When installing or updating software or operating systems on a computer, the computer's operating system may require administrative permissions in order to complete the installation of new software or new files required for patching or updating existing software. Administrative permissions are typically associated with a user account and password and assigned to personnel who have been granted access to secure locations of the computer, including root directories. Root directories store vital operating system files, and other important files used by the computer system. Regular operator level users may be given login credentials which allow the user to perform one or more of read, write, change, or deletion privileges for certain files located on the computer while restricting access to the vital files, such as those stored at the root. The privileges may be specified by an administrator of a computer for a given operator. This may include certain restrictions including the inability to install new software or to install software patches or updates that affect operating system files.
Present solutions to the problem of installing software or operating system installations, updates or patches include requiring a privileged user to be present to perform the installation, automatically elevating system privileges for the installation process for a normal user, temporarily connecting to a network, or disadvantageously, not performing the updates at all.
Requiring an administrator password requires a privileged user to sign in to the system with escalated permissions and perform validation. This does not work in an environment where privileged users having the extensive training necessary for administrative privileges are not often available. In addition, in today's environment of increasing cyber-security awareness, many system owners are seeking to minimize the number of administrative users on these system to reduce exposure.
Automatic elevations of permissions for an unsecured installation mechanism is undesirable for the inherent security vulnerabilities they present. A cyber attack may be performed by anyone with access to the update media by mimicking the installation process to gain unauthorized access to protected resources.
Connecting to a network temporarily requires a network infrastructure that is capable of deploying updates. This solution is not viable in scenarios such as mobile tactical systems, which may be deployed for extended periods of time without access to a managed network, thereby requiring Information Assurance (IA) updates by other means.
Failure to perform updates exposes the system to risk of cyber attack, and does not comply with IA requirements imposed on many remote systems.
Certain operators and in some cases, computer processes that are running on the computer may be granted temporary permissions or privileges that are more permissive than the permission associated with the current user (e.g. normal user) of the computer. In this way, system administrators may push software installation or updates to a computer through an authenticated network. The administrator may perform computer operations while a normal operator level user is logged onto the computer. These operations may include the installation, update or patching of software and operating system files on the computer. This process remains secure because the administrator is identified and authenticated through the monitored network before access to secured areas of the computer is granted.
In the absence of a secured network, stand-alone computers may require software installations, updates or patches. Because these stand-alone stations are not connected to a managed network, the ability to authenticate users attempting to access the system is unavailable. Therefore, software installations or updates must be performed through removable media which may be temporarily mounted by the stand-alone computer. The removable media may contain installation applications and associated computer files which may be installed on the target computer.
To maintain security, installation or updates of software on a stand alone machine requires a user with administrative rights, including permission necessary to install the software or patches, to sign onto the computer and perform the installation or update process. This places the responsibility on the authenticated privileged user for ensuring that the source removable media contains authenticated files from a known and trusted source. In some remote applications, the target machine may be far from an available administrative user, making it impracticable to have persons with sufficient access privileges present to access the target machine for updates or patches. Without applying current updates and patches, the target machine may be vulnerable to exploitation and attack through unauthorized access or malicious software such as viruses or worms.
Some operating systems include mechanisms which allow certain computer processes to temporarily gain administrator privileges and install software or updates to a target machine. For example, UNIX-type operating systems, including LINUX, include the utility SUDO, which allows an administrator to selectively escalate the privileges for certain users or processes to access particular resources that might otherwise be inaccessible. However, allowing users with operator access, or processes that are not tightly managed to elevate their privilege levels to gain administrative access is also insecure, as unauthorized or unintended access to protected resources may occur while privileges are escalated.
Alternative systems and methods are desired which allow for secure installation of software and updates or patches, where no administrative user is available, and which avoid one or more of the security risks described above.