9      
10      gcc -fpic -c math_not_nice.c 
11      gcc -shared -o libm.so.3 math_not_nice.o
12      cp libm.so.3 ./a.out /tmp
13      LD_LIBRARY_PATH=/tmp:$LD_LIBRARY_PATH
14      cd /tmp
15      ldd ./a.out
16      ./a.out

Source Code: Src/4/run

Result:

+ gcc -fpic -c my_math.c 
+ gcc -shared -o libm.so.3 my_math.o 
LD_LIBRARY_PATH=/home/fac/hpb/Lectures/20112/S_T/Notes/Src/4:/usr/local/gnu/lib:/usr/local/X11/lib:/usr/dt/lib:/usr/openwin/lib:/usr/local/lib:/opt/SUNWspro/lib
+ export LD_LIBRARY_PATH 
+ gcc main.c libm.so.3 -lm 
+ ldd ./a.out 
        libm.so.3 =>     /home/fac/hpb/Lectures/20112/S_T/Notes/Src/4/libm.so.3
        libm.so.2 =>     /lib/libm.so.2
        libc.so.1 =>     /lib/libc.so.1
        libgcc_s.so.1 =>         /usr/local/gnu/lib/libgcc_s.so.1
        /platform/SUNW,A70/lib/libc_psr.so.1
+ ./a.out 
calling sin....
         local sin ----> x = 1
result = 0
+ gcc -fpic -c math_not_nice.c 
+ gcc -shared -o libm.so.3 math_not_nice.o 
+ cp libm.so.3 ./a.out /tmp 
LD_LIBRARY_PATH=/tmp:/home/fac/hpb/Lectures/20112/S_T/Notes/Src/4:/usr/local/gnu/lib:/usr/local/X11/lib:/usr/dt/lib:/usr/openwin/lib:/usr/local/lib:/opt/SUNWspro/lib
+ cd /tmp 
+ ldd ./a.out 
        libm.so.3 =>     /tmp/libm.so.3
        libm.so.2 =>     /lib/libm.so.2
        libc.so.1 =>     /lib/libc.so.1
        libgcc_s.so.1 =>         /usr/local/gnu/lib/libgcc_s.so.1
        /platform/SUNW,A70/lib/libc_psr.so.1
+ ./a.out 
calling sin....
        Say Bye Bye to your filesresult = 0