Download slides - cse.sc.edu

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
Document related concepts

Web of trust wikipedia , lookup

Access control wikipedia , lookup

Cross-site scripting wikipedia , lookup

Security-focused operating system wikipedia , lookup

Mobile security wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Unix security wikipedia , lookup

Transcript 
Executing Code with
Too Much Privilege
CS CE 548 ST UDENT P R E S E NTATIO N
KAT HE R I NE A U ST IN
J U LY 26 , 20 1 6
Introduction
• Computer Information Systems (CIS) major.
• Returned to complete my bachelor’s degree after 19+ years.
Only 6 classes to go! 
• Full-time SCANA employee for the last 18 years.
• Currently a senior software engineer in their IST department.
Ok, enough about me. On to the presentation!
CSCE 548 Presentation – Katherine Austin
Agenda
• Technical Overview of the Problem
• Examples
• Detection Methods and Prevention
• Conclusion
• References
CSCE 548 Presentation – Katherine Austin
Technical Overview of the Problem
What do we mean by code executing with too much privilege?
• Software performs an operation at a privilege level that is higher than
the minimum level required, which creates new weaknesses or
amplifies the consequences of other weaknesses.[2]
• High privilege – any process that is capable of performing sensitive
operations. [1]
• Low privilege – processes running under accounts that are taskconstrained. [1]
CSCE 548 Presentation – Katherine Austin
Technical Overview of the Problem (cont.)
New weaknesses can be exposed because running with extra privileges,
such as root, Administrator or Local System, can disable the normal
security checks performed by the operating system or environment.[2]
Typically web and application systems execute using these privileged
accounts.
When running as root or Local System, the processes and the code on
top of these processes run with all of the rights of these users.
Malicious code will execute with the authority of the privileged
account, thus increasing the possible damage from an exploit. [2]
CSCE 548 Presentation – Katherine Austin
CSCE 548 Presentation – Katherine Austin
Example #1: Code to create new user folder
Issue: If the call to os.mkdir() throws an exception, the call to lowerPrivileges()
will not occur. The program runs in a raised state indefinitely. [2]
CSCE 548 Presentation – Katherine Austin
Example #2: Apache Tomcat
The above allows members to be able to start/stop tomcat. [5]
Issue: If the startup script is writable by anyone other than root, the users can
insert commands into the script and have them run as root. Very big security
risk!
CSCE 548 Presentation – Katherine Austin
Detection Methods & Error Avoidance
• Manual Analysis
• Penetration testing
• Threat modeling
• Interactive tools that allow the tester to record and modify an active session.
• Black Box
• Monitoring tools to examine software processes as it interacts with the operating
system/network.
• Attach the monitor to the process and perform a login.
• Look for library functions/system calls to see where privileges are being raised/dropped.
• Look for resource accessibility that is restricted to normal users.
CSCE 548 Presentation – Katherine Austin
Detection Methods & Error Avoidance
• Inventory all accounts with privileged access and assign ownership.
• Minimize the number of privileged accounts.
• Shared account passwords must not be shared.
• Limit scope for each privileged account.
• Never assign superuser privileges to user accounts. Instead, use
privilege elevation to allow temporary execution of privileged
commands.
• Monitor and reconcile all privileged access activity.
CSCE 548 Presentation – Katherine Austin
Conclusion
• Tighten user access levels. Plan for least privilege early in the
development cycle. [4]
• DO NOT run your code with administrative or root capabilities just to
get everything running. Run your code with the lowest possible
privilege. [4]
• Grant the minimum level of privileges required to carry out a task and
limit the time where possible. [4]
• If using a database system, limit the rights of the database account
that the application uses.
CSCE 548 Presentation – Katherine Austin
References
[1] Howard, Michael, David LeBlanc, and John Viega. 24 Deadly Sins of Software
Security: Programming Flaws and How to Fix Them. New York: McGraw-Hill, 2010.
Print.
[2] "Common Weakness Enumeration." CWE -. N.p., n.d. Web. 22 July 2016.
https://cwe.mitre.org/data/definitions/250.html
[3] "Access Control." OWASP. N.p., n.d. Web. 22 July 2016.
https://www.owasp.org/index.php/Category:Access_Control. Last updated 1 June,
2016.
[4] Singh, Anmol. "Twelve Best Practices for Privileged Access Management." Twelve
Best Practices for Privileged Access Management. Gartner, 08 Oct. 2015. Web. 22 July
2016. https://www.gartner.com/doc/3145917/best-practices-privileged-accessmanagement.
[5] Tomcat Wiki. Apache Tomcat, 09 Dec. 2015. Web. 22 July 2016.
https://wiki.apache.org/tomcat/HowTo.
CSCE 548 Presentation – Katherine Austin
Related documents
Set 1: Introduction - CS Course Webpages
Set 1: Introduction - CS Course Webpages
Media, Technology and Social Change, the Department of Radio
Media, Technology and Social Change, the Department of Radio
Introduction to Cell Biology
Introduction to Cell Biology
Data Science - TAMU Computer Science People Pages
Data Science - TAMU Computer Science People Pages
Set 3: Divide and Conquer
Set 3: Divide and Conquer
Slides 08
Slides 08
ppt - cse.sc.edu
ppt - cse.sc.edu
Data Science - faculty.cs.tamu.edu
Data Science - faculty.cs.tamu.edu
Presentation Title - HospitalityLawyer.com
Presentation Title - HospitalityLawyer.com
Anthropogenic Climate Change –Connections to
Anthropogenic Climate Change –Connections to
Computer Organization
Computer Organization
Computer Organization
Computer Organization
ppt - CS Course Webpages
ppt - CS Course Webpages
Database Account/Privileges Request Form
Database Account/Privileges Request Form
771Lec19-WordMeaningsII
771Lec19-WordMeaningsII
Lec01Overview - Computer Science & Engineering
Lec01Overview - Computer Science & Engineering
slides - cse.sc.edu
slides - cse.sc.edu
CSCE 790 – Secure Database Systems
CSCE 790 – Secure Database Systems
Introduction to Computer Security
Introduction to Computer Security
211Notes05-CombinationalComponents
211Notes05-CombinationalComponents