Information Technology Reference
In-Depth Information
and others could access to somebody's private files. Another example is that
Dr.Watson
, the built-in debugger in MS Windows, starts every time after system fault
and creates the dump file
C:\Winnt\user.dmp
. Now imagine that
OE
falls down and
Dr.Watson
makes the dump. The dump corresponding to
OE
includes all mail
accounts and passwords as plain text. Besides this, the NT file system (NTFS) creates
a new file with default properties (with default access permissions among them) taken
from the parent folder, e.g.
C:\Winnt
, and '
Everyone
' thus has '
Full Control
' over the
dump file and consequently all private email passwords saved in the file. The Linux-
style operating systems obtain the OSCVs of the same sort, e.g. they have a
SUID
-
programs problem. Such mistakes in configuration of protection environment reduce
every solid and well-engineered security to 'zero'.
To eliminate the OSCVs, administrator has to know and observe all of the system
details on-the-fly, analyze the security bulletins and vulnerability reports, and apply
the security reconfiguring operatively. Therefore, administrator needs to be in good
knowledge of the system inside and control a countless number of the system
securable objects. For instance, we can estimate a great many of the objects of
security interest in the wide-spread MS Windows operating system. There are 36
types of the MS Windows entities that are used with access differentiation. Among
them there are 9 entities of user level (e.g. group accounts, NTFS objects, system
registry), and 27 kernel-level objects (e.g. jobs, processes, threads, objects of
synchronization). Each object in MS Windows refers to the discretionary access
control mechanism — the access control list (ACL). Every entry of ACL is a 32-bit
access mask that provides the access rights. Users and groups obtain up to 37
privileges that allow control of their behavior in the system. What is more, 38 local
security settings specify the computer-native security policy. Thus, even in the
isolated station, a number of security setting combinations exceeds
tens of millions
.
For administrator, it is an impracticable task to detect OSCVs in such a complex
system as MS Windows. She or he could make a very hard work of analyzing and
monitoring the security settings in 'step-by-step' mode for 'one-by-one' security
setting, but it will take enormously long period. Consequently, to solve a task of
security faultlessness in the operating system, we need a special facility for the
system's vulnerability detection.
This paper discusses the theory and technique of the OSCVs detection in the secure
operating systems. This paper is structured as follows.
Section 2
reviews the related
works in security flaws detection conformably to the MS Windows safety.
Section 3
introduces our approach applied to the vulnerabilities searching.
Section 4
gives a
brief review of our solution to search the OSCVs. Here we also explain an example of
logical specification and OSCVs detection for Sample Vulnerability Checking (SVC)
in MS Windows. Finally,
section 5
discusses conclusion of our work.
2 The Related Works
Most of the other works on security assurance in the computer systems relates to the
evaluation of the system safety. CSP [2] is an example which allows a security of the
fixed number of the system processes to be specified and evaluated. Each process is
identified with a security label, and the system security is evaluated in a field of these
