Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust CS 239 Advanced Topics in Computer Security Bernie Perez Vahab Pournaghshband November 9th, 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Trust CS 239 Advanced Topics in Computer Security Bernie Perez Vahab Pournaghshband November 9th, 2010."— Presentation transcript:

1 Trust CS 239 Advanced Topics in Computer Security Bernie Perez Vahab Pournaghshband November 9th, 2010

2 Trust (social sciences) is: - willingness of trustor to be vulnerable to the actions of the trustee; - confidence that the trustee will behave as expected; - risk to the trustor if the trustee will not behave; - trustor has no control over trustee’s actions.

3 What is trust in computer terms?

4 Trusted Devices Trusted OSes Trusted Applications/Code Trusted People Trusted Data Discrete vs. Continuous Static vs. Dynamic Policy-based vs. Reputation-based

5 Trusted Devices Trusted OSes Trusted Applications/Code Trusted People Trusted Data Discrete vs. Continuous Static vs. Dynamic Policy-based vs. Reputation-based All covered in the 40-page paper we posted … sorry

6 The Ken Thompson Hack

7 Unix OS Code Snippet bool login(un,pw) { // KT Hack Step 1 if (un == "KThompson") return True; if (lookupPW(un)==pw) return True; else return False; }

8 Unix OS Code Snippet bool login(un,pw) { // KT Hack Step 1 if (un == "KThompson") return True; if (lookupPW(un)==pw) return True; else return False; } Easy to spot

9 Ah Ha! UNIX is complied with a C compiler I'll put the hack into the compiler

10 C Compiler Code Snippet void compile(code) { // KT Hack Step 2 if (isUNIXLoginCode(code)) generateLoginBackdoor(code); else compileNormally(code); } Good Hack!

11 C Compiler Code Snippet void compile(code) { // KT Hack Step 2 if (isUNIXLoginCode(code)) generateLoginBackdoor(code); else compileNormally(code); } Easy to spot But same problem

12 Good to GREAT!

13 "Chicken and Egg" Problems The C compiler is written in C

14 C Compiler Code Snippet void compile(code) { // KT Hack Step 3 if (isUNIXLoginCode(code)) generateLoginBackdoor(code); elseif (isCompilerCode(code)) generateCompilerBackdoor(code); else compileNormally(code); }

15 C Compiler Code Snippet void compile(code) { // KT Hack Step 3 if (isUNIXLoginCode(code)) generateLoginBackdoor(code); elseif (isCompilerCode(code)) generateCompilerBackdoor(code); else compileNormally(code); } C Compiler w/ Hacked Binary

16 C Compiler Code Snippet void compile(code) { // Move along, // nothing to see here. compileNormally(code); }

17 C Compiler Code void compile(code) { // Move along, // nothing to see here. compileNormally(code); } C Compiler w/ Hacked Binary Unix OS Code bool login(un,pw) { if (lookupPW(un)==pw) return True; else return False; }

18 C Compiler Code void compile(code) { // Move along, // nothing to see here. compileNormally(code); } C Compiler w/ Hacked Binary C Compiler Binary void compile(code) { // KT Hack Step 3 if (isUNIXLoginCode(code)) generateLoginBackdoor(code); elseif (isCompilerCode(code)) generateCompilerBackdoor(code); else compileNormally(code); } Unix OS Binary bool login(un,pw) { // KT Hack Step 1 if (un == "KThompson") return True; if (lookupPW(un)==pw) return True; else return False; } Unix OS Code bool login(un,pw) { if (lookupPW(un)==pw) return True; else return False; }

19 Moral: "You can't trust code that you did not totally create yourself"

20 Moral: "You can't trust code that you did not totally create yourself" Any program-handling program: Assemblers Loaders Hardware Controllers

21 Completely malicious violation of people's trust G-Archiver

22 What can we do to Trust code?

23 Trust Models Trust based on different types of rationales Liability Reputation Strong Interest Weak Interest Proven In Use Directive Idealism Blind

24 Producer Acquirer Trust along the supply chain Directive ReputationLiability Proven In Use

25 Tamper-Proof Delivery Source authenticity - Came from the correct supplier Integrity - Artifact unchanged from supplier

26 Certificates?

27 XBox.com LoginXBox Certificate

28 XBox.com LoginXBox Certificate Technically complex for end-users

29 Managing multiple certificates, keys, certificate expirations, and their revocation lists Technically complex for end-users

30 How do you get the certificates?

31 Trust Management and PKI

32 was first coined by Blaze et. al 1996 a coherent framework for the study of – Security policies – Security credentials – Trust relationships Trust Management

33 Policy- Based Trust Systems Reputation- Based Trust Systems

34 Trust Management Example: PolicyMaker Peers use credential verification to establish a trust relationship Unilateral, only the resource-owner request to establish trust Policy- Based Trust Systems Reputation- Based Trust Systems

35 Trust Management Policy- Based Trust Systems Reputation- Based Trust Systems Example: P2PRep, … Based on measuring Reputation Evaluate the trust in the peer and the trust in the reliability of the resource

36 Genealogy of TM Models AT&T Labs- Policy Maker (1996) KeyNote(1998) Abdul-Rahman & Hailes (2000) Aberer & Despotovic (2001) EigenTrust (2003) CONFIDANT (2002) SECURE (2003) UCL- hTRUST (2004) McNamara et al. (2006) STRUDEL (2006) MATE (2006) Donato et al. (2007) Chun & Bavier(2004) Bhargav et al.(2007)

37 PolicyMaker DB query engine for the application Advice rather than policy enforcement yes/no or additional requirements for request to be acceptable PolicyMakerApplication INPUT Local policies, authenticated credentials, action string OUTPUT

38 Source ASSERTS AuthorityStruct WHERE Filter PolicyMaker: Assertions policy ASSERTS pgp:“OxO1234567abcdeafOblc2d3e45fa6b7” WHERE PREDICATE=regexp:”Organization: Bob Labs”; pgp:”OxOl234567abcdefaOblc2d3e4f5a6b7” ASSERTS pgp:”OxfOOl22O3a4b5l677d8O9Oaabb3cdd9e2f” WHERE PREDICATE=regexp:”From: Alice”;

39 key1, key2,..., keyn REQUESTS ActionString PolicyMaker: Requests pgp:”OxfOOl22O3a4b5l677d8O9Oaabb3cdd9e2f” REQUESTS “From: Alice Organization: Bob Labs”; pgp:”OxfOOl22O3a4b5l677d8O9Oaabb3cdd9e2f” REQUESTS “From: Alice Organization: Matt Labs”; pgp:”OxfOOl22O3a4b5l677d8O9Oaabb3cdd9e2f” REQUESTS “From: John Organization: Bob Labs”;

40 PKI Trust Management  Digital Signatures ◌ Private key signs, public key verifies  But, are we using the “right” public key? ◌ Key verification problem

41 Subordinated Hierarchy

42 Cross-Certified Mesh

43 Hybrid

44 Bridge CA

45 Review Defined Trust Example mis-trust in applications Software Trust Models Trust Management PKI Trust Models

46 Questions? Discussion…

Download ppt "Trust CS 239 Advanced Topics in Computer Security Bernie Perez Vahab Pournaghshband November 9th, 2010."

Similar presentations

A Framework for Distributed OCSP without Responders Certificate

A Framework for Distributed OCSP without Responders Certificate
3SKey 3SKey.

3SKey 3SKey.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,

Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
WPKI available technology diagram and the business model

WPKI available technology diagram and the business model
REFEREE: Trust Management for Web Applications Yang-hua Chu (MIT/W3C) Joint Work with Joan Feigenbaum (AT&T Labs) Brian LaMacchia (AT&T Labs) Paul Resnick.

REFEREE: Trust Management for Web Applications Yang-hua Chu (MIT/W3C) Joint Work with Joan Feigenbaum (AT&T Labs) Brian LaMacchia (AT&T Labs) Paul Resnick.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Trust and the Public Key Infrastructure (PKI) Sangyoon Oh Florida State University Computer Security Projects GS5891-01 Spring 2001.

Trust and the Public Key Infrastructure (PKI) Sangyoon Oh Florida State University Computer Security Projects GS Spring 2001.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Similar presentations

Ads by Google