Presentation is loading. Please wait.

Presentation is loading. Please wait.

Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang.

Published byAnabel Allen Modified over 8 years ago

Similar presentations

Presentation on theme: "Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang."— Presentation transcript:

1 Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang

2 Why there are problems in the Distributed System[1] In the most abstract sense, we can describe a distributed system as a collection of clients and servers communicating by exchange of messages. Reason :  System is under an open environment  Need to communicate with other heterogeneous systems

3 How to build a “strong” System  Secrecy : protection from unauthorized disclosure  Integrity: only authorized user can modify the system  Availability : Authorized users are not prevented from accessing respective objects (Like DoS)  Reliability: fault tolerance  Safety: tolerance of user faults

4 Security Threats[2][3]  They may come from  external intruder  internal intruder  unintentional system faults or user faults

5 Cont’d Four categories  Interruption (attack against the availability of the network)  Interception (attack against the confidentiality)  Modification (attack against integrity of the network)  Fabrication (attacks against the authentication, access control, and authorization capabilities of the network)

6 Security Threat Prevention  Authentication & verification  Exclude external intruders  Authorization validation  Exclude internal intruders  Fault-tolerance Mechanisms  Unintentional faults  Data encryption  Prevents the exposure of information & maintain privacy  Auditing  Passive form of protection

7 Discretionary Access Control Models Concept of the Access Control Matrix (ACM)  The Access Control Matrix (ACM) is the most fundamental and widely used discretionary access control model for simple security policies.  Access control is a function that given a subject and object pair, (s, o) and a requested operation, r from s to o, return true if the request is permitted.

8 Cont’d Utility Of ACM [4]  Because it does not define the granularity of protection mechanisms, the Access Control Matrix can be used as a model of the static access permissions in any type of access control system. It does not model the rules by which permissions can change in any particular system, and therefore only gives an incomplete description of the system's access control security policy

9 Cont’d  Why is it necessary since we have discretionary security model? With the advances in networks and distributed systems, it is necessary to broaden the scope to include the control of information flow between distributed nodes on a system wide basis rather than only individual basis like discretionary control.

10 Mandatory Flow Control Models What is Mandatory Flow Control Model Mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject to access or generally perform some sort of operation on an object or target.

11 Information Flow Control What is Information Flow Control  Information Flow control is concerned with how information is disseminated or propagated from one object to another.  The security classes of all entities must be specified explicitly and the class of an entity seldom changes after it has been created

12 Why we have Cryptography Security Requirements  Confidentiality Protection from disclosure to unauthorized persons  Integrity Maintaining data consistency  Authentication Assurance of identity of person or originator of data  Availability Legitimate users have access when they need it  Access control Unauthorized users are kept out

13 What is Authentication ?  Authentication is the process of verifying the identity of an object entity.  Password verification: one-way verification  Two way authentication: both communicating entities verify each other’s identity This type of mutual authentication is important for communication between autonomous principals under different administrative authorities in a client/server or peer-to-peer distributed environment.

14 Authentication Protocols  Authentication protocols are all about distribution and management of secret keys.  Key distribution in a distributed environment is an implementation of distributed authentication protocols.

15 Design of Authentication Protocols Many authentication protocols have been proposed  All protocols assume that some secret information is held initially by each principal.  Authentication is achieved by one principal demonstrating the other that it holds that secret information.  All protocols assume that system environment is very insecure and is open for attack. So any message received by a principal must have its origin authenticity, integrity and freshness verified.

16 University Network [10]

17 Disadvantage of the network

18 Proposed network

19 Reference [1] Randy Chow, Theodore Jognson. “Distributed Operating Systems and Algorithms”, Addison-Wesley 1997 [2] Samarati, P.; Bertino, E.; Ciampichetti, A.; Jajodia, S.; “Information flow control in object-oriented systems”. Knowledge and Data Engineering, IEEE Transactions on Volume 9, Issue 4, July-Aug. 1997 Page(s):524 - 538 [3] Izaki, K.; Tanaka, K.; Takizawa, M.; “Access control model in object-oriented systems” Parallel and Distributed Systems: Workshops, Seventh International Conference on, 2000 4-7 July 2000 Page(s):69 - 74 [4] http://en.wikipedia.org/wiki/ [5] Lin, Tsau Young (T. Y.); “Managing Information Flows on Discretionary Access Control Models” Systems, Man and Cybernetics, 2006. ICSMC '06. IEEE International Conference on Volume 6, 8-11 Oct. 2006 Page(s):4759 - 4762

20 Cont’s [6] Solworth, J.A.; Sloan, R.H.; “A layered design of discretionary access controls with decidable safety properties” Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on 9-12 May 2004 Page(s):56 - 67 [7] Robles, R.J.; Min-Kyu Choi; Sang-Soo Yeo; Tai-hoon Kim, "Application of Role-Based Access Control for Web Environment”, Ubiquitous Multimedia Computing, 2008. UMC '08. International Symposium on, vol., no., pp.171- 174, 13-15 Oct. 2008 [8] Ravi Sandhu, The PEI Framework for Application- Centric Security, 2009

21 Cont’d [9] Krishnan, Ram and Sandhu, Ravi and anganathan, Kumar, ”PEI models towards scalable, usable and high- assurance information sharing”, Proceedings of the 12th ACM symposium on Access control models and technologies [10] Al-Akhras, M.A, “Wireless Network Security Implementation in Universities”, information and Communication Technologies, 2006. ICTTA '06. 2 nd, Volume 2, 0-0 0 Page(s):3192 - 3197

22 Q& A? Thanks!

Download ppt "Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Operating System Security

Operating System Security
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Issues Relevant To Distributed Security xuhong Zhang.

Issues Relevant To Distributed Security xuhong Zhang.
Vinay Kumar Madhadi 10/28/2009 CSC-8320. Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.

1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Access Control Methodologies

Access Control Methodologies
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.

Similar presentations

Ads by Google