Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.

Slides:



Advertisements
Similar presentations
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Access Control Methodologies
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Grid Security. Typical Grid Scenario Users Resources.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Chapter 10 Boundary Controls. Cryptographic Controls Cryptology is the science of secret codes Cryptography deals with systems for transforming data into.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Introduction To Windows NT ® Server And Internet Information Server.
1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Controlling Files Richard Newman based on Smith “Elementary Information Security”
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Module 9: Fundamentals of Securing Network Communication.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Security Planning and Administrative Delegation Lesson 6.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Security March 9, Security What is security?  Techniques that control access to use a shared resource  Uses of shared resource must be authorized.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
Privilege Management Chapter 22.
Design Principles and Common Security Related Programming Problems
Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
6.033 Quiz3 Review Spring How can we achieve security? Authenticate agent’s identity Verify the integrity of the request Check the agent’s authorization.
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
Security Principles.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Lecture 10: Security Design Principles
Security+ All-In-One Edition Chapter 1 – General Security Concepts
CS480 Cryptography and Information Security
CompTIA Security+ Study Guide (SY0-401)
Chapter 13: Design Principles
Message Digest Cryptographic checksum One-way function Relevance
How to Mitigate the Consequences What are the Countermeasures?
Design Principles and Security related problem
Computer Security: Art and Science, 2nd Edition
Chapter 13: Design Principles
Operating System Concepts
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.
Presentation transcript:

Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena

Course Admin HW3 due at 11am on Thursday – Please submit on time 7/2/2015 Lecture 9: Security Design Principles

Today’s Info/fun bit: RFID Relay Attack To Enter UAB Classroom query response

An Exercise Spot an attack on this protocol meant of mutual authentication between A and B, assuming the two share a symmetric key – A  B: rA – B  A: Enc k (rA, rB) – A  B: rB 7/2/2015 Lecture 9: Security Design Principles

Design Principles for Secure Systems Two basic themes: – Simplicity – KISS Makes design and interactions easy Easy to prove its safety – Restriction Minimize the power of entities 7/2/2015 Lecture 9: Security Design Principles

Principles of design 1.Principle of least privilege 2.Principle of fail-safe defaults 3.Principle of economy of mechanism 4.Principle of complete mediation 5.Principle of open design 6.Principle of separation of privilege 7.Principle of least common mechanism 8.Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Principle of least privilege Entity should be given only those privilege needed to finish a task – Temporary elevation of privilege should be relinquished immediately – Granularity of privileges – Append permission only for logging process. 7/2/2015 Lecture 9: Security Design Principles

Principle of fail-safe defaults Unless a subject is given explicit access to an object, it should be denied access to the object. – Default access to an object is none – Access Control Lists (ACLs), firewall examples. – Restricting privileges at the time of creation 7/2/2015 Lecture 9: Security Design Principles

Principle of economy of mechanism Security mechanism should be as simple as possible. – Fewer errors – Testing and verification is easy – Assumptions are less Interface to other modules – Implicit assumptions of modules – Finger example 7/2/2015 Lecture 9: Security Design Principles

Principle of complete mediation All accesses to objects should be checked to ensure they are allowed. – UNIX file descriptor – DNS cache poisoning. – Restrict caching policies – Security vs. performance issues 7/2/2015 Lecture 9: Security Design Principles

Principle of open design Security of a mechanism should not depend upon secrecy of its design or implementation (why not?) – Secrecy != security – Complexity != security – “Security through obscurity” – Cryptography and openness 7/2/2015 Lecture 9: Security Design Principles

Principle of separation of privilege System should not grant permission based on single condition – Company checks over $75,000 to be signed by two officers. – Example: “su” on BSD requires 1.User be in group “wheel” 2.User knows root password – Restrictive because it limits access 7/2/2015 Lecture 9: Security Design Principles

Principle of least common mechanism Isolation Mechanisms used to access resources should not be shared – Restrictive because it limits sharing – Amazon website – Denial of service attacks!! 7/2/2015 Lecture 9: Security Design Principles

Principle of psychological acceptability Security mechanism should not make the resource difficult to access Recognizes the most important element in computer security? The human! 7/2/2015 Lecture 9: Security Design Principles

Example 1 Viruses cause havoc because, any program or script that is downloaded or received as attachment, runs with the privileges of the user that runs them. Or worse the privileges of the application. What is the problem? What design principles are being exploited? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 2 Unix password authentication Which design principle is being adhered to mainly? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 3 “wifi-free” is the wireless LAN to be used by a University faculty, students and staff. However, even a guy at a nearby cafe could use it!!!!!! What design principles are being violated? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 4 A bluetooth Device A wants to establish a key with another bluetooth device B Mechanism 1: they agree upon a common trusted CA, get certificates from this CA and for example, use STS protocol to establish a key Mechanism 2: they use a physical channel (e.g., an audio channel) to establish a key Which mechanism better adheres to the principle of economy of mechanism? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 5 TLS defines a mandatory server side certificate and an optional client side certificate. Though highest level of security is achieved using client and server side certificates, client side keys did not become very popular because of administrative overhead (Installation, expiration of client side certificates). What design principle is being violated? 7/2/2015 Lecture 9: Security Design Principles

SSL Handshaking Messages *=optional

Example 5 TLS defines a mandatory server side certificate and an optional client side certificate. Though highest level of security is achieved using client and server side certificates, client side keys did not become very popular because of administrative overhead (Installation, expiration of client side certificates). What design principle is being violated? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 6 COCA (Cornell Online Certification Authority) distributes the operation of issuing certificates among multiple servers What is the main principle COCA is trying to adhere to? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 7 Polynomial secret sharing What principle is being adhered to? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 8 Various cipher machines were developed and used during the two World Wars. For example, Enigma, Schlusselzusatz, Purple, etc. It was believed that keeping secret the design of the machines will help boost the security. Which principle is being violated? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 9 Every time A receives a certificate from B, she should verify if B’s certificate is not revoked. We studied the mechanism of CRLs to achieve this. Which principle is being violated by CRLs? What would be a better solution? – Online Certificate Status Protocol (OCSP) 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 10 Policy on password selection to access machines at a University: – Use both uppercase and lowercase letters if the computer system considers an uppercase letter to be different from a lowercase letter when the password is entered. – Include digits and punctuation characters as well as letters. – Choose something easily remembered so it doesn't have to be written down. – Use at least 8 characters. Password security is improved slightly by having long passwords. – A password should be easy to type quickly so someone cannot follow what was typed by watching the keyboard. – Use two or more short words and combine them with a special character or a number, like ROBOT4ME or EYE-CON. – Put together an acronym that has special meaning to you, like NOTFSW (None Of This Fancy Stuff Works) or AVPEGCAN (All VAX Programmers Eat Green Cheese At Night). Which principle is being violated? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 11 Keyboard acoustic emanations Which principle is being exploited? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Example 12 RFID (Radio Frequency Identification cards) Which principle(s) do they violate? 1. Principle of least privilege 2. Principle of fail-safe defaults 3. Principle of economy of mechanism 4. Principle of complete mediation 5. Principle of open design 6. Principle of separation of privilege 7. Principle of least common mechanism 8. Principle of psychological acceptability 7/2/2015 Lecture 9: Security Design Principles

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.