Documente Academic
Documente Profesional
Documente Cultură
12.securitatea Sistemelor de Operare
12.securitatea Sistemelor de Operare
12.securitatea Sistemelor de Operare
12
Securitatea sistemelor de
operare
27 mai 2009
Suport curs 12
OSC
Capitolul 14 Protection
Capitolul 15 Security
MOS
Capitolul 9 Security
27.05.2009 2
Cuprins
Principii de securitate
Drepturi pe fiiere
Autentificarea utilizatorilor
Vulnerabilitatea aplicaiilor
Mecanisme de protecie
27.05.2009 3
Non-cuprins
Securitatea reelei
sniffing
Firewalls
Criptare
Politici de securitate
27.05.2009 4
Principii de securitate
Controlul accesului
Autentificare/autorizare
Securizare (criptare)
Defense in depth
Risk management
27.05.2009 5
Least privilege
Privilege escalation
Privilege separation
Privilege revocation
Sandboxing
27.05.2009 6
Kernel-mode
accesul la I/O
alocarea de resurse
handler-ele de întrerupere
gestiunea sistemului
Suportul procesorului
27.05.2009 7
chroot
director r dcin
chroot jail
Comanda chroot
Apelul chroot
chroot(“/var/spool/postfix”);
27.05.2009 8
Capabilities
CAP_SYS_CHROOT
CAP_NET_RAW
man 7 capabilities
27.05.2009 9
setuid/setgid
Real user ID
Effective user ID
setuid
privilege revocation
seteuid
privilege escalation
27.05.2009 10
Drepturi pe fiiere
27.05.2009 11
Matrice de acces
27.05.2009 12
Drepturi pe fiiere în Unix
Matrice de acces
Domeniile sunt
torul fiierului
utilizator (user) - dein
alii (others)
Drepturi
27.05.2009 13
Liste de acces
27.05.2009 14
Liste de acces (2)
POSIX ACL
attributes
getfacl, setfacl
ACL pe NTFS
sudo
27.05.2009 15
Autentificarea utilizatorilor
Parol
Cheie public
Voice recognition, identificatori biometrici
27.05.2009 16
/etc/passwd + /etc/shadow
/etc/passwd
user:password_hash:uid:gid:...
problem
accesul utilizatorilor (nevoie de informaii diferite de password_hash)
/etc/shadow
user:password_hash:...
security enforcing
....
27.05.2009 17
Autentificarea prin chei publice
Legtur matematic
RSA, DSA
27.05.2009 18
Debian OpenSSL bug
unitialized memory
Decizie
27.05.2009 19
OTP
Time-synchronized OTP
RSA SecurID
Algoritm matematic
s initial seed
f one-way function
27.05.2009 20
Alte forme de autentificare
Retin
Amprent
Smart card
27.05.2009 21
Debian Security Advisories
[20 May 2009] DSA-1804 ipsec-tools - null pointer dereference, memory leaks
[15 May 2009] DSA-1800 linux-2.6 - denial of service/privilege escalation/sensitive memory leak
27.05.2009 22
stack/buffer overflow
27.05.2009 23
stack/buffer overflow (2)
adresa de retur
registre salvate
retur
27.05.2009 24
Shellcode
Shellcode
27.05.2009 25
Shellcode (2)
char shellcode[] =
// setuid(0);
"\x31\xdb" // xorl %ebx,%ebx
"\x8d\x43\x17" // leal 0x17(%ebx),%eax
"\xcd\x80" // int $0x80
// exec('/bin/sh');
"\x31\xd2" // xorl %edx,%edx
"\x52" // pushl %edx
"\x68\x6e\x2f\x73\x68" // pushl $0x68732f6e
"\x68\x2f\x2f\x62\x69" // pushl $0x69622f2f
"\x89\xe3" // movl %esp,%ebx
"\x52" // pushl %edx
"\x53" // pushl %ebx
"\x89\xe1" // movl %esp,%ecx
"\xb0\x0b" // movb $0xb,%al
"\xcd\x80"; // int $0x80
27.05.2009 26
Funcii de lucru pe iruri
EVIL :-)
Gets
alternativa fgets
strcpy, strcat
strtok, strsep
27.05.2009 27
Funcii de lucru pe iruri (2)
strncpy, strncat
27.05.2009 28
Funcii de lucru pe iruri (3)
strlcat, strlcpy
neacceptate în glibc
27.05.2009 29
PaX
27.05.2009 30
ASLR
OpenBSD
27.05.2009 31
W^X
OpenBSD
27.05.2009 32
Protejare la buffer overflow
Stack Guard
/GS la MS VS
27.05.2009 33
Stack Smashing Protection (GCC)
#include <stdio.h>
#include <string.h>
int main(void)
{
char a[10];
memcpy(a, TEST_STRING, strlen(TEST_STRING));
return 0;
}
27.05.2009 34
Stack Smashing Protection (GCC) (2)
27.05.2009 35
Integer overflow
16 bii 65535
Unexpected behavior
27.05.2009 36
signed/unsigned comparison
int a = -1;
unsigned int b = 20;
if (a < b) {
/* expected behavior */
}
else {
/* unexpected behavior */
}
27.05.2009 37
Backdoor
Security bypass
existent a aplicaiei
Benign backdoor easter eggs
utilizabil de oricine
Asymmetric backdoor
27.05.2009 38
Backdoor (2)
compila login)
27.05.2009 39
Rootkit
reparare)
27.05.2009 40
vmsplice bug
11 februarie 2008
http://www.milw0rm.com/exploits/5092
27.05.2009 41
Organizaii de securitate
http://secunia.com/
http://www.sans.org/
http://www.cert.org/
27.05.2009 42
Site-uri de exploit-uri/vulnerabilit i
http://www.metasploit.com/
http://www.milw0rm.com/
http://osvdb.org/
27.05.2009 43
Cuvinte cheie
kernel-mode/user-mode PaX
setuid W^X
27.05.2009 44
Exerciii
27.05.2009 45
Întreb ri
?
27.05.2009 46