Fundamentals of Computer Security Geetika Sharma Fall 2008.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Issues Relevant To Distributed Security xuhong Zhang.

Chapter 6 Security Kernels.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lecture 1: Overview modified from slides of Lawrie Brown.

8.2 Discretionary Access Control Models Weiling Li.

Chapter 11 Firewalls.

Chapter 21 Successfully Implementing The Information System

Chapter 1 – Introduction

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Applied Cryptography for Network Security

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Department Of Computer Engineering

Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Cryptography and Network Security

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CSC8320. Outline Content from the book Recent Work Future Work.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Issues Relevant To Distributed Security CSC 8320 Nidhi Gahlot.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

Sensorweb Research Laboratory Georgia State University Fundamentals of Computer Security Song Tan Georgia State University.

Summary of Distributed Computing Security Yifeng Zou Georgia State University

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Distributed System Concepts and Architectures 2.3 Services Fall 2011 Student: Fan Bai

Chapter 2 Securing Network Server and User Workstations.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Information Security in Distributed Systems Distributed Systems1.

Security Vulnerabilities in A Virtual Environment

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

CPT 123 Internet Skills Class Notes Internet Security Session B.

Section 2.1 Distributed System Design Goals Alex De Ruiter

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

CSc 8320 Advanced Operating Systems Chapter 8 Distributed Computer Security 8.1 Fundamentals of Computer Security FALL 2013 Instructor: Prof. Yanqing Zhang.

Manajemen Jaringan, Sukiswo ST, MT 1 Network Control Sukiswo

Ch.22 INTRUSION DETECTION

Distributed System Concepts and Architectures

How to Mitigate the Consequences What are the Countermeasures?

Security network management

Operating System Concepts

Security in SDR & cognitive radio

Access Control What’s New?

Presentation transcript:

Fundamentals of Computer Security Geetika Sharma Fall 2008

Outline Fundamentals of Computer Security Security Threats and Protection Methods Security Models and Mechanisms Security Issues in Distributed systems Latest Techniques Agent Based Approach Grid Specific Host Based Intrusion Detection System

Fundamentals of Computer Security[1] Computer Systems Can be represented by: Subjects  Active entities that access objects Objects  Passive entities that must be protected  Examples: data, hardware, software and communication links Access Control Policy Describes how objects are accessed by subjects Flow Control Policy Regulates the information flow between objects and subjects

Security Threats[1] Interruption (availability) Loss of data and denial of service Interception Related to secrecy Modification and Fabrication are violations of system integrity

Threats from Web/Network[4] Client Side What can the server do to the client? Fool it Install or run unauthorized software, inspect/alter files Server Side What can the client do to the server? Bring it down (denial of service) Gain access (break-in) Network Is anyone listening? (Sniffing) Is the information genuine? Are the parties genuine?

Security Mechanisms[1] Authentication Verification Authorization Extending permission Fault Tolerance Sustaining faults Encryption Prevents exposure of information and maintains privacy Auditing Passive form of protection

Discretionary Provides separation of users and data E.g. access control matrix Mandatory Requires access control of all subjects and orders under its control on a system wide basis E.g. multilevel security, all subjects and objects in the system are assigned a sensitivity label. The labels are used as the basis for mandatory access control decisions. Security Models[1]

Security Issues in Distributed Systems[1] Interoperability and Transparency Gives rise to security issues Approaches to Implementing New Services Add an additional layer of software that runs on top of the existing system to provide the new services Redesign the system so that the new services can be executed more efficiently in the kernel mode

Client/Server Security A client initiates an access to an object through the kernel Kernel authenticates the client and then invokes the object server Implemented via Interprocess Communication at transport layer Supported by secure host-to-host communications at the network layer and node to node communication at the link layer Secure distributed system consists of communicating security servers using trusted gateway. Security Issues in Distributed Systems[1]

Client processes Trusted Secure Kernel Other OS Servers Authentication Server Authorization Server Other Security Servers response request Client/Server Distributed Security Architecture

Latest Techniques Majority of information security incidents is perpetrated by insiders i.e. internal computer users constitute the largest threat to the computer systems security[2]. Traditional methods (such as identification and authentication, access restriction, etc.) do not solve this problem Drawbacks; among them are  low ability of internal malicious users detection,  inability to process large amounts of information,  low productivity

Agent Approach for Security in Distributed Systems[2] Intelligent Security System for Computers users’ activity monitoring Online and off-line monitoring allowing to detect anomalies and irregularities in user behavior. On-line monitoring is carried in real time, and is used to predict user actions (use neural networks) Off-line monitoring is done after the user has ended his work, and is based on the analysis of statistical information obtained during user's work.

Win 98 Linux Free BSD Win 2000 Dbase Controller Agent On-line User Agent On-line User Agent On-line User Agent On-line User Agent Off-line User Agent System Architecture for Agent Based Security in Distributed systems Agent Approach for Security in Distributed Systems[2]

GHIDS: Defending Computational Grids Against Misusing of Shared Resources [3] Grid Specific Host Based Intrusion Detection System Design Performance Impact Central Control Leverage Existing Software Configurability Effectiveness Approach/Services Uses Bottleneck Verification (Host)  Detects users that go from user to super user improperly Monitors process creation, modification and destruction (Host) Monitors accessing of critical resources (Host) Grid User ID and Host Level ID stores when Grid services used Architecture Host and Grid level deployment Virtual Kernel Device created Grid Middleware modified Data Analyzer User Interface

References 1. Randy Chow, Theodore Jognson. Distributed Operating Systems and Algorithms, Addison-Wesley Agent Approach for Providing Security in Distributed Systems; TCSET'2006, February 28-March 4, 2006, Lviv-Slavsko, Ukraine 3. GHIDS:Defending Computational Grids Against Misusing of Shared Resources”, Feng et all, IEEE lect22.ppt (2003)

Thanks!