OSWebSec: Introduction

From Soma-notes
Jump to navigation Jump to search

Lecture 1 Notes: Operating Systems and Web Security

Mark Breakdown

Graduate Students:

  • Responses – 20 – once a week pdf file due Mondays at 8pm
  • Participation – 10
  • Proposal – 10 – Due October 18th – What you want to do for your project
  • Presentation – 10 – November 15th
  • Paper – 50 – December 14th

Undergraduate Students:

  • Responses – 20 – once a week pdf file due Mondays at 8pm
  • Participation – 10
  • Midterm - 20
  • Final - 50 - TBA

Responses

  • no more than 1000 words
  • let Anil believe that you have read the required reading
  • Indicate what you found interesting, what you didn't like, parts that were unclear, and any questions you have.
  • These also give you the opportunity to say how you felt the class went. Say whether it was a great idea, or a really bad idea.
  • Responses are due every monday @ 20:00. Preferably as a PDF file.
  • Responses should include all articles each week.
  • First response is due second week of class! (Sept. 17th). Afterwards, every week.

On all assignments always cite. This includes figures, don't just copy and paste the figure, recreate it yourself, and still cite.

Lecture

Operating systems – Security – Web security

Why? As if they were somehow connected. Because they are connected.

When you run a browser it runs on top of the operating system. Or the browser becomes the operating system.

Operating System (def'n): bunch of code that turns the machine that you have into the machine that you want to program.

You need the higher level abstractions- what is more and more programming geared towards? Web abstractions – web applications. Even if you are building something locally, you are using web technologies to build the local app. HTML5 webgl, fast web interpreters – you get not only the benefits of being able to connect, and get this application anywhere. Where is this application – it's a wiki – sitting on my desktop back in my office. Because there are so many devices and you don't want to be moving data between those devices. The web is the OS – also the web has brought many new threats to the O/S. It used to be that computers were more monogamous. They had a circle of interaction. They are now really promiscuous. They are getting code from everywhere in the world on a daily basis – not the same places – different places. The things you are clicking on, you are downloading programs to your computer. Traditional operating systems people go I don't like that – yet we do it everyday – operating systems have had to be hardened to deal with this. You're not just connected to the internet – I'm only going to talk to a couple of machines. Limited circle. Now you are going anywhere and everywhere. Pressures of the web have changed operating systems – and the web itself has become it's own operating system. The key constraint of web technologies is web security. Other constraints – portability – how do you make it work on random devices – (solved – not perfectly) – Scalability – work on a million machines – look at the internet, it works – but the security problem – not solved. We could build web technologies to give a desktop experience. ActiveX was doing this in the 90s – technology from microsoft based on their com interfaces – I want to distribute the internet. That code will be downloaded to the browser and run, as if you have installed the program on your machine – no limitations on what environment it should be in. The way they protected it was by making sure it was signed. Crypto solves almost nothing of the security problems. It does solve confidentiality – it can keep that confidential. Not all the time because key management messes it all up. Providing integrity – it does this better, but again you must make sure you have the right key. Crypto is deployed because – oh crap I left a big hole there, that could be a problem – I'll put crypto in there. The security that protects you on the internet is not really crypto. If you are trying to protect your system in the os space – against mobile code – oh I can't protect myself. There is a connection between the operatin gsystem and web security – trying to make an os for the internet. The ideas for web security are mostly recycled os solutions- they didn't work that well for operating systems – certainly aren't working that well for the web.

Summarize what is operating system security today? What some of those mechansims are

  • software update
  • rings ( user / superuser modes)
  • access control
  • file permissions
  • users and groups
  • login screens
  • firewalls
  • AV (runtime monitoring)
  • code scanners
  • page permissions (mark certain areas of memory read) some of the memory associated with your program is marked executable or data.
  • Trusted boot – am i running code that came from Microsoft – use cryptographic verification that makes sure everything we are running is the right code.
  • Vms
  • memory protection – different processes cannot access each other's memory.
  • Capabilities – when process a talks to process b, process a has permission to do something but process b doesn't, and process a wants process b to accomplish the task, process a passes a token to b.
  • Audit – super logging – record of what programs ran, what resources they used, what files did they touch – it's just recording everything so someone can later go back and analyse things that have previously happened.
  • Application permissions
  • sandboxing (internet explorer on recent versions of windows runs with reduced priveleges, and restricted access. Isolated )
  • MAC – mandatory access control – not about permissions, but who sets the permissions – once you set the permissions - once the system is up, you can't change them. For example you partitioned your system. To change them, you bring system down, change modes, and then you can change them. Is this more secure? Yes, it is a pain? Yes – Have issues with having webserver accessing specific file folders – you turn off selinux (from the NSA) – the policies for it are so obscure – you don't find tutorials to find out how to change the policies. You'll find instructions to just turn it off – problem solved.


Classic os security mechanisms

Implicit behind every mechanism is a threat model – kinds of things it should be addressing. Speaking from the admin: If I have a lot of mechanisms – therefore I must be protected. Different threat models can break mechanisms. Alot of those things they are talking about have come back as web security mechanisms. You can learn more with a research paper.
Most of the mechanisms for os security – came from a military background – They were all about confidentiality – integrity too – thing should shut down instead of let out information. They wanted to make sure processes didn't collude / exchange information. Since then they would leak information. Think about your web browser – one tab – banking – arstechnica – slashdot – do you want them to talk to one another – do you want them to exchange information – do you want that ad on reddit to be able to make a bank transfer or search through your email / an image or two. This is kind of funny because this is how it was originally concieved of in the paranoid world – but now we are all having reasons to be similarly paranoid on a daily basis – because these ideas at first – in some sense the mechanisms and things they propose are very nuts, but some of the things we are dealing with nowadays are very real. Their values are different. They are willing to deal with a certain amount of pain. Are you going to sit there and watch 10s of thousands of log messages a day to see if anyone has broken into their computers? The level of human effort assumed by traditional security mechanisms are insane. We can't keep an eye on them manually. Mechanisms that assume we are going to be watching them.
NSA – key signal intelligence organization in the US. The one with the codebreakers – employ more phd mathematicians than anyone – period = forefront of computing technologies – funded supercomputers of 60s / 70s – build data centers – scaling up to yadabytes. Gigantic data centers – they want to store every communication – period. They want it all – they want to mine it so they can look for terrorists. The main thing to understand is – the scale at which these things operate. Big data – these guys have been doing big data before everyone else has been doing it. The odd thing about working in computer security without a clearance – you go to conferences – tell you what do you do I do this – then the conversation stops. They'll chat up with you, but they are just there to absorb information. Ok I can't tell you anything. All these people who have clearances – they still come to learn in the classes – which is very telling – how do you assess – there is always a mystique these places have – that's part of how they get their job done. - any specfic area in which they invest – they try to solve very specific problems – things like public key crypto – they never made use of it, it was a research idea – the internet has change teh world for security – we are at the forefront – the ones int he public sector – they are all using our software – what do all government's run on – Windows – They have to be there to see the emerging threats – blackhat – but they come to learn about the defenses – come to recruit new talent. It's going to take new approaches – because it's going to have costs – your computer won't necessarily do what you tell it to do, it won't be yours, it will be autonomous. (AI is not autonomous – A-LIFe is more autonomous) Showing how people have historically thought about these problems. Divide it into boxes – go between the boxes – make sure you are trusted – make sure you have permission – make more boxes – give me more permissions – give me another authority figure – or another mechanism to check for things. Put things into the box, make sure things don't escape the box. If the box is too big, make the box smaller – isolate everything. You will see this – this is our playbook. Code really carefully – don't make mistakes. Prove your code correct using the correct assumptions.