Windows User Account Control (UAC) Security Technologies
Windows User Account Control (UAC)
Security Technologies
• Many more or less visible security related features • Encrypting File System (EFS) • BitLocker • Services Hardening • Address Space Layout Randomization (ASLR) • Integrity Level • File System Virtualization • Registry Virtualization • User Interface Privilege Isolation (UIPI) • IE Protected Mode • Protected Processes • User Account Control
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Introduction
• UAC remains a misunderstood feature • UAC is not an user access control system • UAC is an new user account control framework • UAC has several goals • force (administrators) users to work with less rights • control legacy applications • enable actions without administrative credentials • protect the system from malware and from administrators
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Motivation
• Reduce the exposure surface of the operating system • Mitigate the impact of malware • Make computers (and networks) less vulnerable
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Token Types
• Applications run in one of the following security contexts • Standard user • Administrator user
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Visible Identification
• In the past users could not easily tell what actions required administrative credentials • Vista removes this uncertainty by showing a shield to identify actions that require administrative privileges
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
User Interaction
• When working using an administrative account, a user must (by default) conscent an action requesting elevated rights.
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
User Interaction
• When working using a standard account, a user must provide adequate credentials in oder to perform an action requesting administrative privileges.
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Consent Prompt Types
• Built-in Windows program
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Consent Prompt Types
• Digital signed third-party applications
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Consent Prompt Types
• Unsigned third-party applications
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Configuration
• Switching User Account Control on or off
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Configuration
• Disabling User Account Control is tagged as unsecured
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Configuration
• Security Policy enables a very granular and flexible configuration of the UAC behaviors • Localy/Globaly
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Configuration
• The built-in Administrator account can be configured to run in one of the following modes: • Admin Approval Mode • XP Compatible Mode (default)
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Framework
• UAC is built on different new technologies • Windows file system virtualization • Windows Registry virtualization • Windows Integrity level • …
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Framework - Service
• User Account Control mechanism is built on the Application Information service
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Framework - Consent
• The process name consent.exe is responsible to show the UAC dialogs
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Framework - Desktop
• Elevation prompts are displayed on a secure desktop by default.
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Framework – Application Marking
• UAC ready applications contain an XML manifest which documents the desired security Run Level credential
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Framework – Resources Virtualization
• UAC Virtualization redirects the following locations • \Program Files • \Windows • \Windows\System32 • \HKLM\Software • Applications accesses are virtualized when accessing secure locations. These locations are then serialized in the corresponding user profile. • \Users\AppData\Local\Virtual Store • \HKCU\Software\Classes\VirtualStore • Virtualization is intended as a bride technology to enable applications that are not UAC compatible to work properly • Virtualization is not supported on 64bit systems
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Workflow
• The workfow of UAC depends several factors • The account a user is logged as • The Security Policy
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Running Programs Elevated
• One-time basis • Always
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Running Programs Elevated
• Application running in elevated mode
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Running Programs Elevated
• Application running in normal mode
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
History
• Some components have kept their names
LUA UAP UAC
www.winitor.com – Nov.2009 Windows User Account Control (UAC)
Links
• Windows Vista TechNet, www.microsoft.com/technet/windowsvista • User Account Control Overview, www.microsoft.com/technet/windowsvista/security/uacppr.mspx • User Account Control, www.microsoft.com/technet/windowsvista/security/uac.mspx
www.winitor.com – Nov.2009