Session 07 Application Confinement

Session 07 Application Confinement

Notes Session 07 Application Confinement Security of Information Systems (SIS) Computer Science and Engineering Department November 18, 2020 1 / 29 Story So Far Notes I systems and system components have an attack surface I flaws in systems and system components may be exploited I input may be used maliciously I prevent existance and prevent exploitation of vulnerabilities I defender needs to limit damage 2 / 29 Limiting Damage Notes I isolate entire system, e.g. virtualization I isolate/confine system component (application), e.g. sandboxing I limit possible actions, limit accessible resources, e.g. prevent an app from using the network, prevent an app from reading data from other apps 3 / 29 Application Confinement Notes I What can an application do? What can an application access? I access control: subject, object I typically enforced at kernel level I What if it were enforced by a library at application level? I overhead I filesystem: users, file permissions, access control lists I configurable permissions: Android permissions, iOS Privacy Settings, Linux capabilities I sandboxing: jailing (filesystem), application sandboxing (kernel-enforced rules) 4 / 29 Remember: Malware Notes I application deployed on user device/workstation I may abuse resource use and access I doesn't require a vulnerability in an app, only a defect in the configuration or system I confining it reduces damage 5 / 29 Filesystem Access Control Notes I subject: process (UID) I object: file (UID, GID) I permissions or access control lists (attached to a file) 6 / 29 Android Permissions Notes I requests permissions at runtime I permission approval I enforcement at Android SDK level I signed permissions 7 / 29 iOS Privacy Settings Notes I database mappping between app and resource/service I Preferences app writes to database I may be turned on/off 8 / 29 Linux Capabilities Notes I security tokens providing privileges I attached to a given process I allow different permissions for processes belonging to the same user I may also be attached to an executable (similar to the setuid bit) 9 / 29 Linux Security Modules Notes I framework in Linux kernel I hooks for user-level system call I introduced in Linux kernel 2.6 11 / 29 MAC Implementations Notes I SELinux (2.6.0) I AppArmor (2.6.36) I Smack (2.6.25) I TOMOYO (2.6.30) I Yama (3.4) 12 / 29 SELinux Notes I inode based I uses labels - user:role:type:mls I policy based I modes I disabled I permissive I enforcing I other features I Role-Based Access Control (RBAC) I Multi-Level Security (MLS) I Multi-Category Security (MCS) 13 / 29 AppArmor Notes I path based I filesystem agnostic I profile based I hybrid modes I per object mode I learning mode 14 / 29 SMACK Notes I inode based I uses labels (most are kept in extended attribute { xattrs) I policy based I access I rwxa - same as DAC I t - transmutation I b - report in bringup mode I custom labels: *?@^ 15 / 29 Assets to Protect Notes I file descriptors I file system space I other processes I memory I network I everything else 17 / 29 Sandbox Implementations Notes I capabilities I jail I rule based (MAC) I Java Virtual Machine I HTML5 iframe sandbox I .NET Code Access Security 18 / 29 Breaking Sandboxing Notes I faulty sandbox rules I other faulty configuration I kernel vulnerability 19 / 29 Linux Seccomp Notes I minimize the exposed kernel surface I to be used by developers I uses BPF (Berkeley Packet Filtering) I requires support in kernel 20 / 29 Kernel Config Notes I CONFIG HAVE ARCH SECCOMP FILTER=y I CONFIG SECCOMP FILTER=y I CONFIG SECCOMP=y 21 / 29 Default Allowed Syscalls Notes I read I write I exit I sigreturn 22 / 29 Android Application Sandbox Notes I The sandbox is simple, auditable, and based on decades-old UNIX-style user separation of processes and file permissions. I SELinux-based I uses application UID to map sandbox to application 23 / 29 Sandbox Profiles Notes I set of rules I sandbox operations, sandbox filters I provided as binary blobs in the kernel image I attached to an application I some apps may use the same sandbox profile I some system services use no sandbox profile I entitlement-checks and sandbox extensions for differentiation between apps using same sandbox profile 25 / 29 container Sandbox Profile Notes I default sandbox profiles for all 3rd party apps I biggest sandbox profile 26 / 29 SandScout Notes I https://dl.acm.org/citation.cfm?id=2978336 I SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles I systematic analysis of container sandbox profiles I found flaws: application collusion, device abuse, control bypass 27 / 29 Keywords Notes I MAC I access control SELinux, AppArmor, Linux Security Module I I SMACK I subject, object, permission I seccomp I capabilities I iOS sandboxing I profiles I privacy settings 29 / 29 Notes Notes Notes.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    7 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us