Protection of Components based on a Smart Card Enhanced Security Module

Similar documents
LSM-based Secure System Monitoring Using Kernel Protection Schemes

A Simple Implementation and Performance Evaluation Extended-Role Based Access Control

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Linux OS-Level Security Nikitas Angelinas MSST 2015

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

Safety measures in Linux

Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm

Laboratory Report. An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations

Apache Server Implementation Guide

NSA Security-Enhanced Linux (SELinux)

Performance Measuring in Smartphones Using MOSES Algorithm

How To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)

Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls

Shakambaree Technologies Pvt. Ltd.

Introducing etoken. What is etoken?

RE-TRUST Design Alternatives on JVM

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems

Analysis of the Linux Audit System 1

Plan 9 Authentication in Linux

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Compliance and Security Challenges with Remote Administration

Red Hat. By Karl Wirth

A Secure Autonomous Document Architecture for Enterprise Digital Right Management

YubiKey Integration for Full Disk Encryption

Yale Software Library

Complying with PCI Data Security

USB etoken and USB Flash Features Support

iphone in Business Security Overview

TrustKey Tool User Manual

Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006

File System Encryption with Integrated User Management

Building Blocks Towards a Trustworthy NFV Infrastructure

How To Run A Password Manager On A 32 Bit Computer (For 64 Bit) On A 64 Bit Computer With A Password Logger (For 32 Bit) (For Linux) ( For 64 Bit (Foramd64) (Amd64 (For Pc

Session ID: Session Classification:

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,

SGFS: Secure, Flexible, and Policy-based Global File Sharing

Enhancing Web Application Security

PROXKey Tool User Manual

SafeNet Authentication Client (Windows)

Secure web transactions system

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

Mandatory Access Control in Linux

ITG Software Engineering

Global Journal of Computer Science and Technology

Features. The Samhain HIDS. Overview of available features. Rainer Wichmann

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Ensuring the security of your mobile business intelligence

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Confining the Apache Web Server with Security-Enhanced Linux

RSA SecurID Two-factor Authentication

Lync SHIELD Product Suite

Designing and Coding Secure Systems

Chapter 2 Addendum (More on Virtualization)

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Print Manager Plus 2010 How to Migrate your Database to a New SQL or Print Server

COS 318: Operating Systems. Virtual Machine Monitors

SafeNet Authentication Client

How To Secure Cloud Computing

MIGRATION GUIDE. Authentication Server

SELinux. Security Enhanced Linux

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Secure Data Exchange Solution

Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM and L4 Switch

Service Identifier Comparison module Service Rule Comparison module Favourite Application Server Reinvocation Management module

Using Power to Improve C Programming Education

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

SpiderCloud E-RAN Security Overview

Achieving PCI-Compliance through Cyberoam

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

ERserver. iseries. Secure Sockets Layer (SSL)

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

Example of Standard API

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR

Summary. I. V. Arzamartsev, G. I. Borzunov A Method of Analysis of Multithreaded Applications Based on Symbolic Execution

CipherShare Features and Benefits

HW (Fat001) TPM. Figure 1. Computing Node

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris

etoken Single Sign-On 3.0

RSA SecurID Ready Implementation Guide

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

Transcription:

Protection of Components based on a Smart Card Enhanced Security Module J. García-Alfaro 1,2, S. Castillo 1, J. Castellà-Roca, 3 G. Navarro 1, and J. Borrell 1 1 Autonomous University of Barcelona, Department of Information and Communications Engineering, 08193 Bellaterra - Spain 2 Ecole Nationale Supérieure des Télécommunications de Bretagne, Multimedia Networks and Services Department, 35576 Cesson Sévigné - France 3 Rovira i Virgili University Department of Computer Engineering and Maths, 43007 Tarragona - Spain García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 1 / 22

Introduction: Starting Point Protection of Network Security Components: - J. García, S. Castillo, G. Navarro, and J. Borrell Mechanisms for Attack Protection on a Prevention Framework 39th Annual IEEE International Carnahan Conference on Security Technology Protection based on an AC integrated in the operating system s kernel Implemented as a Linux Security Module through the LSM framework Open architecture for the inclusion of security enhancements at operating system s kernel level García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 2 / 22

Introduction: Protection strategy García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 3 / 22

Introduction: Protection strategy García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 4 / 22

Intra-kernel Access Control Coexistence of the protection AC (more restrictive) with the native operating system AC (less restrictive) The protected system calls are intercepted and, according to a set of security rules, will be accepted or denied: [ P ID ] [ UID] [Device] [inode] [Syscall] [P arameters] {accept, deny} García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 5 / 22

Example: protection of processes KERNEL Space KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR 1000 USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 6 / 22

Example: protection of processes KERNEL Space PID = 1234 UID= admin Syscall = kill_process Parameter = KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 7 / 22

Example: protection of processes KERNEL Space KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 8 / 22

Native operating system s AC García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 9 / 22

Intra-kernel Access Control García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 10 / 22

Constraints of our approach It introduces some administration constraints Officers are not longer allowed to throw system calls which may suppose a threat to the protected component To solve these constraints, we propose the use of a two-factor authentication mechanism Based on a cryptographic protocol and a smart card token Holds to the officer the indispensable privileges to carry out management activities after ensuring the administrator s identity García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 11 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE 1234 SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 12 / 22

Public key protocol SMARTCOP SERVER SMARTCOP NODE SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 13 / 22

Authentication Mechanism: security considerations The console s executable is compiled in a static manner The LSM module, moreover, protects: the AC itself the binary file of the console the normal execution flow of the console s process the communication channel between the LSM module, the smart-card, and the console process García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 14 / 22

Related Works - SELINUX: P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. 11th FREENIX Track: 2001 USENIX Annual Technical Conference, USA, 2001 - RSBAC: A. Ott. The Role Compatibility Security Model. 7th Nordic Workshop on Secure IT Systems (Nordsec 2002), Karlstad University, Sweden, 2002. Reinforce traditional operating system security features Control of the outcoming system calls García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 15 / 22

Benefits of our intra-kernel AC approach Unified methodology Integrated in the system as a LSM module, without having to modifile and recompile the kernel Two-factor authentication mechanism Solves the administration and configuration constraints of such an enhanced reinforcement García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 16 / 22

Deployment and Evaluation (1) Written in C as a set of modules through the LSM (Linux Security Modules) framework Smart card authentication: LSM and smart card communication and cryptographic operations based on etoken PRO (Aladdin) cards Deployed over the components of our platform, implemented for GNU/Linux 2.6 systems García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 17 / 22

Deployment and Evaluation (2) Access control subsytem Authentication subsytem Application Admin. console Enhanced Access Control (LSM) USB etoken driver Auth. core RSA sign. verif. module Security componet OS Access Control Syscall Interface García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 18 / 22

Evaluation: processes tests 100 80 stop process resume process finish process fork process fork + execve fork + /bin/sh Overhead (%) 60 40 20 0 350 700 1050 1400 1750 Number of rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 19 / 22

Evaluation: filesystem and communications 100 80 chmod i-node rename i-node unlink i-node mmap read 10K file create 10K file delete Overhead (%) 60 40 20 0 350 700 1050 1400 1750 Number of rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 20 / 22

Conclusions and Future Work Conclusions: Protection of critical processes and resources based on an AC integrated into the operating system s kernel Smart card based authentication protocol for management and configuration activities Good degree of transparency and reasonable performance penalty Future Work: Improving the customizing of policies Possibility of reload of policies at runtime Improving the matching algorithm of security rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 21 / 22

Conclusions and Future Work Conclusions: Protection of critical processes and resources based on an AC integrated into the operating system s kernel Smart card based authentication protocol for management and configuration activities Good degree of transparency and reasonable performance penalty Future Work: Improving the customizing of policies Possibility of reload of policies at runtime Improving the matching algorithm of security rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 21 / 22

Thank you for your attention! Questions? García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS 2006 22 / 22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information