Professional Documents
Culture Documents
BOS Merged
BOS Merged
Безпека
операційних
систем
Лекція 01
Безпека
операційних
систем
Лекція 02. Модель загроз для операційної системи
Питання:
1) Чи можна її застосувати до ОС безпосередньо?
2) На якій стадії?
Безпека ОС - Лекція 02 19/32
Методика STRIDE
насправді
Це методика розроблення безпечних
програм, яку пропонують компанії Microsoft і
Symantec
Складається з певних етапів:
1) Декомпозиція програми на складові
Застосування DFD – Data Flow Diagrams
2) Визначення (моделювання) загроз
Застосування методики STRIDE
3) Ранжування загроз (оцінка ризиків)
Застосування методики DREAD
4) Запобігання загрозам
Безпека ОС - Лекція 02 20/32
DFD – діаграми потоків
даних – умовні позначення
Процес Межа
Перетворення Межі між машинами,
або оброблення областями з різним
даних рівнем безпеки,
адресного простору
Група тощо
процесів
Перетворення Зовнішній суб’єкт
або оброблення Зовнішнє джерело
даних даних
2.0
Web-розробник Оновлені
файли Записи
журналу
аудиту
4.0
Аудитор
Атрибути Статус
Запит Запит Запит Дані
інформації про інформації
зарплату про Запит
зарплату
5.0 9.0
11.0
1.0 Оброблення Застосування
Доступ до
Користувач клієнтських політики
даних
запитів даних
Відповідь
на запит Відповідь
Дані
інформації на запит Новий
про інформації запис
зарплату про зарплату
Інтрамережа Центр даних 13.0
Межа
машини Журнал аудиту
Безпека ОС - Лекція 02 23/32
Підхід Common Criteria
(ISO/IEC 15408)
Критерії, що застосовують для оцінювання безпеки продуктів
інформаційних технологій (ПІТ), а також заснований на них
міжнародний стандарт, що застосовують для сертифікації цих
продуктів (зокрема, операційних систем)
Сертифікацію проводять для так званого “об’єкта оцінювання” (ОО) —
Target of Evaluation (TOE), який може бути ПІТ, може бути частиною ПІТ,
комбінацією декількох ПІТ тощо
Модель загроз для продукту описують у документах ST
(Security Target — Завдання з безпеки) та PP (Protection Profile
— Профіль захисту) у відповідних розділах
Сам стандарт не містить переліку можливих загроз — їх
формують розробники названих документів
Розглянемо приклади профілів захисту для операційних
систем
Безпека
операційних
систем
Лекція 03. Розроблення захищених операційних систем
Принцип інтегрованості
Принцип інваріантності
Принцип уніфікації
Принцип гарантованості
Принцип коректності
Ідентифікація
Керування й Розмежування
Реєстрація Реєстрація й
Антивірусний
доступом
автентифікація (Аудит)
доступу захист
облік (аудит)
Ідентифікація й Оновлення Контроль
автентифікація
Криптографічні програм
Забезпечення цілісності
Антивірусний
функції
Криптографічні цілісності
функції Мережнізахист
функції
Апаратні засоби
1.Розмежування доступу
Кожному користувачеві надається доступ лише до тих захищених об’єктів, доступ до
яких дозволений йому політикою безпеки
Ця підсистема безпосередньо реалізовує політику безпеки
2.Ідентифікація й автентифікація
Жодний користувач не може розпочати роботу в середовищі захищеної ОС, не
надавши системі свого ідентифікатора і не підтвердивши справжність наданого
ідентифікатора за допомогою додаткової інформації, що автентифікує цього
користувача
Система повинна ідентифікувати усі об’єкти, а також здійснювати автентифікацію
об’єктів, що не знаходяться під її безпосереднім контролем (мережні об’єкти)
3.Реєстрація та аудит
В захищеній ОС здійснюється реєстрація всіх подій, що є потенційно небезпечними
Підсистема аудиту здійснює захист журналів, в яких відбувається реєстрація, від
НСД
Також ця підсистема може надавати засоби для аналізу журналів і відстеження
джерел тих чи інших подій
4.Антивірусний захист
Як правило, під підсистемою антивірусного захисту розуміють сукупність
програм, які надають можливість виявляти і знешкоджувати відомі шкідливі
програми, що відносяться як до вірусів (у широкому розумінні – включаючи
троянських коней, мережних хробаків, шпигунські програми), так і до засобів
здійснення атак
Без антивірусного захисту в наш час неможливо підтримувати ОС у безпечному
стані, особливо якщо вона встановлена на комп’ютері, що підключений до
мережі
Часто антивірусні засоби не входять до складу ОС, а постачаються окремо
5.Забезпечення цілісності
Будь-яка сучасна ОС надає додаткові засоби для захисту цілісності даних не
лише від НСД, але й від випадкових помилок, а також від аварій і збоїв системи
Насамперед, це стосується даних у файлових системах
Такі засоби реалізують можливості відкату, а також автоматизацію процесу
створення резервних копій і відновлення з них
6.Оновлення програм
Сучасні технології розроблення програмних продуктів — як прикладних програм, так і ОС, не
дозволяють гарантувати відсутність уразливостей. Тому сучасний підхід до забезпечення
захищеного стану інформаційно-телекомунікаційних систем передбачає обов’язкове постійне
оновлення програм
Підсистема оновлення програм повинна гарантувати встановлення оновлень лише з надійних
джерел
7.Криптографічні функції
Криптографічні функції застосовуються для захисту конфіденційності і цілісності інформації,
для автентифікації і забезпечення неможливості відмовлення від авторства
Криптографічні функції можуть використовуватись в якості самостійних засобів захисту
(шифрування файлових систем), або в якості допоміжних механізмів в інших засобах
(криптографічний захист цілісності журналів реєстрації)
8.Мережні функції
Мережний обмін є можливим шляхом доступу зловмисників до системи і найбільш критичним
джерелом проникнення в систему шкідливих програм. Тому мережні функції відносять до
комплексу засобів захисту
Мережні функції повинні протистояти мережним атакам, насамперед — атакам на протоколи
1.Аналіз загроз
Вивчають можливі загрози безпеці конкретного екземпляру ОС
Будують модель загроз
Оцінюють ризики
Визначають пріоритети у захисті від конкретних загроз
2.Формування вимог до політики безпеки
Визначають засоби і методи, які будуть застосовані для захисту від кожної окремої загрози
Як правило, неминучим є компроміс між вадами захисту від певних загроз і утрудненням роботи користувачів у
системі
Результатом робіт є формування набору вимог до реалізації політики безпеки у вигляді переліку
методів і засобів захисту, які повинні бути реалізованими
3.Формальне визначення політики безпеки
Здійснюють чітке визначення засобів, які будуть реалізовувати ті вимоги, що були сформульовані на
попередньому етапі
Зокрема, з’ясовується, чи можна домогтися виконання зазначених вимог лише штатними засобами ОС, або
необхідно встановлювати додатково спеціальне ПЗ
Формулюють вимоги до конфігурації ОС і усіх додаткових програм, що реалізують функції захисту,
якщо такі встановлені
Результатом робіт є детальний перелік конфігураційних настроювань ОС і додаткових програм
Повинні бути передбачені різні нештатні ситуації і відповідні настроювання ОС для таких ситуацій.
Безпека
операційних
систем
Лекція 04. Стандарти оцінювання захищеності операційних
систем
Групи Класи
A A1 Верифікований захист
B B1 B2 B3 Мандатний захист
C C1 C2 Дискреційний захист
D D1 Мінімальний захист
Критерії ефективності
Відповідність набору засобів захисту заданим
цілям
Взаємна узгодженість різних засобів і механізмів
захисту
Здатність засобів захисту протистояти атакам
Можливість практичного використання недоліків
архітектури засобів захисту
Простота використання засобів захисту
Можливість практичного використання
функціональних недоліків засобів захисту
Безпека ОС - Лекція 04 16/29
ITSEC – критерії гарантій 2/2
Критерії коректності
Процес розроблення
Специфікація вимог безпеки
Розроблення архітектури
Створення робочого проекту
Реалізація
Середовище розроблення
Засоби керування конфігурацією
Використовувані мови програмування і компілятори
Безпека середовища розроблення
Експлуатаційна документація
Настанова користувача
Настанова адміністратора
Середовище експлуатації
Доставка і встановлення
Запуск и експлуатація
Безпека
операційних
систем
Лекція 05. Нормативні документи системи технічного
захисту інформації в Україні (НД ТЗІ)
Об’єкт-користувач
Суб’єкт
Об’єкт-процес
Доступ:
користувач процес пасивний об’єкт
Керування доступом:
Дискреційне Довірче
Мандатне Адміністративне
Критерії конфіденційності
Критерії цілісності
Критерії доступності
Критерії спостережності
Критерії гарантій
Функціональні критерії
1.Д.2 = { ДР-2, ДС-1, ДЗ-1, ДВ-2, НР-2, НИ-2, НК-1, НО-1, НЦ-1, НТ-2 }
1.Д.3 = { ДР-2, ДС-2, ДЗ-2, ДВ-2, НР-3, НИ-2, НК-1, НО-1, НЦ-2, НТ-2 }
1.КЦ.2 = { КА-1, КО-1, ЦА-2, ЦО-1, НР-2, НИ-2, НК-1, НО-1, НЦ-1, НТ-1 }
2.КЦ.2 = { КД-2, КО-1, ЦД-1, ЦО-1, НР-2, НИ-2, НК-1, НО-1, НЦ-2, НТ-1 }
3.КЦД.2 = { КД-2, КА-2, КО-1, КВ-2, ЦД-1, ЦА-2, ЦО-1, ЦВ-2, ДР-1, ДВ-1,
НР-2, НИ-2, НК-1, НО-2, НЦ-2, НТ-2, НВ-1 }
Безпека
операційних
систем
Лекція 06. ISO/IEC 15408 (Common Criteria)
Безпека
операційних
систем
Лекції 07-09. Засоби захисту Windows
Адміні- Кори-
Функція управління
стратор стувач
Задати ім’я/адресу віддаленого сервера керування, з якого
√
отримувати налаштування управління
Задати ім’я/адресу сервера аудиту/реєстрації, на який
надсилати записи аудиту/реєстрації
Конфігурувати правила аудиту √
Задати ім’я/адресу мережного сервера часу √
Активувати/деактивувати автоматичні оновлення програмного √
забезпечення
Конфігурувати інтерфейс Wi-Fi √
Активувати/деактивувати інтерфейс Bluetooth √
Конфігурувати інтерфейси USB √
Активувати/деактивувати інтерфейс локальної мережі √
Безпека
операційних
систем
Лекція 10-12. Засоби захисту Linux
Дані КЗЗ:
Виконуваний код КЗЗ
Метадані суб’єктів — усі дані, що використовуються для суб’єктів, крім
даних, які не інтерпретуються КЗЗ і не реалізують частини КЗЗ (ці дані
називаються даними користувача)
Метадані іменованих об’єктів — усі дані, що використовуються для
відповідних об’єктів, крім даних, які не інтерпретуються КЗЗ і не
реалізують частини КЗЗ (ці дані називаються даними користувача)
Облікові записи користувачів, включаючи атрибути безпеки
Записи аудиту
Дані користувача:
Виконуваний код, що не належить КЗЗ, і використовується для
керування поведінкою суб'єктів
Дані, які не інтерпретуються КЗЗ і зберігаються або передаються з
використанням іменованих об'єктів
Він містить код, такий як ядро, модуль ядра та драйвери пристроїв, що працює у
привілейованому режимі процесора
Він забезпечує політику безпеки системи
Він дозволяє SUID або SGID до привілейованого користувача (наприклад, root) або групи
Йому надані можливості (capabilities) файлової системи, що передбачають підвищення
привілеїв під час виконання
Він надає одну або кілька можливостей подолати обмеження, пов’язані з безпекою, які
застосовуються системою для користувача, що його викликає
Він був запущений як демон, що виконується з правами root або з системним UID/GID
Це програмне забезпечення, яке повинно функціонувати належним чином для підтримки
механізмів безпеки системи
Він потрібен для системного адміністрування
Він складається з даних КЗЗ або файлів конфігурації
Він складається з бібліотек, пов'язаних з програмами КЗЗ
Він був запущений як програма з іншими привілеями, ніж той, що його викликав
Найпомітнішими прикладами є init, modprobe та v86d, використовувані драйвером uvesafb
Він надає користувачеві, який його викликає, одну або кілька можливостей подолання
багаторівневої безпеки (MLS)
Програмні привілеї
DAC, SELinux LSM MAC, Capabilities, AppArmor
Програми з програмними привілеями
Програмний привілей
Ядро обмежує використання багатьох системних викликів або
функціональних областей, що викликаються системними викликами, до
процесів, що мають певні можливості
Якщо процес виклику не має необхідних можливостей, виконання зачепленої
області коду не дозволяється, а процесу, що викликає, повертається
помилка EPERM
Наприклад, якщо процес намагається створити спеціальний файл пристрою,
викликаючи системний виклик mknod, ядро перевіряє, чи здатний процес створювати
спеціальні файли пристрою, перевіряючи, чи має процес можливість CAP_MKNOD
За відсутності спеціальних модулів ядра, які визначають і використовують
можливості, перевірка можливостей повертається назад до надання
привілеїв програмного забезпечення ядра на основі UID процесу
Можливості засновані на проекті POSIX.1e плюс ряд додаткових
можливостей
Повний перелік усіх можливостей, включаючи їх значення, повністю
описаний у файлі вихідного коду ядра Linux include/linux/capability.h
Базове ядро
Базове ядро включає код, який виконується для надання сервісу,
наприклад, обслуговування системного виклику користувача або
обслуговування події переривання або винятку
Більшість компільованого коду ядра підпадає під цю категорію
Потоки ядра
Для виконання певних рутинних завдань, таких як очищення кеш-
пам’яті диска або відновлення пам’яті шляхом заміни
невикористаних фреймів, ядро створює внутрішні процеси або
потоки
Потоки ядра плануються так само, як і звичайні процеси, але вони
не мають контексту в режимі користувача
Потоки ядра знаходяться в просторі ядра і працюють лише в
режимі ядра
IPSec:
Після обміну або узгодження ключів для IPSEC SA, шифрування та дешифрування
фактичних даних, що передаються мережею, забезпечуються протоколами IPSec ESP,
що потенційно підтримується AH
У Linux ядро реалізує виключно протоколи IPSec, використовуючи ключі, встановлені з
протоколом IKE
Механізми ідентифікації та
автентифікації на основі PAM
Зміна ідентифікатору користувача
Управління даними автентифікації
Автентифікація на основі ключів SSH
Безпека
операційних
систем
Лекції 13-14. Архітектура безпеки і механізми захисту
Android
Безпека
операційних
систем
Лекція 15-16. Підтримка засобів захисту операційних систем
процесорами x86
31 16 15 0
base_1 (15-0) limit_1 (15-0)
31 16 15 0
selector offset_1 (15-0)
Структура 0...0
0...0
ds
ss
54
50
сегмента 0...0
0...0
cs
es
4C
48
TSS
edi 44
esi 40
ebp 3C
esp 38
ebx 34
edx 30
ecx 2C
eax 28
eflags 24
eip 20
cr3 1C
0...0 ss рівня 2 18
esp2 14
0...0 ss рівня 1 10
esp1 0C
0...0 ss рівня 0 08
esp0 04
0 . .-. Лекція
Безпека ОС 0 15-16 селектор TSS повернення 20/41
00
Послідовність дій під час
переключення контекстів
1.Виконується команда CALL, в якій задано селектор, що
указує на дескриптор сегмента типу TSS
2.Здійснюється перевірка прав доступу
Якщо CPL > DPL, доступ заборонено
3.Селектор поточного сегмента TSS береться з регістру tr
До TSS заносяться значення регістрів процесора
4.В регістр tr завантажується селектор TSS завдання, на яке
переключається процесор
5.З нового TSS в регістр ldtr завантажується селектор LDT
6.З відповідних полів нового TSS оновлюються всі регістри
процесора
7.Селектор сегмента TSS попереднього завдання заноситься
в поле селектора повернення нового сегмента TSS
Таблиця дескрипторів
сегментів
сегмент 1 Базова
сегмент 2 адреса
... сегмента
сегмент i
...
Фізична адреса
Біт Комбінація
S бітів у полі Тип сегмента
type_seg
Фізична адреса
Таблиця дескрипторів
сегментів
Трансляція сегмент 1
сегмент 2
Базова
адреса
сегмента
...
віртуальної сегмент i
...
сегментно- Номер
розділу – j
Номер віртуальної
сторінки в розділі – k
Зміщення
в сторінці
розподілу
розділів розділу i
розділ 1 сторінка 1
розділ 2 сторінка 2
пам’яті ...
розділ j
...
сторінка k
... ...
Фізична адреса
Номер фізичної Зміщення
Безпека ОС - Лекція 15-16 сторінки в сторінці
32/41
Завантаження селектора в сегментний
регістр – пошук дескриптора
cs x xx 1 1 x x x сегмент коду
ss x xx 1 0 1 1 x сегмент стека
1 x 1 x сегмент коду
ds, es, fs, gs x xx 1
0 х х х сегмент даних або стека
Для добавления
Довідковий текста
матеріал до
щелкните
лекцій 7-8 мышью
(Засоби захисту Windows)
Витяг з Microsoft Windows 10, Windows
Server (April 2018 Update) Security Target
Why Using the Security Target?
• How an ST should be used (according to the Common Criteria):
– Before and during the evaluation, the ST specifies “what is to be evaluated”
• Technical correctness and completeness are major issues for this role
– After the evaluation, the ST specifies “what was evaluated” (our case)
• The ST describes the exact security properties of the TOE in an abstract manner
• The potential consumer can rely on this description because the TOE has been evaluated to meet the ST
• Ease of use and understandability are major issues for this role
• However, an ST should not be used as:
– a detailed specification:
• An ST is designed to be a security specification on a relatively high level of abstraction
• An ST should, in general, not contain detailed protocol specifications, detailed descriptions of algorithms
and/or mechanisms, long description of detailed operations etc.
• This may be a drawback in out case
– a complete specification:
• An ST is designed to be a security specification and not a general specification
• Unless security-relevant, properties such as interoperability, physical size and weight, required voltage etc.
should not be part of an ST
• This means that in general an ST may be a part of a complete specification, but not a complete
specification itself
• This is not a problem in out case
2
Target of Evaluation (TOE)
Reference
• TOE Software Identification: The following Windows Operating
Systems (OS):
– Microsoft Windows 10 Home Edition (April 2018 Update) (32-bit version)
– Microsoft Windows 10 Pro Edition (April 2018 Update) (64-bit versions)
– Microsoft Windows 10 Enterprise Edition (April 2018 Update) (64-bit
versions)
– Microsoft Windows Server Standard Core, version 1803
– Microsoft Windows Server Datacenter Core, version 1803
• TOE Versions:
– Windows 10: build 10.0.17134 (also known as version 1803)
– Windows Server: build 10.0.17134 (also known as version 1803)
– The following security updates must be applied for Windows 10 and
Windows Server: all critical updates as of July 30, 2018
3
TOE Overview
• The TOE includes
– the Windows 10 operating system,
– the Windows Server operating system,
– those applications necessary to manage, support and configure the operating system.
• Windows 10 and Windows Server can be delivered preinstalled on a new
computer or downloaded from the Microsoft website.
• All Windows 10 and Windows Server editions, collectively called “Windows”, are
preemptive multitasking, multiprocessor, and multi-user operating systems.
– In general, operating systems provide users with a convenient interface to manage
underlying hardware. They control the allocation and manage computing resources such
as processors, memory, and Input/Output (I/O) devices.
– Windows expands these basic operating system capabilities to controlling the allocation
and managing higher level IT resources such as security principals (user or machine
accounts), files, printing objects, services, window station, desktops, cryptographic keys,
network ports traffic, directory objects, and web content.
– Multi-user operating systems such as Windows keep track of which user is using which
resource, grant resource requests, account for resource usage, and mediate conflicting
requests from different programs and users.
4
TOE Usage
• Windows 10 is suited for business desktops, notebook, and convertible computers.
– It is the workstation product and while it can be used by itself, it is designed to serve as a client
within Windows domains.
• Windows Server is built for workloads ranging from the department to the enterprise
to the cloud. It delivers:
– intelligent file and printer sharing;
– secure connectivity based on Internet technologies,
– centralized desktop policy management.
It provides the necessary scalable and reliable foundation to support
– mission-critical solutions for databases,
– enterprise resource planning software,
– high-volume, real-time transaction processing,
– server consolidation,
– public key infrastructure,
– virtualization,
– and additional server roles.
• Windows provides an interactive User Interface (UI), as well as a network interface.
5
TOE Usage — Domains and Forests
• The TOE includes a set of computer systems that can be connected via
their network interfaces and organized into domains and forests.
– A domain is a logical collection of Windows systems that allows the administration
and application of a common security policy and the use of a common accounts
database.
– One or more domains combine to comprise a forest.
– Windows supports single-domain and multiple-domain (i.e., forest) configurations as
well as federation between forests and external authentication services.
• Each domain must include at least one designated server known as a
Domain Controller (DC) to manage the domain.
– The TOE allows for multiple DCs that replicate TOE user and machine account as
well as group policy management data among themselves to provide for higher
availability.
• Each Windows system, whether it is a DC server, non-DC server, or
workstation, provides a subset of the TSFs (TOE Security Functions).
– The TSF subset for Windows can consist of the security functions from a single
system, for a stand-alone system, or the collection of security functions from an
entire network of systems, for a domain configuration.
6
TOE Security Services
• Security Audit
• Cryptographic Support
• User Data Protection
• Identification and Authentication
• Protection of the TOE Security Functions
• Session Locking
• TOE Access
• Trusted Path for Communications
• Security Management
7
TOE Security Services (1)
• Security Audit:
– Windows has the ability to
• collect audit data,
• review audit logs,
• protect audit logs from overflow,
• and restrict access to audit logs.
– Audit information generated by the system includes
• the date and time of the event,
• the user identity that caused the event to be generated,
• and other event specific data.
– Authorized administrators can review audit logs and have the
ability to search and sort audit records.
– Authorized Administrators can also configure the audit system to
include or exclude potentially auditable events to be audited based
on a wide range of characteristics.
8
TOE Security Services (2)
• Cryptographic Support:
– Windows provides FIPS 140-2 CAVP validated cryptographic functions that support
• encryption/decryption,
• cryptographic signatures,
• cryptographic hashing,
• cryptographic key agreement,
• and random number generation.
– The TOE additionally provides support for public keys, credential management and
certificate validation functions and provides support for the National Security Agency’s
Suite B cryptographic algorithms.
– Windows also provides
• extensive auditing support of cryptographic operations,
• the ability to replace cryptographic functions and random number generators with alternative
implementations,
• and a key isolation service designed to limit the potential exposure of secret and private keys.
– In addition to using cryptography for its own security functions, Windows offers access
to the cryptographic support functions for user-mode and kernel-mode programs.
– Public key certificates generated and used by Windows authenticate users and
machines as well as protect both user and system data in transit.
9
TOE Security Services (3)
• User Data Protection:
– In the context of this evaluation Windows protects user data and
provides virtual private networking capabilities.
• Identification and Authentication
– Each Windows user must be identified and authenticated based on
administrator-defined policy prior to performing any TSF-mediated
functions.
– An interactive user invokes a trusted path in order to protect his I&A
information.
– Windows maintains databases of accounts including their identities,
authentication information, group associations, and privilege and
logon rights associations.
– Windows account policy functions include the ability to define the
minimum password length, the number of failed logon attempts, the
duration of lockout, and password age.
10
TOE Security Services (4)
• Protection of the TOE Security Functions:
– Windows protects against unauthorized data disclosure and
modification by using a suite of Internet standard protocols
including IPsec, IKE, and ISAKMP.
– Windows ensures process isolation security for all processes
through private virtual address spaces, execution context, and
security context.
– The Windows data structures defining process address space,
execution context, memory protection, and security context are
stored in protected kernel-mode memory.
– Windows includes self-testing features that ensure the integrity
of executable program images and its cryptographic functions.
– Finally, Windows provides a trusted update mechanism to
update Windows binaries itself.
11
TOE Security Services (5)
• Session Locking:
– Windows provides the ability for a user to lock their session either
immediately or after a defined interval.
– Windows constantly monitors the mouse, keyboard, and touch display for
activity and locks the computer after a set period of inactivity.
• TOE Access:
– Windows allows an authorized administrator to configure the system to
display a logon banner before the logon dialog.
• Trusted Path for Communications:
– Windows uses HTTPS, TLS, DTLS, and EAP-TLS to provide a trusted
path for communications.
• Security Management:
– Windows includes several functions to manage security policies.
– Policy management is controlled through a combination of access control,
membership in administrator groups, and privileges.
12
TOE Logical Boundaries
• Conceptually the Windows TOE can be thought of as a collection of the
security services which were briefly reviewed above, and will be described
with increasing detail further.
• These services are primarily provided by Windows components:
– The Boot Manager, which is invoked by the computer’s bootstrapping code.
– The Windows Loader which loads the operating system into the computer’s memory.
– The Windows Kernel which contains device drivers for the Windows NT File System,
full volume encryption, the crash dump filter, and the kernel-mode cryptographic library.
– The IPv4 / IPv6 network stack in the kernel.
– The Windows Trusted Installer which installs updates to the Windows operating
system.
– The Local Security Authority Subsystem which identifies and authenticates users
prior to log on and generates events for the security audit log.
– FIPS-Approved cryptographic algorithms to protect user and system data.
– The Key Isolation Service which protects secret and private keys.
– Local and remote administrative interfaces for security management.
– Windows Explorer which can be used to manage the OS and check the integrity of
Windows files and updates.
13
TOE Physical Boundaries
• Each instance of the general purpose OS TOE runs on a tablet,
convertible, workstation or server computer.
• The TOE executes on processors from Intel (x86 and x64) or AMD (x86
and x64) along with peripherals for input/output (keyboard, mouse, display,
and network).
• The TOE was tested on the following physical and virtual computer
platforms:
– Microsoft Surface Book 2
– Microsoft Surface Pro LTE
– Microsoft Surface Laptop
– Microsoft Surface Go
– Dell Latitude 5290
– Dell Latitude 12 Rugged Tablet
– Dell PowerEdge R740 3 (representing the 14 th generation of PowerEdge servers.)
– Microsoft Windows Server Hyper-V
– Microsoft Windows Server 2016 Hyper-V
14
Product Description
• In addition to core operating system capabilities described above, Windows can
also be categorized as the following types of Information Assurance (IA) or IA-
enabled IT products:
– these capabilities leverage functionality included in this General Purpose OS evaluation
as well as capabilities which fall outside the scope of the GP OS PP
• Windows is a Network Management and Desktop Management product to
support security infrastructure
– Group Policy and mobile device management Configuration Service Providers (part of the
Windows TOE) provide the centralized network management in Windows networks and
desktops.
• Windows is a Single Sign-On product for Windows networks
• Windows is a Firewall product with the capability to filter network traffic based
upon
– source and destination addresses,
– ports,
– applications,
– user or machine identity,
– and protocols.
15
CC Conformance Claims
• This ST and the Windows 10 editions (TOEs) are consistent with the
following specifications:
– Common Criteria for Information Technology Security Evaluation Part 2:
Security functional requirements, Version 3.1, Revision 5, April 2017,
extended (Part 2 extended)
– Common Criteria for Information Technology Security Evaluation Part 3:
Security assurance requirements Version 3.1, Revision 5 April 2017, (Part 3
extended)
– General Purpose Operating Systems Protection Profile, Version 4.1, March
9, 2016 (GP OS PP)
– General Purpose Operating Systems Protection Profile / Mobile Device
Fundamentals Protection Profile Extended Package (EP) Wireless Local
Area Network (WLAN) Clients, version 1.0, February 8, 2016 (WLAN EP)
• This ST and the Windows Server editions (TOEs) are consistent with
the following specifications:
– 1-3 of the above
16
Security Problem Definition
• The security problem definition consists of the
– threats to security,
– organizational security policies,
– and usage assumptions
as they relate to Windows.
• The assumptions, threats, and policies are copied from:
– the General Purpose Operating Systems Protection Profile,
Version 4.1, March 9, 2016 (“GP OS PP”) and
– the General Purpose Operating Systems Protection Profile/
Mobile Device Fundamentals Protection Profile Extended
Package (EP) Wireless Local Area Network (WLAN) Clients
(“WLAN EP”).
17
Table 1 GP OS PP Threats
Addressed by Windows
Threat Description
T.NETWORK An attacker is positioned on a communications channel or elsewhere
_ATTACK on the network infrastructure. Attackers may engage in communications
with applications and services running on or part of the OS with the
intent of compromise. Engagement may consist of altering existing
legitimate communications.
T.UNAUTHORIZED A user may gain unauthorized access to the TOE data and TOE
_ACCESS executable code. A malicious user, process, or external IT entity
(Unauthorized may masquerade as an authorized entity in order to gain
Access) unauthorized access to data or TOE resources. A malicious user,
process, or external IT entity may misrepresent itself as the TOE to
obtain identification and authentication data.
T.UNDETECTED Malicious remote users or external IT entities may take actions that
_ACTIONS adversely affect the security of the TOE. These actions may remain
(Undetected undetected and thus their effects cannot be effectively mitigated.
Actions)
19
Table 3 Organizational Security
Policies
Security Policy Description
[None] There are no Organizational Security Policies for the
protection profile or extended package.
20
Table 4 Secure Usage
Assumptions
Assumption Description
A.PLATFORM The OS relies upon a trustworthy computing platform for
its execution. This underlying platform is out of scope of
this PP.
A.PROPER_USER The user of the OS is not willfully negligent or hostile,
and uses the software in compliance with the applied
enterprise security policy. At the same time, malicious
software could act as the user, so requirements which
confine malicious subjects are still in scope.
A.PROPER_ADMIN The administrator of the OS is not careless, willfully
negligent or hostile, and administers the OS within
compliance of the applied enterprise security policy.
21
Table 5 WLAN EP Secure Usage
Assumptions for Windows
Assumption Description
A.NO_TOE_BYPASS Information cannot flow between the wireless
client and the internal wired network without
passing through the TOE.
A.TRUSTED_ADMIN TOE Administrators are trusted to follow and
apply all administrator guidance in a trusted
manner.
22
TOE Summary Specification (TSS)
• The following part of the presentation is based on the chapter
describing the Windows security functions that satisfy the security
functional requirements of the protection profile.
– The TOE also includes additional relevant security functions which are also
described in the following sections, as well as a mapping to the security
functional requirements satisfied by the TOE.
• The TOE performs the following security functions:
– Audit
– Cryptographic Support
– User Data Protection
– Identification and Authentication
– Security Management
– Protection of the TSF
– TOE Access
– Trusted Channels
23
Audit
The TOE Audit security function performs:
– Audit Collection
– Selective Audit
– Audit Log Overflow Protection
– Audit Log Restricted Access Protection
24
Audit Collection
• The Windows Event Log service creates the security event
log,
– The log contains security relevant audit records collected on a system
– There are other event logs which are also registered by other audit
entry providers
• The Local Security Authority (LSA) server
– collects audit events from all other parts of the TSF
– and forwards them to the Windows Event Log service
• The latter will place the event into the log for the appropriate provider.
• There is no size limit for a single audit record
– the authorized administrator can specify a limit for the size of each
event log.
• For each audit event, the Windows Event Log service stores
the following data (see next slide) in each audit entry
25
Standard Fields in a Windows Audit Entry
Field in Description
Audit Entry
Date The date the event occurred.
Time The time the event occurred.
User The security identifier (SID) of that represents the user on
whose behalf the event occurred that represents the user.
Event ID A unique number within the audit category that identifies
the specific audit event.
Source The Windows component that generated the audit event.
Outcome Indicates whether the security audit event recorded is the
result of a successful or failed attempt to perform the
action.
Category The type of the event defined by the event source.
26
Audit Events Categories
• The LSA service defines the following categories
for audit events in the security log:
– System,
– Logon / Logoff
– Object Access
– Directory Service Access
– Privilege Use
– Detailed Process Tracking
– Policy Change
– Account Management
– Account Logon
27
Category-Specific Data (1)
• Each audit entry may also contain category-specific data
that is contained in the body of the entry
– For the System Category, the audit entry includes information
relating to the system such as
• the time the audit trail was cleared,
• start or shutdown of the audit function,
• and startup and shutdown of Windows.
• the specific cryptographic operation is identified when such operations
are audited.
– For the Logon and Account Logon Category, the audit entry
includes the reason the attempted logon failed.
– For the Object Access and the Directory Service Access
Category, the audit entry includes
• the object name
• and the desired access requested.
28
Category-Specific Data (2)
– For the Privilege Use Category, the audit entry identifies the
privilege.
– For the Detailed Process Tracking Category, the audit event
includes the process identifier.
– For the Policy Change and Account Management Category, the
audit event includes the new values of the policy or account
attributes.
– For the Account Logon Category, the audit event includes the
logon type that indicates the source of the logon attempt:
• Interactive (local logon)
• Network (logon from the network)
• Service (logon as a service)
• Batch (logon as a batch job)
• Unlock (for Unlock screen saver)
• Network_ClearText (for anonymous authentication to IIS)
29
Where Security Audit Events
are Collected
• There are two places within the TSF where security audit events are
collected.
– Inside the kernel, the Security Reference Monitor (SRM), a part of the NT
Executive, is responsible for generation of all audit entries for the
• object access,
• privilege use,
• and detailed process tracking event categories.
Windows components can request the SRM to generate an audit record and supply all of the
elements in the audit record except for the system time, which the Executive provides.
– With one exception, audit events for the other event categories are generated by
various services that either
• co-exist in the LSA server
• or call, with the SeAuditPrivilege privilege, the Authz Report Audit interfaces implemented in
the LSA Policy subcomponent.
– The exception is that the Event Log Service itself records an event record
• when the security log is cleared
• and when the security log exceeds the warning level configured by the authorized administrator.
30
Audit Policy
• The LSA server maintains an audit policy in its database that
determines which categories of events are actually collected.
– Defining and modifying the audit policy is restricted to the authorized
administrator. The authorized administrator can
• select events to be audited by selecting the category or categories to be audited.
• individually select each category.
• The only other TSF component that uses the audit policy is the
SRM in order to record object access, privilege use, and detailed
tracking audit.
– LSA and the SRM share a private local connection port, which is used to
pass the audit policy to the SRM.
– When an authorized administrator changes the audit policy, the LSA
updates its database and notifies the SRM.
– The SRM receives a control flag indicating if auditing is enabled and a
data structure indicating that the events in particular categories to audit.
31
Per-user Audit Policy
• In addition to the system-wide audit policy configuration, it is possible to
define a per-user audit policy using auditpol.exe.
– This allows individual audit categories (of success or failure) to be enabled or
disabled on a per user basis.
– The per-user audit policy refines the system-wide audit policy with a more
precise definition of the audit policy for which events will be audited for a specific
user.
– Windows will prevent a local administrator from disabling auditing for local
administrator accounts.
• If an administrator can bypass auditing, they can avoid accountability for such actions as
exfiltrating files without authorization.
• Within each category, auditing can be performed based on success,
failure, or both.
• For object access events, auditing can be further controlled based on
user/group identify and access rights using System Access Control
Lists (SACLs).
– SACLs are associated with objects and indicate whether or not auditing for a
specific object, or object attribute, is enabled.
32
Cryptographic Support
• Cryptographic Algorithms and Operations
• Cryptographic Algorithm Validation
• Networking (TLS)
• Protecting Data with DPAPI
33
Cryptography API: Next Generation
• The Cryptography API: Next Generation (CNG) API is designed to
be extensible at many levels and agnostic to cryptographic algorithm
suites.
– Windows uses CNG exclusively for its own encryption needs and provides
public APIs for external developers.
• An important feature of CNG is its native implementation of the Suite B
algorithms, including algorithms for
– AES (128, 192, 256 key sizes - the 192-bit key size is not used by Windows
but is available to developers),
– the SHA-1 and SHA-2 family (SHA-256, SHA-384 and SHA-512) of hashing
algorithms,
– elliptic curve Diffie Hellman (ECDH), and elliptical curve DSA (ECDSA) over
the NIST-standard prime curves P-256, P-384, and P-521.
• Protocols such as the Internet Key Exchange (IKE), and Transport
Layer Security (TLS), make use of elliptic curve Diffie-Hellman (ECDH)
included in Suite B as well as hashing functions.
34
Deterministic Random Bit Generation
• Deterministic random bit generation (DRBG) is implemented
in accordance with NIST Special Publication 800-90
– Windows generates random bits by taking the output of
• a cascade of two SP800-90 AES-256 counter mode based DRBGs in
kernel-mode
• and four cascaded SP800-90 AES-256 DRBGs in user-mode;
– programmatic callers can choose to obtain either 128 or 256
bits from the RBG which is seeded from the Windows entropy
pool
• Windows has different entropy sources (deterministic and
nondeterministic) which produce entropy data that is used for
random numbers generation
– In particular, this entropy data together with other data (such
as the nonce) seed the DRBG algorithm
35
Entropy Pool
• The entropy pool is populated using the following values:
– An initial entropy value from a seed file provided to the Windows OS Loader at boot
time (512 bits of entropy).
• The Windows OS Loader implements a SP 800-90 AES-CTR-DRBG and passes
along 384 bits of entropy to the kernel for CNG to be used during initialization.
• This DBRG uses the same algorithms to obtain entropy from the CPU cycle counter,
TPM, and RDRAND
– A calculated value based on the high-resolution CPU cycle counter which fires after
every 1024 interrupts (a continuous source providing 16384 bits of entropy).
– Random values gathered periodically from the Trusted Platform Module (TPM), (320
bits of entropy on boot, 384 bits thereafter on demand based on an OS timer).
– Random values gathered periodically by calling the RDRAND CPU instruction, (256
bits of entropy).
• Each entropy source is independent of the other sources and does not depend
on time.
– The CPU cycle counter inputs vary by environmental conditions such as
• data received on a network interface card,
• key presses on a keyboard,
• mouse movement and clicks,
• and touch input. 36
Cryptographic Functions Protection
• The TSF defends against tampering of the random number generation (RNG) /
pseudorandom number generation (PRNG) sources by encapsulating its use in
Kernel Security Device Driver.
– The interface for the Windows random number generator is BCryptGenRandom.
• The CNG provider for random number generation is the AES_CTR_DRBG, when
Windows requires the use of a salt it uses the Windows RBG.
• The encryption and decryption operations are performed by independent modules,
known as Cryptographic Service Providers (CSPs).
– Windows generates symmetric keys (AES keys) using the FIPS Approved random number
generator.
• In addition to encryption and decryption services, the TSF provides other
cryptographic operations such as hashing and digital signatures. Hashing is used
by other FIPS Approved algorithms implemented in Windows (the hashed message
authentication code, RSA, DSA, and EC DSA signature services, Diffie-Hellman
and elliptic curve Diffie-Hellman key agreement, and random bit generation). When
Windows needs to establish an RSA-based shared secret key it can act both as a
sender or recipient, any decryption errors which occur during key establishment are
presented to the user at a highly abstracted level, such as a failure to connect.
37
Other Cryptographic Operations
• In addition to encryption and decryption services, the TSF provides
other cryptographic operations such as
– hashing
– digital signatures.
• Hashing is used by other FIPS Approved algorithms implemented
in Windows
– the hashed message authentication code,
– RSA, DSA, and EC DSA signature services,
– Diffie-Hellman and elliptic curve Diffie-Hellman key agreement,
– and random bit generation.
• When Windows needs to establish an RSA-based shared secret
key it can act both as a sender or recipient
– any decryption errors which occur during key establishment are presented
to the user at a highly abstracted level, such as a failure to connect.
38
Windows Cryptographic Algorithm
Standards and Evaluation Methods
Cryptographic Operation Standard Evaluation Method
FIPS 197 AES NIST CAVP # 5847, # 5859,
# 5860, # 5861
NIST SP 800-38A CBC mode # 5847, # 5861
Encryption/Decryption NIST SP 800-38C CCM mode # 5847, # 5859
NIST SP 800-38E XTS mode # 5847
NIST SP 800-38F KW mode # 5860
NIST SP 800-38D GCM mode # 5847
Digital signature (key FIPS 186-4 RSA NIST CAVP # 3079, # 3080
generation)
Digital signature (generation) FIPS 186-4 RSA NIST CAVP # 3079, # 3080,
# 3082
Digital signature (verification) FIPS 186-4 RSA NIST CAVP # 3079, # 3080,
# 3081, # 3082
Digital signature (generation FIPS 186-4 DSA NIST CAVP # 1479
and verification) 39
Windows Cryptographic Algorithm
Standards and Evaluation Methods
Cryptographic Operation Standard Evaluation Method
Digital signature (key FIPS 186-4 ECDSA NIST CAVP # 1563, # 1564,
generation) # 1565
Digital signature (key FIPS 186-4 ECDSA NIST CAVP # 1563, # 1564
generation, signature
generation and verification)
Hashing FIPS 180-4 SHA-1 and NIST CAVP # 4633
SHA-256, SHA-384, SHA-512
Keyed-Hash Message FIPS 198-2 HMAC NIST CAVP # 3858, # 3859
Authentication Code
Random number generation NIST SP 800-90 CTR_DRBG NIST CAVP # 2435, # 2436
Key agreement NIST SP 800-56A ECDH NIST CAVP # 200, # 201
Key establishment NIST SP 800-56B RSA NIST CVL # 2111, # 2112
Key-based key derivation SP800-108 NIST CAVP # 242, # 243
IKEv1, IKEv2, TLS SP800-135 NIST CVL # 2110
40
Key storage
• CNG includes a user-mode key isolation service designed
specifically to host secret and private keys in a protected process to
mitigate tampering or access to sensitive key materials for user-mode
processes.
• CNG performs a key error detection check on each transfer of key
– internal and intermediate transfers.
• CNG prevents archiving of expired (private) signature keys and
destroys non-persistent cryptographic keys.
– Windows overwrites each intermediate storage area for plaintext key/critical
cryptographic security parameter
• i.e., any storage, such as memory buffers for the key or plaintext password which was
typed by the user that is included in the path of such data
– This overwriting is performed as follows:
• For volatile memory, the overwrite is a single direct overwrite consisting of zeros using
the RtlSecureZeroMemory function.
– Note that the administrative guidance precludes hibernating the computer so
that the keys are not persisted into volatile storage
41
Types of Keys Used by Windows (1)
Key Description
Symmetric Keys used for AES (FIPS 197) encryption/decryption for
encryption/decryption IPsec ESP, TLS, Wi-Fi.
keys
HMAC keys Keys used for HMAC-SHA1, HMAC-SHA256, HMAC-
SHA384, and HMAC-SHA512 (FIPS 198-1) as part of
IPsec
Asymmetric ECDSA Keys used for the verification of ECDSA digital signatures
Public Keys (FIPS 186-4) for IPsec traffic and peer authentication.
Asymmetric ECDSA Keys used for the calculation of ECDSA digital signatures
Private Keys (FIPS 186-4) for IPsec traffic and peer authentication.
Asymmetric RSA Keys used for the verification of RSA digital signatures
Public Keys (FIPS 186-4) for IPsec, TLS, Wi-Fi and signed product
updates.
Asymmetric RSA Keys used for the calculation of RSA digital signatures
Private Keys (FIPS 186-4) for IPsec, TLS, and Wi-Fi as well as TPM-
based health attestations. The key size can be 2048 or
3072 bits. 42
Types of Keys Used by Windows (2)
Key Description
Asymmetric DSA Keys used for the calculation of DSA digital signatures
Private Keys (FIPS 186-4) for IPsec and TLS. The key size can be
2048 or 3072 bits.
Asymmetric DSA Keys used for the verification of DSA digital signatures
Public Keys (FIPS 186-4) for IPsec and TLS. The key size can be
2048 or 3072 bits.
DH Private and Private and public values used for Diffie-Hellman key
Public values establishment for TLS.
ECDH Private and Private and public values used for EC Diffie-Hellman key
Public values establishment for TLS.
DPAPI master secret 512-bit random value used by DPAPI
DPAPI master AES 256-bit encryption key that protects the DPAPI master
key secret
DPAPI AES key 256-bit encryption key used by DPAPI
DRBG seed The seed for the main DRBG, zeroized
43 during reseeding
Networking (TLS)
• The TOE implements TLS to enable a trusted network path that
is used for client and server authentication, as well as HTTPS.
• The protocols are described at:
– MS-TLSP Transport Layer Security (TLS) Profile
– RFC 2246 The TLS Protocol Version 1.0
– RFC 3268 -AES Ciphersuites for TLS
– RFC 3546 Transport Layer Security (TLS) Extensions
– RFC 4366 Transport Layer Security (TLS) Extensions
– RFC 4492 ECC Cipher Suites for TLS
– RFC 4681 TLS User Mapping Extension
– RFC 5246 - The Transport Layer Security (TLS) Protocol, Version 1.2
– RFC 5289 - TLS ECC Suites with SHA-256384 and AES GCM
44
TLS RFCs Implemented by Windows
RFC# Name How Used
2246 The TLS Protocol Version 1.0 Specifies requirements for TLS 1.0.
3268 Advanced Encryption Standard (AES) Specifies additional ciphersuites implemented
Ciphersuites for Transport Layer Security by Windows.
(TLS)
3546 Transport Layer Security (TLS) Extensions Updates RFC 2246 with TLS 1.0 extensions
implemented by Windows.
4346 The Transport Layer Security (TLS) Protocol Specifies requirements for TLS 1.1.
Version 1.1
4366 Transport Layer Security (TLS) Extensions Obsoletes RFC 3546 Requirements for TLS
1.1 extensions implemented by Windows.
4492 Elliptic Curve Cryptography (ECC) Cipher Specifies additional ciphersuites
Suites for Transport Layer Security (TLS) implemented by Windows.
4681 TLS User Mapping Extension Extends TLS to include a User Principal Name
during the TLS handshake.
5246 The Transport Layer Security (TLS) Protocol Obsoletes RFCs 3268, 4346, and 4366.
Version 1.2 Specifies requirements for TLS 1.2.
5289 TLS Elliptic Curve Cipher Suites with SHA- Specifies additional ciphersuites
256/384 and AES Galois Counter Mode implemented by Windows.
(GCM)
SSL3 The SSL Protocol Version 3 45for SSL3.
Specifies requirements
TLS Implementation
• When negotiating a TLS 1.2 elliptic curve cipher suite, Windows
will include automatically as part of the Client Hello message:
– its supported elliptic curves extension, i.e., secp256r1, secp384r1, and
secp521r1
– signature algorithm, i.e., SHA256, SHA384, and SHA512
based on the ciphersuites selected by the administrator.
– By default, the curve secp521r1 is disabled.
• This curve can be enabled adding its name in the ECC Curve Order file.
• In addition, the curve priority can be edited in this file.
• On the other hand, by default the signature algorithms in the
Client Hello message are: SHA1, SHA256, SHA384 and
SHA512.
– The signature algorithm extension is configurable by editing a registry
key to meet with the FCS_TLSC_EXT.3 requirement.
46
TLS Implementation
• Each Windows component that uses TLS checks that the identifying information in the
certificate matches what is expected. These checks include checking the expected
– Distinguished Name (DN),
– Subject Name (SN),
– Subject Alternative Name (SAN) attributes
– along with any applicable extended key usage identifiers.
• The DN, and any Subject Alternative Name, in the certificate is checked against the identity
of the remote computer’s DNS entry or IP address to ensure that it matches as described at
http://technet.microsoft.com/en-us/library/cc783349(v=WS.10).aspx, and in particular the
“Server Certificate Message” section.
• The reference identifier in Windows for TLS is the DNS name or IP address of the remote
server, which is compared against the DNS name as presented identifier in the Subject
Alternative Name (SAN) or the Subject Name of the certificate.
– There is no configuration of the reference identifier.
• A certificate that uses a wildcard in the leftmost portion of the resource identifier (i.e.,
*.contoso.com) can be accepted for authentication, otherwise the certificate will be deemed
invalid.
– Windows does not provide a general-purpose capability to “pin” TLS certificates.
• Windows implements HTTPS as described in RFC 2818 so that Windows Store and system
applications executing on the TOE can securely connect to external servers using HTTPS.
47
Wireless Networking
• Windows has native implementations of IEEE 802.11-2012 and IEEE
802.11ac-2013 to provide secure wireless local area networking (Wi-
Fi).
– Windows can use PRF-384 in WPA2 Wi-Fi sessions and generate AES
128-bit keys or use PRF-704 to generate AES 256-bit keys, both utilize the
Windows RBG.
– Windows complies with the IEEE 802.11-2012 and IEEE 802.11ac-2013
standards and interoperates with other devices that implement the standard.
– Computers running a Windows OS typically have Wi-Fi CERTIFIED
Interoperability Certificates from the Wi-Fi Alliance.
• Windows implements key wrapping and unwrapping according to the
NIST SP 800-38F specification (the “KW” mode) and so unwraps the
Wi-Fi Group Temporal Key (GTK) which was sent by the access
point.
– Because the GTK was protected by AES Key Wrap when it was delivered in
an EAPOL-Key frame, the GTK is not exposed to the network.
48
Protecting Data with DPAPI
• Windows provides the Data Protection API,
DPAPI, which Windows components, first-party
and third-party applications can use to protect
any persisted data which the developer deems
to be sensitive.
– DPAPI will use AES CBC encryption with a key that
is based in part on the user’s password to protect the
user data.
– When storing private keys and secrets associated
with the user account, the encrypted data is stored
on the file system in a directory which is part of the
user’s profile.
49
User Data Protection
• Discretionary Access Control
• VPN Client
50
Discretionary Access Control
• The executive component within the Windows kernel
mediates access between subjects and user data
objects, also known as named objects.
– This kernel component is the Security Reference Monitor
(SRM)
• Subjects consist of processes with one or more
threads running on behalf of users.
• While the Windows Discretionary Access Control
policy manages several different kinds of named
objects, the protection profile that is the basic for this
evaluation focuses on the NTFS File and NTFS
Directory objects.
51
Subject DAC Attributes
• Windows security access tokens contain the security attributes for a
subject.
• Tokens are associated with processes and threads running on behalf of
the user.
• Information in a security access token that is used by DAC includes:
– The Security Identifier (SID) for the user account
– SIDs representing groups for which the user is a member
– Privileges assigned to the user
– An owner SID that identifies the SID to assign as owner for newly created objects
– A default Discretionary Access Control List (DACL) for newly created objects
– Token type which is either a primary or an impersonation token
– The impersonation level (for impersonation tokens)
– The integrity label SID
– An optional list of restricting SIDs
– The logon SID that identifies the logon session.
• An administrator can change all of these except for the user account SID
and logon SID.
52
Impersonation Tokens
• A thread can be assigned an impersonation token that would be
used instead of the process’ primary token when making an access
check and generating audit data.
– Hence, that thread is impersonating the client that provided the
impersonation token.
– Impersonation stops when the impersonation token is removed from the
thread or when the thread terminates.
• An access token may also include a list of restricting SIDs which
are used to limit access to objects.
– Restricting SIDs are contained in restricted tokens
– Restricted tokens is a special form of a thread impersonation token
– When configured, they serve to limit the corresponding process access to
no more than that available to the restricted SID.
• Access decisions are made using the impersonation token of a
thread if it exists, and otherwise the thread’s process primary token
(which always exists).
53
Object DAC Attributes
• Security Descriptors (SDs) contain all of the security attributes associated
with an object.
• All named objects have an associated SD.
• The security attributes from a SD used for discretionary access control are:
– the object owner SID which specifies the owner of the security descriptor,
– the DACL present flag,
– the DACL itself, when present.
• DACLs contain a list of Access Control Entries (ACEs).
• Each ACE specifies
– an ACE type,
– a SID representing a user or group,
– an access mask containing a set of access rights.
• Each ACE has inheritance attributes associated with it that specify if the
ACE applies to the associated object only, to its children objects only, or to
both its children objects and the associated object.
54
Two Types of ACEs
• There are two types of ACEs that apply to discretionary
access control:
– ALLOW ACES
• ACCESS_ALLOWED_ACE: used to grant access to a user or group of
users.
• ACCESS_ALLOWED_OBJECT_ACE: (for DS objects) used to grant
access for a user or group to a property or property set on the directory
service object, or to limit the ACE_inheritance to a specified type of child
object. This ACE type is only supported for directory service objects.
– DENY ACES
• ACCESS_DENIED_ACE: used to deny access to a user or group of
users.
• ACCESS_DENIED_OBJECT_ACE: (for DS objects) used to deny
access for a user or group to a property or property set on the directory
service object or to limit the ACE_inheritance to a specified type of child
object. This ACE type is only supported for directory service objects.
55
Access Mask
• In the ACE, an access mask contains object access rights granted (or
denied) to the SID, representing a user or group.
• An access mask is also used
– to specify the desired access to an object when accessing the object
– and to identify granted access associated with an opened object.
• Each bit in an access mask represents a particular access right.
• There are four categories of access rights: standard, specific, special, and
generic.
– Standard access rights apply to all object types.
– Specific access rights have different semantic meanings depending on the type of
object.
– Special access rights are used in desired access masks to request special access
or to ask for all allowable rights.
– Generic access rights are convenient groupings of specific and standard access
rights.
• Each object type provides its own mapping between generic access rights
and the standard and specific access rights.
56
Handle Tables
• For most objects, a subject requests access to the object (e.g., opens it)
and receives a pointer to a handle in return.
• The TSF associates a granted access mask with each opened handle.
• For kernel-mode objects,
– Handles are maintained in a kernel-mode handle table.
– There is one handle table per process.
– Each entry in the handle table identifies an opened object and the access rights
granted to that object.
• For user-mode TSF servers,
– The handle is a server-controlled context pointer associated with the connection
between the subject and the server.
– The server uses this context handle in the same manner as with the kernel
mode
• (i.e., to locate an opened object and it’s associated granted access mask).
• In both cases (user and kernel-mode objects), the SRM makes all
access control decisions.
57
DAC Access Rights and Named Objects
NTFS Directory NTFS File
ACCESS_SYSTEM_SECURITY ACCESS_SYSTEM_SECURITY
READ_CONTROL READ_CONTROL
WRITE_DAC WRITE_DAC
WRITE_OWNER WRITE_OWNER
SYNCHRONIZE SYNCHRONIZE
FILE_LIST_DIRECTORY FILE_WRITE_DATA
FILE_ADD_FILE FILE_READ_DATA
FILE_ADD_SUBDIRECTORY FILE_APPEND_DATA
FILE_DELETE_CHILD FILE_WRITE_EA
FILE_READ_ATTRIBUTES FILE_EXECUTE
FILE_WRITE_ATTRIBUTES FILE_READ_ATTRIBUTES
FILE_DELETE_CHILD | FILE_ADD_FILE FILE_WRITE_ATTRIBUTES
DELETE FILE_WRITE_DATA and FILE_WRITE_ATTRIBUTES
DELETE
FILE_WRITE_DATA | FILE_READ_DATA
FILE_READ_DATA | FILE_EXECUTE
FILE_READ_DATA | FILE_EXECUTE |
FILE_WRITE_DATA
FILE_WRITE_DATA | FILE_WRITE_EA |
FILE_WRITE_ATTRIBUTES
58
DAC Enforcement Algorithm
• The TSF enforces the DAC policy to objects based on
– SIDs and privileges in the requestor’s token,
– the desired access mask requested,
– the object’s security descriptor.
• In order for access to be granted, all access rights specified in the desired
access mask must be granted by one of the following steps
1.Privilege Check
2.Owner Check
3.DACL not present
4.DACL present but empty
5.Iteratively process each ACE in the order that they appear in the DACL
6.Access check against the restricting SIDs
• At the end of any step, if all of the requested access rights have been
granted then access is allowed.
• At the end of the algorithm, if any requested access right has not been
granted, then access is denied.
59
DAC Enforcement Algorithm (1)
1. Privilege Check:
a)Check for SeSecurity privilege: This is required if ACCESS_SYSTEM_SECURITY is in
the desired access mask.
• If ACCESS_SYSTEM_SECURITY is requested and the requestor does not have this privilege, access
is denied.
• Otherwise ACCESS_SYSTEM_SECURITY is granted.
b)Check for SeTakeOwner privilege:
• If the desired mask has WRITE_OWNER access right, and the privilege is found in the requestor’s
token, then WRITE_OWNER access is granted.
c)Check for SeBackupPrivilege: The Backup Files and Directories privilege allows a subject
process to read files and registry objects for backup operations regardless of their ACE in
the DACL.
• If the subject process has the SeBackupPrivilege privilege and the operation requires the privilege, no
further checking is performed and access is allowed.
• Otherwise this check is irrelevant and the access check proceeds.
d)Check for SeRestorePrivilege: The Restore Files and Directories privilege allows a
subject process to write files and registry objects for restore operations regardless of their
ACE in the DACL.
• If the subject process has the SeRestorePrivilege privilege and the operation requires the privilege no
further checking is performed, and access is allowed.
• Otherwise this check is irrelevant and the access check proceeds.
60
DAC Enforcement Algorithm (2)
2. Owner Check:
a)If the DACL contains one or more ACEs with the OwnerRights SID, those entries, along
with all other applicable ACEs for the user, are used to determine the owner's rights.
b)Otherwise, check all the SIDs in the token to determine if there is a match with the
object owner. If so, the READ_CONTROL and WRITE_DAC rights are granted if
requested.
3. DACL not present:
All further access rights requested are granted.
4. DACL present but empty:
If any additional access rights are requested, access is denied.
5. Iteratively process each ACE in the order that they appear in the DACL as
described below:
a)If the inheritance attributes of the ACE indicate the ACE is applicable only to children
objects of the associated object, the ACE is skipped.
b)If the SID in the ACE does not match any SID in the requestor’s access token, the ACE
is skipped.
c)If a SID match is found, and the access mask in the ACE matches an access in the
desired access mask (see the next slide)
61
DAC Enforcement Algorithm (3)
i. Access Allowed ACE Types:
– If the ACE is of type ACCESS_ALLOWED_OBJECT_ACE and the ACE includes a GUID
representing a property set or property associated with the object, then the access is
granted to the property set or specific property represented by the GUID (rather than to the
entire object).
– Otherwise the ACE grants access to the entire object.
ii. Access Denied ACE Type:
– If the ACE is of type ACCESS_DENIED_OBJECT_ACE and the ACE includes a GUID
representing a property set or property associated with the object, then the access is
denied to the property set or specific property represented by the GUID.
– Otherwise the ACE denies access to the entire object.
– If a requested access is specifically denied by an ACE, then the entire access request fails.
63
Rules to Set the DACL in the SDs
for New Named Kernel Objects
• The object's DACL is the DACL from the SD specified by the creating process.
– The TOE merges any inheritable ACEs into the DACL unless SE_DACL_PROTECTED is set in the SD
control flags.
– The TOE then sets the SE_DACL_PRESENT SD control flag.
• Note that a creating process can explicitly provide a SD that includes no DACL. The result will be an object with no
protections. This is distinct from providing no SD.
• If the creating process does not specify a SD,
– The TOE builds the object's DACL from inheritable ACEs in the parent object's DACL.
– The TOE then sets the SE_DACL_PRESENT SD control flag.
• If the parent object has no inheritable ACEs,
– The TOE uses its object manager subcomponent to provide a default DACL.
– The TOE then sets the SE_DACL_PRESENT and SE_DACL_DEFAULTED SD control flags.
• If the object manager does not provide a default DACL,
– The TOE uses the default DACL in the subject's access token.
– The TOE then sets the SE_DACL_PRESENT and SE_DACL_DEFAULTED SD control flags.
– The subject's access token always has a default DACL, which is set by the LSA subcomponent when the
token is created.
• All tokens are created with an appropriate default DACL, which can be applied to the new objects as appropriate.
• The default DACL is restrictive in that it only allows the SYSTEM SID and the user SID that created the object to have
access. The SYSTEM SID is a special SID representing TSF trusted processes.
64
Rules to Set the DACL in the SD
for New DS Objects
• The object's DACL is the DACL from the SD specified by the creating process.
– The TOE merges any inheritable ACEs into the DACL unless SE_DACL_PROTECTED is set in the SD
control flags.
– The TOE then sets the SE_DACL_PRESENT SD control flag.
• If the creating process does not specify a SD,
– The TOE checks the parent object's DACL for inheritable object-specific ACEs that apply to the type of
object being created.
– If the parent object has inheritable object-specific ACEs for the object type, the TOE builds the object's
DACL from inheritable ACEs, including both generic and object-specific ACEs.
– It then sets the SE_DACL_PRESENT SD control flag
• If the parent object has no inheritable object-specific ACEs for the type of object being
created,
– The TOE uses the default DACL from the AD schema for that object type.
– It then sets the SE_DACL_PRESENT and SE_DACL_DEFAULTED SD control flags.
• If the AD schema does not specify a default DACL for the object type,
– the TOE uses the default DACL in the subject's access token.
– It then sets the SE_DACL_PRESENT and SE_DACL_DEFAULTED SD control flags.
– The subject's access token always has a default DACL, which is set by the LSA subcomponent when
the token is created.
65
DAC Management
• The following are the four methods that DACL
changes are controlled:
– Object owner: Has implicit WRITE_DAC access.
– Explicit DACL change access: A user granted explicit
WRITE_DAC access on the DACL can change the DACL.
– Take owner access: A user granted explicit
WRITE_OWNER access on the DACL can take
ownership of the object and then use the owner’s implicit
WRITE_DAC access.
– Take owner privilege: A user with SeTakeOwner privilege
can take ownership of the object and then user the
owner’s implicit WRITE_DAC access.
66
Reference Mediation
• Access to objects on the system is generally predicated on obtaining a
handle to the object.
– Handles are usually obtained as the result of opening or creating an object.
• In these cases, the TSF ensures that access validation occurs before creating a new handle
for a subject.
– Handles may also be inherited from a parent process or directly copied (with
appropriate access) from another subject.
• In all cases, before creating a handle, the TSF ensures that that the security policy allows the
subject to have the handle (and thereby access) to the object.
– A handle always has a granted access mask associated with it.
• This mask indicates, based on the security policy, which access rights to the object that the
subject was granted.
• On every attempt to use a handle, the TSF ensures that the action requested is allowed
according to the handle’s granted access mask.
• In a few cases, such as with DS, objects are directly accessed by name
without the intermediate step of obtaining a handle first.
– In these cases, the TSF checks the request against the access policy directly
(rather than checking for a granted access mask).
67
VPN Client (1)
• The Windows IPsec VPN client can be configured by
the device local administrator.
– The administrator can configure the IPsec VPN client that all
IP traffic is routed through the IPsec tunnel except for:
• IKE traffic used to establish the VPN tunnel
• IPv4 ARP traffic for resolution of local network layer addresses and
to establish a local address
• IPv6 NDP traffic for resolution of local network layer addresses and
to establish a local address
• The IPsec VPN is an end-to-end internetworking
technology
– VPN sessions can be established over physical network
protocols such as wireless LAN (Wi-Fi) or local area network.
68
VPN Client (2)
• The components responsible for routing IP traffic through the VPN
client:
– The IPv4 / IPv6 network stack in the kernel processes ingoing and
outgoing network traffic.
– The IPsec and IKE and AuthIP Keying Modules service which hosts
the IKE and Authenticated Internet Protocol (AuthIP) keying modules.
• These keying modules are used for authentication and key exchange in Internet
Protocol security (IPsec).
– The Remote Access Service device driver in the kernel, which is used
primarily for VPN connections; known as the “RAS IPsec VPN” or “RAS
VPN”.
– The IPsec Policy Agent service which enforces IPsec policies.
• Universal Windows App developers can implement their own VPN
client if authorized by Microsoft to use the networkingVpnProvider
capability, which includes setting the policy to lockdown networking
traffic as described above
69
Identification and Authentication (1)
• Windows 10, Windows 10 S, and Windows Server can authenticate
users based on
– username and password
– using a Windows Hello PIN which is backed by a TPM
• Windows 10 and Windows Server can also use physical or virtual
smart card thus supporting multiple user authentication.
• All logons are treated essentially in the same manner regardless of
their source
– interactive logon,
– network interface,
– internally initiated service logon
and start with
– an account name,
– domain name (which may be NULL; indicating the local system),
– and credentials that must be provided to the TSF.
70
Identification and Authentication (2)
• Password-based authentication to Windows succeeds when the
credential provided by the user matches the stored protected
representation of the password
• Windows Hello and smart cards both use PIN-based authentication
to unlock a protected resource, a private key, the stored
representation of the PIN is protected by the Secure Kernel.
• Password authentication can be used for
– interactive logons,
– service logons,
– network logons,
– and to initiate the “change password” screen
• The Windows Hello PIN, physical and virtual smart cards can be
used for interactive logons
• The Windows Hello PIN is used to re-authenticate the user when
the user chooses to change their PIN.
71
Identification and Authentication (3)
• When the authentication succeeds,
– the user will be logged onto their desktop,
– their screen unlocked,
– or their authentication factors changed
depending whether
– the user logged onto the computer,
– the display was locked,
– or the PIN or password was to be changed.
72
Identification and Authentication (4)
• The Local Security Authority (LSA) component within Windows
maintains a count of the consecutive failed logon attempts by
security principals from their last successful authentication.
• When the number of consecutive failed logon attempts is larger than
the policy for failed logon attempts, which ranges from 0 (never
lockout the account) to 999, Windows will lockout the user account.
• Windows persists the number of consecutive failed logons on for the
user and so rebooting the computer does not reset the failed logon
counter.
• Interactive logons are done on the secure desktop, which does not
allow other programs to run, and therefore prevents automated
password guessing.
• In addition, the Windows logon component enforces a one second
delay between every failed logon with an increased delay after
several consecutive logon failures.
73
X.509 Certificate Validation and Generation (1)
• Every Windows component that uses X.509 certificates is responsible
for performing certificate validation
– However all components use a common system subcomponent, which
validates certificates as described in RFC 5280, and particular, the specific
validation listed in section 5.1.4.4, including all applicable usage constraints
such as Server Authentication for networking sessions and Code Signing
when installing product updates.
• Every component that uses X.509 certificates will have a repository for
public certificates and will select a certificate based on criteria such as
– entity name for the communication partner,
– any extended key usage constraints,
– and cryptographic algorithms associated with the certificate.
• The Windows component will use the same kinds of information along
with a certification path and certificate trust lists as part of deciding to
accept the certificate.
74
X.509 Certificate Validation and Generation (2)
• If certificate validation fails, or if Windows is not able to check the
validation status for a certificate, Windows will not establish a trusted
network channel,
– It will inform the user and seek their consent before establishing a HTTPS web
browsing session.
– Certification validation for updates to Windows, mobile applications, and
integrity verification is mandatory,
• neither the administrator nor the user have the option to bypass the results of a failed
certificate validation
• software installation and updates is further described in Windows and Application
Updates.
• When Windows needs to generate a certificate enrollment request it will
include
– a distinguished name,
– information about the cryptographic algorithms used for the request,
– any certification extensions,
– and information about the client requesting the certificate.
75
Certificate Storage
• In a Windows OS, stored certificates known as trusted root
certificates are contained in certificate stores.
• Each user has their own certificate store and there is a
certificate store for the computer account;
– access to a certificate store is managed by the discretionary access
control policy in Windows such that only the authorized
administrator, i.e., the user or the local administrator, can add or
remove entries.
• Certificates which are used by applications, for example, TLS,
are also placed in certificate stores for the user.
• In addition to the standard certificate revocation processes,
application certificates can be loaded by either using
administrative tools such as certutil.exe, changes to the trusted
root certificates can be made using Certificate Trust Lists.
76
Security Management
Management Function Administrator User
Enable/disable screen lock √ √
Configure screen lock inactivity timeout √ √
Configure local audit storage capacity √
Configure minimum password length √
Configure minimum number of special characters in password
Configure minimum number of numeric characters in password
Configure minimum number of uppercase characters in password
Configure minimum number of lowercase characters in password
Configure remote connection inactivity timeout √
Enable/disable unauthenticated logon
Configure lockout policy for unsuccessful authentication attempts √
through (timeouts between attempts, limiting number of attempts
during a time period)
Configure host-based firewall √
Configure name/address of directory server to bind with √
77
Security Management
Management Function Administrator User
Configure name/address of remote management server from √
which to receive management settings
Configure name/address of audit/logging server to which
to send audit/logging records
Configure audit rules √
Configure name/address of network time server √
Enable/disable automatic software update √
Configure Wi-Fi interface √
Enable/disable Bluetooth interface √
Configure USB interfaces √
Enable/disable local area network interface √
78
Protection of the TSF
• Separation and Domain Isolation
• Protection of OS Binaries, Audit and
Configuration Data
• Protection From Implementation Weaknesses
• Windows Platform Integrity and Code Integrity
• Windows and Application Updates
79
Separation and Domain Isolation
• The TSF provides a security domain for its own
protection and provides process isolation.
• The security domains used within and by the
TSF consists of the following:
– Hardware
– Virtualization Partitions
– Kernel-mode software
– Trusted user-mode processes
– User-mode Administrative tools process
– Application Containers
80
TSF Hardware and Kernel-Mode
Software
• The TSF hardware is managed by the TSF kernel-mode software and is
not modifiable by untrusted subjects.
• The TSF kernel-mode software is protected from modification by
hardware execution state and protection for both physical memory and
memory allocated to a partition;
– an operating system image runs within a partition.
• The TSF hardware provides a software interrupt instruction that causes a
state change from user mode to kernel mode within a partition.
• The TSF kernel-mode software is responsible for processing all
interrupts, and determines whether or not a valid kernel-mode call is
being made.
– In addition, the TSF memory protection features ensure that attempts to access
kernel-mode memory from user mode results in a hardware exception, ensuring
that kernel-mode memory cannot be directly accessed by software not executing
in the kernel mode.
81
User-Mode Processes Isolation
• The TSF provides process isolation for all user-mode processes
through
– private virtual address spaces (private per process page tables),
– execution context (registers, program counters),
– security context (handle table and token).
The data structures defining process address space, execution
context and security context are all stored in protected kernel-
mode memory.
• All security relevant privileges are considered to enforce TSF
Protection.
• User-mode administrator tools execute with the security
context of the process running on behalf of the authorized
administrator.
– Administrator processes are protected like other user-mode processes,
by process isolation.
82
Application Containers
• Application Containers (“App Containers”) provide an
execution environment for Universal Windows Applications
– it prevents Universal Windows Applications from accessing data
created by other Universal Windows Applications except through
brokered operating system services such as the File Picker dialog.
• Like TSF processes, user processes also are provided a private
address space and process context,
– therefore are protected from each other.
• Additionally, the TSF has the added ability to protect memory
pages using Data Execution Prevention (DEP)
– It marks memory pages in a process as non-executable unless the
location explicitly contains executable code.
– When the processor is asked to execute instructions from a page
marked as data, the processor will raise an exception for the OS to
handle.
83
Cryptographic Protection
• The TSF implements cryptographic mechanisms within a distinct user-mode
process, where its services can be accessed by both kernel- and user-mode
components, in order to isolate those functions from the rest of the TSF to
limit exposure to possible errors while protecting those functions from
potential tampering attempts.
• Furthermore, the TSF includes a Code Integrity Verification feature, also
known as Kernel-mode code signing (KMCS), whereby device drivers will
be loaded only if they are digitally signed by either Microsoft or from a trusted
root certificate authority recognized by Microsoft.
– KMCS uses public-key cryptography technology to verify the digital signature of each
driver as it is loaded.
– When a driver tries to load, the TSF decrypts the hash included with the driver using
the public key stored in the certificate.
– It then verifies that the hash matches the one that it computes based on the driver code
using the FIPS-certified cryptographic libraries in the TSF.
– The authenticity of the certificate is also checked in the same way, but using the
certificate authority's public key, which must be configured in and trusted by the TOE.
84
Protection of OS Binaries, Audit
and Configuration Data
• By default, a Windows operating system is installed into the \Windows\ directory of
the first bootable storage partition for the computer.
– The logical name for this directory is %systemRoot%.
• The kernel, device drivers (.sys files), system executables (.exe files) and dynamically
loadable libraries (.dll files) are stored in the \%systemRoot%\system32 directory
and subdirectories below system32.
– Standard users have permissions to read and execute these files, however modify and write
permissions are limited to the local administrator and system service accounts.
• The root directory for audit logs is %systemRoot%\system32\winevt.
– The local administrator, Event Log service, and the system account have full control over the
audit files; standard users are not authorized to access the logs.
• The primary configuration data store for Windows is the registry
– There are separate registry hives for the computer itself and each user authorized to use the
computer.
– The registry hives for operating system configuration data is located at %systemRoot%\
system32\config; the registry hive for the user is located in the user’s profile home directory.
– Registry files use the same protection scheme as event log files.
85
Protection From Implementation
Weaknesses (1)
• The Windows kernel, user-mode applications, and all Windows Store
Applications implement Address Space Layout Randomization (ASLR)
in order to load executable code at unpredictable base addresses.
– The base address is generated using a pseudo-random number generator that is
seeded by high quality entropy sources when available which provides at least 8
random bits for memory mapping.
• The Windows runtime also provides stack buffer overrun protection
capability that will terminate a process after Windows detects a potential
buffer overrun on the thread’s stack by checking canary values in the
function prolog and epilog as well as reordering the stack.
• All Windows binaries and Windows Store Applications implement stack
buffer overrun protection by
– being complied with the /GS option, and
– checking that all Windows Store Applications are compiled with buffer overrun
protection before ingesting the Windows Store Application into the Windows Store.
86
Protection From Implementation
Weaknesses (2)
• To enable these protections using the Microsoft Visual
Studio development environment, programs are complied
with
– /DYNAMICBASE option for ASLR,
– and optionally with /HIGHENTROPYVA for 64-bit ASLR,
– or /NXCOMPAT:NO to opt out of software-based DEP,
– and /GS (switched on by default) for stack buffer overrun
protection.
• Windows Store Applications are compiled with the
/APPCONTAINER option which builds the executable to
run in a Windows appcontainer, to run with the user-mode
protections described in this section.
87
Windows Platform Integrity and
Code Integrity
• A Windows operating system verifies the integrity of
Windows program code using the combination of Secure
Boot and Code Integrity capabilities in Windows.
• On computers with a Trusted Platform Module (TPM),
before Windows will boot, the computer will verify the
integrity of the early boot components, which includes
– the Boot Loader,
– the OS Loader,
– and the OS Resume binaries.
• This capability is known as Secure Boot
88
Secure Boot (1)
• The Secure Boot checks that the file integrity of early boot
components has not been compromised, mitigating the risk of
rootkits and viruses, and additionally checks that critical boot-
time data have not been modified.
– Secure Boot collects these file and configuration measurements and
seals them to the TPM.
– When Secure Boot starts in the preboot environment, it will compare
the sealed values from the TPM to the measured values from the
current boot cycle
– If those values do not match the sealed values, Secure Boot will lock
the system (which prevents booting) and display a warning on the
computer display.
• While the TPM is part of the external IT environment, the hardware-protected
hashes serve as the first step of the chain that provides integrity from the
hardware, through the bootchain into the kernel and required device drivers.
89
Secure Boot (2)
– When the measurements match, the UEFI firmware will load the OS
Boot Manager, which is an Authenticode-signed image file, based on
the Portable Executable (PE) image file format.
• A SHA-256 hash based signature and a public key certificate chain are
embedded in the boot manager Authenticode signed image file under the
“Certificate” IMAGE_DATA_DIRECTORY of the IMAGE_OPTIONAL_HEADER
of the file.
• This public key certificate chain ends in a root public key.
– The boot manager uses the embedded SHA-256 hash based
signature and public key certificate chain to validate its own integrity. A
SHA-256 hash of the boot manager image file is calculated for the
whole file, with the exception of the following three elements which are
excluded from the hash calculation:
• the CheckSum field in the IMAGE_OPTIONAL_HEADER,
• the IMAGE_DIRECTORY_ENTRY_SECURITY, IMAGE_DATA_DIRECTORY,
• and the public key certificate table, which always resides at the end of the
image file.
90
Secure Boot (3)
– If the boot manager is validated, then the root public key of the
embedded public key certificate chain must match one of the Microsoft
root public keys which indicate that Microsoft is the publisher of the
boot manager.
• These root public keys are necessarily hardcoded in the boot manager.
– If the boot manager cannot validate its own integrity, then the boot
manager does not continue to load other modules and displays an
error message.
– After the boot manager determines its integrity, it attempts to load one
application from the following list of boot applications:
• OS Loader: (Winload.exe or Winload.efi): the boot application started by the
boot manager load the Windows kernel to start the boot process
• OS Resume (winresume.exe or winresume.efi): the boot application started by
the boot manager to resume the instance of the executing OS which is
persisted in the hibernation file “hiberfil.sys”
• A physical memory testing application (memtest.exe) to check the physical
memory ICs for the machine are working correctly.
91
Secure Boot (4)
– These boot applications are also Authenticode signed image files and
so, the Boot Manager uses the embedded trusted SHA-256 hash
based signature and public key certificate chain within the boot
application’s IMAGE_OPTIONAL_HEADER to validate the integrity of
the boot application before attempting to load it.
– Except for three elements which are excluded from the hash
calculation (these are the same three elements mentioned above in
the Boot Manager description), a hash of a boot application image file
is calculated in the same manner as for the Boot Manager.
– If the boot application is validated, then the root public key of the
embedded public key certificate chain must match one of the
hardcoded Microsoft’s root public keys.
– If the boot manager cannot validate the integrity of the boot
application, then the boot manager will not load the boot application
and instead displays an error message below along with the full name
of the boot application that failed the integrity check.
92
Secure Boot (5)
– After the boot application’s integrity has been determined, the
boot manager attempts to load the boot application. If the boot
application is successfully loaded, the boot manager then
transfers execution to the loaded application.
– After the Winload boot application is loaded, it receives the
transfer of execution from the boot manager.
• During its execution, Winload attempts to load the Windows kernel
(ntoskrnl.exe) together with a number of early-launch drivers.
– Among the modules that Winload must validate in the Portable
Executable (PE) image file format, are the cryptography-related
modules listed below
• The Windows kernel (ntoskrnl.exe)
• The BitLocker drive encryption filter driver (fvevol.sys)
• The Windows kernel cryptography device driver (cng.sys)
• The Windows code integrity library module (ci.dll)
93
Secure Boot (6)
– The four image files above have their trusted SHA hashes stored in
catalog files that reside in the local machine catalog directory
• Because they are PKCS #7 SignedData messages, catalog files are signed
• The root public key of the certificate chain used to verify the signature of a
Microsoft’s catalog file must match one of the Microsoft’s root public keys
indicating that Microsoft is the publisher of the Windows image files
• These Microsoft’s root public keys are hardcoded in the Winload boot application
– If the image files are validated, their SHA-256 hashes, as calculated by
the Winload boot application, must match their trusted SHA-256 hashes
in a Microsoft’s catalog file, which has been verified by the Winload boot
application
– A hash of an image file is calculated for the whole file, with the exception
of the following three elements which are excluded from the hash
calculation:
• the CheckSum field in the IMAGE_OPTIONAL_HEADER,
• the IMAGE_DIRECTORY_ENTRY_SECURITY IMAGE_DATA_DIRECTORY,
• the public key certificate table, which always resides at the end of the image file.
94
Secure Boot (7)
– Should the Winload boot application be unable to validate the integrity of
one of the Windows image files, the Winload boot application does not
continue to load other Windows image files
• Rather it displays an error message and fails into a non-operational mode
• In limited circumstances the pre-boot environment will attempt to repair the boot
environment, such as copying files from a repair partition to repair files with integrity
errors
• When repair is not possible, the boot manager will ask the user to reinstall Windows
– After the initial device drivers have been loaded, the Windows kernel will
continue to boot the rest of the operating system using the Code Integrity
capability (ci.dll) to measure code integrity for
• (1) the remaining kernel-mode and user-mode programs which need to be loaded for
the OS to complete its boot and
• (2) after booting, CI also verifies the integrity of applications launched by the user
(applications from Microsoft are always signed by Microsoft, and third-party
applications which may be signed by the developer) by checking the RSA signature
for the binary and SHA-256 hashes of the binary which are compared to the catalog
files described above.
95
Kernel-mode code signing (KMCS)
• Kernel-mode code signing (KMCS), also managed by CI, prevents kernel-
mode device drivers, such as the TCIP/IP network driver (tcpip.sys), from
loading unless they are published and digitally signed by developers who
have been vetted by one of a handful of trusted certificate authorities
(CAs).
– KMCS, using public-key cryptography technologies, requires that kernel-mode
code include a digital signature generated by one of the trusted certificate
authorities
– When a kernel device driver tries to load, Windows decrypts the hash included
with the driver using the public key stored in the certificate, then verifies that the
hash matches the one computed with the code
– The authenticity of the certificate is checked in the same way, but using the
certificate authority's public key, which is trusted by Windows
– The root public key of the certificate chain that verifies the signature must match
one of the Microsoft’s root public keys indicating that Microsoft is the publisher of
the Windows image files
– These Microsoft’s root public keys are hardcoded in the Windows boot loader
96
Windows File Protection
• Windows File Protection maintains a set of protected
files that are stored in a cache along with cryptographic
hashes of each of those files
• Once the system is initialized, Windows File Protection
is loaded and will scan the protected files to ensure
they have valid cryptographic hashes
• Windows File Protection also registers itself to be
notified should any of the protected files be modified so
that it can recheck the cryptographic checksum at any
point while the system is operational
• Should the any of the cryptographic hash checks fail,
the applicable file will be restored from the cache
97
Windows and Application Updates (1)
• Updates to Windows are delivered as Microsoft Update Standalone
Package files (.msu files) which are signed by Microsoft with two digital
signatures,
– a RSA SHA1 signature for legacy applications
– a RSA SHA-256 signature for modern applications.
The digital signature is signed by Microsoft Corporation, with a certification
path through a Microsoft Code Signing certificate and ultimately the Microsoft
Root Certification Authority.
– These certificates are checked by the Windows Trusted Installer prior to installing the
update.
• The Windows operating system will check that the certificate is valid and has
not been revoked using a standard PKI CRL.
– Once the Trusted Installer determines that the package is valid, it will update Windows;
– otherwise the installation will abort and there will be an error message in the event log.
• Note that the Windows installer will not install an update if the files in the
package have lower version numbers than the installed files.
98
Windows and Application Updates (2)
• The integrity of the Microsoft Code Signing certificate on the computer is
protected by the storage root key within the TPM, and the validated integrity
of the Windows binaries as a result of Secure Boot and Code Integrity.
• Updates to the Windows operating system, Windows applications, and
Microsoft desktop applications are delivered through the
– Windows Update capability (for Windows) and
– Microsoft Update (for Microsoft desktop applications),
which is enabled by default
or the user can go to http://catalog.update.microsoft.com to search and obtain
security updates on their own volition.
• A user can then check that the signature is valid either by viewing the digital
signature details of the file from Windows Explorer or by using the Get-
AuthenticodeSignature PowerShell Cmdlet.
– If the Get-AuthenticodeSignature PowerShell Cmdlet or Windows Explorer could not
verify the signature, the status will be marked as invalid.
– This verification check uses the same functionality described above.
99
Windows Store Applications
• Universal Windows Platform (UWP) apps can be downloaded
from the Microsoft Store and their installation packages are
verified using a digital signature from Microsoft Corporation with
the Code Signing usage.
– These applications are contained in either AppX packages, or a
collection of AppX packages known as an AppX bundle.
– The AppX package uses the Open Packaging Conventions (OPC)
standard.
– Each package contains a directory file which lists the other files in the
package, a digital signature for the package, a block map representing
the application files which may be installed on the target computer, and
the application files themselves.
• The AppX Deployment Service will verify the RSA SHA-256
digital signature for the block map and the other AppX metadata
at the beginning of the AppX package (or bundle) download.
100
Distributing Updates
• There are several distribution channels for
updates to Windows and Windows applications:
– Windows Update: Windows Update is the web service
for delivering Windows updates directly to consumers.
– Windows Server Update Services (WSUS): WSUS is
a server role in Windows Server which IT
administrators can use to distribute application updates
to users within their enterprise.
– Windows Store: The Windows Store is a web service
for delivering updates to Universal Windows Platform
apps which were originally installed from the Windows
Store.
101
TOE Access (1)
• Windows provides the ability for a user to lock their interactive logon
session at their own volition or after a user-defined inactivity timeout.
• Windows also provides the ability for the administrator to specify the
interval of inactivity after which the session will be locked.
– This policy will be applied to either the local machine or the computers within a
domain using either local policy or group policy respectively.
– If both the administrator and a standard user specify an inactivity timeout period,
Windows will lock the session when the shortest time period expires.
• Once a user has a desktop session, they can invoke the session locking
function by using the same key sequence used to invoke the trusted
path (Ctrl+Alt+Del).
– This key sequence is captured by the TSF and cannot be intercepted or altered
by any user process.
– The result of that key sequence is a menu of functions, one of which is to lock
the workstation.
– The user can also lock their desktop session by going to the Start screen,
selecting their logon name, and then choosing the “Lock” option.
102
TOE Access (2)
• Windows constantly monitors the mouse, keyboard, touch
display, and the orientation sensor for inactivity in order to
determine if they are inactive for the specified time period.
• After which, Windows will lock the workstation and execute
the screen saver unless the user is streaming video such as a
movie.
– Note that if the workstation was not locked manually, the TSF will
lock the display and start the screen saver program if and when the
inactivity period is exceeded
– It will also display any notifications from applications which have
registered to publish the application’s badge or the badge with
associated notification text to the locked screen.
– The user has the option to not display any notifications, or choose
one Windows Store Application to display notification text, and
select other applications display their badge.
103
TOE Access (3)
• After the computer was locked, in order to unlock their session, the user either
presses a key or swipes the display.
– The user must provide the Ctrl+Alt+Del key combination if the Interactive Logon: Do
not required CTRL+ALT+DEL policy is set to disabled.
Either action will result in an authentication dialog.
• The user must then re-enter their authentication data, which has been cached
by the local system from the initial logon, after which the user’s display will be
restored and the session will resume.
– Alternately, an authorized administrator can enter their administrator identity and
password in the authentication dialog.
– If the TSF can successfully authenticate the administrator, the user will be logged off,
rather than returning to the user’s session, leaving the workstation ready to
authenticate a new user.
• As part of establishing the interactive logon session, Windows can be
configured to display a logon banner, which is specified by the administrator,
that the user must accept prior to establishing the session.
• As described in the administrator guidance, an authorized adminstator can
specify which Wi-Fi networks (SSIDs) a computer may be connected to.
104
Trusted Channels
• Windows provides trusted network channels to communicate with supporting
IT infrastructure or applications:
– Using TLS (HTTPS) for certificate enrollment; CRL checking; authentication to
network resources such as web (HTTPS) and directory (LDAP-S) servers; and
management via configuration sevrice providers in Windows that are local interface
for processing Mobile Device Management (MDM) requests.
– Using DTLS for datagram-based services and web browsing using a DTLS version
which is specified by the client application.
• In order to establish a trusted channel, these communications are protected
as described above
• The remote access can be performed through the following methods:
– Connect to another computer using Remote Desktop Connection
– PowerShell Remoting
• Both methods use TLS (1.2) protocol for establishing the remote connection.
• Windows implements IEEE 802.11-2012, IEEE 802.1X and EAP-TLS to
provide authenticated wireless networking sessions when requested by the
user as described above in Wireless Networking.
105
Безпека
операційних систем і
комп'ютерних мереж
Довідковий матеріал
Для добавления до лекцій
текста
9-10 (Засоби
щелкните захисту Linux)
мышью
Витяг з Red Hat Enterprise Linux (v.7.1);
SUSE Linux Enterprise Server (v.12);
Oracle Linux (v.7.3); Ubuntu (16.04 LTS)
Security Targets
Вступ
■ Як і для Windows, розглянемо функції безпеки Linux за документами
Security Target (ST), що готували для оцінювання окремих
дистрибутивів Linux за стандартом Common Critera
■ Оцінювання (з наступною сертифікацією) проводили для різних
дистрибутивів, серед яких
● Red Hat Enterprise Linux (v.7.1)
● SUSE Linux Enterprise Server (v.12)
● Oracle Linux (v.7.3)
● Wind River Linux Secure (v.1.0)
● Ubuntu (16.04 LTS)
■ Багато підрозділів опису функцій безпеки зазначених продуктів в
різних ST повторюються дослівно, що свідчить про те, що за основу
береться один документ, розроблений для Linux взагалі, а не для
окремих дистрибутивів
■ Однак є суттєві відмінності, пов’язані як з відмінностями функцій
дистрибутивів, так і з комплектацією відповідних TOE
2
Required Hardware (1)
■ Red Hat Enterprise Linux 7.1:
● HP
□ based on x86 64bit Intel Xeon processors: HP Proliant ML, DL, BL, SL series G7, Gen8, Gen9 product
line
□ based on AMD64 processors: HP Proliant ML, DL, BL, SL series G7, Gen8 product line
■ All hardware must be configured using a RAM with automated error correction
mechanism present. For example ECC RAM would be suitable to cover that
requirement.
3
Required Hardware (2)
■ SUSE Linux Enterprise Server 12:
● HP based on x86 64bit Intel Xeon processors: HP ProLiant BL460c G1
● HP based on X86 64bit AMD Opteron processors: HP ProLiant BL465c G1
● IBM System z based on z/Architecture processors: zEnterprise EC12 (zEC12), BC12
(zBC12), 196 (z196), 114 (z114)
Note: all x86_64 system implement the VT-x or AMD-V virtualization support including the
nested page table support (EPT — Intel, NPT — AMD)
■ Ubuntu LTS 16.04:
● x8664bit Intel Xeon processors: Supermicro SYS-5018R-WR
● IBM System z based on z/Architecture processors: IBM z13
● IBM System P based on OpenPOWER processors:
□ IBM Power System S822L (PowerNV 8247-22L)
□ IBM Power System S822LC (PowerNV 8001-22C)
□ IBM Power System S822LC (PowerNV 8335-GTB)
Note: the x86_64 system implements the VT-x including the nested page table support
(EPT — Intel). The listed machines provide the IOMMU implementation of VT-d.
■ Oracle Linux
● x86 64-bit Intel Xeon processors: Oracle Server X7-2
4
General System Overview (RHEL)
■ The Target of Evaluation (TOE) is the Linux distribution in the version specified in the ST
executing on the hardware specified in the ST.
■ Multiple TOE systems can be connected via a physically-protected Local Area Network (LAN).
● Each computer provides the same set of local services, such as file, memory, and process management
● Each computer also provides network services, such as remote secure shells and file transfers, to users
on other computers
● A user logs in to a host computer and requests services from the local host and also from other
computers within the LAN.
■ User programs issue network requests by sending Transmission Control Protocol (TCP) or
User Datagram Protocol (UDP) messages to another computer
● Some network protocols, such as Secure Shell (SSH), can start a shell process for the user on another
computer, while others are handled by trusted server daemon processes.
■ The TOE system provides a user Identification and Authentication (I&A) mechanism by
requiring each user to log in with proper password at the local workstation, and also at any
remote computer where the user can enter commands into a shell program (for example,
remote SSH sessions)
● Each computer enforces a set of the following policies:
□ Discretionary Access Control (DAC) policy, based on UNIX®-style mode bits
□ an optional Access Control List (ACL)
□ Mandatory Access Control (MAC) policy using Security Enhanced Linux (SELinux) extensions for the named objects
under its control.
5
Host Computer Structure
6
TOE Services
■ Each host computer in the system is capable of providing the
following types of services:
● Local services to the users who are currently logged in to the system
using
□a local computer console,
□ virtual consoles,
□ or terminal devices connected through physically protected serial lines.
8
Local and network services
provided by Linux (2)
■ User A can log in at Host 1, and then
use SSH to log in to Host 2.
● On Host 2, User A is logged in from a
remote host
● On Host 1, when User A uses SSH to log
in to Host 2, the SSH client on Host 1
makes protocol requests to an SSH server
process on Host 2
● The server process mediates the request
on behalf of User A, carries out the
requested service, if possible, and returns
the results to the requesting client
process.
■ Also, note that the network client and server can be on the same host system.
● For example, when User C uses SSH to log in to Host 2, the user's client process opens
an SSH connection to the SSH server process on Host 2
● Although this process takes place on the local host computer, it is distinguished from
local services because it involves networking protocols
9
Security Policy Model (1)
■ The security policy for the TOE is defined by the security functional
requirements.
■ The following is a list of the subjects and objects participating in the policy.
Subjects:
● Processes acting on behalf of a human user or technical entity
● Processes acting on behalf of a human user or technical entity providing a virtual
machine environment
Named objects:
● File system objects in the following allowed file systems:
□ XFS — standard file system for general data
□ VFAT — special purpose file system for UEFI BIOS support mounted at /boot/efi
□ Ext4 — standard file system for general data
□ iso9660 — ISO9660 file system for CD-ROM and DVD
□ tmpfs — the temporary file system backed by RAM
□ rootfs — the virtual root file system used temporarily during system boot
□ procfs — process file system holding information about processes, general statistical data and
tunable kernel parameters
□ sysfs — system-related file system covering general information about resources maintained by the
kernel including several tunable parameters for these resources
10
Security Policy Model (2)
□ devpts — pseudoterminal file system for allocating virtual TTYs on demand
□ devtmpfs — temporary file system that allows the kernel to generate character or block device
nodes
□ binfmt_misc — configuration interface allowing the assignment of executable file formats with user
space applications
□ securityfs — interface for loadable security modules (LSM) to provide tunables and configuration
interfaces to user space
□ selinuxfs — interface for allowing user space components to interact with the SELinux module
inside the kernel, including managing the SELinux policy
Note that the TOE supports a number of additional virtual (i.e. without backing of
persistent storage) file systems which are only accessible to the TSF — they are not or
cannot be mounted
□ Allabove mentioned virtual file systems implement access decisions based DAC attributes inferred
from the underlying process’ DAC attributes
□ Additional restrictions may apply for specific objects in this file system
11
Security Policy Model (3)
TSF data:
● TSF executable code
● Subject meta data — all data used for subjects except data which is not
interpreted by the TSF and does not implement parts of the TSF (this data is
called user data)
● Named object meta data — all data used for the respective objects except data
which is not interpreted by the TSF and does not implement parts of the TSF
(this data is called user data)
● User accounts, including the security attributes defined by FIA_ATD.1
● Audit records
User data:
● Non-TSF executable code used to drive the behavior of subjects
● Data not interpreted by TSF and stored or transmitted using named objects
12
Security policy (1) — Users
■ A user is an authorized individual with an account.
■ Users can use the system in one of following ways:
● By interacting directly with the system through a session at a computer console (in
which case the user can use the display provided as the physical console), or
● By interacting directly with system through a session at a serial terminal, or
● Through deferred execution of jobs using the cron mechanism, or
● By using services implemented with applications accessing these services either
locally or remotely, or
● By using virtual machine environments accessing these environments either
locally or remotely.
■ A user must log in at the local system in order to access the protected
resources of the system.
■ Once a user is authenticated, the user can access files or execute
programs on the local computer, or make network requests to other
computers in the system.
13
Security policy (2) —
Subjects and Objects
■ The only subjects in the system are processes
●A process consists of an address space with an execution context
● The process is confined to a computer; there is no mechanism for dispatching a
process to run remotely (across TCP/IP) on another host
● Every process has a process ID (PID) that is unique on its local host computer, but
PIDs are not unique across systems
□ As an example, each host in the system has an init process with PID 1
■ Objects are passive repositories of data
● The TOE defines three types of objects:
□ named objects which are resources, such as files and IPC objects, which can be manipulated
by multiple users using a naming convention defined at the TSF interface;
□ storage objects which is an object that supports both read and write access by multiple non-
trusted subjects; and
□ public objects which is an object that can be publicly read by non-trusted subjects and can be
written only by trusted subjects.
● Consistent with these definitions, all named objects are also categorized as storage
objects, but not all storage objects are named objects.
14
Security policy (3) —
Access Control
■ Linux enforces a DAC policy for all named objects under its control, and
an object reuse policy for all storage objects under its control
● The DAC policy that is enforced varies among different object classes, in all
cases it is based on user identity and on group membership associated with the
user identity
■ In addition to the DAC policy, Linux also enforces a MAC policy for all
named objects under its control
● DAC policy is enforced first, while MAC is enforced only if DAC permits the
operation
● The MAC policy is non-authoritative; that is, a DAC policy denial cannot be
overridden by the MAC policy
● The MAC policy that is enforced varies among different object classes, in all
cases it is based on the domain of the user and the type of the object
■ To allow for enforcement of the access control policies, all users must be
identified, and their identities must be authenticated
15
Security policy (4)
■ The TOE uses both hardware and software protection mechanisms
● The hardware mechanisms used by Linux to provide a protected domain for its own execution
include a multistate processor, memory segment protection, and memory page protection
● The TOE software relies on these hardware mechanisms to implement TSF isolation, non-
circumventability, and process address-space separation
■ A user can log in at the console, at other directly attached terminals, or through a
network connection
■ Authentication is based on a password entered by the user and authentication data
stored in a protected file or via other types of credentials, such as cryptographic
keys when using SSH
● Users must log in to a host before they can access any named objects on that host
● Some services, such as SSH, to obtain a shell prompt on another host, or ftp, to transfer files
between hosts in the distributed system, require the user to re-enter authentication data to the
remote host
● Linux permits the user to change passwords (subject to TOE enforced password guidelines),
change identity, submit batch jobs for deferred execution, and log out of the system
■ The system architecture provides TSF self-protection and process isolation
mechanisms
16
TSF identification
■ The Linux operating system is distributed as a collection of packages
●A package can include programs, configuration data, and documentation for the package
● Analysis is performed at the file level, except where a particular package can be treated
collectively
■ A file is included in the TSF for one or more of the following reasons:
● It contains code, such as the kernel, kernel module, and device drivers, that runs in a
privileged hardware state of the processor
● It enforces the security policy of the system
● It allows SUID or SGID to a privileged user (for example, root) or group
● It is given file system capabilities implying a privilege escalation during execution
● It grants one or more abilities to override security-related rules enforced by the system to the
calling user
● It started as a daemon executing with root privileges or with a system UID / GID
● It is software that must function correctly to support the system security mechanisms
● It is required for system administration
● It consists of TSF data or configuration files
● It consists of libraries linked to TSF programs
● It started as an application with different privileges than the caller
□ The most notable examples are init, modprobe, and v86d used by the uvesafb driver
● It grants one or more MLS override capabilities to the calling user
17
Kernel TSF Software
■ The Linux kernel includes
● thebase kernel and
● separately-loadable kernel modules and device drivers
provides a protected environment in which users and administrators run the programs,
or sequences of CPU instructions
● Programs execute as processes with the identity of the users that started them (except for some
exceptions defined further), and with privileges as dictated by the system security policy
● Programs are subject to the access control and accountability processes of the system
19
TSF interfaces (1)
■ The TSF interfaces include:
● localinterfaces provided by each host computer
● the network client-server interfaces provided by pairs of host computers
● The argv and envp character arrays which are arguments to the execve system call
□ These two arrays can be evaluated by the executed application
□ A number of environment variables that can be provided with envp are implemented by libraries
that are commonly loaded by most, if not all, applications (like the C-library)
● Files that are part of the TSF database that define the configuration parameters used
by the security functions
● Inter-process communication interfaces exported by an application
□ Theinter-process communication interface type includes the DBus support
□ DBus is a protocol that runs on top of kernel-provided inter-process communication mechanisms
● Hypervisor calls and instruction emulation and simulation implemented by the Linux
kernel to support the KVM virtualization environment
□ This includes the simulation and emulation of hardware provided with the Linux kernel
22
Non-TSF interfaces (1)
■ Interfaces between non-TSF processes and the underlying hardware
● Typically, user processes do not interface directly with the hardware; exceptions are
□ processor,
□ USB,
□ parallelport connections,
□ serial port connections
□ and graphics hardware
● The unprivileged processor instructions do not implement any security functionality, and
the processor restricts these instructions to the bounds defined by the processor
● In addition, the rest of the listed hardware components are not part of the TOE as they are
peripherals
■ Interfaces between different parts of the TSF that are invisible to normal users
(for example, between subroutines within the kernel)
● The interface is internal to the trusted part of the TOE and cannot be invoked outside of
those parts
■ The firmware, while part of the TOE, are not considered as providing TSF
interfaces
● because they do not allow direct unprivileged operations to them
23
Non-TSF interfaces (2)
■ Processor exceptions reflected to the firmware, are not considered to be TSF
interfaces
● They are not relevant to security because they provide access to the firmware, which
does not implement any security functionality
■ In case the IT environment provides a virtualization environment, such as
● KVM host systems,
● z/VM or PR/SM on s390x systems or
● POWER LPAR on IBM POWER systems,
25
Software Architecture (RHEL)
■ Hardware and software privilege ■ TOE Security Functions software
● Hardware privilege structure
□ X86 Privilege level ● Kernel TSF software
□ PowerPC Privilege level □ Logicalcomponents
□ SystemZ Privilege level □ Execution components
□ Virtualization consideration •
Base kernel
•
Kernel threads
● Software privilege •
Kernel modules and device drivers
□ DAC
● Non-kernelTSF software
•
Subjects and objects
•
Attributes ● TSF databases
Access control rules ■ Hardware
•
•
Software privilege
□ SELinux ■ Firmware
LSM MAC
•
Subjects and objects
•
Attributes
•
Attribute storage
•
Access control rules
•
Software privilege
□ Capabilities
•
Software privilege
□ Programs with software privilege
26
Software Architecture
■ This section summarizes the software structure and design of
the Linux system
● The following subsections describe
□ the TOE Security Functions (TSF) software (kernel and non-kernel components)
□ the TSF databases for the Linux system
27
Hardware privilege — X86
Privilege level
■ The concept of privilege is implemented by assigning a value of
0 to 3 to key objects recognized by the processor.
● This value is called the privilege level.
■ The following processor-recognized objects contain privilege
levels:
● Descriptors contain a field called the descriptor privilege level (DPL).
● Selectors contain a field called the requestor’s privilege level (RPL).
□ The RPL is intended to represent the privilege level of the procedure that
originates the selector.
● An internal processor register records the current privilege level (CPL).
□ Normally the CPL is equal to the DPL of the segment the processor is currently
executing.
□ The CPL changes as control is transferred to segments with differing DPLs.
28
Levels of privilege interpreted
as layers of protection
■ The center is for the segments
containing the most critical
software, usually the kernel of the
operating system.
■ Outer layers are for the segments
of less critical software.
■ The Linux kernel, as with most
other UNIX-variant kernels, utilizes
only two of these execution modes.
● The highest, with the processor
privilege level of 0, corresponds to
the kernel mode;
● The lowest, with the processor
privilege of 3, corresponds to the user
mode.
29
Implementation of the hardware
privilege
■ User and kernel modes implement hardware privilege as follows:
● When the processor is in kernel mode, the program has hardware privilege because it can access and
modify any addressable resources, such as memory, page tables, I/O address space, and memory
management registers. This is not possible in the user mode.
● When the processor is in kernel mode, the program has hardware privilege because it can execute
certain privileged instructions that are not available in user mode.
Thus, any code that runs in kernel mode executes with hardware privileges.
■ Software that runs with hardware privileges includes:
● The base Linux kernel.
□ This constitutes a large portion of software that performs memory management file I/O and process management.
● Separately loaded kernel modules, such as many device driver modules.
□A kernel module is an object file whose code can be linked to, and unlinked from, the kernel at runtime.
□ The kernel module code is executed in kernel like any other statically-linked kernel function.
All other software on the system normally runs in user mode, without hardware privileges,
including user processes such as shells, networking client software, and editors.
■ User-mode processes run with hardware privileges when they invoke a system call.
● The execution of the system call or processor traps (such as page faults) caused by user space
applications switches the mode from user to kernel mode, and continues the operation at a designated
address within the kernel where the code of the system call handler or trap handler is located.
30
PowerPC and SystemZ
Privilege level
■ PowerPC Privilege level
● This processor architecture provides three execution modes, identified
by the PR bit (bit 49) and the HV bit (bit 3) of the Machine State
Register (MSR) of the processor
□ Values of 0 for both PR and HV bits indicate a hypervisor execution mode
□ An HV bit value of 1, and a PR bit value of 0, indicate a supervisor, or kernel,
execution mode
□ An HV bit value of 1 and a PR bit value of 1 indicate a user execution mode
31
Virtualization consideration
■ When the TOE is used as a host system for the KVM virtualization, a third privilege state is
used in addition to the two mentioned above: the hypervisor mode.
● The hypervisor mode utilizes additional hardware support provided by the processor.
□ With the hypervisor mode, processor register are accessible that are not accessible via the other two states.
□ Using these registers, another layer of memory address translation is implemented.
□ In addition, I/O address space virtualization is utilized if available.
■ The Linux kernel utilizes this mode when the KVM virtualization is activated.
● In this case, the entire Linux kernel operates in hypervisor mode.
● Normal processes still operate in user mode.
● For user mode processes, the Linux kernel behaves the same way as if the kernel would operate in
supervisor mode.
● In addition, processes may also use the supervisor mode with the help provided by KVM to implement
a guest operating system.
● From the Linux kernel perspective, a guest system is nothing more than a regular process where parts
of that process are executed by enabling the virtualization functionality of the processor.
■ The following CPU mechanisms are used to implement the hypervisor state:
● Intel-based:
VT-x
● AMD-based: SVM
● System Z: SIE instruction
■ The Linux kernel does not provide virtualization support for CPUs other than those listed.
32
Software privilege
■ Software privilege in Linux involves the ability to override the kernel’s
access control mechanisms.
■ Linux implements the following access control models:
● Discretionary Access Control enforced on storage objects
● Capability-based security checks to restrict the execution of system calls or
functional subsets of system calls to callers having the respective capability
● Linux Security Module (LSM) access checks – Mandatory Access Control policies
are implemented using LSMs
■ When accessing named objects, Discretionary Access Control (DAC) is
applied first, and the LSM access checks is applied if and only if the DAC
check grants access.
● The kernel implements software privileges for the DAC policy.
● In addition, the SELinux LSM module may implement software privileges with an
optionally loaded MLS policy.
■ Besides the access control software privileges, capabilities are another
software privilege that can be granted to applications
33
Discretionary Access Control (1)
■ The DAC model allows the owner of the object to decide who can
access that object, and in what manner
● Like any other access control model, DAC implementation can be explained
by
□ which subjects and objects are under the control of the model,
□ security attributes used by the model,
□ access control and attribute transition rules,
□ and the override (software privilege) mechanism to bypass those rules.
34
Discretionary Access Control (2)
■ Attributes
● Subject attributes used to enforce DAC policy are the process UID, GID, supplementary
groups, and process capabilities.
□ These attributes are stored in the task_structure of the process, and are affected by the system
calls.
● Objectattributes used to enforce DAC policy are owner, group owner, permission bits,
and POSIX.1e Access Control Lists (ACLs) for file system objects.
□ These attributes are stored in-core and, for appropriate disk-based file systems, in the on-disk inode.
■ Access control rules
● DAC access control rules specify how a certain process with appropriate DAC security
attributes can access an object with a set of DAC security attributes
● In addition, DAC access control rules also specify how subject and object security
attributes transition to new values and under what conditions
■ Software privilege
● Software privilege for DAC policy is based on the capabilities of CAP_DAC_OVERRIDE,
CAP_DAC_READ_SEARCH which can be assigned to a process.
● A process bearing these capabilities is granted software privilege with respect to DAC as
it can bypass the access control policies of the system.
35
SELinux LSM MAC
■ With the Mandatory Access Control implemented with the SELinux LSM,
it is the system security policy (unlike the owner in DAC) that controls
who should be allowed access to what information
■ The MAC policy provided with SELinux rests on two policy types:
● Type Enforcement (TE) which is used to implement role-based access control,
and
● Multi-Level Security (MLS) with a Bell-LaPadula style hierarchical labeling policy
36
SELinux Attributes
■ MLS label range: The MLS label range contains two complete MLS labels.
● Each MLS label consists of two components, a hierarchical classification level (or sensitivity level), and a
non-hierarchical set of categories.
37
MLS labels
■ Each MLS label consists of two components,
●a hierarchical classification level (or sensitivity level), and
● a non-hierarchical set of categories.
● Therefore, the total access control check happens in three logical steps, as follows:
1.The first is the DAC check using DAC attributes, followed by
2.the TE check using domains and types of the SELinux security context, followed by
3.the Bell-LaPadula MLS policy check using the MLS range of the SELinux security context.
● Each check is non-authoritative.
□ That is, permissions are only reduced at each stage;
□a DAC denial cannot be overridden by TE,
□ and a TE denial cannot be overridden by MLS.
39
Software privilege for MAC
■ Software privilege for the MAC policy is implemented with the domain of the
process and security policy rules associated with that domain.
● For example, processes running in the init_t domain are allowed to read objects whose
sensitivity label dominates the process sensitivity label.
● This override is achieved by domain attributes.
■ The policy rule expresses the domain’s access to type with the override tied to
an attribute of the domain.
● For example, the following policy rule can be used to allow a process to override the Bell-
LaPadula restriction of “no-read-up” when it tries to read a regular file:
mlsconstrain {file} {read} ((l1 dom l2) or (t1 == mlsfileread));
● The above statement sets the security policy that label l1 (belonging to the subject) must
dominate label l2 (belonging to the object) for the read operation to succeed, unless the
process domain has the mlsfileread attribute.
■ System security policy for different subject and object types is described with the
functional description of those subjects and objects.
● In addition to the process attributes which can grant override rights, the following
capability are known to the Linux kernel: CAP_MAC_OVERRIDE.
● If a process possesses this capability, the process can bypass the entire SELinux policy
enforcement.
40
Capabilities
■ The Linux kernel has a framework for providing software privilege for many different functions
provided by the Linux kernel by using capabilities.
● These capabilities allow breakup of the kernel software privilege associated with user ID zero into a set of
discrete privileges based on the operation being attempted.
■ Capabilities integrate with user IDs as follows:
● If a SUID application with the owning ID of root is executed, all capabilities for that process are enabled.
● If the set*uid system call family is used to change the UID of the calling process to an ID not equal to 0, all
capabilities are removed for that process.
● Processes spawned by root initially have all capabilities set.
● Processes spawned by non-root users initially have no capability set.
■ Software privilege
● The kernel restricts the use of many system calls or functional areas called by system calls to processes which
possess a specific capability.
● If the calling process does not possess the required capability, the execution of the affected code area is
denied and the error of EPERM is returned to the caller.
□ For example, if a process is trying to create a device special file by invoking the mknod system call, the kernel checks to
ensure that the process is capable of creating device special files by verifying that the process possesses the CAP_MKNOD
capability.
● Inthe absence of special kernel modules that define and use capabilities, as is the case with the TOE,
capability checks revert back to granting kernel software privilege based on the user ID of the process.
■ The capabilities are based on the POSIX.1e draft plus a number of additional capabilities.
● The entire list of all capabilities including their meanings is fully described in the Linux kernel source code file
of include/linux/capability.h.
41
Programs with software privilege
■ Examples of programs running with software privilege are:
● Programs that are run by the system, such as the cron and init daemons.
● Programs that are run by trusted administrators to perform system administration.
● Programs that run with privileged identity by executing SUID / SGID / file system capabilities
program files.
● Programs executed by trusted super daemons. The following super daemons with the capability of
spawning applications with dissimilar privileged on behalf of calling users are present:
□ systemd: The system boot and management framework provided by systemd allows users to communicate with
it via DBus channels. As systemd runs as root, it allows untrusted users to perform actions that otherwise would
not be possible for such users.
□ PolKit: The user space authorization framework is implemented by the PolKit daemon. That daemon offers its
services via DBus providing the capability to spawn applications as configured by its policy via a SUID helper
application.
■ All software that runs with hardware privileges or software privileges are part of the TSF
■ In a properly administered system:
● Unprivilegedsoftware is subject to the security policies of the system and does not have any
means of bypassing the enforcement mechanisms
□ This unprivileged software need not be trusted in any way, and is thus referred to as untrusted software.
● Trustedprocesses that do not implement any security function need to be protected from
unauthorized tampering using the security functions of Linux.
□ They need to be trusted to not perform any function that violates the security policy of Linux.
42
TSF Software Structure
■ Below is described the structure of the Linux software that constitutes the
TOE Security Functions (TSF)
■ The Linux system is a multi-user operating system
● the kernel running in a privileged hardware mode
● the user processes running in user mode
■ The TSF includes both the kernel software and certain trusted non-kernel
processes
■ The concept of breaking the TOE product into logical subsystems is
described in the Common Criteria.
● These logical subsystems are the building blocks of the TOE, and are described in
the Functional Descriptions section
● They include logical subsystems and trusted processes that implement security
functions
● A logical subsystem can implement or support one or more functional components
□ For
example, the File and I/O subsystem is partly implemented by functions of the Virtual
Memory Manager
43
Kernel TSF software
■ The kernel is the core of the operating system. It
● Interactsdirectly with the hardware,
● Implements the sharing of resources, providing common services to programs,
and
● Prevents programs from directly accessing hardware-dependent functions
■ The Linux kernel is a fully preemptible kernel
● In non-preemptive kernels, kernel code runs until completion
□ That is, the scheduler is not capable of rescheduling a task while it is in the kernel
□ Moreover, the kernel code is scheduled cooperatively, not preemptively, and it runs until it
finishes and returns to user-space, or explicitly blocks
● Inpreemptive kernels, it is possible to preempt a task at any point, so long as the
kernel is in a state in which it is safe to reschedule
■ Services provided by the kernel include the following:
● Control of the execution of processes by allowing their creation, termination or
suspension, and communication
● Allocation of the main memory for an executing process
● Life-cycle maintenance of virtual machines
● File system maintenance
44
Services provided by the kernel (1)
■ Control of the execution of processes by allowing their creation, termination or
suspension, and communication. These include:
● Fairscheduling of processes for execution on the CPU.
● Share of processes in the CPU in a time-shared manner.
● CPU execution of a process.
● Kernel suspension when its time quantum elapses.
● Kernel schedule of another process to execute.
● Later kernel rescheduling of the suspended process.
● Management of the process security-related meta data, such as UIDs, GIDs, SELinux
labels, capabilities.
■ Allocation of the main memory for an executing process. These include:
● Kernel allowance of processes to share portions of their address space under certain
conditions, but protection of the private address space of a process from outside
tampering.
● If the system runs low on free memory, the kernel frees memory by writing a process
temporarily to secondary memory, or a swap device.
● Coordination with the machine hardware to set up a virtual-to-physical address that
maps the compiler-generated addresses to their physical addresses.
45
Services provided by the kernel (2)
■ Life-cycle maintenance of virtual machines, which includes:
● Enforcement of the resource limits configured by the emulation application
applicable to the virtual machine.
● Starting of the virtual machine code.
● Handling of exiting of virtual machines by either performing an instruction
completion or deferring the instruction completion to the user-space emulation
application.
■ File system maintenance. These include:
● Allocation of secondary memory for efficient storage and retrieval of user data.
● Allocation of secondary storage for user files.
● Reclamation of unused storage.
● Structure of the file system in a well-understood manner.
● Protection of user files from illegal access.
● Allowance of processes’ controlled access to peripheral devices such as
terminals, tape drives, disk drives, and network devices.
● Mediation of access between subjects and objects, allowing controlled access
based on the DAC policy and any policy enforced by the loaded LSM.
46
Kernel logical components
■ File and I/O subsystem
■ Process subsystem
■ Memory subsystem
■ IPC subsystem
■ Kernel framework subsystem
■ Auditing
■ Linux Security Extensions
■ Device driver subsystem
■ KVM subsystem
■ Crypto API
47
Kernel logical components (1)
■ File and I/O subsystem:
● This subsystem implements functions related to file system objects.
● Implemented functions include those that allow a process to create, maintain,
interact, and delete file-system objects.
● These objects include regular files, directories, symbolic links, hard links,
device-special files, named pipes, and sockets.
■ Process subsystem:
● Thissubsystem implements functions related to process and thread
management.
● Implemented functions include those that allow the creation, scheduling,
execution, and deletion of process and thread subjects.
■ Memory subsystem:
● This subsystem implements functions related to the management of memory
resources of a system.
● Implemented functions include those that create and manage virtual memory,
including management of page tables and paging algorithms.
48
Kernel logical components (2)
■ Networking subsystem:
● This subsystem implements UNIX and Internet domain sockets, as well as
algorithms for scheduling network packets.
■ IPC subsystem:
● This subsystem implements functions related to IPC mechanisms.
● Implemented functions include those that facilitate controlled sharing of information
between processes, allowing them to share data and synchronize their execution, in
order to interact with a common resource.
■ Kernel framework subsystem:
● This subsystem implements the infrastructure for the kernel to sustain various kernel
mechanisms.
● This subsystem includes the following functions among others:
□ Support for loadable modules: Implemented functions include those that load, initialize, and
unload kernel modules.
□ Exception handling such as context switches, system call loading, etc.
□ Auditing: The audit subsystem implements functions related to recording of security-critical
events on the system. Implemented functions include those that trap each system call to record
security-critical events and those that implement the collection and recording of audit data.
49
Kernel logical components (3)
■ Linux Security Extensions:
● The Linux Security extensions implement various security-related aspects that are provided
to the entire kernel, including the Linux Security Module framework.
● The LSM framework provides a security-agnostic framework for modules to implement
different security policies, including SELinux.
□ SELinux is an important logical subsystem.
□ This subsystem implements mandatory access control functions to mediate access between all subjects
and objects.
■ Device driver subsystem:
● This
subsystem implements support for various hardware and software devices through a
common, device-independent interface.
■ KVM subsystem:
● This subsystem implements the virtual machine life-cycle handling.
● It includes instruction completion for instructions requiring only small verifications.
● For any other instruction completion, KVM calls the QEMU user-space component.
■ Crypto API:
● This subsystem provides a kernel-internal cryptographic library to all components of the
kernel.
● It provides cryptographic primitives to callers.
50
Kernel execution components
■ Base kernel
● The base kernel includes the code that is executed to provide a service, such as servicing a
user’s system call invocation, or servicing an interrupt or exception event.
● A majority of the compiled kernel code falls under this category.
■ Kernel threads
● Inorder to perform certain routine tasks such as flushing disk caches, or reclaiming memory by
swapping out unused page frames, the kernel creates internal processes, or threads.
● Threads are scheduled just like regular processes, but they do not have context in user mode.
● Kernel threads reside in kernel space, and only run in the kernel mode.
51
Non-kernel TSF software and databases
■ The non-kernel TSF software consists of trusted programs that are used to
implement security functions
Note that shared libraries, including PAM modules in some cases, are used by trusted
programs. However, there is no instance where a shared library by itself is considered to
be a trusted entity
■ The trusted commands can be grouped as follows
● System Initialization
● Identification and Authentication
● Network Applications
● Batch Processing
● System Management
● User Level Audit
● Cryptographic Support
● Virtual machine support
● User space authorization handling
■ Firmware
● The firmware consists of the software residing in the hardware
that is started when the system goes through a power-on reset
● In addition to initializing the hardware and starting the
operating system, on the partitioning-capable platforms the
firmware provides logical partitioning support as well
53
TOE Security Functionality
■ Auditing
■ Cryptographic support
56
Audit functionality (2)
■ Access to audit data by normal users is prohibited by the DAC function of the TOE
● The access to the audit trail and audit configuration files is restricted to the system administrator only
■ The system administrator can define the events to be audited using simple filter expressions
● The system administrator is also able to define a set of user IDs for which auditing is active or alternatively a
set of user IDs that are not audited
● Individual files can be configured to be audited by adding them to a watch list that is loaded into the kernel
■ Audit rules can be specified to generate audit data based on a large number of different
attributes, including:
● Subject or user identifiers
● Result of the operation (success/failure)
● Object identity
● Operation performed on an object
● System call number
● SELinux label components
■ The audit system can be configured to take actions if the audit trail is full or reaches a given
theshold of disk space
● The actions that can be configured include a halting of the system, preventing further auditable actions,
notifications to an administrator or the execution of a configured command.
■ The TOE provides a management application that uses the aforementioned netlink interface.
● This application is used during boot time to load the audit rules from the configuration file
/etc/audit/audit.rules.
● The audit rules can be modified at runtime of the system.
57
Audit trail
■ An audit record consists of one or more lines of text containing fields in a “keyword=value” tagged format
■ The following information is contained in all audit record lines:
● Type: indicates the source of the event, such as SYSCALL, PATH, USER_LOGIN, or LOGIN
● Timestamp: Date and time the audit record was generated
● Audit ID: unique numerical event identifier
● Login ID (“auid”), the user ID of the user authenticated by the system (regardless if the user has changed his real
and / or effective user ID afterwards)
● Effective user and group ID: the effective user and group ID of the proces s at the time the audit event was
generated
● Success or failure (where appropriate)
● Process ID of the subject that caused the event (PID)
● Hostname or terminal the subject used for performing the operation
● Information about the intended operation
■ The audit trail is stored in files which are accessible by root only
● If the audit trail fills up and reaches a warning threshold the administrator is notified about reaching the configured
level.
● If the audit trail is full, the audit daemon rejects fetching new audit logs from the kernel to store them into a file.
58
Audit framework
59
Audit subsystem implementation
■ Kernel-userspace interface
■ Task structure extensions for audit
■ Syscall auditing
■ Socket call and IPC audit record generation
■ Filesystem auditing
■ Auditing of other kernel actions
■ Kernel audit initialization
■ Audit record format
■ Auditing Support for IPTables
■ Auditing Support for OpenSSH
■ Time Stamp Maintenance
(currently — see documentation for further information)
60
Cryptographic services
■ The TOE provides cryptographically secured network communication channels to allow
remote users to interact with the TOE.
■ Using one of the following cryptographically secured network channels, a user can request
the following services:
● OpenSSH (RHEL, SUSE, Ubuntu): The OpenSSH application provides access to the command line
interface of the TOE. Users may employ OpenSSH for interactive sessions as well as for non-interactive
sessions. The console provided via OpenSSH provides the same environment as a local console.
OpenSSH implements the SSHv2 protocol.
● libvirtd (SUSE, Ubuntu): The libvirtd daemon is the management facility to allow remote users to
configure virtual machines. The configuration covers all aspects such as assigning of resources, starting
or stopping of virtual machines. libvirtd directly interacts with the virtual machines. This interface is
protected using OpenSSH.
● VNC (SUSE, Ubuntu): The VNC interface provides the access mechanism for users to interact with the
console of a virtual machine. The VNC connection is tunneled through OpenSSH.
● IPSec (SUSE): The strongSwan application suite implements the IKEv1 and IKEv2 protocol family to
negotiate the ISAKMP SA as well as the IPSEC SA to securely establish session keys used for the
IPSec network protocol. The established session keys are transferred to the kernel which implements
the generation as well as processing of ESP and AH packets as part of the IPSec operation.
■ In addition to the cryptographically secured communication channels, the TOE also provides
cryptographic algorithms for general use.
■ The cryptographic primitives for implementing the above mentioned cryptographic
communication protocols are provided by OpenSSL.
61
SSHv2 Protocol (RHEL, SUSE, Ubuntu)
■ The TOE supports the following security functions of the SSH v2.0 protocol:
● Establishing a secure communication channel using the following cryptographic functions
provided by the SSH v2.0 protocol:
□ Encryption as defined in section 4.3 of RFC4253 - the keys are generated using the random number
generator of the underlying cryptographic library;
□ Diffie-Hellman key exchange as defined in section 6.1 of RFC4253;
□ The keyed hash function for integrity protection as defined in section 4.4 of RFC4253.
● IPSec:
□ Once the keys for the IPSEC SA are exchanged or agreed on, the encryption and
decryption of the actual data that flows over the wire is covered with the IPSec protocols of
ESP, potentially supported by AH
□ In Linux, the kernel exclusively implements the IPSec protocols using the keys established
with the IKE protocol
■ The charon daemon implements the IKEv2 protocol.
● The protocol is specified in RFC5996.
63
IPSEC and IKEv2 Protocol Family (SUSE)
(2)
■ The IPSec implementation of the kernel supports the transport as well as the
tunnel mode
● Thisallows the configuration of a peer-to-peer, a peer-to-network or a network-to-
network scenario.
■ The following RFCs are supported for implementing the IPSec protocol family:
● RFC4301, RFC4303: Defining of SPD/SAD, SA, ESP
● RFC4306, RFC4307: IKEv2 with ISAKMP, Diffie-Hellman group
● RFC3526: Diffie-Hellman groups
● RFC4106: AES GCM mode for IPSec
● RFC4307: Various cipher types for IPSec
● RFC4303: Various cipher types for IPSec
● RFC4309: AES CCM mode for IPSec
● RFC5114: Diffie-Hellman groups
● RFC6954: Diffie-Hellman groups
● RFC5996: IKEv2
64
Confidentiality protected data
storage (SUSE, Ubuntu) (1)
■ File system objects are stored on block devices, such as partitions on hard
disk.
■ The Linux operating systems offers the use of an additional layer between
the file systems and the physical block device to encrypt and decrypt any
data transmitted between the file system and the block device.
■ The dm_crypt functionality uses the Linux device mapper to provide such
encryption and decryption operation that is transparent to the file system and
therefore to the user.
■ Before mounting the block device that is protected by the dm_crypt
encryption scheme, the owner of the encrypted block device has to provide a
passphrase.
● Once the dm_crypt protected device is unlocked and mounted, it is accessible as any
other file system.
● When it is unmounted and locked (i.e. the kernel is informed to discard the volume
key), all data on the device is inaccessible.
□ When an administrator would access the raw hardware hosting the block device, only encrypted
data can be read. 65
Confidentiality protected data
storage (SUSE, Ubuntu) (2)
■ The encryption and decryption operation of the device is implemented by the kernel. To
unlock the encrypted volume key stored on the protected block device, the cryptsetup
application performs the following steps:
1.obtain the user's passphrase
2.apply the LUKS key derivation mechanism on the passphrase
3.read the encrypted volume key from the device
4.decrypt the volume key with the key derived from the user's passphrase
5.inject the decrypted volume key into the kernel and set up the mapping between the block device and
the volume key
■ Using the cryptsetup tool, the volume key can also be transferred by encrypting it with
another passphrase which can be given to another user. Similarly, the cryptsetup tool can
be used to erase the storage location of one encrypted volume key.
■ The key material used for by cryptsetup for the disk encryption mechanism is derived from /
dev/urandom and XORing 13 bytes from /dev/random into the state random number
generator.
■ In FIPS 140-2 mode, the libgcrypt DRBG is used for generating keys seeded by
/dev/urandom XORing 13 bytes from /dev/random.
■ The installer with the exception of IBM System Z allows the configuration of the full disk
encryption schema where the entire disk is protected, except the /boot partition.
66
Network Information Flow
Control (Packet Filter)
■ The Linux kernel's network stack implementation follows the
layering structure of the network protocols.
■ It implements the code for handling the link layer as well as
the network layer.
■ For those layers, independent filter mechanism are provided:
● Link layer (SUSE, Ubuntu): ebtables implements the filtering
mechanism for bridges
● Network layer (RHEL, SUSE, Ubuntu): netfilter/iptables implements
the filtering mechanism for non-bridge interfaces
■ Packet filter rules can only be injected into the Linux kernel
for enforcement by processes possessing the
CAP_NET_ADMIN capability (RHEL)
67
Network layer filtering — Netfilter(1)
■ Netfilter is a framework for packet mangling, implemented in the
Linux kernel network stack handling the network layer.
■ The netfilter framework comprises of the following parts:
● The IP stack defines five hooks which are well-defined points in a network
packet's traversal of the IP protocol stack. Each of the hooks, the network
stack will call the netfilter framework allowing it to operate on the entire
packet.
● The netfilter framework provides register functions for other kernel parts to
listen to the different hooks. When a packet traverses one of the hooks and
passed to the netfilter framework, it invokes every registered kernel part.
These kernel parts then can examine the packet and possibly alter it. As
part of the examination, these kernel parts can instruct the netfilter
framework to discard the packet, to allow it to pass, or to queue it to user
space.
● When a packet is marked to be queued to user space, the netfilter
framework handles the asynchronous communication with user space
68
Network layer filtering — Netfilter(2)
■ The netfilter framework implements the five hooks at the following
points in the packet traversal chain:
● When the packet enters the network layer of the TOE and after applying
some sanity checks, but before the routing table is consulted, the
NF_IP_PRE_ROUTING hook is triggered.
● After passing the routing table decision and the routing code marks the
packet to be targeted for another host, the NF_IP_FORWARD hook is
triggered.
● After passing the routing table decision and the routing code marks the
packet to be targeted for the local system, the NF_IP_LOCAL_IN hook is
triggered.
● When the packet traversed all of the network stack and is about to be
placed on the wire again, the NF_IP_POST_ROUTING hook is triggered.
● When a packet is generated locally, the NF_IP_LOCAL_OUT hook is
triggered before the routing table is consulted.
69
Network layer filtering - IPTables(1)
■ All communication on the network layer can be controlled by the IPTables
framework.
■ The combination of IPTables and netfilter implements the packet filter
which provides stateful and stateless packet filtering for network
communication by inspecting the IP header, the TCP header, UDP header
and/or ICMP header of every network packet that passes the network
stack.
■ The packet selection system called IP Tables uses the netfilter framework
to implement the actual packet filtering logic on the network layer for the
TCP/IP protocol family.
● Note: IPTables is able to perform Network Address Translation (NAT) as well as
Port Address Translation (PAT) for simple as well as more complex protocols.
Furthermore, packet mangling support is provided with IPTables.
■ IPTables registers all hooks provided by the netfilter framework.
● The NAT/PAT mechanism uses the pre-routing and post-routing hooks
● The packet filtering capability is enforced on the local-in, local-out and forwaring
hooks
70
Network layer filtering - IPTables(2)
■ IPTables consists of the following two components:
1)In-kernel packet filter enforcement:
● The kernel-side of IPTables use the netfilter framework.
● Three lists of packet filter rules are enforced by the kernel mechanism:
one for each netfilter framework hook that applies to packet filtering.
● Each list contains zero or more rules which are iterated sequentially.
● A rule consists of a matching part (also called the "match extension")
and an action part (also called the "target extension").
2)User space configuration application:
● The user space application iptables(1) allows the configuration of the
IPTables kernel components.
● The application allows the specification of one rule per invocation where
a rule contains the above mentioned matching part and action part.
● The tool also allows modification or deletion of existing rules as well as
configuration of the default action.
71
Link layer filtering - ebtables chains
■ The link layer code handling the bridging functionality implements chains
that are used by ebtables to apply filtering.
■ The netfilter framework is used to implement the ebtables chains at the
following points in the packet traversal logic:
● When the packet enters the link layer of the TOE and after applying some sanity
checks, but before the bridging decision made, the BROUTING chain is triggered.
● After passing the BROUTING chain but still before the bridging decision, the
PREROUTING chain is triggered. When the bridging code decides that the frame is
not intended for a bridge, it is forwarded to the network layer and processing on the
link layer stops.
● After passing the bridge routing decision and the routing code marks the packet to
be targeted for another host, the FORWARD chain is triggered.
● After passing the bridge routing decision and the routing code marks the packet to
be targeted for the local system, the INPUT chain is triggered.
● When a packet is generated locally and the bridging decision marks the frame to be
intended for a bridge, the OUTPUT chain is triggered.
● When the packet traversed all of the bridge logic and is about to be placed on the
wire again, the POSTROUTING chain is triggered.
72
Link layer filtering —
ebtables filtering rules
■ The packet selection system called ebtables uses the netfilter framework to
implement the actual packet filtering logic for Ethernet frames routed through
bridges.
■ Bridged networking communication is only visible on the link layer.
● As the host system uses bridges to connect virtual machines to the environment, only
ebtables can be used to control the traffic flow.
● The data encapsulated within the Ethernet frames are not routed through the host system's
network stack and can therefore not be analyzed and controlled by the IPTables framework
outlined above.
● Even though the network stack of the host system does not analyze the bridged Ethernet
frames any more, the ebtables framework receives the entire frame and is allowed to operate
on that frame. Therefore, ebtables can analyze the protocol inside the Ethernet frame.
■ The ebtables framework can apply filters based on the following concepts:
● Matching of the frame/packet: Matches are based on Ethernet protocols or source and/or
destination MAC addresses.
● Action to be performed on matched frames: Similarly to IPTables, ebtables must be
configured to perform an action on the matched frame. The action can either be to discard the
packet or to accept it.
73
PAM-based identification and
authentication mechanisms (1)
■ Linux uses a suite of libraries called the "Pluggable Authentication
Modules" (PAM) that allow an administrative user to choose how PAM-
aware applications authenticate users.
■ The TOE provides PAM modules that implement all the security
functionality to:
● Provide login control and establishing all UIDs, GIDs and login ID for a subject
● Ensure the quality of passwords
● Enforce limits for accounts (such as the number of maximum concurrent
sessions allowed for a user)
● Enforce the change of passwords after a configured time including the
password quality enforcement
● Enforcement of locking of accounts after failed login attempts.
● Restriction of the use of the root account to certain terminals
● Restriction of the use of the su and sudo commands
74
PAM-based identification and
authentication mechanisms (2)
■ The login processing sets the real, file system, effective and login UID as well
as the real, effective, file system GID and the set of supplemental GIDs of the
subject that is created.
■ It is up to the client application usually provided by a remote system to protect
the user’s entry of a password correctly (e. g. provide only obscured
feedback).
■ After a successful identification and authentication, the TOE initiates a
session for the user and spawns the initial login shell as the first process the
user can interact with.
■ The TOE provides a mechanism to lock a session either automatically after a
configurable period of inactivity for that session or upon the user's request.
■ User accounts are stored in configuration files (/etc/passwd and /etc/shadow).
● Both are writable to the root user only.
● In addition, /etc/shadow is readable to the root user only.
● Modification of both files is performed using a set of administrative applications.
75
Pluggable Authentication Module
■ PAM is responsible for the identification and authentication subsystem.
■ PAM provides a centralized mechanism for authenticating all services.
■ PAM allows for limits on access to applications and alternate, configurable authentication
methods.
● For more detailed information about PAM, see the PAM project Web site at
http://www.kernel.org/pub/linux/libs/pam.
■ PAM consists of a set of shared library modules, which provide appropriate authentication and
audit services to an application
● Applicationsare updated to offload their authentication and audit code to PAM, which allows the system to
enforce a consistent identification and authentication policy, as well as to generate appropriate audit records.
■ The following programs are enhanced to use PAM:
● login
● passwd
● su,sudo
● useradd, usermod, userdel
● groupadd, groupmod, groupdel
● sshd
● chage
● chfn
● chsh
● newrole
76
Authentication with PAM
1.A PAM-aware application makes a call to PAM to initialize certain data structures. With the
initialization, the calling application provides a name to PAM which ultimately is used to find
the configuration file of the authentication stack configuration in /etc/pam.d/. Usually, that
name equals the application name.
2.The PAM module locates the configuration file for that application from
/etc/pam.d/application_name and obtains a list of PAM modules necessary for servicing that
application. If it cannot find an application-specific configuration file, then it uses
/etc/pam.d/other.
3.Depending on the order specified in the configuration file, PAM loads the appropriate
modules for the PAM operation requested by the calling application (i.e. PAM provides one
call back for each module type – the module type is consistent with the “auth”, “session”,
“password” and “account” sections in the PAM configuration files).
4.The authentication module code performs the requested operation depending on the module
type. The module may require input from the user.
Note: a module may perform operations which hardly have anything to do with authentication, but whose
operations are necessary to set up the user environment.
5.Each authentication module performs its action and relays the result back to the application.
6.The PAM library is modified to create a USER_AUTH type of audit record to note the
success or failure from the authentication module.
7.The application takes appropriate action based on the aggregate results from all
authentication modules.
77
User Identity Changing —
su command
■ The su command is intended for a switch to a another identity that establishes a new
login session and spawns a new shell with the new identity.
■ When invoking su, the user must provide the credentials associated with the target
identity - i.e. when the user wants to switch to another user ID, it has to provide the
password protecting the account of the target user.
■ The primary use of the su command within the TOE is to allow appropriately authorized
individuals the ability to assume the root identity to perform administrative actions.
● The capability to login as the root identity has been restricted to defined terminals only
● The use of the su command to switch to root has been restricted to users belonging to a special
group.
● Users that don’t have access to a terminal where root login is allowed and are not member of that
special group will not be able to switch their real, file system and effective user ID to root even if
they would know the authentication information for root.
■ Note that when a user executes a program that has the setuid bit set, only the effective
user ID and file system ID are changed to that of the owner of the file containing the
program while the real user ID remains that of the caller.
■ The login ID is neither changed by the su command nor by executing a program that
has the setuid or setgid bit set as it is used for auditing purposes.
78
User Identity Changing —
sudo command
■ The sudo command is intended for giving users permissions to
execute commands with another user identity.
■ When invoking sudo, the user has to authenticate with this credentials.
■ Sudo is associated with sophisticated ruleset that can be engaged to
specify which:
● source user ID
● originating from which host
● can access a command, a command with specific configuration flags, or all
commands within a directory
● with which new user identity.
■ When switching identities, the real, file system, and effective user ID,
and real, file system, and effective group ID are changed to the one of
the user specified in the command (after successful authentication as
this user).
79
Authentication Data Management (1)
■ Each TOE instance maintains its own set of users with their passwords
and attributes.
● Although the same human user may have accounts on different servers
interconnected by a network and running an instantiation of the TOE, those
accounts and their parameter are not synchronized on different TOE instances.
● As a result the same user may have different user names, different user Ids,
different passwords and different attributes on different machines within the
networked environment.
■ Each TOE instance within the network maintains its own administrative
database by making all administrative changes on the local TOE
instance.
● The file /etc/passwd contains for each user the user’s name, the id of the user,
an indicator whether the password of the user is valid, the principal group id of
the user and other (not security relevant) information.
● The file /etc/shadow contains for each user a hash of the user's password, the
userid, the time the password was last changed, the expiration time as well as
the validity period of the password and some other information.
80
Authentication Data Management (2)
■ Users are allowed to change their passwords by using the
passwd command.
● This application is able to read and modify the contents of /etc/shadow
for the user’s password entry, which would ordinarily be inaccessible to
a non-privileged user process.
● Users are also warned to change their passwords at login time if the
password will expire soon, and are prevented from logging in if the
password has expired.
■ The time of the last successful logins is recorded in the directory /
var/log/tallylog where one file per user is kept.
■ The TOE displays informative banners before or during the login
to users.
● The banners can be specified with the files /etc/issue for logins via the
physical console or /etc/issue.net for remote logins, such as via SSH.
81
Authentication Data Management (3)
■ SSSD is a system daemon with the primary function of providing access to
identity and authentication remote resource through a common framework that
can provide caching and offline support to the system
● It provides PAM and NSS modules
● It provides also a better database to store local users as well as extended user data
■ SSSD can be configured to use a native LDAP domain (that is, an LDAP
identity provider with LDAP authentication), or an LDAP identity provider with
Kerberos authentication
■ One of the primary benefits of SSSD is offline authentication
● This solves the case of users having a separate corporate account and a local machine
account because of the common requirement to implement a Virtual Private Network
(VPN)
● SSSD can cache remote identities and authentication credentials
● This means that a user can still authenticate with these remote identities even when a
machine is offline
■ In an SSSD system, a user only needs to manage one account
■ SSSD integrates with the PAM and NSS framework and can therefore be used
together with PAM modules for local credential stores
82
SSH key-based authentication
■ In addition to the PAM-based authentication, the OpenSSH server is able to perform a
key-based authentication.
● When a user wants to log on, instead of providing a password, the user applies his SSH key.
● After a successful verification, the OpenSSH server considers the user as authenticated and
performs the PAM-based operations.
■ To establish a key-based authentication, a user first has to generate an RSA, or ECDSA
key pair.
● The private part of the key pair remains on the client side.
● The public part is copied to the server into the file .ssh/authorized_keys which resides in the home
directory of the user he wants to log on as.
■ When the login operation is performed the SSHv2 protocol tries to perform the
"publickey" authentication using the private key on the client side and the public key
found on the server side.
■ The operations performed during the publickey authentication is defined in RFC4252
chapter 7.
■ Users have to protect their private key part the same way as protecting a password.
● Appropriate permission settings on the file holding the private key is necessary.
● To strengthen the protection of the private key, the user can encrypt the key where a password
serves as key for the encryption operation.
83
Session locking
■ The TOE uses the screen(1) application which locks the current
session of the user either after an administrator-specified time of
inactivity or upon the user's request.
■ To unlock the session, the user must supply his password.
■ Screen uses PAM to validate the password and allows the user to
access his session after a successful validation.
84