Access Control
Access Control
126 / 180
Access Control
Model of Access Control
127 / 180
Access Control
Access Control Matrix
Permission: x: execute, r: read, w: write
128 / 180
Access Control
Access Control Matrix
Permission: x: execute, r: read, w: write
129 / 180
Access Control
Access Control Matrix
ACM is a matrix of all principals and objects
The matrix entries describe the permissions Problem: maintaining such a matrix can be difficult If the matrix is corrupted, then all control is lost
130 / 180
Access Control
Access Control Lists (ACLs)
We don’t want to store one massive matrix.
Instead we can store each column of the matrix with the object it refers to, eg.
(Accounts data, [(Sam, r), (Bob, r), (Accounts program, rw)])
131 / 180
Access Control
The UNIX Access Control List
132 / 180
Access Control
UNIX File Permissions
Permissions:
r: read permission
w: write permission
x: execution permission -: no permissions
File Type: – : file
d : directory b/c: device file
133 / 180
Access Control
Access Control for Directories
For directories:
“r” is read only for directory contents
“x” is permission to traverse, e.g. switch to, run.
No “x”: I can’t run any commands inside the directory No “r”: I can’t list the files in the directory
134 / 180
Access Control
Access Control for Program
-r-sr-xr-x 1 root wheel 70352 19 Jun 2009 passwd
The “x” permission controls who can run a program in the case of passwd: anyone.
The “s” permission indicates that the program runs with the permission of its owner.
135 / 180
Access Control
Different user identifiers
Have different user identifiers (uids):
real uid (ruid) owner of process
effective uid (euid): used for access checks (except filesystem) file system uid (fsuid): used for access checks and ownership of files (usually equal to effective uid)
saved user uid (suid): when the euid is changed, the old euid is saved as suid. Unprivileged process may change euid only to ruid or suid.
Provides flexibility for granting higher privileges temporarily eg daemons: start as root (to bind to ports < 1024), then set
ruid, euid and suid to unprivileged values. Cannot gain root privileges afterwards
Process run as privileged user may set euid to unprivileged value, then execute non-privileged operations, and gain root privileges afterwards
136 / 180
Access Control
Security issues with granting higher privileges
Users can run process with more privileges
If there was a mistake in the passwd program we could use it do root only actions.
Particular problem: race conditions in code like
if can_access file then perform_operations on file
Make sure process have as low a level as possible.
137 / 180
Access Control
Storing Passwords
Passwords not stored in clear text Only hashes are stored
Further security measure: Store pair (Salt, Hash), where Salt is random bitstring, and Hash the hash of the salt and the password
⇒ Same password for two users gives rise to different entries in the password file
Makes cracking passwords much harder
138 / 180
Access Control
Windows Password Hashes
Windows stores its password hashes in:
system32/config/SAM
This file requires Admin level to read.
It is locked and encrypted with a key, based on other key values.
This adds no real security
139 / 180
Access Control
Password Hashes in Windows Domain
In a Windows Domain, passwords hashes are used to authenticate users on hosts in the domain
Password hashes are cached to avoid asking for the password Gives rise to devastating attack (Pass-the-Hash)
Obtain user credentials for one host in the domain (eg phishing)
Exploit vulnerability to become local administrator
Install process which waits for domain administrator to login into this machine
Extract cached hash for domain administrator Login as domain administrator
Defence mechanism exist but are painful to use
ssh much better: public key on untrusted machine, private key on trusted machine
140 / 180
Access Control
Getting Windows Password Hashes
Boot into Linux Get SAM file
141 / 180
Access Control
Password crackers
John the Ripper
Most common brute force cracker Open source
Hashcat
Claims to be the fastest/best.
Ophacrack
State of the art, free, rainbow table software.
142 / 180
Access Control
Password Injection
Want access to the system without cracking the password? Have access to the hard disk?
Add your own account, or replace the hash with one you know.
143 / 180
Access Control
Better Security: BIOS
Set a password in the BIOS to stop the computer booting from anything but the hard disk.
It is very hard to brute force the BIOS.
Workaround: remove the hard disk from the computer or reset BIOS password.
144 / 180
Access Control
Resetting the BIOS password
BIOS password can be reset by opening the box.
145 / 180
Access Control
Best Security
Encryption of important file. Whole disk encryption
Encrypt the whole hard drive
Key can be brute forced
Not safe if the computer is in sleep mode.
E.g. BitLocker, FileVault, Luks
146 / 180