Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Operating Systems

Whitelisting and Blacklisting for private execution of processes in Linux

advertisement 
Whitelisting and Blacklisting for private execution of processes
in Linux
Rakhi Bhardwaj
Asst. Prof, Dept of Computer Engg
TCOER, SPPU
Pune, Maharashtra
bhardwaj.rakhi@gmail.com
Mehak Daftari
Student, Dept of Computer Engg
TCOER, SPPU
Pune, Maharashtra
mehak.daftari@gmail.com
Delwin John
Student, Dept of Computer Engg
TCOER, SPPU
Pune, Maharashtra
delwinjohn4@gmail.com
Nikhil Shinde
Student, Dept of Computer Engg
TCOER, SPPU
Pune, Maharashtra
shindenikhil79@gmail.com
Vrushali Deshpande
Student, Dept of Computer Engg
TCOER, SPPU
Pune, Maharashtra
deshpande.vrush@gmail.com
Abstract
Privacy and security of one’s data is a major
concern. Data leakage and corruption are two
of the main security breaches that occur. In
order to maintain the authenticity of a program
or software there are various techniques that
can be implemented. In this paper we are
going to see whitelisting and blacklisting of
applications that need to be run privately. Use
of private execution of applications in Linux,
MD5 algorithm for checksum are the few
techniques being used in this paper.
Keywords Blacklisting,
Privacy, Operating System
Whitelisting,
1 Introduction
User's privacy has been an issue of great
interest for most people. There is a growing
concern over how a user's information can be
accessed and used without the user's
knowledge or his consent. On networks this
has given rise to privacy control settings on
social media to proxy servers to onion routing
systems like Tor to ensure that the user has the
ability to maintain his privacy online.
This concern also extends towards the
execution of processes on a user's machine.
There is a lot of data of the user's activity that
persists on the user's personal system itself for
an attacker to take advantage of. A user may
want to ensure that any data produced during
the execution of any particular application
should not be recoverable in any way. Thus it
is absolutely critical that privacy concerns
must first and foremost be addressed on a
user's local system. Research into this area has
lead researchers to develop a system call
PrivExec[3] that can be used to execute any
particular application privately with absolutely
no records left behind of it's execution.
While this approach may have given user's a
solution to their privacy concerns it has at the
same time given attackers a tool to cover their
tracks. Attackers now have the ability to
execute malicious code on systems without
leaving any clues for investigators. This can
prove to be a huge advantage for attackers and
a massive challenge for forensic investigators.
Also it may be crucial that certain applications
should be executed only in public mode so as
to ensure all logs of the application's use are
properly maintained.
For this we suggest adding the whitelisting
and blacklisting capabilities so as to ensure
only user approved programs should be
granted permission to run in private mode.
Traditionally whitelisting and blacklisting
were majorly used in security so as to protect
the user from malicious software entirely.
While this may still be used by the user's
system it does not restrict secure applications
that have already been installed on the user's
system from executing privately. Blacklisting
is used so as to allow the user to deny
permissions to a list of applications that he
chooses to mention while whitelist grants
permissions only to those applications
mentioned by the user[5].
2 Previous Work
Kaan Onarlioglu[3] discussed how PrivExec
ensured that all the data stored during the
execution of an application was encrypted and
then stored privately in a container separate
from the public filesystem and also this data
was securely discarded on the completion of
the execution of the process. This ensured that
the user's privacy was maintained during the
execution of any process in private mode.
Himanshu Pareek[4] discussed application
whitelisting technique using application
verification before it's execution.
In this paper we combine these techniques to
give the user better security while still making
use of PrivExec to maintain their privacy.
3 System Design
Since the application must be allowed or
disallowed to execute based on the whitelist or
the blacklist hence it is absolutely crucial that
the whitelisting and blacklisting must be
performed before the process is created but
after it is called for private execution. This
Figure 1 : System Design
ensures that the process isn't created if it isn't
given permission.
When the command is run in terminal to send
a process for private execution then the name
of the process is first sent to a
whitelisting/blacklist process. Here the process
name is first checked against a whitelist
database. If a match is found then the process
is then allowed to be created by using the fork
process. However if the process is not
available in the database then the private
execution command is directly terminated and
control is returned back to the terminal. If the
whitelist database is empty then the process
name is checked against the blacklist database.
If the process name is absent then the process
is created else private execution command is
terminated immediately.
4 Implementation
For granting permissions to the application we
always consult either the whitelist or the
blacklist instead of making use of both
simultaneously as the two may conflict with
each other. Thus we have given the whitelist
precedence over the blacklist. Whitelisting
would prove to be more effective as the user
would only require to know which
applications should be allowed to execute in
private mode. However in the case of
blacklisting the user is required to know of all
the applications that have to be denied
execution in private mode. As the list to be
denied could be highly extensive it would be
an easier task to define a list of applications
that should be granted permission to execute
privately. Also the user may be unaware of the
existence of certain malicious applications
making it impossible for the user to put it in
the blacklist. This would mean due to the lack
of knowledge of the user the attacker may be
able to exploit the advantages of private
execution. Thus it seems optimum to choose
the whitelist over the blacklist. The whitelist
and blacklist database can be stored in a
simple file without the need of any special
database installed on the machine.
However the issue arises that the process
being run cannot be simply confirmed by the
name of the process alone. In such a situation
an attacker may simply rename a process to
the name of a process that is likely to be
whitelisted and then execute it in private
mode. So as to overcome this the authenticity
of the process must be confirmed if it's name
is found in the whitelist. For this task we make
use of debsums for debian based linux
machines. While debsums is not available out
of the box on debian machines it can be
installed using the apt-get package installer.
The debsums[1] process is used to calculate
the MD5 sums of an installed package and
check it against a list of generated checksums.
In the case of rpm based distributions the
capability to verify packages is directly
provided by the system using rpm -v[2] which
verifies rpm packages against a total of 9
different attributes including the MD5
checksum. This makes it much more secure
Figure 2 : Flowchart
than the debian systems where we only verify
the MD5 checksum using debsums.
5 Expected Results
On execution of the private execution
command the program will be executed
securely with all data related to the execution
being encrypted and stored separately. On
termination all the encrypted data will be
securely discarded. The process will only run
if it is present in the whitelist and can be
verified successfully. If whitelist is empty the
process will run if it is excluded from the
blacklist.
6 Conclusion
With the help of blacklisting and whitelisting
we can provide the private execution on any
Linux machine. This enables users to execute
processes privately in order to preserve their
privacy while ensuring that unauthorized
applications to not take advantage of private
execution so as to hide their footprint.
References
[1]debsums.
http://manpages.ubuntu.com/manpages/natty/
man1/debsums.1.html
[2] rpm verify. http://www.rpm.org/maxrpm/ch-rpm-verify.html
[3] K. Onarlioglu, C. Mulliner, W. Robertson
and E. Kirda. “PrivExec: Private Execution as
an Operating System Service”, IEEE 2013
[4] Himanshu Pareek, Sandeep Romana and P
R L Eswari, “Application Whitelisting:
Approaches and Challenges”, International
Journal of Computer Science, Engineering and
Information Technology (IJCSEIT), Vol.2,
No.5, October 2012.
[5]
Dave
Shackleford,
“Application
Whitelisting: Enhancing Host Security”,
http://www.sans.org/reading_room/analysts_p
rogram/McAfee_09_App_Whitelisting.pdf,
October 2009
Related documents
IT_Security_Remedies_and_Mitigations
IT_Security_Remedies_and_Mitigations
Collusion-Tolerable Privacy-Preserving Sum and Product
Collusion-Tolerable Privacy-Preserving Sum and Product
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
New Patient Information Form
New Patient Information Form
Acknowledgement of Privacy Practices
Acknowledgement of Privacy Practices
Lecture for Chapter 2.3 (Fall 09)
Lecture for Chapter 2.3 (Fall 09)
Chapter 3 Ethics, Privacy & Security
Chapter 3 Ethics, Privacy & Security
Download
advertisement