160 likes | 266 Views
An Executable Code Authorization Model For Secure Operating System. Index. Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion. Introduction.
E N D
An Executable Code Authorization Model For Secure Operating System
Index • Introduction • Program File Authorization • Security Theorem • Active Code Authorization • Authorization Logic • Implementation considerations • Conclusion
Introduction • Most web browsers allow dynamically downloading , loading and running of executable files from internet. • Desktop operating Systems and many applications supports features extension by third party vendors using plug-in technology. • If the codes are from un-trusted or unknown sources or are infected by a computer virus , system security can be compromised through the execution of them. • All pc operating systems only provide weak protections.
Introduction • Signature based malicious code scanning technique is used for inspecting and authorizing executable code. • Due to un-decidability nature of computer virus malicious code can defend against known attacks. • This model adopts a combination of integrity measurement and access control. • Original code, but not malicious code can be easily hijacked by clever hackers.
Program File Authorization • Notations : Denote set of all objects O and all program files p and set of all subjects S. • Definition 1 : ∀o ∈ O,I odenotes a unique identifierof object o. I denotes the set of all identifiers of objects in O, where: I={ I o ∀o ∈ O }. • Definition 2 : For∀o1,o2∈O, functionfccan beused as an object integrity measurement function if it satisfies cnt ( o1 ) ≠ cnt ( o2 ) ⇔ fc ( o1 ) ≠ fc ( o2 ).
Security Theorem • If at Time 0 system issecure, then no malicious code can be executed at any time. • If at time k there exists a program p which is permitted to execute. At least g (p)=U or g ( p )=W holds. Now suppose p contains malicious code. • Un-trusted Program Set Updating Rule (UPSUR): For any program p, if g(p)=M or g(p)=N, then P = P , V = V ∪{ p}. • Program Authorization Rule (PAR2): ∀v ∈ V,vis not allowed to run.
Active Code Authorization • Authorizing executable files to allow running only trusted programs prevents invoking malicious codes and programs infected by computer viruses. • The key disadvantage of the program file authorization model is that it only authorizes static executable code. It assumes that a program remains trusted all the time it is running. • During buffer overflow attacks , attackers inject malicious code into the stack or heap. • It dosen’t protect against this sort of attacks because they don’t modify a program file.
Authorization Logic • Active code authorization is a supplementation to program file authorization. It authorizes executable code on the fly before it is executed. • Unlike the static executable file authorization, it is performed only on a code block instead of a whole program file. • Divide a program file into an ordered sequence of octet vectors If the current integrity signature of code block piis the same as what it was at Time 0, then g p(pi)=U vectors, identify each of the octet vectors uniquely. In all other cases, gp ( pi )= N
Implementation Considerations (1)When to split a program file into a sequence of code blocks. By splitting a program file into a sequence of code blocks, in ordered series of code blocks instead of splitting it into several small files then store them respectively. An appropriate time to do this is at compile time, when the compiler can do it.
Implementation Consideration (2) How to split a program file into a reasonable sequence of code blocks. To exploit a buffer overflow vulnerability, an attacker must overwrite the return address of the vulnerable function or simply a jump instruction which directs execution flow to shell code , and it will directly execute the flow to thestart of a new code block.
Implementation Consideration (3)How to authorize a code block. Proof-Carrying Code for implementing our active code authorization logic, in which the proof to verify is the integrity signatures of code blocks. we can implement the proof checker file authorization model. Before executing a code block, we simply verify that the proof is valid.
Conclusion • All trusted programs are known and small , it is feasible to authorize the program files by integration signatures. • Code authorization model is introduced based on this idea . The model is not limited by theun-decidability result of computer virus and it is able to defend against unknown malicious code. • To defend against runtime hijack executable code we propose an active authorization scheme by extending the authorization program file.
References • F .Cohen :Computer viruses: “Theory and Experiment”, Computer and security. G .C. Nucela : “Proof Carrying Code” Proceedings on principles of programming languages. Chen Zhameo : “Research of Secure Operating system for Malicious code defending”