|
|
|
|
<!doctype html>
|
|
|
|
|
<html>
|
|
|
|
|
<head>
|
|
|
|
|
<meta charset="utf-8">
|
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
|
|
|
|
|
|
|
|
|
|
<title>Rechtetrennung in modernen Betriebssystemen</title>
|
|
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../reveal.js-4.3.1/dist/reset.css">
|
|
|
|
|
<link rel="stylesheet" href="../reveal.js-4.3.1/dist/reveal.css">
|
|
|
|
|
<link rel="stylesheet" href="../reveal.js-4.3.1/dist/theme/serif.css">
|
|
|
|
|
|
|
|
|
|
<!-- Theme used for syntax highlighted code -->
|
|
|
|
|
<link rel="stylesheet" href="../reveal.js-4.3.1/plugin/highlight/monokai.css">
|
|
|
|
|
</head>
|
|
|
|
|
<body>
|
|
|
|
|
<div class="reveal">
|
|
|
|
|
<div class="slides">
|
|
|
|
|
<!-- begin slides -->
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Gemeinsames Sorgerecht</h3>
|
|
|
|
|
<img class="stretch plain" src="res/cerberus-puppy.png" />
|
|
|
|
|
<h4>Ein Überblick über Rechtetrennung in modernen Betriebssystemen</h4>
|
|
|
|
|
<p>
|
|
|
|
|
<small>CC-BY-SA 2018-02-06 Helix/RaumZeitLabor</small>
|
|
|
|
|
</p>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Agenda</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>warum braucht man Rechte?</li>
|
|
|
|
|
<li class="fragment">Rechtetrennung in Unix</li>
|
|
|
|
|
<li class="fragment">Erweiterungen in GNU/Linux</li>
|
|
|
|
|
<li class="fragment">Rechtetrennung in Windows</li>
|
|
|
|
|
<li class="fragment">Grenzen und Lücken.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section><!-- what -->
|
|
|
|
|
<section>
|
|
|
|
|
<h4>Warum braucht man überhaupt</h4>
|
|
|
|
|
<h3>Rechte?</h3>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Authentifizierung vs. Autorisierung</h3>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Subjekte und Objekte</h3>
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="fragment">Subjekte greifen auf Objekte zu</li>
|
|
|
|
|
<li class="fragment">Nicht jedes Subjekt darf jedes Objekt benutzen</li>
|
|
|
|
|
<li class="fragment">Böse Subjekte schon gar nicht.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Beispiele</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>Subjekte:
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="fragment">Prozesse</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</li>
|
|
|
|
|
<br />
|
|
|
|
|
<li class="fragment">Objekte:
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="fragment">Dateien</li>
|
|
|
|
|
<li class="fragment">Ordner</li>
|
|
|
|
|
<li class="fragment">Sockets</li>
|
|
|
|
|
<li class="fragment">Prozesse</li>
|
|
|
|
|
<li class="fragment">virtueller Speicher.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
</section><!-- /what -->
|
|
|
|
|
|
|
|
|
|
<section><!-- Unix -->
|
|
|
|
|
<section>
|
|
|
|
|
<h4>Rechtetrennung in</h4>
|
|
|
|
|
<h3>Unix / POSIX</h3>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Benutzer und Gruppen</h3>
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="fragment">Besitzer (u)</li>
|
|
|
|
|
<li class="fragment">Gruppe (g)</li>
|
|
|
|
|
<li class="fragment">Andere (o)</li>
|
|
|
|
|
<li class="fragment">Alle (a).</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Dateirechte</h3>
|
|
|
|
|
<div class="fragment">
|
|
|
|
|
<p>Bei jeder Datei:</p>
|
|
|
|
|
<code>u g o a</code>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="fragment">
|
|
|
|
|
<p>und für jedes Besitzverhältnis</p>
|
|
|
|
|
<code>r w x</code>
|
|
|
|
|
</div>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Oktale Notation</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>r = 4</li>
|
|
|
|
|
<li>w = 2</li>
|
|
|
|
|
<li>x = 1</li>
|
|
|
|
|
</ul>
|
|
|
|
|
<div class="fragment">
|
|
|
|
|
<p>Ausrechnen:</p>
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="fragment">r + x<span class="fragment"> = 4 + 1</span><span class="fragment"> = 5</span></li>
|
|
|
|
|
<li class="fragment">r + w<span class="fragment"> = 6</span></li>
|
|
|
|
|
<li class="fragment">r + w + x<span class="fragment"> = 7</span></li>
|
|
|
|
|
<li class="fragment">w + x<span class="fragment"> = 3.</span></li>
|
|
|
|
|
</ul>
|
|
|
|
|
</div>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Oktal notierte Dateirechte</h3>
|
|
|
|
|
<pre class="fragment"><code>% ls -l datei.txt
|
|
|
|
|
-rw-rw-r--. 1 helix helix 0 5. Feb 19:17 datei.txt
|
|
|
|
|
|
|
|
|
|
<div class="fragment">% chmod 777 datei.txt</div>
|
|
|
|
|
<div class="fragment">% ls -l datei.txt
|
|
|
|
|
-rwxrwxrwx. 1 helix helix 0 5. Feb 19:17 datei.txt</span>
|
|
|
|
|
</code></pre>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Berechtigungen ändern</h3>
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="fragment">Der Besitzer darf das, Gruppen nicht</li>
|
|
|
|
|
<li class="fragment">Root darf eh alles.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>ACLs</h3>
|
|
|
|
|
<ul>
|
|
|
|
|
<li class="fragment">pro Benutzer (u)</li>
|
|
|
|
|
<li class="fragment">pro Gruppe (g)</li>
|
|
|
|
|
<li class="fragment">Rechtemaske (m)</li>
|
|
|
|
|
<li class="fragment">Benutzer, die nicht in Gruppen oder ACL sind (o).</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
</section> <!-- /Unix -->
|
|
|
|
|
|
|
|
|
|
<section><!-- Linux -->
|
|
|
|
|
<section>
|
|
|
|
|
<h4>Erweiterungen in</h4>
|
|
|
|
|
<h3>GNU/Linux</h3>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Capabilities (Fähigkeiten)</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>mit seccomp-Erweiterung verfügbar</li>
|
|
|
|
|
<li class="fragment">derzeit 35 Stück im Linux-Kernel</li>
|
|
|
|
|
<li class="fragment">Beispiele: <br />chown, setuid, setgid, net_raw, net_bind_service, …</li>
|
|
|
|
|
<li class="fragment">fallenlassen möglich und erwünscht.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Namespaces</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>Leichtgewichtige Prozess-Virtualisierung</li>
|
|
|
|
|
<li class="fragment">Isolierung: Ein Prozess hat eine andere Sicht auf das System</li>
|
|
|
|
|
<li class="fragment">Kein Hypervisor (wie bei VMs)</li>
|
|
|
|
|
<li class="fragment">Besonders nützlich: netns / veth</li>
|
|
|
|
|
<li class="fragment">Weitere Namespaces: PID, <abbr title="UNIX Timesharing System">UTS</abbr> (hostname), Mount, user.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Control Groups</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>regeln den Zugriff auf Systemressourcen</li>
|
|
|
|
|
<li class="fragment">Implementieren Möglichkeiten zur Steuerung der Auslastung</li>
|
|
|
|
|
<li class="fragment">RAM, CPU, Netzwerkprioritäten, Geräte, etc.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Mandatory Access Controls</h3>
|
|
|
|
|
<p class="fragment">Geben jedem Benutzer und jeder Gruppe einen Kontext und Freigaben für ihre Arbeit mit "Regeln".</p>
|
|
|
|
|
<h4 class="fragment">Beispiele:</h4>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>SELinux</li>
|
|
|
|
|
<li>AppArmor</li>
|
|
|
|
|
<li>Smack</li>
|
|
|
|
|
<li>TOMOYO</li>
|
|
|
|
|
</ul>
|
|
|
|
|
<p class="fragment">Die meisten Systeme nutzen Linux Security Modules im Kernel.</p>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h4>Übersicht über das Rechtemodell in GNU/Linux</h4>
|
|
|
|
|
<img class="stretch plain" src="res/lin-access-controls.png" />
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>MAC vs. <abbr title="Discretionary Access Control">DAC</abbr>, <abbr title="Role-Based Access Control">RBAC</abbr></h3>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Was kann man damit machen?</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>Sandbox (chroot, firejail)</li>
|
|
|
|
|
<li class="fragment">Container (<abbr title="Linux Containers">LXC</abbr>, Docker)</li>
|
|
|
|
|
<li class="fragment">VMs (VirtualBox, VMWare, KVM).</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
</section><!-- /Linux -->
|
|
|
|
|
|
|
|
|
|
<section><!-- Windows -->
|
|
|
|
|
<section>
|
|
|
|
|
<h4>Natürlich gibt es Rechtetrennung auch in</h4>
|
|
|
|
|
<h3>Windows</h3>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Das Dateisystem</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>i.d.R. NTFS</li>
|
|
|
|
|
<li class="fragment">hat auch Benutzer, Gruppen</li>
|
|
|
|
|
<li class="fragment">POSIX-Modus</li>
|
|
|
|
|
<li class="fragment">und ACLs.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Verwirrende Grafik aus einem <abbr title="Windows internals">Buch</abbr></h3>
|
|
|
|
|
<img class="stretch plain" src="res/win-access-controls.svg" />
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Die wichtigsten Komponenten</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li><abbr title="Security Reference Monitor">SRM</abbr> – Security checks</li>
|
|
|
|
|
<li class="fragment"><abbr title="Local Security Authority Subsystem">LSASS</abbr>/<abbr title="Local Security Authority Service">LSASRV</abbr> – lokale System-Sicherheitsrichtlinienverwaltung</li>
|
|
|
|
|
<li class="fragment"><abbr title="Security Accounts Manager">SAM</abbr> – Service/DB mit Benutzer- und Gruppendaten</li>
|
|
|
|
|
<li class="fragment">HAL, <abbr title="Kernel Security Device Driver">KSecDD</abbr> – Hardware-Abstraktion</li>
|
|
|
|
|
<li class="fragment">AppLocker – MAC.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Kommunikation der Komponenten</h3>
|
|
|
|
|
<img class="stretch plain" src="res/win-mac-communication.svg" />
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
|
|
<section>
|
|
|
|
|
<h3>Benutzerkontensteuerung</h3>
|
|
|
|
|
<img class="stretch plain" src="res/uac.png" />
|
|
|
|
|
</section>
|
|
|
|
|
</section><!-- /Windows -->
|
|
|
|
|
|
|
|
|
|
<section><!-- pitfalls -->
|
|
|
|
|
<h3>Gegen was Rechtemanagement <strong>nicht</strong> hilft</h3>
|
|
|
|
|
<ul class="fragment">
|
|
|
|
|
<li>Kernel-Bugs (ring0)</li>
|
|
|
|
|
<li class="fragment">Fehler im Rechtemanagement (Bugs/Konfiguration)</li>
|
|
|
|
|
<li class="fragment">Hardware-Bugs</li>
|
|
|
|
|
<li class="fragment">verwanzte Hardware</li>
|
|
|
|
|
<li class="fragment"><strong>BENUTZER</strong>.</li>
|
|
|
|
|
</ul>
|
|
|
|
|
</section><!-- /pitfalls -->
|
|
|
|
|
|
|
|
|
|
<section><!-- sources -->
|
|
|
|
|
<h4>Quellen</h4>
|
|
|
|
|
<small>
|
|
|
|
|
<ul>
|
|
|
|
|
<li><a href="https://akreon.deviantart.com/art/Cerberus-puppy-684305376">Kerberos – akreon (DeviantArt)</a></li>
|
|
|
|
|
<li><a href="https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-1-1.pdf">Understanding and Hardening Linux Containers (NCC Group Whitepaper)</a></li>
|
|
|
|
|
<li><a href="http://materias.fi.uba.ar/7508/WI6/Windows%20Internals%20Part%201%20(6th%20Edition).pdf">Windows Internals Part 1 (6th Edition)</a></li>
|
|
|
|
|
<li><a href="https://www.slideshare.net/kaigai/label-based-mandatory-access-control-on-postgresql">Label based Mandatory Access Control on PostgreSQL (PGcon2011, Kohei KaiGai)</a></li>
|
|
|
|
|
</ul>
|
|
|
|
|
</small>
|
|
|
|
|
<hr />
|
|
|
|
|
<h3>Danke für's Zuhören!</h3>
|
|
|
|
|
</section><!-- /sources -->
|
|
|
|
|
|
|
|
|
|
<!-- end slides -->
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<script src="../reveal.js-4.3.1/dist/reveal.js"></script>
|
|
|
|
|
<script src="../reveal.js-4.3.1/plugin/notes/notes.js"></script>
|
|
|
|
|
<script src="../reveal.js-4.3.1/plugin/markdown/markdown.js"></script>
|
|
|
|
|
<script src="../reveal.js-4.3.1/plugin/highlight/highlight.js"></script>
|
|
|
|
|
<script>
|
|
|
|
|
// More info about initialization & config:
|
|
|
|
|
// - https://revealjs.com/initialization/
|
|
|
|
|
// - https://revealjs.com/config/
|
|
|
|
|
Reveal.initialize({
|
|
|
|
|
hash: true,
|
|
|
|
|
|
|
|
|
|
// Learn about plugins: https://revealjs.com/plugins/
|
|
|
|
|
plugins: [ RevealMarkdown, RevealHighlight, RevealNotes ]
|
|
|
|
|
});
|
|
|
|
|
</script>
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|