安全操作系统 - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
安全操作系统 PowerPoint Presentation
Download Presentation
安全操作系统

play fullscreen
1 / 90
安全操作系统
194 Views
Download Presentation
onslow
Download Presentation

安全操作系统

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. 安全操作系统 中国科学技术大学计算机系 陈香兰(0512-87161312) xlanchen@ustc.edu.cn 助教:裴建国 Autumn 2008

  2. 主流操作系统的安全技术 • Linux/Unix安全技术 • Windows安全技术

  3. Windows的发展历史1 From:http://blog.chinaunix.net/photo/19782_071112183558.jpg

  4. Windows的发展历史2 From:http://www.xuecs.com/img/upload/osx/windows.jpg

  5. Windows NT 4.0 architecture

  6. Windows 2000 architecture From: http://upload.wikimedia.org/wikipedia/commons/5/5d/Windows_2000_architecture.svg

  7. Windows安全:NT是分水岭 • NT设计目标:TCSEC标准的C2级 • 在用户级实现自主访问控制 • 提供对客体的访问的审计机制 • 实现客体重用 • Windows NT 4.0 • 1999年11月通过美国国防部TCSEC C2级安全认证 • Windows NT安全子系统 • 提供身份鉴别、自主访问控制、客体共享和安全审计等安全特性。 • 主要由本地安全授权(LSA)、安全账户管理(SAM)和安全参考监视器(SRM)等组成

  8. “[security]… really is a journey rather than a destination.” From:Hacking Exposed Windows: Windows Security Secrets & Solutions Bill Gates,“Trustworthy Computing”,January 2002 Refer:http://www.microsoft.com/mscorp/execmail/2002/07-18twc.mspx

  9. security wheel From:Hacking Exposed Windows: Windows Security Secrets & Solutions

  10. The Windows Security Architecture from the Hacker’s Perspective 物理/逻辑 Attacking Windows security using both kernel and user mode approaches

  11. Windows安全技术 • Windows NT/2000/XP中的常用安全技术 • Windows身份验证与访问控制 • Windows审核机制 • Windows注册表 • Windows加密文件系统 • Windows基准安全注意事项 • Windows 2003中的新安全技术简介

  12. Windows NT Security Components 4 1 2 From:http://www.windowsecurity.com/whitepapers/Network_Strategy_Report_Windows_NT_Security.html

  13. Windows NT的安全模型 • Windows NT的安全模型包括5个主要部分 • 登录(WinLogon) • 本地安全认证子系统(LSA) • msv1_0 • 安全帐户管理器(SAM) • NT LAN Manager(NTLM)

  14. Windows 2000安全模型 FROM:http://technet.microsoft.com/en-us/library/cc751429.aspx Windows 2000 Security Gains ,Article from 《Windows 2000 Magazine》

  15. Windows安全性组件 • 安全引用监视器,SRM • 本地安全认证 • LSA策略数据库 • 安全帐号管理器服务 • SAM数据库 • 默认身份认证包 • 登录进程 • 网络登录服务

  16. SRM, Security Reference Monitor • To create or gain access to an object, a request must first flow through the SRM • the SRM operates in both kernel and user modes http://www.windowsitlibrary.com/Content/717/02/files/Fig3.gif

  17. LSA • Local Security Authority • a process • the Local Security Authority Subsystem Service • lsass.exe • The primary security gateway into Windows

  18. The SAM and Active Directory • On all Windows computers, the SAM contains user account name and password information. • 口令,以密文形式存放(scrambled value) • The scrambling procedure:one-way function • 采用哈希算法,密文就是一个哈希值 • On Windows Server 2000 and later domain controllers, user account/hash data for the domain is kept in the Active Directory

  19. Active Directory (AD) • 从windows server 2000开始 • provides a variety of network services, including: • LDAP-like Directory services • Kerberos based authentication • DNS based naming and other network information • 采用层次结构来组织对象 • 3种对象种类 • resources (e.g., printers) • services (e.g., email) • and users (user accounts and groups)

  20. The AD provides • information on the objects • organizes the objects • controls access and sets security • Forests, trees, and domains • the logical parts in an AD network

  21. 基本概念:主体和客体 In Windows • Subjects • processes (associated with access tokens) • Objects • securable objects (associated with security descriptors)

  22. 访问相关 http://technet.microsoft.com/en-us/library/bb496995.aspx

  23. 基本概念:访问令牌 • When a user logs on to Windows • an access token containing security identifiers (SIDs) is created, correlated with • the user’s account • and any group accounts to which the user belongs • a list of the privileges held by the user or the user’s groups • The access token is associated with every process created by the user

  24. 安全标识符SID revision number relative identifier The 5th account created in the domain SID示例 RID 500:the true Administrator account on a local machine On a domain, RIDs starting with 1001 indicate user accounts. RID 501:the Guest account

  25. 访问令牌 NTLM logon process http://technet.microsoft.com/en-us/library/bb457114.aspx

  26. Token • The token contains a list of all of the SIDs associated with the user account • The account’s SID • the SIDs of all groups • special identities of which the user account is a member (for example, Domain Admins or INTERACTIVE). • Server 2003开始,缺省带whoami命令

  27. Whoami截图,from 《hacking …》

  28. 基本概念:安全描述符 • When a securable object is created • a security descriptor that contains a discretionary access control list (DACL) is assigned • Which user and group SIDs may access the object, and how (read, write, execute, and so on). • Access control • Compare SID • Find a match? Permit : not permit

  29. 安全描述符,访问控制表和访问控制项 http://microsoft.apress.com/asptodayarchive/73607/c-to-uml-reverse-engineering

  30. Windows 2000的访问控制表 • 表头+访问控制项(多个) • 访问控制项ACE=SID或GSID+访问掩码 • 访问掩码定义SIG或GSID被授予的权限 ACL 结构

  31. 基本概念:SECURITY PRINCIPALS • three types of fundamental accounts • Users • Groups • Computers

  32. 用户账户,user accounts • an account is a reference context in which the operating system executes code • all user mode code executes in the context of a user account. • Some code that runs automatically before anyone logs on (such as services) • runs in the context of an account (often as the special and all-powerful SYSTEM, or LocalSystem, account)

  33. 用户账户, user accounts • 本地用户账户 • 访问本地计算机 • SAM (NT) • 域用户账户 • 访问网络资源 • Active Directory

  34. 组,groups • logical containers for aggregating user accounts • Groups are also used to allocate privileges in bulk • 组内账户继承组的权限 • Example:local Administrators group • NT中 • 本地组 • 域组

  35. Windows系统常用的组

  36. Windows Server 2003中新加的组

  37. Computers (Machine Accounts) • When a Windows system joins a domain, a computer account is created.

  38. User Rights • User rights are a finite set of basic capabilities, such as logging on locally or debugging programs. • 非自主访问控制 • typically assigned to groups • the group is typically the unit of privilege assignment • Two types of user rights • logon rights and privileges • Longhorn:>40个

  39. 基本概念:强制登录 • 要求所有的用户使用系统前必须登录,通过验证后才可以访问资源

  40. Windows登录验证模型 WinLogon GINA SSPI NTLM SSP Kerberos SSP 协 商 L S A

  41. Windows NT/2000/XP的系统登录过程 • 登录是通过登录进程WinLogon、LSA、一个或多个身份认证包和SAM的相互作用发生的 • 身份认证包:执行身份验证检查的动态链接库。 • Msvl_0:用于交互式登录的身份认证包 • WinLogon:一个受托进程,负责管理与安全性相关的用户相互作用 • 是从键盘截取登录请求的唯一进程

  42. Windows登录验证过程(以NT为例) 1 2 3 4 5 6 8 7

  43. Windows远程登录身份验证 • 早期:SMB验证协议,在网络上传输明文口令 • LMLM Manager Challenge/Response验证机制验证机制简单,容易被破解 • NTLMWindows NT挑战/响应验证机制 • NTLM v2 • Kerberos LM Manager Challenge/Response

  44. The Windows access control model

  45. Network Authentication,以NTLM为例 由于没有口令(加密或者非加密)通过网络传输,极大地提高了远程登录身份验证的安全性 NTLM安全验证过程

  46. 关于Kerberos • Version 1,2,3, MIT • Version 4,Steve Miller and Clifford Neuman,late 1980s • Version 5, John Kohl and Clifford Neuman, • RFC 1510 in 1993 • RFC 4120 in 2005 • Windows 2000 and later use Kerberos as their default authentication method • Apple's Mac OS X • Red Hat Enterprise Linux 4 and later • ……