CS计算机代考程序代写 cache file system flex Access Control

Access Control
Access Control
126 / 180

Access Control
Model of Access Control
127 / 180

Access Control
Access Control Matrix
Permission: x: execute, r: read, w: write
128 / 180

Access Control
Access Control Matrix
Permission: x: execute, r: read, w: write
129 / 180

Access Control
Access Control Matrix
ACM is a matrix of all principals and objects
The matrix entries describe the permissions Problem: maintaining such a matrix can be difficult If the matrix is corrupted, then all control is lost
130 / 180

Access Control
Access Control Lists (ACLs)
We don’t want to store one massive matrix.
Instead we can store each column of the matrix with the object it refers to, eg.
(Accounts data, [(Sam, r), (Bob, r), (Accounts program, rw)])
131 / 180

Access Control
The UNIX Access Control List
132 / 180

Access Control
UNIX File Permissions
Permissions:
r: read permission
w: write permission
x: execution permission -: no permissions
File Type: – : file
d : directory b/c: device file
133 / 180

Access Control
Access Control for Directories
For directories:
“r” is read only for directory contents
“x” is permission to traverse, e.g. switch to, run.
No “x”: I can’t run any commands inside the directory No “r”: I can’t list the files in the directory
134 / 180

Access Control
Access Control for Program
-r-sr-xr-x 1 root wheel 70352 19 Jun 2009 passwd
The “x” permission controls who can run a program in the case of passwd: anyone.
The “s” permission indicates that the program runs with the permission of its owner.
135 / 180

Access Control
Different user identifiers
Have different user identifiers (uids):
real uid (ruid) owner of process
effective uid (euid): used for access checks (except filesystem) file system uid (fsuid): used for access checks and ownership of files (usually equal to effective uid)
saved user uid (suid): when the euid is changed, the old euid is saved as suid. Unprivileged process may change euid only to ruid or suid.
Provides flexibility for granting higher privileges temporarily eg daemons: start as root (to bind to ports < 1024), then set ruid, euid and suid to unprivileged values. Cannot gain root privileges afterwards Process run as privileged user may set euid to unprivileged value, then execute non-privileged operations, and gain root privileges afterwards 136 / 180 Access Control Security issues with granting higher privileges Users can run process with more privileges If there was a mistake in the passwd program we could use it do root only actions. Particular problem: race conditions in code like if can_access file then perform_operations on file Make sure process have as low a level as possible. 137 / 180 Access Control Storing Passwords Passwords not stored in clear text Only hashes are stored Further security measure: Store pair (Salt, Hash), where Salt is random bitstring, and Hash the hash of the salt and the password ⇒ Same password for two users gives rise to different entries in the password file Makes cracking passwords much harder 138 / 180 Access Control Windows Password Hashes Windows stores its password hashes in: system32/config/SAM This file requires Admin level to read. It is locked and encrypted with a key, based on other key values. This adds no real security 139 / 180 Access Control Password Hashes in Windows Domain In a Windows Domain, passwords hashes are used to authenticate users on hosts in the domain Password hashes are cached to avoid asking for the password Gives rise to devastating attack (Pass-the-Hash) Obtain user credentials for one host in the domain (eg phishing) Exploit vulnerability to become local administrator Install process which waits for domain administrator to login into this machine Extract cached hash for domain administrator Login as domain administrator Defence mechanism exist but are painful to use ssh much better: public key on untrusted machine, private key on trusted machine 140 / 180 Access Control Getting Windows Password Hashes Boot into Linux Get SAM file 141 / 180 Access Control Password crackers John the Ripper Most common brute force cracker Open source Hashcat Claims to be the fastest/best. Ophacrack State of the art, free, rainbow table software. 142 / 180 Access Control Password Injection Want access to the system without cracking the password? Have access to the hard disk? Add your own account, or replace the hash with one you know. 143 / 180 Access Control Better Security: BIOS Set a password in the BIOS to stop the computer booting from anything but the hard disk. It is very hard to brute force the BIOS. Workaround: remove the hard disk from the computer or reset BIOS password. 144 / 180 Access Control Resetting the BIOS password BIOS password can be reset by opening the box. 145 / 180 Access Control Best Security Encryption of important file. Whole disk encryption Encrypt the whole hard drive Key can be brute forced Not safe if the computer is in sleep mode. E.g. BitLocker, FileVault, Luks 146 / 180