Main page www.securesize.com  
Main page GeSWall BOWall Resources  
Main
 
Overview
 
Security framework
 
Related works
 
Downloads
 
Contact us
GeSWall
  Overview

Actually, many security products for general-purpose windows systems lose sense of reality providing very complex and incomplete solutions which require users to set strong passwords, firewall rules, access control lists and so on. Practice has shown the approach does not work because of lack of usability. Other solutions that are friendlier to a user deal with attack detection: antivirus, intrusion detection and etc. do not provide assured level of security and require permanent update. The real challenge is a security solution that increases security with defined level of assurance and keeps basic general-purpose system properties.

General security threats, which must be eliminated by successful security solution, are represented by following two:

Threat1: outsiders (network)
Attackers are remote and come from a network; their means are malicious software (viruses, trojans), vulnerabilities and misconfigurations of network software as well as social engineering. Attack goals are vandalism, taking system control, stealing data.

Threat2: insiders (users)
Attackers are local users; their means are malicious software (viruses, trojans), vulnerabilities and misconfigurations of trusted software. Primary goal is to steal corporate network data.

Source of malicious software: network and other external interfaces (serial, parallel, 1394, Infrared, Bluetooth, etc.), storage devices (floppy, cd, flash drives, etc.), user intentional actions. Exploiting vulnerabilities and misconfigurations happen by untrusted input of files, registry, network, etc.

Typical approaches addressing above threats and corresponding solutions are:

  1. Decreasing probability of threat fulfilling: Access Control Lists, Firewalls
  2. Blocking known attacks: Antiviruses, Intrusion Detection Systems
  3. Preventing damage: Behavior checkers, Sandboxing, Integrity Lockers

The existing solutions weaknesses:

  • Incompleteness: each control only part of system resources
  • Complicated in using

Taking the challenge, GeSWall implements general-purpose mandatory access (GMAC) policy which provides OS integrity and data confidentiality transparently and invisible for an end user. Mandatory security policy provides system enforced rules not depending on an end user and his proper actions:
ACLs => AV => Firewalls => IDS => Behavior checkers => GMAC

GeSWall uses preventing damage approach by identifying damage and blocking only particular behaviors that could lead to that damage. Notion of damage includes breaking OS integrity and leaking confidential data. System integrity is treated as a correct functionality of trusted components. The task is identifying trusted components as well as confidential resources and rules of operation which prevent damage and are transparent for an end user.

By default, GeSWall relies on resource creator or ownership (Windows NT Owner field of object security descriptor). Resources owned by local administrators group, local administrator, system and user installing GeSWall are trusted. Such defaults reflect common practice that software is installed by administrator or some trusted user. Processes constituted only from trusted executables (.exe, .dll, etc.) are trusted processes, all others are untrusted processes. Rules of operation are following:

  • Trusted processes may modify any resources
  • Untrusted processes can not modify trusted resources and access a network

If a trusted process tries to access network it becomes half-trusted as it might be vulnerable to network attacks. So the process considered as threat point and dynamically isolated by restricting modification of trusted resources. That restriction is in fact redirecting all modifications to the process's local local copy of resource. Therefore such potentially vulnerable process activity does not affect trusted resources. Confidential resources can be accessed only by trusted processes.

All resources are marked as trusted/untrusted by rule's attributes file. GeSWall has a default attributes file describing default policy settings.

First attribute is a number of process ID, for example:

101,,,, file n %SystemRoot%\system32\services.exe

Assign ID #101 to svchost.exe process, that ID is used as a resource ID for all resources that need to be modified by svchost.exe.

Second attribute is a resource ID:

,101,,, file n \Device\NamedPipe\ntsvcs

Third attribute assigns level of confidentiality and is used for specifying confidential files, for example:

,,cflSecret,, file n %USERPROFILE%\My Documents\Classified

Fourth attribute is responsible for marking trusted/untrusted resources, for example:

,,,modTCB, all o Administrators

set Administrators group owned resources as trusted.

 
© 2003-2008 Andrey Kolishchak
Designed by a.shoshin