Windows VistaWindows VistaSystem IntegritySystem IntegrityTechnologiesTechnologies
WCI 442WCI 442
Why?
The bad guys are everywhere!The bad guys are everywhere!
They literally want to do you harmThey literally want to do you harmThreats exist in two interesting places—Threats exist in two interesting places—
Online: system started and shows a login screen or a user Online: system started and shows a login screen or a user isislogged inlogged inOffline: system is powered down or in hibernationOffline: system is powered down or in hibernation
Policies must address bothPolicies must address both
Cool stuff!Cool stuff!
Code integrity: protection against online Code integrity: protection against online attackattackBitLocker (secure startup): protection BitLocker (secure startup): protection against offline attackagainst offline attackWindows service hardeningWindows service hardeningMandatory integrity controlMandatory integrity controlInternet Explorer protected modeInternet Explorer protected mode
Protect the OSWhen Running
The threatsThe threats
Trojan that replaces a system file to install a Trojan that replaces a system file to install a rootkit and take control of the computer rootkit and take control of the computer (e.g. Fun Love or others that use root kits)(e.g. Fun Love or others that use root kits)Offline attack caused by booting an Offline attack caused by booting an alternate operating system and attempting alternate operating system and attempting to corrupt or modify Windows kernel filesto corrupt or modify Windows kernel filesThird-party kernel drivers that are not Third-party kernel drivers that are not securesecureRogue administrator who changes kernel Rogue administrator who changes kernel mode code to hide other actsmode code to hide other acts
Code integrityCode integrity
Validates the integrity of certain OS filesValidates the integrity of certain OS filesImplemented as a file system filter driverImplemented as a file system filter driverHashes stored in system catalog or in X.509 Hashes stored in system catalog or in X.509 certificate embedded in filecertificate embedded in file
Also validates the integrity of the boot Also validates the integrity of the boot processprocess
Checks the kernel, the HAL, boot-start driversChecks the kernel, the HAL, boot-start drivers
If validation fails, image won’t loadIf validation fails, image won’t load
What does it check?What does it check?
All kernel mode code (All kernel mode code (x64 onlyx64 only))All code loaded into a protected processAll code loaded into a protected processModules implementing cryptographic Modules implementing cryptographic functionsfunctionsModules loaded into the software licensing Modules loaded into the software licensing serviceservice
More on kernel mode codeMore on kernel mode code
x6x644
All kernel mode code must be signed or it won’t All kernel mode code must be signed or it won’t loadloadThird-party code must be WHQL-certified or Third-party code must be WHQL-certified or contain a certificate from a Microsoft CAcontain a certificate from a Microsoft CANo exceptions, periodNo exceptions, periodApplies to drivers, utilities, anything in the kernelApplies to drivers, utilities, anything in the kernel
x3x322
Signing applies only to drivers shipped with Signing applies only to drivers shipped with WindowsWindowsCan control by policy what to do with third-partyCan control by policy what to do with third-partyOther unsigned kernel mode code will loadOther unsigned kernel mode code will load
More on protected processesMore on protected processes
Only one right now: Media FoundationOnly one right now: Media Foundation
Loaded binaries are codecsLoaded binaries are codecsMicrosoft-supplied: signed by MicrosoftMicrosoft-supplied: signed by MicrosoftThird-party: signed by a Windows Media DRM Third-party: signed by a Windows Media DRM certificatecertificate
Affects potential playback of next-Affects potential playback of next-generation high definition protected contentgeneration high definition protected content
Content and/or playback app control what to do Content and/or playback app control what to do in presence of unsigned kernel mode driversin presence of unsigned kernel mode drivers
Code integrity non-goalsCode integrity non-goals
Protecting from attackers with physical Protecting from attackers with physical accessaccessVerifying the integrity of NTLDRVerifying the integrity of NTLDR
Requires secure startup on TPM-enabled Requires secure startup on TPM-enabled machinesmachinesRequires read-only fixed media otherwiseRequires read-only fixed media otherwise
Supporting rebinding or hotpatchingSupporting rebinding or hotpatchingThese change the on-disk imageThese change the on-disk imageCI will work if patch includes updated hashCI will work if patch includes updated hash
Online checks at boot-time for revocation Online checks at boot-time for revocation listslists
Revocation list updated after boot and stored Revocation list updated after boot and stored locallylocally
Protect the OSWhen Not Running
The threatsThe threats
Computer is lost or stolenComputer is lost or stolenTheft or compromise of dataTheft or compromise of dataAttack against corporate networkAttack against corporate network
Damage to OS if attacker installs alternate Damage to OS if attacker installs alternate OSOSDifficult and time-consuming to truly erase Difficult and time-consuming to truly erase decommissioned disksdecommissioned disksExisting ways to mitigate these threats are Existing ways to mitigate these threats are too easy for user to circumventtoo easy for user to circumvent
Secure startup (“BitLocker”)Secure startup (“BitLocker”)
Ensure Ensure boot boot
integritintegrityy
Resilient Resilient against against attackattack
Protect system from offline Protect system from offline software-based attackssoftware-based attacks
Lock Lock tampered tampered systemssystems
Prevent boot if monitored Prevent boot if monitored files have been alteredfiles have been altered
Protect Protect data data
when when offlineoffline
Encrypt Encrypt user data user data and system and system filesfiles
All data on the volume is All data on the volume is encrypted: user, system, encrypted: user, system, page, hibernation, temp, page, hibernation, temp, crash dumpcrash dump
Umbrella Umbrella protectionprotection
Third-party apps benefit Third-party apps benefit when installed on encrypted when installed on encrypted volumevolume
Ease Ease equipmequipm
ent ent recyclinrecyclin
gg
Simplify Simplify recyclingrecycling
Render data useless by Render data useless by deleting TPM key storedeleting TPM key store
Speed data Speed data deletiondeletion
Decommissioning takes Decommissioning takes seconds, not hoursseconds, not hours
Won’t EFS protect me?Won’t EFS protect me?
Yes—for those who know what they’re doingYes—for those who know what they’re doingUsers often store data on the desktop—is it Users often store data on the desktop—is it EFSed?EFSed?EFS doesn’t protect the operating systemEFS doesn’t protect the operating systemEFS is very strong against attacksEFS is very strong against attacks
Four levels of key protectionFour levels of key protectionProperly configured, EFS is computationally Properly configured, EFS is computationally infeasible to crackinfeasible to crack
Encryption scenariosEncryption scenariosBitLoBitLockercker
EEFFSS
RRMMSS
LaptopsLaptops Branch office serversBranch office servers Local single user file protection (Windows Local single user file protection (Windows partition only)partition only)
Local multi-user file protectionLocal multi-user file protection Remote file protectionRemote file protection Untrusted administratorUntrusted administrator Remote document policy enforcementRemote document policy enforcement
OS co-existenceOS co-existence
BitLocker encrypts BitLocker encrypts Windows volume onlyWindows volume onlyYou won’t be able to dual-boot another OS You won’t be able to dual-boot another OS on the same volumeon the same volumeOSes on other volumes will work fineOSes on other volumes will work fineData on protected volume is unavailable Data on protected volume is unavailable outside the OSoutside the OSAttempts to modify the protected Windows Attempts to modify the protected Windows volume will render it unbootablevolume will render it unbootable
Enabling BitLockerEnabling BitLocker
Create a 1.5GB active partitionCreate a 1.5GB active partitionThis becomes your “system” partition—where This becomes your “system” partition—where OS bootsOS bootsThe TPM boot manager uses only 50MBThe TPM boot manager uses only 50MBWindows runs from on your “boot” partition—Windows runs from on your “boot” partition—where the system liveswhere the system lives
Initialize TPM chip if you’re using itInitialize TPM chip if you’re using itIn management console or BIOSIn management console or BIOS
Enable BitLocker in Security CenterEnable BitLocker in Security CenterUpdate hard disk MBRUpdate hard disk MBREncrypt Windows “boot” partitionEncrypt Windows “boot” partition
Recovery optionsRecovery options
Useful in case of some kind of hardware Useful in case of some kind of hardware failurefailureIt’s a password; stored in different ways—It’s a password; stored in different ways—
Removable mediaRemovable mediaPrintedPrintedActive DirectoryActive Directory
Also, service packs and driver upgrades Also, service packs and driver upgrades trigger a loader that recomputes and trigger a loader that recomputes and reseals TPM secretsreseals TPM secrets
Can use TPM 1.2 chipCan use TPM 1.2 chip
Microcontroller affixed to motherboardMicrocontroller affixed to motherboardStores keys and digital certificatesStores keys and digital certificatesFor BitLocker, TPM stores storage root keyFor BitLocker, TPM stores storage root key
SRK decrypts volume encryption keySRK decrypts volume encryption key only when only when system boots normally;system boots normally; compares each boot compares each boot process against previously stored measurementsprocess against previously stored measurementsNo user interaction or visibility (unless you No user interaction or visibility (unless you require a PIN or additional start-up key)require a PIN or additional start-up key)Recovery key can be archived in Active Directory Recovery key can be archived in Active Directory for the inevitable “omg” momentfor the inevitable “omg” momentProhibits meaningful use of software debuggers Prohibits meaningful use of software debuggers during bootduring boot
TPM architectureTPM architecture
Reset all registers, transfer execution Reset all registers, transfer execution to Core Root of Trust Measurementto Core Root of Trust MeasurementMeasure next stage of firmware into Measure next stage of firmware into PCR[0] and data into PCR[1]PCR[0] and data into PCR[1]
Hardware test and configurationHardware test and configuration
Code always measured first, then Code always measured first, then executedexecutedNew PCR value is SHA-1 hashed then New PCR value is SHA-1 hashed then concatenated with previous hash; concatenated with previous hash; permanently written to PCRpermanently written to PCROption ROMs and data into PCR[2] Option ROMs and data into PCR[2] and [3]and [3]MBR into PCR[4], partition table in MBR into PCR[4], partition table in PCR[5]PCR[5]
PCR[0]PCR[0]PCR[1]PCR[1]PCR[2]PCR[2]PCR[3]PCR[3]PCR[4]PCR[4]PCR[5]PCR[5]PCR[6]PCR[6]PCR[7]PCR[7]PCR[8]PCR[8]PCR[9]PCR[9]
PCR[10]PCR[10]PCR[11]PCR[11]PCR[12]PCR[12]PCR[13]PCR[13]PCR[14]PCR[14]PCR[15]PCR[15]
Pla
tform
Configura
tion R
egis
ters
Pla
tform
Configura
tion R
egis
ters
TPM architectureTPM architecture
MBR takes over; loads first sector of MBR takes over; loads first sector of active boot partition into memory; active boot partition into memory; measures first 512 bytes into PCR[8]measures first 512 bytes into PCR[8]Boot sector loads; measures Boot sector loads; measures remainder into PCR[9] and transfers remainder into PCR[9] and transfers executionexecutionBoot code measures BOOTMGR into Boot code measures BOOTMGR into PCR[10] and transfers executionPCR[10] and transfers executionAny additional boot applications Any additional boot applications must load only from BitLocker must load only from BitLocker volumevolume
BitLocker keys are in PCR[11]BitLocker keys are in PCR[11]
Finally, BOOTMGR transfers control Finally, BOOTMGR transfers control to operating system; OS checks to operating system; OS checks integrity of all executables loadedintegrity of all executables loaded
PCR[0]PCR[0]PCR[1]PCR[1]PCR[2]PCR[2]PCR[3]PCR[3]PCR[4]PCR[4]PCR[5]PCR[5]PCR[6]PCR[6]PCR[7]PCR[7]PCR[8]PCR[8]PCR[9]PCR[9]
PCR[10]PCR[10]PCR[11]PCR[11]PCR[12]PCR[12]PCR[13]PCR[13]PCR[14]PCR[14]PCR[15]PCR[15]
Pla
tform
Configura
tion R
egis
ters
Pla
tform
Configura
tion R
egis
ters
TPM architectureTPM architecture
TPM measures all code and reports TPM measures all code and reports resultsresults
Default BitLocker consumption: Default BitLocker consumption: 4,8,9,10,114,8,9,10,11
You can add others, with caveatsYou can add others, with caveatsOption ROMs in 2,3Option ROMs in 2,3
Any change invalidates the PCRsAny change invalidates the PCRsIncludes inserting smartcard reader or Includes inserting smartcard reader or USB driveUSB drive
BIOS ROMs in 0,1BIOS ROMs in 0,1Reflashing BIOS invalidates the PCRsReflashing BIOS invalidates the PCRsPCR[0]PCR[0]
PCR[1]PCR[1]PCR[2]PCR[2]PCR[3]PCR[3]PCR[4]PCR[4]PCR[5]PCR[5]PCR[6]PCR[6]PCR[7]PCR[7]PCR[8]PCR[8]PCR[9]PCR[9]
PCR[10]PCR[10]PCR[11]PCR[11]PCR[12]PCR[12]PCR[13]PCR[13]PCR[14]PCR[14]PCR[15]PCR[15]
Pla
tform
Configura
tion R
egis
ters
Pla
tform
Configura
tion R
egis
ters
BitLocker can’t stop everythingBitLocker can’t stop everything
Hardware debuggersHardware debuggersOnline attacks—BitLocker is concerned only Online attacks—BitLocker is concerned only with the system’s startup processwith the system’s startup processPost logon attacksPost logon attacksSabotage by administratorsSabotage by administratorsPoor security maintenancePoor security maintenance
Deployment considerationsDeployment considerations
Requires hardware and software upgradesRequires hardware and software upgradesPhase in, start with high priority computersPhase in, start with high priority computers
Mostly a feature for laptopsMostly a feature for laptopsAlso consider for desktop computers in Also consider for desktop computers in insecure environments (factory floor, kiosk, insecure environments (factory floor, kiosk, …)…)Enterprise key managementEnterprise key management
Protect ServicesFrom Exploit
The threatsThe threats
Remember Blaster?Remember Blaster?Took over RPCSS—made it write msblast.exe to Took over RPCSS—made it write msblast.exe to file system and added run keys to the registryfile system and added run keys to the registry
No software is perfect; someone still might No software is perfect; someone still might find a vulnerability in a servicefind a vulnerability in a serviceMalware often looks to exploit such Malware often looks to exploit such vulnerabilitiesvulnerabilitiesServices are attractiveServices are attractive
Run without user interactionRun without user interactionMany services often have free reign over the Many services often have free reign over the system—too much accesssystem—too much accessMost services can communicate over any portMost services can communicate over any port
Service hardeningService hardening
Service Service refactorefacto
ringring
Move service from LocalSystem to Move service from LocalSystem to something less privilegedsomething less privilegedIf necessary, split service so that only the If necessary, split service so that only the part requiring LocalSystem receives that part requiring LocalSystem receives that
Service Service profilinprofilin
gg
Enables service to restrict its behaviorEnables service to restrict its behaviorResources can have ACLs that allow the Resources can have ACLs that allow the service’s ID to access only what it needsservice’s ID to access only what it needsAlso includes rules for specifying required Also includes rules for specifying required network behaviornetwork behavior
It’s about the principle of least privilege—It’s about the principle of least privilege—it’s good for people, and it’s good for servicesit’s good for people, and it’s good for services
MemoryMemory
RefactoringRefactoring
Ideally, remove the service out of Ideally, remove the service out of LocalSystemLocalSystem
If it doesn’t perform privileged operationsIf it doesn’t perform privileged operationsMake ACL changes to registry keys and driver Make ACL changes to registry keys and driver objectsobjects
Otherwise, split into two piecesOtherwise, split into two piecesThe main serviceThe main serviceThe bits that perform privileged operationsThe bits that perform privileged operationsAuthenticate the call between themAuthenticate the call between themMain serviceMain service
runs as LocalServiceruns as LocalServicePrivilegedPrivilegedLocalSystemLocalSystem
SVCHOST group refactoringSVCHOST group refactoringWindows XP Service Pack 2Windows XP Service Pack 2
LocalSystLocalSystemem
Wireless Wireless ConfigurationConfiguration
System Event System Event NotificationNotification
Network Network ConnectionsConnections
COM+ Event COM+ Event SystemSystem
NLANLA
RasautoRasauto
Shell Hardware Shell Hardware DetectionDetection
ThemesThemes
TelephonyTelephony
Windows AudioWindows Audio
Error ReportingError Reporting
WorkstationWorkstation
ICSICS
BITSBITS
RemoteAccessRemoteAccess
DHCP ClientDHCP Client
W32timeW32time
RasmanRasman
BrowserBrowser
6to46to4
Help and SupportHelp and Support
Task SchedulerTask Scheduler
TrkWksTrkWks
Cryptographic Cryptographic ServicesServices
Removable Removable StorageStorage
WMI Perf AdapterWMI Perf Adapter
Automatic Automatic updatesupdates
WMIWMI
App ManagementApp Management
Secondary LogonSecondary Logon
NetworkNetworkServiceService
DNS ClientDNS Client
Local Local ServiceService
SSDPSSDP
WebClientWebClient
TCP/IP NetBIOS helperTCP/IP NetBIOS helper
Remote RegistryRemote Registry
Windows VistaWindows Vista
LocalSystemLocalSystemNetwork Network restrictedrestricted
Removable Removable StorageStorage
WMI Perf AdapterWMI Perf Adapter
Automatic Automatic updatesupdates
TrkWksTrkWks
WMIWMI
App App ManagementManagement
Secondary Secondary LogonLogon
LocalSystemLocalSystemDemand startedDemand started
BITSBITS
Network Network ServiceService
RestrictedRestricted
DNS ClientDNS Client
ICSICS
RemoteAccessRemoteAccess
DHCP ClientDHCP Client
W32timeW32time
RasmanRasman
NLANLA
BrowserBrowser
6to46to4
Task schedulerTask scheduler
IPSEC ServicesIPSEC Services
ServerServer
Cryptographic Cryptographic ServicesServices
Local ServiceLocal Service
RestrictedRestricted No network No network accessaccess
Wireless Wireless ConfigurationConfiguration
System Event System Event NotificationNotification
Shell Hardware Shell Hardware DetectionDetection
Network Network ConnectionsConnections
RasautoRasauto
ThemesThemes
COM+ Event COM+ Event SystemSystem
Local ServiceLocal ServiceRestrictedRestricted
TelephonyTelephony
Windows AudioWindows Audio
TCP/IP NetBIOS TCP/IP NetBIOS helperhelper
WebClientWebClient
Error ReportingError Reporting
Event LogEvent Log
WorkstationWorkstation
Remote RegistryRemote Registry
SSDPSSDP
ProfilingProfiling
Every service has a unique service identifier Every service has a unique service identifier called a “service SID”called a “service SID”
S-1-80-S-1-80-<SHA-1 hash of logical service name><SHA-1 hash of logical service name>
A “service profile” is a set of ACLs that—A “service profile” is a set of ACLs that—Allow a service to use a resourceAllow a service to use a resourceConstrain the service to the resources it needsConstrain the service to the resources it needsDefine which network ports a service can useDefine which network ports a service can useBlock the service from using other portsBlock the service from using other ports
Now, service can run as LocalService or Now, service can run as LocalService or NetworkService and still receive additional NetworkService and still receive additional access when necessaryaccess when necessary
Restricting servicesRestricting servicesSCM computesSCM computes
service SIDservice SID
SCM adds theSCM adds theSID to serviceSID to service
process’s tokenprocess’s token
SCM creates write-SCM creates write-restricted tokenrestricted token
SCM removes SCM removes unneeded unneeded
privileges from privileges from process tokenprocess token
Service places ACL Service places ACL on resource—only on resource—only
service can write to service can write to itit
Example: event logExample: event log
SysEvent.SysEvent.evtevt
EventloEventlogg
serviceservice
Write-Write-restrictrestrict
ededtokentoken
ACLACLEventlog:WEventlog:W
Restricting services: know thisRestricting services: know this
A restrictable service will set two properties A restrictable service will set two properties (stored in the registry)—(stored in the registry)—
One to indicate that it can be restrictedOne to indicate that it can be restrictedOne to show which privileges it requiresOne to show which privileges it requires
Note!Note! This is a voluntary process. The service This is a voluntary process. The service is choosing to restrict itself. It’s good is choosing to restrict itself. It’s good
development practice because it reduces the development practice because it reduces the likelihood of a service being abused by likelihood of a service being abused by
malware, but it isn’t a full-on system-wide malware, but it isn’t a full-on system-wide restriction mechanism. Third-party services can restriction mechanism. Third-party services can
still run wild and free…still run wild and free…
Network enforcement scenariosNetwork enforcement scenarios
No portsNo ports Services that neither listen nor connectServices that neither listen nor connect
Fixed Fixed portsports
Services that listen or send on known fixed Services that listen or send on known fixed ports should be constrained to those ports ports should be constrained to those ports onlyonly
ConfigurConfigurable able
portsports
Administrator configures port in service’s Administrator configures port in service’s administration UI; network rules and administration UI; network rules and firewall automatically update their own firewall automatically update their own configurationsconfigurations
DynamiDynamic portsc ports
Services that listen or send on dynamically-Services that listen or send on dynamically-allocated portsallocated ports
AuditingAuditing
Management eventsManagement eventsInitial rules configurationInitial rules configurationRule changesRule changesRule deletionsRule deletions
Enforcement eventsEnforcement eventsTraffic allowedTraffic allowedTraffic deniedTraffic denied
global vulnglobal vulnmitigations andmitigations and
system lockdownssystem lockdowns
networknetworkenforcementenforcement
rulesrules
Interaction with host firewallsInteraction with host firewalls
Configuration changes Configuration changes implemented implemented immediatelyimmediatelyRules can’t be disabled Rules can’t be disabled by WF or third-partyby WF or third-partyRules can’t be stopped Rules can’t be stopped while services are while services are runningrunningFor dynamic ports, For dynamic ports, netenf pushes netenf pushes configuration to WFconfiguration to WF
hosthostfirewallfirewallrulesrules
Example rulesExample rulesBlock any network access for BFE"V2.0; Action=Block; App=%windir%\System32\svchost.exe; Svc=bfe;Name=Block any traffic to and from bfe;“
Allow outbound PolicyAgent traffic"V2.0; Action=Allow; Dir=Out; RPort=389; Protocol=tcp; Protocol=udp;App=%windir%\System32\svchost.exe; Svc=PolicyAgent;Name=Allow PolicyAgent tcp/udp LDAP traffic to AD;“
"V2.0; Action=Block; App=%windir%\System32\svchost.exe; Svc=PolicyAgent;Name=Block any other traffic to and from PolicyAgent;“
Allow inbound/outbound traffic to Rpcss"V2.0; Action=Allow; Dir=Out; RPort=135; Protocol=tcp; Protocol=udp;App=%windir%\System32\svchost.exe; Svc=rpcss;Name=Allow outbound rpcss tcp/udp traffic;“
"V2.0; Action=Allow; Dir=in; LPort=135; Protocol=tcp; Protocol=udp;App=%windir%\System32\svchost.exe; Svc=rpcss; Name=Allow inbound tcp/udp rpcss;“
"V2.0; Action=Block; App=%windir%\System32\svchost.exe; Svc=rpcss;Name=Block any other traffic to and from rpcss;"
Protect the OS and Datafrom Unknown Code
The threatsThe threats
A user unknowingly runs code from an A user unknowingly runs code from an unknown source that attempts to modify or unknown source that attempts to modify or delete filesdelete filesCode running as LUA attempts a local Code running as LUA attempts a local elevation of privilege by injecting code into elevation of privilege by injecting code into a process running as administratora process running as administratorTrojans that attempt to execute with full Trojans that attempt to execute with full administrator privilegeadministrator privilegeSystem code reads data from the Internet System code reads data from the Internet (an untrustworthy source) that contains (an untrustworthy source) that contains corrupt data designed to elevate privilege corrupt data designed to elevate privilege by exploiting a bugby exploiting a bug
Mandatory integrity controlMandatory integrity control
Method to prevent low-integrity code from Method to prevent low-integrity code from modifying high-integrity codemodifying high-integrity code
Protect TCB files and data from modification by Protect TCB files and data from modification by privileged usersprivileged usersProtect user data from modification by unknown Protect user data from modification by unknown malicious codemalicious codeProtect processes running as privileged user Protect processes running as privileged user from modification by processes running as from modification by processes running as standard user under the same user SIDstandard user under the same user SID
Classical computer security concept known Classical computer security concept known since the 1970ssince the 1970s
Lots of recent work in various operating systemsLots of recent work in various operating systems
Don’t confuse with code Don’t confuse with code integrityintegrity
CICI Verifies code during module loadingVerifies code during module loading
MIMICC
Implements a type of information flow policyImplements a type of information flow policyImplements an enforcement mechanismImplements an enforcement mechanismIntegrity level changes trigger a security Integrity level changes trigger a security audit eventaudit event
Mandatory integrity control policy is based on Mandatory integrity control policy is based on trustworthinesstrustworthiness. Subjects with . Subjects with lowlow degrees of degrees of trustworthiness can’t change data of a trustworthiness can’t change data of a higherhigher
degrees. Subjects with degrees. Subjects with highhigh degrees of degrees of trustworthiness can’t be forced to rely on data of trustworthiness can’t be forced to rely on data of
lowerlower degrees. degrees.
The limitations of DACLsThe limitations of DACLs
No protection of system stabilityNo protection of system stabilityThird-party installers redistribute system Third-party installers redistribute system binariesbinariesWant to stop this, even if run by administratorWant to stop this, even if run by administrator
No protection from tricky softwareNo protection from tricky softwareNon-savvy users can be convinced to install Non-savvy users can be convinced to install malwaremalwareRuns with full capabilities of userRuns with full capabilities of user
Weakens power of UACWeakens power of UACCan’t distinguish limited version from full Can’t distinguish limited version from full (possibly administrator) version of user(possibly administrator) version of userBoth versions have same user SIDBoth versions have same user SID
Defined integrity levelsDefined integrity levels
SysteSystemm
HighHigh MediumMedium LowLow UntrustedUntrusted
0x4000x40000
0x30000x3000 0x20000x2000 0x10000x1000 00
LocalLocalSysteSystemm
Local Local ServiceService
NetworkNetworkServiceService
ElevatedElevated(full) user (full) user tokenstokens
Standard Standard user tokensuser tokens
AuthenticateAuthenticateddUsersUsers
WorldWorld(Everyon(Everyone)e)
AnonymouAnonymouss
Shell runs hereShell runs here
MIC expressionMIC expression
Add an integrity SID to a user token at Add an integrity SID to a user token at logonlogon
S-1-16-S-1-16-<level><level>Announces the integrity level of the tokenAnnounces the integrity level of the tokenDetermines level of access the token can Determines level of access the token can achieveachievePossible second SID used by Secure Desktop to Possible second SID used by Secure Desktop to determine protection ring of an applicationdetermine protection ring of an application
Store integrity SID in the SACL of every Store integrity SID in the SACL of every object’s security descriptor (user-created object’s security descriptor (user-created and OS)and OS)
Specifies the integrity level of the objectSpecifies the integrity level of the object
Checking MIC levelChecking MIC level
During access check, verify the user passes During access check, verify the user passes integrity check against an object for write integrity check against an object for write accessaccess
However, can add ACE to DACL to deny read However, can add ACE to DACL to deny read access to low integrity users access to low integrity users (more on this later)(more on this later)
User must User must dominatedominate object to obtain write object to obtain write accessaccess
User/process level >= object levelUser/process level >= object levelAll users pass integrity check for reading and All users pass integrity check for reading and executingexecuting
MIC trumps DACLMIC trumps DACLIf the DACL lets you write, but you don’t If the DACL lets you write, but you don’t dominate the object, your write failsdominate the object, your write fails
Consider four scenariosConsider four scenariosAn attachment arrives in mail. While saving, file is An attachment arrives in mail. While saving, file is written with written with lowlow integrity. When executed, it runs at integrity. When executed, it runs at lowlow integrity and can’t write to user’s data. integrity and can’t write to user’s data. MIC MIC prevents process from performing capabilities at prevents process from performing capabilities at user’s level.user’s level.IE downloads file from site in Internet zone. IE IE downloads file from site in Internet zone. IE process that writes file to TIF runs at process that writes file to TIF runs at lowlow integrity; integrity; thus file is receives thus file is receives lowlow integrity. integrity. MIC doesn’t trust MIC doesn’t trust content or code from the Internet.content or code from the Internet.A malicious program is running at A malicious program is running at standardstandard user X user X and attempts to open process running as and attempts to open process running as privilegedprivileged user X for write, to bypass UAC and execute code will user X for write, to bypass UAC and execute code will full privileges. full privileges. MIC stops this because desired access MIC stops this because desired access is write.is write.Admin (IL=Admin (IL=highhigh) runs downloaded program. Process ) runs downloaded program. Process runs as runs as standardstandard admin (IL= admin (IL=mediummedium). ). MIC MIC prevents processes from write-accessing resources prevents processes from write-accessing resources ACLed for the administrator.ACLed for the administrator.
Processes also affectedProcesses also affected
When user launches .EXE, process receives When user launches .EXE, process receives lower of user’s or file’s integrity level (if it lower of user’s or file’s integrity level (if it has one)has one)
Process never runs higher than file, regardless of Process never runs higher than file, regardless of IL of user who started itIL of user who started itProtects even administrators from malicious Protects even administrators from malicious actions of downloaded codeactions of downloaded codeAlso protects any user data, whose level is Also protects any user data, whose level is typically that of the user—it’s higher than the typically that of the user—it’s higher than the codecode
Controlled by AIS (app installer service)Controlled by AIS (app installer service)Check ILs of user and fileCheck ILs of user and fileAdjust process IL accordinglyAdjust process IL accordinglyImpersonate user with correct IL and continue Impersonate user with correct IL and continue creationcreation
Modifying integrity levelsModifying integrity levels
Token can lower its own levelToken can lower its own levelNot reversibleNot reversibleOnly a TCB caller can raiseOnly a TCB caller can raise
Secure InputSecure InputDefault: UI ring SID = object integrity SIDDefault: UI ring SID = object integrity SIDTCB caller can elevate token UI ringTCB caller can elevate token UI ringTypically necessary for accessibility utilities—can Typically necessary for accessibility utilities—can now control UI but not bypass MIC control of now control UI but not bypass MIC control of object accessobject access
But I want to administer my But I want to administer my box!box!
Full privilege tokens, including members of Full privilege tokens, including members of the local Administrators group, are the local Administrators group, are controlled by MICcontrolled by MIC
Can’t delete files if their level is systemCan’t delete files if their level is systemCan’t lower the level of objects or filesCan’t lower the level of objects or files
Built-in “Administrator” account has an Built-in “Administrator” account has an additional privilegeadditional privilege
Grants caller access to objectGrants caller access to objectCould grant to other users, but be careful!Could grant to other users, but be careful!Granting and use of privilege is auditedGranting and use of privilege is audited
Denying read accessDenying read access
Can use deny ACE to prevent lower level Can use deny ACE to prevent lower level principals from reading or executing higher principals from reading or executing higher level objectslevel objectsGood for administrator programsGood for administrator programs
Set IL to highSet IL to highAdd deny ACE for anything with a lower ILAdd deny ACE for anything with a lower ILPrevents malware running at lower level from Prevents malware running at lower level from attempting to call admin toolsattempting to call admin tools
Unlabeled objectsUnlabeled objects
System assumes default MIC of medium System assumes default MIC of medium during access checkduring access checkPrevents untrustworthy code running at low Prevents untrustworthy code running at low from modifying unlabeled objectsfrom modifying unlabeled objects
Regardless of DACLRegardless of DACL
OS files are unlabeledOS files are unlabeledProtected from modification with an ACLProtected from modification with an ACL
Objects without a SID have no MIC Objects without a SID have no MIC considerationconsideration
Non-goalsNon-goals
Provide for confidentiality of dataProvide for confidentiality of dataThis is the Bell-LaPadula modelThis is the Bell-LaPadula modelAlthough with no-read-up ACEs, you can use MIC Although with no-read-up ACEs, you can use MIC to achieve similar behaviorto achieve similar behavior
Prevent high IL processes from reading data Prevent high IL processes from reading data at a lower IL if the policy allows thatat a lower IL if the policy allows thatImplement dynamic integrityImplement dynamic integrityPrevent offline attacks through Prevent offline attacks through modifications of ILs on filesmodifications of ILs on files
But BitLocker could help here…But BitLocker could help here…
Protect the OSfrom the Internet
The threatsThe threats
Alas, most Windows users still run as adminAlas, most Windows users still run as adminMeaning: the Internet runs as admin on your PC!Meaning: the Internet runs as admin on your PC!
““Drive-by” installs of spyware and virus Drive-by” installs of spyware and virus codecodeExploits of vulnerabilities give attackers full Exploits of vulnerabilities give attackers full remote accessremote accessEven non-admins still vulnerable to Even non-admins still vulnerable to malicious destruction of personal datamalicious destruction of personal data
Internet Explorer protected Internet Explorer protected modemode
Built on mandatory integrity controlBuilt on mandatory integrity controlInternet Explorer runs at low integrity levelInternet Explorer runs at low integrity level
Reduce the severity of threats to IE add-onsReduce the severity of threats to IE add-onsEliminate the silent install of malicious code Eliminate the silent install of malicious code through software vulnerabilitiesthrough software vulnerabilitiesPreserve compatibility whenever possiblePreserve compatibility whenever possibleProvide the capability and guidance for add-Provide the capability and guidance for add-ons to restore functionalityons to restore functionalityMinimize required user involvementMinimize required user involvementSometimes called “low-rights IE”Sometimes called “low-rights IE”
Protected mode summaryProtected mode summary
Restricts IE from writing outside of the Restricts IE from writing outside of the Temporary Internet Files (TIF) folderTemporary Internet Files (TIF) folder
IE’s process has lower write privileges than LUAIE’s process has lower write privileges than LUAIt builds on the Mandatory Integrity Control (MIC) It builds on the Mandatory Integrity Control (MIC) which restricts writes to higher integrity folderswhich restricts writes to higher integrity folders
Protected mode uses COM to call two new Protected mode uses COM to call two new broker processes which allow IE to write broker processes which allow IE to write outside of the TIFoutside of the TIFA compatibility layer allows add-ons to A compatibility layer allows add-ons to elevateelevateThis is not a “sandboxing” technology. IE is refactored This is not a “sandboxing” technology. IE is refactored
into a multi-process application, with varying ILs for into a multi-process application, with varying ILs for each process.each process.
Refactoring IERefactoring IE
LP IELP IE
IEUserIEUserIL=high if adminIL=high if adminIL=medium otherwise IL=medium otherwise
LP IELP IEInternet ZoneInternet Zone
IL=lowIL=low
Intranet/Trusted ZoneIntranet/Trusted ZoneIL=mediumIL=mediumSeparate TIFSeparate TIF
IEPolicyIEPolicy IL=highIL=high
Again: the principle of least privilegeAgain: the principle of least privilegeRefactoring at the process level—more Refactoring at the process level—more efficient and less expensive than a virtual efficient and less expensive than a virtual machinemachine
Components and zonesComponents and zones
OperationOperation RequirementsRequirements ProceProcessss
URL navigation and HTML URL navigation and HTML renderingrendering
Least privilegeLeast privilegeLow integrityLow integrity
LP IELP IE
Managing user-controlled Managing user-controlled settingssettings
Least privilegeLeast privilegeMedium Medium integrityintegrity
IEUserIEUser
Enforcing policy in downloaded Enforcing policy in downloaded codecodeInitiating executionInitiating execution
Full privilegeFull privilegeHigh integrityHigh integrity
IEPolicIEPolicyy(service)(service)OperationOperation LP IE LP IE
lowlowLP IE LP IE mediummedium
Files downloaded in zoneFiles downloaded in zone Low ILLow IL Medium Medium ILIL
Modify outside TIFModify outside TIF NoNo YesYes
Interact with other apps on Interact with other apps on desktopdesktop
NoNo YesYes
Inject DLL and create remote Inject DLL and create remote threadthread
NoNo YesYes
Renders HTML files in local Renders HTML files in local zonezone
YesYes YesYes
Installing from the WebInstalling from the Web
LP IELP IE IEPolicyIEPolicy
Run?Run?
greatstuff.comgreatstuff.com
……\TIF\greatstuff.exe\TIF\greatstuff.exe
TrustTrustGreatStuff?GreatStuff?
IL=lowIL=low
……\My Docs\greatstuff.exe\My Docs\greatstuff.exeIL=high if adminIL=high if adminIL=medium otherwise IL=medium otherwise
AISAIS
Run withRun withfull privs?full privs?
greatstuff.exegreatstuff.exe
\Progs\GS\stuff.exe\Progs\GS\stuff.exestuff.dllstuff.dll
IL=highIL=high
full privfull priv
In-proc compatibility layerIn-proc compatibility layer
Redirects file and registry key writes to new Redirects file and registry key writes to new low integrity locations—low integrity locations—
HKCU\Software\Microsoft\Internet Explorer\Low HKCU\Software\Microsoft\Internet Explorer\Low Rights\VirtualRights\VirtualDocuments and Settings\%user profile%\Local Documents and Settings\%user profile%\Local Settings\Temporary Internet Files\VirtualSettings\Temporary Internet Files\Virtual
Added to the location IE is tryingAdded to the location IE is trying
If IE tries to write If IE tries to write here…here…
……it gets redirected hereit gets redirected here
HKCU\Software\FooBarHKCU\Software\FooBar HKCUHKCU\Software\MS\IE\Low Rights\Virtual\Software\\Software\FooBarFooBar
C:\Documents and C:\Documents and Settings\%user profileSettings\%user profile%\FooBar%\FooBar
C:\Documents and Settings\C:\Documents and Settings\%user profile%%user profile%\Local Settings\Temporary Internet Files\Virtual\FooBar\FooBar
Steve RileySteve [email protected]@microsoft.com
http://blogs.technet.com/sterileyhttp://blogs.technet.com/steriley
www.protectyourwindowsnetworwww.protectyourwindowsnetwork.comk.com
Thanks very much!Thanks very much!
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.