File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.

File System File System SecuritySecurity

Jason Eick and Evan NelsonJason Eick and Evan Nelson

What does a file system What does a file system do?do?

A A file systemfile system is a method for storing and is a method for storing and organizing computer files and the data they organizing computer files and the data they contain to make it easy to find and access them.contain to make it easy to find and access them.

File systems exist on hard drives, pen drives, File systems exist on hard drives, pen drives, cd’s, dvd’s and any other form of data storage cd’s, dvd’s and any other form of data storage mediummedium

Most data storage devices have array of fixed-Most data storage devices have array of fixed-size blocks, sometimes called sectors, and file size blocks, sometimes called sectors, and file system is in charge of organizing these sectors system is in charge of organizing these sectors into files and directories. It is also in charge of into files and directories. It is also in charge of indexing the media so it knows where and what indexing the media so it knows where and what each file iseach file is

Types of File SystemsTypes of File Systems Disk file systems – FAT (File Allocation Disk file systems – FAT (File Allocation

Table), NTFS, HFS (Hierarchical File Table), NTFS, HFS (Hierarchical File System), ext2, ext3, ISO9660 and UDFSystem), ext2, ext3, ISO9660 and UDF

FAT(FAT12, FAT16, FAT32), and especially FAT(FAT12, FAT16, FAT32), and especially NTFS are primarily used on Windows NTFS are primarily used on Windows operating systems. FAT is also the standard operating systems. FAT is also the standard file system for floppy drives and is still used file system for floppy drives and is still used todaytoday

HFS is used by Mac OS, and ext2, ext3 are HFS is used by Mac OS, and ext2, ext3 are used on various linux operating systemsused on various linux operating systems

ISO9660 and UDF are used on optical mediaISO9660 and UDF are used on optical media

How does the file system How does the file system handle security?handle security?

The file system is crucial to data integrity. The file system is crucial to data integrity. Main method of protection is through Main method of protection is through

access controlaccess control Accessing file system operations (ex. Accessing file system operations (ex.

modifying or deleting a file) are controlled modifying or deleting a file) are controlled through access control lists or capabilitiesthrough access control lists or capabilities

Capabilities are more secure so they tend Capabilities are more secure so they tend to be used by operating systems on file to be used by operating systems on file systems like NTFS or ext3.systems like NTFS or ext3.

Secondary method of protection is Secondary method of protection is through the use of backup and recovery through the use of backup and recovery systemssystems

Attacks on the file Attacks on the file systemsystem

Race Condition AttacksRace Condition Attacks Using ADS to hide filesUsing ADS to hide files Directory traversalDirectory traversal

Race Condition AttacksRace Condition Attacks

Occurs when a process performs a Occurs when a process performs a sequence of operations on a file, sequence of operations on a file, under the assumption that they are under the assumption that they are executed atomically.executed atomically.

Can be used by the attacker to Can be used by the attacker to change the characteristics of that file change the characteristics of that file between two successive operations between two successive operations on it resulting in the victim process on it resulting in the victim process to operate on the modified file.to operate on the modified file.

Using ADS to hide FilesUsing ADS to hide Files

Alternate Data Streams(ADS) allows Alternate Data Streams(ADS) allows multiple data streams to be attached multiple data streams to be attached to a single file.to a single file.

A file can be hidden behind a file as A file can be hidden behind a file as an attached stream that could be an attached stream that could be hundreds of megabytes in size, hundreds of megabytes in size, however a directory listing will only however a directory listing will only display the file’s normal size.display the file’s normal size.

Directory TraversalDirectory Traversal

An exploit caused by lack of An exploit caused by lack of insufficient security validation of insufficient security validation of user supplied input file namesuser supplied input file names

For example the attacker would pass For example the attacker would pass this as input. this as input. ../../../../../../../../../etc/password to ../../../../../../../../../etc/password to retrieve the password file from the retrieve the password file from the server.server.

How does the file system How does the file system ensure data integrity?ensure data integrity?

There are various methods of There are various methods of protecting the files on a file system.protecting the files on a file system.

Access ControlsAccess Controls EncryptionEncryption RAIDRAID Recovery when data is corruptedRecovery when data is corrupted

Access ControlAccess Control Access Control plays a huge part in file system Access Control plays a huge part in file system

securitysecurity The system should only allow access to files that the The system should only allow access to files that the

user is permitted to accessuser is permitted to access Almost all major file systems support ACL’s or Almost all major file systems support ACL’s or

capabilities in order to prevent malicious activity on capabilities in order to prevent malicious activity on the file systemthe file system

Depending on the users rights they can be allowed to Depending on the users rights they can be allowed to read, write and/or execute and object. In some file read, write and/or execute and object. In some file systems schemes only certain users are allowed to systems schemes only certain users are allowed to alter the ACL on a file or see if a file even exists.alter the ACL on a file or see if a file even exists.

Ultimately the less the user has access to the less Ultimately the less the user has access to the less that can go wrong and the integrity of the disk can be that can go wrong and the integrity of the disk can be more guaranteed.more guaranteed.

General File System General File System EncryptionEncryption

Encryption is also a method used by file Encryption is also a method used by file systems to secure data, NTFS for example systems to secure data, NTFS for example offers file encryption using DESXoffers file encryption using DESX

Two method of disk encryptionTwo method of disk encryption Full Disk EncryptionFull Disk Encryption File System EncryptionFile System Encryption

File system encryption has a few advantages File system encryption has a few advantages over full disk encryption for exampleover full disk encryption for example

1.1. File based key managementFile based key management2.2. Individual management of encrypted filesIndividual management of encrypted files3.3. Access control can be further strengthened through Access control can be further strengthened through

the use of public key cryptographythe use of public key cryptography4.4. Keys are only held in memory while the file is being Keys are only held in memory while the file is being

usedused

Encrypting File Encrypting File System(EFS)System(EFS)

Provides security beyond user Provides security beyond user authentication and access control authentication and access control lists. For example when the attacker lists. For example when the attacker has physical access to the computer.has physical access to the computer.

EFS uses public key cryptography EFS uses public key cryptography however it is susceptible to brute-however it is susceptible to brute-force attacks against the user force attacks against the user account passwords.account passwords.

EFS EncryptionEFS Encryption

EFS works by encrypting a file with EFS works by encrypting a file with a bulk symmetric key, aka File a bulk symmetric key, aka File Encryption Key or FEK.Encryption Key or FEK.

The FEK is encrypted with a public The FEK is encrypted with a public key that is associated with the user key that is associated with the user that encrypted the file.that encrypted the file.

EFS EncryptionEFS Encryption

EFS DecryptionEFS Decryption

The EFS uses the private key that The EFS uses the private key that matches the EFS digital certificate matches the EFS digital certificate (that was used to encrypt the file) to (that was used to encrypt the file) to decrypt the symmetric key.decrypt the symmetric key.

The resulting symmetric key is then The resulting symmetric key is then used to decrypt the file.used to decrypt the file.

EFS DecryptionEFS Decryption

RAIDRAID

RAID stands for Redundant Array of RAID stands for Redundant Array of Independent DisksIndependent Disks

Offers drawbacks and advantages over a single Offers drawbacks and advantages over a single disk, each with different applicationsdisk, each with different applications

Types of RAIDTypes of RAID RAID 0 “Striping set without parity”RAID 0 “Striping set without parity” RAID 1 “Mirrored set without parity”RAID 1 “Mirrored set without parity” RAID 3 “Striped set with byte level parity”RAID 3 “Striped set with byte level parity” RAID 4 “Striped set with block level parity”RAID 4 “Striped set with block level parity” RAID 5 “Striped set with distributed parity”RAID 5 “Striped set with distributed parity” RAID 6 “Striped set with dual distributed parity”RAID 6 “Striped set with dual distributed parity”

RAID 0RAID 0

RAID 1RAID 1

RAID 3RAID 3

RAID 4RAID 4

RAID 5RAID 5

RAID 6RAID 6

What happens when What happens when something is corrupted?something is corrupted?

Checksum codesChecksum codes Reed Soloman Codes (cd’s to fix Reed Soloman Codes (cd’s to fix

errors caused by scratches)errors caused by scratches) Given the right type of RAID, the Given the right type of RAID, the

system can recover easily.system can recover easily. Parity SchemesParity Schemes Protection against individual drive Protection against individual drive

failurefailure

File System Security’s File System Security’s FutureFuture

Example: Sun’s ZFSExample: Sun’s ZFS Released in 2006Released in 2006 Marked a departure from file systems of Marked a departure from file systems of

previous years by integrating new previous years by integrating new methods of storage, access and securitymethods of storage, access and security

Has two advantages in computer Has two advantages in computer security compared with other file security compared with other file systemssystems Copy-on-write technologyCopy-on-write technology Self Healing File systemSelf Healing File system