| People pay more and more attention to security in computer systems, with the springing of Internet application. Since operating system is the bridge which connects computer hardware, top software and users, it is the important base of information security. The research and development of secure operating systems have a history of more than 30 years, and acquire great improvement on security model, access control and identity authentication etc. All those have extraordinarily enhanced the security of operating systems, but there are a good many deficiencies in current security techniques. For example, it can not defend buffer overflow attacks, the most common attack on Internet, and can not prevent systems from virus and other malicious codes effectively. Buffer overflow attacks usually subvert the vulnerabilities of a privileged program so that the attacker can take control of the program, thence control the system. This paper figures that the user authorization deficiency of operating systems is one of the most important reasons which cause the success of buffer overflow attacks, and the deficiency lets malicious users exploit application vulnerabilities to acquire additional privileges. In order to resolve these problems, this paper presents trusted authorization.The authentication authorization of mainstream operating systems is implemented at application layer, so that a user can acquire permissions according to his identity, only after passing authentication. The user permissions are statically authorized. If a user passes the entrance gate, then he can get all the permissions statically authorized to him. The entrance gate not only includes authentication system used by login program, but also includes telnet, ftp and even all open service programs, because attackers may enter operating systems by exploiting service program vulnerabilities. Although those service programs all adopt authentication system, the whole authentication authorization mechanism is disorganized. Users can acquire permissions by stated approach, but he can also acquire the same permissions by attacking authentication mechanism frangibility or exploiting application vulnerabilities. So operating systems lack a consistent authentication authorization mechanism to judge the authenticity of user identity and dynamically authorize user permissions.The goal of trusted authorization is to solve the control of user authorization, so that only true authorized users can acquire permissions. The main idea is associating different authentication mechanisms with different authentication intensity, and assigning different authentication trustworthiness to user according to the adopted authentication mechanisms. The authentication trustworthiness identifies how much the operating system trusts the user. When asystem authorize a user certain permission, it will judge whether his authentication trustworthiness is enough to acquire that permission. Only if the authentication trustworthiness satisfies the requirement, the system will authorize the permission to the user. In this way, we can prevent attackers from acquiring more system permissions by attacking fragile authentication mechanisms, such as password, and prevent attackers from getting permissions authorized to other legal users by bypassing authentication system.On the base of Role Based Access Control, this paper puts forward Role and Capability Based Trusted Authorization model. The model follows the main idea of trusted authorization, so it can solve the above deficiencies of user authorization.Nowadays operating systems all adopt PAM to implement flexible application of various authentication mechanisms, but PAM also leads to the difficulty of thorough administrator separation of duty. In PAM based system, one administrator who has the privilege to configure authentication policy is necessary, so the administrator can personate any other user to login the system by bypassing authentication mechanisms. At the same time, PAM does not differentiate different authentication mechanisms, so fragile authentication mechanisms will bring serious hidden danger to operating system. This paper designs and implements an Authentication Trustworthiness based Pluggable Authentication Module. We also successfully implements trusted authorization on Kylin Role Based Authorization. Combining with other security techniques in Kylin, our work makes Kylin one trusted operating system.
|
PDF Full Text Request