1 / 18

Outline

Security in Plan 9 Russ Cox, Eric Grosse, Rob Pike, Dave Presotto, Sean Quinlan Presented by Vijay Srinivas Nori April 19, 2006. Outline. Overview Plan 9 Security Problems Proposed Solutions Results Conclusion. Overview. Plan 9 is a microkernel based OS

uriah-hale
Download Presentation

Outline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Plan 9Russ Cox, Eric Grosse, Rob Pike, Dave Presotto, Sean QuinlanPresented by Vijay Srinivas NoriApril 19, 2006

  2. Outline Overview Plan 9 Security Problems Proposed Solutions Results Conclusion

  3. Overview Plan 9 is a microkernel based OS Developed at Bell Labs (late 1980s) [2] Several Problems in Security Architecture Redesigned security architecture to be Simple to Use Simple to modify/update Simple to understand and verify Focus: Practical causes of Security holes

  4. Outline Overview Plan 9 Security Problems Proposed Solutions Results Conclusion

  5. Application Kernel Module File Server Security Modules Security Modules Security Modules Change Security Algorithm Problems Analyzed (1) recompile/relink & restart security modules

  6. Problems Analyzed (2) Enhance ease of use Many security violations due to user inexperience with complex security e.g. installing X.509 certificates

  7. Network File Stores Network Services Password Problems Analyzed (3) Local File Store User Same password!

  8. Hard to fix broken system! Authentication deeply embedded Problems Analyzed (4) PLAN 9 File Transport Protocol Authentication Protocol

  9. Outline Overview Plan 9 Security Problems Proposed Solutions Results Conclusion

  10. Required at bootstrap to load the existing keys Factotum Components of the Security Architecture

  11. System Redesign Factotum All security code packaged in Debug, modify, add new protocols on the fly Programs don’t need to be compiled with crypto code – talk to factotum agents When modifying security modules – recompile/relink and restart factotum

  12. Factotum Working Requests password for secstore at startup – performs all authentications from then on (like Kerberos [3]) Factotum keeps its keys in volatile memory -passwords as plaintext (-noswap) User talks to factotum using a RPC like protocol Copy initial set of stores from Network Server secstore at startup using encrypted communication.

  13. fauth(int fd, char* servicename) afd (capability file) mount(fd, afd, …) Authentication Protocol Communication Authentication Protocol Execute Request Changes to 9P 9P File Service Client Factotum afd ready for mount!

  14. Outline Overview Plan 9 Security Problems Proposed Solutions Results Conclusion

  15. Results Achieved Ease of Use (subjective) Achieved Security (subjective) The Group is moving their computing environment outside the corporate firewall Primary computing environment for several developers of Plan 9 Ease of Development/Maintainance Only update factotum e.g. with bug fixes

  16. Outline Overview Plan 9 Security Problems Proposed Solutions Results Conclusion

  17. Conclusion It is HARD to write safe code Logic mistakes, OS bugs, compiler bugs Bugs WILL exist – but once detected should be easy to fix or perform damage control Factotum has all the security code Smaller code (~ few thousand lines) Easy to verify and less error prone

  18. References [1] “Security in Plan 9”, Russ Cox et. al., Proceedings of the 11th USENIX Security Symposium [2] “Plan 9 from Bell Labs”, R Pike et. al., Computing Systems, 1995 – scs.stanford.edu [3] “Kerberos: An Authentication Service for Open Network Systems”, Jennifer G. Steiner et. al., Proc. Winter USENIX Conference, 1988

More Related