CSE 227: Lecture 3
The topics covered in this lecture are
FIPS 140-2,
TCSEC,
Tenex,
IFS,
We covered notions of tamper resistance, tamper evidence, and tamper
responding. Bank vaults are tamper resistant: they are hard to drill
through. Medicine bottle caps are tamper evident: it is hard to open
the bottle (to tamper with the pills) without breaking the seals. A
home alarm system that silently calls the police is tamper responding.
FIPS 140 has four levels. Ranging from no protection, an enclosure
with locks, basic tamper detection, and full tamper response.
The IBM 4758 is a product that meets the requirements of the highest.
A, B, C major levels. MAC and DAC. Bell-Lapadula security model.
Covert channels.
User programs change their login account by supplying string buffers
containing the new account and the password in a system call. The
kernel has all passwords in string form, so no one-way hashing is
used. Furthermore, the kernel code determines whether the supplied
password is correct by performing a string comparison, e.g., with
something like the C strcmp function, which can be
implemented by:
int strcmp(const char *s1, const char *s2)
{
char c; int d;
while (0 == (d = (c = *s1++) - *s2++))
if (!c) return 0; /* same */
return d; /* different */
}
Note that the function returns with the difference as soon as a
difference is found.
By exploiting the virtual memory timing, we can determine guesses for
the password one character at a time.
The system(3) library routine is used to fork a subprocess
and have it execl(2) the /bin/sh program with
argv[1] being -c and argv[2] being the
string argument to system(3).
IFS is an inherited environment variable. The vi program
catches the SIGHUP signal to save partially complete edits in
a protected directory so that a modem hangup will not cause too much
loss of work. Upon catching SIGHUP, vi runs
expreserve, a setuid to root program, to write the partially
edited file to a root-only directory and to send email to the user to
inform him/her that the partial edits may be recovered.
Additional Info
If you do not understand how the Unix setuid mechanism works or are
unfamiliar with the details, read
this
paper. (This is required reading.)
[
search CSE |
CSE |
bsy's home page |
links |
webster |
MRQE |
google |
yahoo |
citeseer |
pgp certserver |
openpgp certserver
]
bsy+cse227w03@cs.ucsd.edu, last updated Fri Jan 17 18:25:28 PST 2003. Copyright 2003 Bennet Yee.
email bsy.