windows vista system integrity technologies. why?
Post on 20-Dec-2015
218 views
TRANSCRIPT
Windows VistaWindows VistaSystem IntegritySystem IntegrityTechnologiesTechnologies
Windows VistaWindows VistaSystem IntegritySystem IntegrityTechnologiesTechnologies
Why?Why?
The bad guys are everywhere!The bad guys are everywhere!
They literally want to They literally want to do you harmdo you harmThreats exist in two Threats exist in two interesting places—interesting places—
Online: system started Online: system started and shows a login screen and shows a login screen or a user is logged inor a user is logged inOffline: system is Offline: system is powered down or in powered down or in hibernationhibernation
Policies must address Policies must address bothboth
Cool stuff!Cool stuff!
Code integrity: protection against online Code integrity: protection against online attackattackBitLocker (secure startup): protection BitLocker (secure startup): protection against offline attackagainst offline attackWindows service hardeningWindows service hardeningMandatory integrity controlMandatory integrity controlInternet Explorer protected modeInternet Explorer protected mode
Protect the OSWhen RunningProtect the OSWhen Running
The threatsThe threats
Trojan that replaces a system file to install a Trojan that replaces a system file to install a rootkit and take control of the computer rootkit and take control of the computer (e.g. Fun Love or others that use root kits)(e.g. Fun Love or others that use root kits)Offline attack caused by booting an Offline attack caused by booting an alternate operating system and attempting alternate operating system and attempting to corrupt or modify Windows operating to corrupt or modify Windows operating system image filessystem image filesThird-party kernel drivers that are not Third-party kernel drivers that are not securesecureAny action by an administrator that Any action by an administrator that threatens the integrity of the operating threatens the integrity of the operating system binary filessystem binary filesRogue administrator who changes an Rogue administrator who changes an operating system binary to hide other actsoperating system binary to hide other acts
Code integrityCode integrity
Validates the integrity of each binary imageValidates the integrity of each binary imageChecks hashes for every page as it’s loadedChecks hashes for every page as it’s loadedAlso checks any image loading to a protected Also checks any image loading to a protected processprocessImplemented as a file system filter driverImplemented as a file system filter driverHashes stored in system catalog or in X.509 Hashes stored in system catalog or in X.509 certificate embedded in filecertificate embedded in file
Also validates the integrity of the boot Also validates the integrity of the boot processprocess
Checks the kernel, the HAL, boot-start driversChecks the kernel, the HAL, boot-start drivers
If validation fails, image won’t loadIf validation fails, image won’t load
Hash validation scopeHash validation scope
Windows binariesWindows binaries Yes
WHQL-certified third-party WHQL-certified third-party driversdrivers
Yes
Unsigned driversUnsigned drivers By policy
Third-party application Third-party application binariesbinaries
No
More on signaturesMore on signatures
Don’t confuse hash validation with Don’t confuse hash validation with signaturessignaturesxx
6644
All kernel mode code must be signed or it won’t All kernel mode code must be signed or it won’t loadloadThird-party drivers must be WHQL-certified or Third-party drivers must be WHQL-certified or contain a certificate from a Microsoft CAcontain a certificate from a Microsoft CANo exceptions, periodNo exceptions, periodUser mode binaries need no signature unless theyUser mode binaries need no signature unless they——
Implement cryptographic functionsImplement cryptographic functionsLoad into the software licensing serviceLoad into the software licensing service
xx3322
Signing applies only to drivers shipped with Signing applies only to drivers shipped with WindowsWindowsCan control by policy what to do with third-partyCan control by policy what to do with third-partyUnsigned kernel mode code will loadUnsigned kernel mode code will loadUser mode binaries—same as x64User mode binaries—same as x64
Recovering from CI failuresRecovering from CI failures
Potential problems—Potential problems—OS won’t boot: kernel code or boot-time driver OS won’t boot: kernel code or boot-time driver failed CIfailed CIOS boots, a device won’t function: non-boot-time OS boots, a device won’t function: non-boot-time driver failed CIdriver failed CIOS boots, system is “weird”: service failed CIOS boots, system is “weird”: service failed CIOS boots and behaves, task malfunctions: OS OS boots and behaves, task malfunctions: OS component failed CIcomponent failed CI
Solve boot-critical problems through Solve boot-critical problems through standard system recovery toolsstandard system recovery toolsIntegrated Windows diagnostic Integrated Windows diagnostic infrastructure helps to repair critical files; infrastructure helps to repair critical files; non-critical files can be replaced through non-critical files can be replaced through Microsoft UpdateMicrosoft Update
Code integrity non-goalsCode integrity non-goals
Protecting from attackers with physical Protecting from attackers with physical accessaccessVerifying the integrity of NTLDRVerifying the integrity of NTLDR
Requires secure startup on TPM-enabled Requires secure startup on TPM-enabled machinesmachinesRequires read-only fixed media otherwiseRequires read-only fixed media otherwise
Supporting rebinding or hotpatchingSupporting rebinding or hotpatchingThese change the on-disk imageThese change the on-disk imageCI will work if patch includes updated hashCI will work if patch includes updated hash
Boot-time checks for revocation listsBoot-time checks for revocation lists
Protect the OSWhen Not RunningProtect the OSWhen Not Running
The threatsThe threats
Computer is lost or stolenComputer is lost or stolenTheft or compromise of dataTheft or compromise of dataAttack against corporate networkAttack against corporate network
Damage to OS if attacker installs alternate Damage to OS if attacker installs alternate OSOSDifficult and time-consuming to truly erase Difficult and time-consuming to truly erase decommissioned disksdecommissioned disksExisting ways to mitigate these threats are Existing ways to mitigate these threats are too easy for user to circumventtoo easy for user to circumvent
Secure startup (“BitLocker”)Secure startup (“BitLocker”)
Ensure Ensure boot boot
integritintegrityy
Resilient Resilient against against attackattack
Protect system from offline Protect system from offline software-based attackssoftware-based attacks
Lock Lock tampered tampered systemssystems
Prevent boot if monitored Prevent boot if monitored files have been alteredfiles have been altered
Protect Protect data data
when when offlineoffline
Encrypt Encrypt user data user data and system and system filesfiles
All data on the volume is All data on the volume is encrypted: user, system, encrypted: user, system, page, hibernation, temp, page, hibernation, temp, crash dumpcrash dump
Umbrella Umbrella protectionprotection
Third-party apps benefit Third-party apps benefit when installed on encrypted when installed on encrypted volumevolume
Ease Ease equipmequipm
ent ent recyclinrecyclin
gg
Simplify Simplify recyclingrecycling
Render data useless by Render data useless by deleting TPM key storedeleting TPM key store
Speed data Speed data deletiondeletion
Erasing takes seconds, not Erasing takes seconds, not hourshours
Requires TPM 1.2 chipRequires TPM 1.2 chip
Microcontroller affixed to motherboardMicrocontroller affixed to motherboardStores keys, passwords, digital certificatesStores keys, passwords, digital certificatesFor BitLocker, TPM stores volume For BitLocker, TPM stores volume encryption keyencryption key
Key released only when system boots normally;Key released only when system boots normally; compares each boot process against previously compares each boot process against previously stored measurementsstored measurementsAny changes made to encrypted volume renders Any changes made to encrypted volume renders key irretrievablekey irretrievableNo user interaction or visibilityNo user interaction or visibilityKeys can be archived in Active Directory for the Keys can be archived in Active Directory for the inevitable “omg” momentinevitable “omg” momentProhibits use of software debuggers during bootProhibits use of software debuggers during boot
Won’t EFS protect me?Won’t EFS protect me?
Not quite—it’s good for those who know Not quite—it’s good for those who know what they’re doingwhat they’re doingUsers often store data on the desktop—is it Users often store data on the desktop—is it EFSed?EFSed?EFS doesn’t protect the operating systemEFS doesn’t protect the operating systemEFS is very strong against attacksEFS is very strong against attacks
Four levels of key protectionFour levels of key protectionProperly configured, EFS is computationally Properly configured, EFS is computationally infeasible to crackinfeasible to crack
Encryption scenariosEncryption scenariosBitLoBitLockercker
EEFFSS
RRMMSS
LaptopsLaptops
Branch office serversBranch office servers
Local single user file protection (Windows Local single user file protection (Windows partition only)partition only)
Local multi-user file protectionLocal multi-user file protection
Remote file protectionRemote file protection
Untrusted administratorUntrusted administrator
Remote document policy enforcementRemote document policy enforcement
What Is A Trusted Platform What Is A Trusted Platform Module (TPM)?Module (TPM)?
Smartcard-like moduleSmartcard-like moduleon the motherboard that:on the motherboard that:
Performs cryptographic functionsPerforms cryptographic functionsRSA, SHA-1, RNGRSA, SHA-1, RNGMeets encryption export requirementsMeets encryption export requirements
Can create, store and manage keysCan create, store and manage keysProvides a unique Endorsement Key Provides a unique Endorsement Key (EK)(EK)Provides a unique Storage Root Key Provides a unique Storage Root Key (SRK)(SRK)
Performs digital signature Performs digital signature operationsoperationsHolds Platform Measurements Holds Platform Measurements (hashes)(hashes)Anchors chain of trust for keys Anchors chain of trust for keys and credentialsand credentialsProtects itself against attacksProtects itself against attacks
TPM 1.2 spec: TPM 1.2 spec: www.trustedcomputinggroup.orgwww.trustedcomputinggroup.org
Why Use A TPM?Why Use A TPM?
Trusted Platforms use Roots-of-TrustTrusted Platforms use Roots-of-TrustA TPM is an implementation of a Root-of-TrustA TPM is an implementation of a Root-of-Trust
A hardware Root-of-Trust has distinct advantagesA hardware Root-of-Trust has distinct advantagesSoftware can be hacked by SoftwareSoftware can be hacked by Software
Difficult to root trust in software that has to validate itselfDifficult to root trust in software that has to validate itself
Hardware can be made to be robust against attacksHardware can be made to be robust against attacksCertified to be tamper resistantCertified to be tamper resistant
Hardware and software combined can protect root secretsHardware and software combined can protect root secretsbetter than software alonebetter than software alone
A TPM can ensure that keys and secrets are only A TPM can ensure that keys and secrets are only available for use when the environment is available for use when the environment is appropriateappropriate
Security can be tied to specific hardware and software Security can be tied to specific hardware and software configurationsconfigurations
BootBoot
Windows Partition ContainsWindows Partition Contains Encrypted OSEncrypted OS Encrypted Page FileEncrypted Page File Encrypted Temp FilesEncrypted Temp Files Encrypted DataEncrypted Data Encrypted Hibernation FileEncrypted Hibernation File
Boot PartitionBoot Partition Contains: MBR, Loader, Contains: MBR, Loader, Boot Utilities (Unencrypted, small)Boot Utilities (Unencrypted, small)
Where’s the Encryption Key?Where’s the Encryption Key?
1.1. SRKSRK (Storage Root Key) contained in (Storage Root Key) contained in TPMTPM
2.2. SRKSRK encrypts encrypts VEKVEK (Volume (Volume Encryption Key) protected by Encryption Key) protected by TPM/PIN/DongleTPM/PIN/Dongle
3.3. VEKVEK stored (encrypted by stored (encrypted by SRKSRK) on ) on hard drive in Boot Partitionhard drive in Boot Partition
VEKVEK22
33
WindowsWindows
SRKSRK
11
Disk Layout & Key StorageDisk Layout & Key Storage
Volume Blob of Target OS unlocked
All Boot Blobs unlocked
Static OS
BootSector
BootManager
Start OS
OS Loader
BootBlock
PreOS
BIOS
MBR
TPM Init
BitLocker™ ArchitectureBitLocker™ ArchitectureStatic Root of Trust Measurement of early boot Static Root of Trust Measurement of early boot componentscomponents
OS co-existenceOS co-existence
BitLocker encrypts Windows BitLocker encrypts Windows partitionpartition only onlyYou won’t be able to dual-boot another OS You won’t be able to dual-boot another OS on the same partitionon the same partitionOSes on other partitions will work fineOSes on other partitions will work fineAttempts to modify the protected Windows Attempts to modify the protected Windows partition will render it unbootablepartition will render it unbootable
Replacing MBRReplacing MBRModifying even a single bitModifying even a single bit
Enabling BitLockerEnabling BitLocker
Create a 1.5GB active partitionCreate a 1.5GB active partitionThis becomes your “system” partition—where This becomes your “system” partition—where OS bootsOS bootsThe TPM boot manager uses only 50MBThe TPM boot manager uses only 50MBWindows runs from on your “boot” partition—Windows runs from on your “boot” partition—where the system liveswhere the system lives
Enable TPM chip—usually in system BIOSEnable TPM chip—usually in system BIOSEnable BitLocker in Security CentreEnable BitLocker in Security Centre
Update hard disk MBRUpdate hard disk MBREncrypt Windows “boot” partitionEncrypt Windows “boot” partition
Generate symmetric encryption keyGenerate symmetric encryption keyStore key in TPMStore key in TPMEncryption begins after rebootEncryption begins after reboot
Recovery optionsRecovery options
Useful in case of some kind of hardware Useful in case of some kind of hardware failurefailureTwo choices—Two choices—
Removable mediaRemovable mediaPasswordPassword
Also, service packs and driver upgrades Also, service packs and driver upgrades trigger a loader that recomputes and trigger a loader that recomputes and reseals TPM secretsreseals TPM secrets
Note!Note! in the password case, the keys that normally in the password case, the keys that normally are stored only within the TPM are now back on the are stored only within the TPM are now back on the
hard drive again, sort of defeating the purpose of the hard drive again, sort of defeating the purpose of the TPM!TPM!
(But at least the keys are encrypted with the (But at least the keys are encrypted with the password.)password.)
BitLocker can’t stop everythingBitLocker can’t stop everything
Hardware debuggersHardware debuggersOnline attacks—BitLocker is concerned only Online attacks—BitLocker is concerned only with the system’s startup processwith the system’s startup processPost logon attacksPost logon attacksSabotage by administratorsSabotage by administratorsPoor security maintenancePoor security maintenance
BIOS reflashingBIOS reflashingProtection against this can be enabled if you Protection against this can be enabled if you wishwish
Deployment considerationsDeployment considerations
Requires hardware and software upgradesRequires hardware and software upgradesPhase in, start with high priority computersPhase in, start with high priority computers
Mostly a feature for laptopsMostly a feature for laptopsAlso consider for desktop computers in Also consider for desktop computers in insecure environments (factory floor, kiosk, insecure environments (factory floor, kiosk, …)…)Enterprise key managementEnterprise key management
Protect ServicesFrom ExploitProtect ServicesFrom Exploit
The threatsThe threats
Remember Blaster?Remember Blaster?Took over RPCSS—made it write msblast.exe to Took over RPCSS—made it write msblast.exe to file system and added run keys to the registryfile system and added run keys to the registry
No software is perfect; someone still might No software is perfect; someone still might find a vulnerability in a servicefind a vulnerability in a serviceMalware often looks to exploit such Malware often looks to exploit such vulnerabilitiesvulnerabilitiesServices are attractiveServices are attractive
Run without user interactionRun without user interactionMany services often have free reign over the Many services often have free reign over the system—too much accesssystem—too much accessMost services can communicate over any portMost services can communicate over any port
Service hardeningService hardening
Service Service refactorefacto
ringring
Move service from LocalSystem to Move service from LocalSystem to something less privilegedsomething less privilegedIf necessary, split service so that only the If necessary, split service so that only the part requiring LocalSystem receives that part requiring LocalSystem receives that
Service Service profilinprofilin
gg
Enables service to restrict its behaviorEnables service to restrict its behaviorResources can have ACLs that allow the Resources can have ACLs that allow the service’s ID to access only what it needsservice’s ID to access only what it needsAlso includes rules for specifying required Also includes rules for specifying required network behaviornetwork behavior
It’s about the principle of least privilege—It’s about the principle of least privilege—it’s good for people, and it’s good for servicesit’s good for people, and it’s good for services
MemoryMemory
RefactoringRefactoring
Ideally, remove the service out of Ideally, remove the service out of LocalSystemLocalSystem
If it doesn’t perform privileged operationsIf it doesn’t perform privileged operationsMake ACL changes to registry keys and driver Make ACL changes to registry keys and driver objectsobjects
Otherwise, split into two piecesOtherwise, split into two piecesThe main serviceThe main serviceThe bits that perform privileged operationsThe bits that perform privileged operationsAuthenticate the call between themAuthenticate the call between themMain serviceMain service
runs as LocalServiceruns as LocalServicePrivilegedPrivilegedLocalSystemLocalSystem
SVCHOST group refactoringSVCHOST group refactoringWindows XP Service Pack 2Windows XP Service Pack 2
LocalSystLocalSystemem
Wireless Wireless ConfigurationConfiguration
System Event System Event NotificationNotification
Network Network ConnectionsConnections
COM+ Event COM+ Event SystemSystem
NLANLA
RasautoRasauto
Shell Hardware Shell Hardware DetectionDetection
ThemesThemes
TelephonyTelephony
Windows AudioWindows Audio
Error ReportingError Reporting
WorkstationWorkstation
ICSICS
BITSBITS
RemoteAccessRemoteAccess
DHCP ClientDHCP Client
W32timeW32time
RasmanRasman
BrowserBrowser
6to46to4
Help and SupportHelp and Support
Task SchedulerTask Scheduler
TrkWksTrkWks
Cryptographic Cryptographic ServicesServices
Removable Removable StorageStorage
WMI Perf AdapterWMI Perf Adapter
Automatic Automatic updatesupdates
WMIWMI
App ManagementApp Management
Secondary LogonSecondary Logon
NetworkNetworkServiceService
DNS ClientDNS Client
Local Local ServiceService
SSDPSSDP
WebClientWebClient
TCP/IP NetBIOS helperTCP/IP NetBIOS helper
Remote RegistryRemote Registry
Windows VistaWindows Vista
LocalSystemLocalSystemNetwork Network restrictedrestricted
Removable Removable StorageStorage
WMI Perf AdapterWMI Perf Adapter
Automatic Automatic updatesupdates
TrkWksTrkWks
WMIWMI
App App ManagementManagement
Secondary Secondary LogonLogon
LocalSystemLocalSystemDemand startedDemand started
BITSBITS
Network Network ServiceService
RestrictedRestricted
DNS ClientDNS Client
ICSICS
RemoteAccessRemoteAccess
DHCP ClientDHCP Client
W32timeW32time
RasmanRasman
NLANLA
BrowserBrowser
6to46to4
Task schedulerTask scheduler
IPSEC ServicesIPSEC Services
ServerServer
Cryptographic Cryptographic ServicesServices
Local ServiceLocal Service
RestrictedRestricted No network No network accessaccess
Wireless Wireless ConfigurationConfiguration
System Event System Event NotificationNotification
Shell Hardware Shell Hardware DetectionDetection
Network Network ConnectionsConnections
RasautoRasauto
ThemesThemes
COM+ Event COM+ Event SystemSystem
Local ServiceLocal ServiceRestrictedRestricted
TelephonyTelephony
Windows AudioWindows Audio
TCP/IP NetBIOS TCP/IP NetBIOS helperhelper
WebClientWebClient
Error ReportingError Reporting
Event LogEvent Log
WorkstationWorkstation
Remote RegistryRemote Registry
SSDPSSDP
ProfilingProfiling
Every service has a unique service identifier Every service has a unique service identifier called a “service SID”called a “service SID”
S-1-80-S-1-80-<SHA-1 hash of logical service name><SHA-1 hash of logical service name>
A “service profile” is a set of ACLs that—A “service profile” is a set of ACLs that—Allow a service to use a resourceAllow a service to use a resourceConstrain the service to the resources it needsConstrain the service to the resources it needsDefine which network ports a service can useDefine which network ports a service can useBlock the service from using other portsBlock the service from using other ports
Now, service can run as LocalService or Now, service can run as LocalService or NetworkService and still receive additional NetworkService and still receive additional access when necessaryaccess when necessary
Restricting servicesRestricting servicesSCM computesSCM computes
service SIDservice SID
SCM adds theSCM adds theSID to serviceSID to service
process’s tokenprocess’s token
SCM creates write-SCM creates write-restricted tokenrestricted token
SCM removes SCM removes unneeded unneeded
privileges from privileges from process tokenprocess token
Service places ACL Service places ACL on resource—only on resource—only
service can write to service can write to itit
Restricting services: know thisRestricting services: know this
A restrictable service will set two properties A restrictable service will set two properties (stored in the registry)—(stored in the registry)—
One to indicate that it can be restrictedOne to indicate that it can be restrictedOne to show which privileges it requiresOne to show which privileges it requires
Note!Note! This is a voluntary process. The service This is a voluntary process. The service is choosing to restrict itself. It’s good is choosing to restrict itself. It’s good
development practice because it reduces the development practice because it reduces the likelihood of a service being abused by likelihood of a service being abused by
malware, but it isn’t a full-on system-wide malware, but it isn’t a full-on system-wide restriction mechanism. Third-party services can restriction mechanism. Third-party services can
still run wild and free…still run wild and free…
Network enforcement scenariosNetwork enforcement scenarios
No portsNo ports Services that neither listen nor connectServices that neither listen nor connect
Fixed Fixed portsports
Services that listen or send on known fixed Services that listen or send on known fixed ports should be constrained to those ports ports should be constrained to those ports onlyonly
ConfigurConfigurable able
portsports
Administrator configures port in service’s Administrator configures port in service’s administration UI; network rules and administration UI; network rules and firewall automatically update their own firewall automatically update their own configurationsconfigurations
DynamiDynamic portsc ports
Services that listen or send on dynamically-Services that listen or send on dynamically-allocated portsallocated ports
AuditingAuditing
Management eventsManagement eventsInitial rules configurationInitial rules configurationRule changesRule changesRule deletionsRule deletions
Enforcement eventsEnforcement eventsTraffic allowedTraffic allowedTraffic deniedTraffic denied
global vulnglobal vulnmitigations andmitigations and
system lockdownssystem lockdowns
networknetworkenforcementenforcement
rulesrules
Interaction with host firewallsInteraction with host firewalls
Configuration changes Configuration changes implemented implemented immediatelyimmediatelyRules can’t be disabled Rules can’t be disabled by WF or third-partyby WF or third-partyRules can’t be stopped Rules can’t be stopped while services are while services are runningrunningFor dynamic ports, For dynamic ports, netenf pushes netenf pushes configuration to WFconfiguration to WF
hosthostfirewallfirewallrulesrules
Example rulesExample rulesBlock any network access for BFE"V2.0; Action=Block; App=%windir%\System32\svchost.exe; Svc=bfe;Name=Block any traffic to and from bfe;“
Allow outbound PolicyAgent traffic"V2.0; Action=Allow; Dir=Out; RPort=389; Protocol=tcp; Protocol=udp;App=%windir%\System32\svchost.exe; Svc=PolicyAgent;Name=Allow PolicyAgent tcp/udp LDAP traffic to AD;“
"V2.0; Action=Block; App=%windir%\System32\svchost.exe; Svc=PolicyAgent;Name=Block any other traffic to and from PolicyAgent;“
Allow inbound/outbound traffic to Rpcss"V2.0; Action=Allow; Dir=Out; RPort=135; Protocol=tcp; Protocol=udp;App=%windir%\System32\svchost.exe; Svc=rpcss;Name=Allow outbound rpcss tcp/udp traffic;“
"V2.0; Action=Allow; Dir=in; LPort=135; Protocol=tcp; Protocol=udp;App=%windir%\System32\svchost.exe; Svc=rpcss; Name=Allow inbound tcp/udp rpcss;“
"V2.0; Action=Block; App=%windir%\System32\svchost.exe; Svc=rpcss;Name=Block any other traffic to and from rpcss;"
Protect the OS and Datafrom Unknown Code
Protect the OS and Datafrom Unknown Code
The threatsThe threats
A user unknowingly runs code from an A user unknowingly runs code from an unknown source that attempts to modify or unknown source that attempts to modify or delete filesdelete filesCode running as LUA attempts a local Code running as LUA attempts a local elevation of privilege by injecting code into elevation of privilege by injecting code into a process running as administratora process running as administratorTrojans that attempt to execute with full Trojans that attempt to execute with full administrator privilegeadministrator privilegeSystem code reads data from the Internet System code reads data from the Internet (an untrustworthy source) that contains (an untrustworthy source) that contains corrupt data designed to elevate privilege corrupt data designed to elevate privilege by exploiting a bugby exploiting a bug
Mandatory integrity controlMandatory integrity control
Method to prevent low-integrity code from Method to prevent low-integrity code from modifying high-integrity codemodifying high-integrity code
Protect TCB files and data from modification by Protect TCB files and data from modification by privileged usersprivileged usersProtect user data from modification by unknown Protect user data from modification by unknown malicious codemalicious codeProtect processes running as privileged user Protect processes running as privileged user from modification by processes running as from modification by processes running as standard user under the same user SIDstandard user under the same user SID
Classical computer security concept known Classical computer security concept known since the 1970ssince the 1970s
Lots of recent work in various operating systemsLots of recent work in various operating systems
Don’t confuse with code Don’t confuse with code integrityintegrity
CICI Verifies executable code during module Verifies executable code during module loadingloading
MIMICC
Implements a type of information flow policyImplements a type of information flow policyImplements an enforcement mechanismImplements an enforcement mechanismIntegrity level changes trigger a security Integrity level changes trigger a security audit eventaudit event
Mandatory integrity control policy is based on Mandatory integrity control policy is based on trustworthinesstrustworthiness. Subjects with . Subjects with lowlow degrees of degrees of trustworthiness can’t change data of a trustworthiness can’t change data of a higherhigher
degrees. Subjects with degrees. Subjects with highhigh degrees of degrees of trustworthiness can’t be forced to rely on data of trustworthiness can’t be forced to rely on data of
lowerlower degrees. degrees.
Defined integrity levelsDefined integrity levels
SysteSystemm
HighHigh MediumMedium LowLow UntrustedUntrusted
400400 300300 200200 100100 00
LocalLocalSysteSystemm
Local Local ServiceService
NetworkNetworkServiceService
ElevatedElevated(full) user (full) user tokenstokens
Standard Standard user tokensuser tokens
AuthenticateAuthenticateddUsersUsers
WorldWorld(Everyon(Everyone)e)
AnonymouAnonymouss
All otherAll othertokenstokens
Shell runs hereShell runs here
Consider four scenariosConsider four scenariosAn attachment arrives in mail. While saving, file is An attachment arrives in mail. While saving, file is written with written with lowlow integrity. When executed, it runs at integrity. When executed, it runs at lowlow integrity and can’t write to user’s data. integrity and can’t write to user’s data. MIC MIC prevents process from performing capabilities at prevents process from performing capabilities at user’s level.user’s level.IE downloads file from site in Internet zone. IE IE downloads file from site in Internet zone. IE process that writes file to TIF runs at process that writes file to TIF runs at lowlow integrity; integrity; thus file is receives thus file is receives lowlow integrity. integrity. MIC doesn’t trust MIC doesn’t trust content or code from the Internet.content or code from the Internet.A malicious program is running at A malicious program is running at standardstandard user X user X and attempts to open process running as and attempts to open process running as privilegedprivileged user X for write, to bypass UAP and execute code will user X for write, to bypass UAP and execute code will full privileges. full privileges. MIC stops this because desired access MIC stops this because desired access is write.is write.Admin (IL=high) runs downloaded program. Process Admin (IL=high) runs downloaded program. Process runs as runs as standardstandard (not full) admin (IL=low). (not full) admin (IL=low). MIC MIC prevents processes from write-accessing resources prevents processes from write-accessing resources ACLed for the administrator.ACLed for the administrator.
But I want to administer my But I want to administer my box!box!
Full privilege tokens, including members of Full privilege tokens, including members of the local Administrators group, are the local Administrators group, are controlled by MICcontrolled by MIC
Can’t delete files (considered a write access)Can’t delete files (considered a write access)Can’t lower IL of objects or filesCan’t lower IL of objects or files
Built-in “Administrator” account has an Built-in “Administrator” account has an additional privilegeadditional privilege
Grants caller access to objectGrants caller access to objectCould grant to other users, but be careful!Could grant to other users, but be careful!Granting and use of privilege is auditedGranting and use of privilege is audited
Non-goalsNon-goals
Provide for confidentiality of dataProvide for confidentiality of dataThis is the Bell-LaPadula modelThis is the Bell-LaPadula modelAlthough with no-read-up ACEs, you can use MIC Although with no-read-up ACEs, you can use MIC to achieve similar behaviorto achieve similar behavior
Prevent high IL processes from reading data Prevent high IL processes from reading data at a lower IL if the policy allows thatat a lower IL if the policy allows thatImplement dynamic integrityImplement dynamic integrityPrevent offline attacks through Prevent offline attacks through modifications of ILs on filesmodifications of ILs on files
But BitLocker could help here…But BitLocker could help here…
Protect the OSfrom the InternetProtect the OSfrom the Internet
The threatsThe threats
Alas, most Windows users still run as adminAlas, most Windows users still run as adminMeaning: the Internet runs as admin on your PC!Meaning: the Internet runs as admin on your PC!
““Drive-by” installs of spyware and virus Drive-by” installs of spyware and virus codecodeExploits of vulnerabilities give attackers full Exploits of vulnerabilities give attackers full remote accessremote accessEven non-admins still vulnerable to Even non-admins still vulnerable to malicious destruction of personal datamalicious destruction of personal data
Internet Explorer protected Internet Explorer protected modemode
Built on mandatory integrity controlBuilt on mandatory integrity controlInternet Explorer runs at low integrity levelInternet Explorer runs at low integrity level
Reduce the severity of threats to IE add-onsReduce the severity of threats to IE add-onsEliminate the silent install of malicious code Eliminate the silent install of malicious code through software vulnerabilitiesthrough software vulnerabilitiesPreserve compatibility whenever possiblePreserve compatibility whenever possibleProvide the capability and guidance for add-Provide the capability and guidance for add-ons to restore functionalityons to restore functionalityMinimize required user involvementMinimize required user involvementSometimes called “low-rights IE”Sometimes called “low-rights IE”
Protected mode summaryProtected mode summary
Restricts IE from writing outside of the Restricts IE from writing outside of the Temporary Internet Files (TIF) folderTemporary Internet Files (TIF) folder
IE’s process has lower write privileges than LUAIE’s process has lower write privileges than LUAIt builds on the Mandatory Integrity Control (MIC) It builds on the Mandatory Integrity Control (MIC) which restricts writes to higher integrity folderswhich restricts writes to higher integrity folders
Protected mode uses COM to call two new Protected mode uses COM to call two new broker processes which allow IE to write broker processes which allow IE to write outside of the TIFoutside of the TIFA compatibility layer allows add-ons to A compatibility layer allows add-ons to elevateelevateThis is not a “sandboxing” technology. IE is refactored This is not a “sandboxing” technology. IE is refactored
into a multi-process application, with varying ILs for into a multi-process application, with varying ILs for each process.each process.
Refactoring IERefactoring IE
LP IELP IE
IEUserIEUserIL=high if adminIL=high if adminIL=medium otherwise IL=medium otherwise
LP IELP IEInternet ZoneInternet Zone
IL=lowIL=low
Intranet/Trusted ZoneIntranet/Trusted ZoneIL=mediumIL=mediumSeparate TIFSeparate TIF
IEPolicyIEPolicy IL=highIL=high
Again: the principle of least privilegeAgain: the principle of least privilegeRefactoring at the process level—more Refactoring at the process level—more efficient and less expensive than a virtual efficient and less expensive than a virtual machinemachine
Installing from the WebInstalling from the Web
LP IELP IE IEPolicyIEPolicy
Run?Run?
greatstuff.comgreatstuff.com
……\TIF\greatstuff.exe\TIF\greatstuff.exe
TrustTrustGreatStuff?GreatStuff?
IL=lowIL=low
……\My Docs\greatstuff.exe\My Docs\greatstuff.exeIL=high if adminIL=high if adminIL=medium otherwise IL=medium otherwise
AISAIS
Run withRun withfull privs?full privs?
greatstuff.exegreatstuff.exe
\Progs\GS\stuff.exe\Progs\GS\stuff.exestuff.dllstuff.dll
IL=highIL=high
full privfull priv
In-proc compatibility layerIn-proc compatibility layer
Redirects file and registry key writes to new Redirects file and registry key writes to new low integrity locations—low integrity locations—
HKCU\Software\Microsoft\Internet Explorer\Low HKCU\Software\Microsoft\Internet Explorer\Low Rights\VirtualRights\VirtualDocuments and Settings\%user profile%\Local Documents and Settings\%user profile%\Local Settings\Temporary Internet Files\VirtualSettings\Temporary Internet Files\Virtual
Added to the location IE is tryingAdded to the location IE is trying
If IE tries to write If IE tries to write here…here…
……it gets redirected hereit gets redirected here
HKCU\Software\FooBarHKCU\Software\FooBar HKCUHKCU\Software\MS\IE\Low Rights\Virtual\Software\\Software\FooBarFooBar
C:\Documents and C:\Documents and Settings\%user profileSettings\%user profile%\FooBar%\FooBar
C:\Documents and Settings\C:\Documents and Settings\%user profile%%user profile%\Local Settings\Temporary Internet Files\Virtual\FooBar\FooBar
Anything Else Good?Anything Else Good?
Thanks to Steve Riley for the slidesThanks to Steve Riley for the [email protected]@microsoft.com
http://blogs.technet.com/sterileyhttp://blogs.technet.com/steriley
Additional ResourcesAdditional Resources
Web ResourcesWeb ResourcesWindows Vista BitLocker Client Platform RequirementsWindows Vista BitLocker Client Platform Requirements
http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerReq.mspx
Specs and Whitepapers Specs and Whitepapers http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspx
Windows Logo Program TestingWindows Logo Program Testinghttp://www.microsoft.com/whdc/GetStart/testing.mspx
Trusted Computing Group (TCG) WebsiteTrusted Computing Group (TCG) Websitehttp://www.trustedcomputinggroup.org
BitLocker™ Questions or IdeasBitLocker™ Questions or Ideas e-mail: e-mail: [email protected]
BitLocker™ BlogBitLocker™ Bloghttp://blogs.msdn.com/si_team/default.aspx
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.