Quick viewing(Text Mode)

Windows User Account Control (UAC) Security Technologies

Windows User Account Control (UAC) Security Technologies

Windows User Account Control (UAC)

Security Technologies

• Many more or less visible security related features • Encrypting File System (EFS) • BitLocker • Services Hardening • Address Space Layout Randomization (ASLR) • Integrity Level • File System Virtualization • Registry Virtualization • User Interface Privilege Isolation (UIPI) • IE Protected Mode • Protected Processes • User Account Control

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Introduction

• UAC remains a misunderstood feature • UAC is not an user access control system • UAC is an new user account control framework • UAC has several goals • force (administrators) users to work with less rights • control legacy applications • enable actions without administrative credentials • protect the system from malware and from administrators

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Motivation

• Reduce the exposure surface of the operating system • Mitigate the impact of malware • Make computers (and networks) less vulnerable

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Token Types

• Applications run in one of the following security contexts • Standard user • Administrator user

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Visible Identification

• In the past users could not easily tell what actions required administrative credentials • Vista removes this uncertainty by showing a shield to identify actions that require administrative privileges

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

User Interaction

• When working using an administrative account, a user must (by default) conscent an action requesting elevated rights.

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

User Interaction

• When working using a standard account, a user must provide adequate credentials in oder to perform an action requesting administrative privileges.

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Consent Prompt Types

• Built-in Windows program

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Consent Prompt Types

• Digital signed third-party applications

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Consent Prompt Types

• Unsigned third-party applications

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Configuration

• Switching User Account Control on or off

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Configuration

• Disabling User Account Control is tagged as unsecured

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Configuration

• Security Policy enables a very granular and flexible configuration of the UAC behaviors • Localy/Globaly

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Configuration

• The built-in Administrator account can be configured to run in one of the following modes: • Admin Approval Mode • XP Compatible Mode (default)

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Framework

• UAC is built on different new technologies • Windows file system virtualization • Windows Registry virtualization • Windows Integrity level • …

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Framework - Service

• User Account Control mechanism is built on the Application Information service

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Framework - Consent

• The process name consent.exe is responsible to show the UAC dialogs

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Framework - Desktop

• Elevation prompts are displayed on a secure desktop by default.

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Framework – Application Marking

• UAC ready applications contain an XML manifest which documents the desired security Run Level credential

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Framework – Resources Virtualization

• UAC Virtualization redirects the following locations • \Program Files • \Windows • \Windows\System32 • \HKLM\Software • Applications accesses are virtualized when accessing secure locations. These locations are then serialized in the corresponding user profile. • \Users\AppData\Local\Virtual Store • \HKCU\Software\Classes\VirtualStore • Virtualization is intended as a bride technology to enable applications that are not UAC compatible to work properly • Virtualization is not supported on 64bit systems

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Workflow

• The workfow of UAC depends several factors • The account a user is logged as • The Security Policy

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Running Programs Elevated

• One-time basis • Always

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Running Programs Elevated

• Application running in elevated mode

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Running Programs Elevated

• Application running in normal mode

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

History

• Some components have kept their names

LUA UAP UAC

www.winitor.com – Nov.2009 Windows User Account Control (UAC)

Links

• Windows Vista TechNet, www.microsoft.com/technet/windowsvista • User Account Control Overview, www.microsoft.com/technet/windowsvista/security/uacppr.mspx • User Account Control, www.microsoft.com/technet/windowsvista/security/uac.mspx

www.winitor.com – Nov.2009