Modern OS Security and Authorization Logic
Goals
- Understand a basic logic for reasoning about authorization
- Apply that logic for simple proofs
- Recognize when authorization logic can apply to real-world scenarios
- Understand the challenges and mechanisms for granting permissions in modern OSes
Authorization Logic
- Overview
- Recall the distinction between authentication and authorization
- What separates access control policy from access control mechanism?
- Why is access control harder in distributed systems?
- Defining Our Logic
- How are inference rules interpretted?
- Be prepared to explain the justification for the rules within the logic presented in the slides
- What does a Certificate Authority look like in our logic?
- How can we incorporate roles within our logic?
- Logic usage
- What are three different models of authorization checking?
- What are the tradeoffs amongst them?
- What is the connection between programs and roles?
- How are certificates revoked?
- What are the tradeoffs between certificate countersigning and revocation lists?
- How does DNSSEC work?
- What does it look like inside our logic?
- How could DNSSEC have avoided a fully trusted root node?
Permission Granting
- Why does the OS need input from the user about resource permissions?
- What are the state-of-the-art permission granting systems?
- What are some of their limitations?
- What properties should a permission granting system have?
- How can the OS understand generalized in-app permission-granting behaviors?
- What is an access-control gadget?
- How can social engineering bypass ACGs?