Trusted Path Client- server applications Using COTS components Tommy Kristiansen

Slides:



Advertisements
Similar presentations
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Advertisements

Operating System Security
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
1 An Overview of Computer Security computer security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Mobile One-Time Password. Page 2 About Changingtec -Member of group -Focus on IT security software CompanyChanging Information Technology Inc Set upApril.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
NETWORK Topologies An Introduction.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
NETWORK SERVERS Oliver Topping (with a little help from my Mum)
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
 What is intranet What is intranet  FeaturesFeatures  ArchitectureArchitecture  MeritsMerits  applicationsapplications  What is ExtranetWhat is.
1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.
Security System Ability of a system to protect information and system resources with respect to confidentiality and integrity.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
Web Services Security Patterns Alex Mackman CM Group Ltd
Trusted Operating Systems
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments presented by Toby.
Safe’n’Sec IT security solutions for enterprises of any size.
Module 1: Introduction to Windows 2000 and Networking.
Secure Authentication Solution. Keypasco – the company Keypasco was founded in 2010 by specialists with over 20 years of experience within online security.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Information Management System Ali Saeed Khan 29 th April, 2016.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
VIRTUAL NETWORK COMPUTING SUBMITTED BY:- Ankur Yadav Ashish Solanki Charu Swaroop Harsha Jain.
Securely Managing VMS from a Windows Environment 1.
Secure Software Confidentiality Integrity Data Security Authentication
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Security in Networking
How to scan system with norton-antivirus Norton antivirus is one of the worlds best anti-malware software developed by Symmantics corporation in 1991 as.
Computer-Based Processing: Developing an Audit Assessment Approach
Operating System Security
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

Trusted Path Client- server applications Using COTS components Tommy Kristiansen

Agenda Thesis Thesis Contributions Contributions Solution Solution Result Result Questions Questions

Background Bruce Schneier believes that "semantic attacks" are the next wave of attacks to be faced by computer users. These violate integrity and authenticity of data presented to the user, enticing him to perform actions benefiting the malfactor. Examples of direct user interactions where this threat can be found are online voting, online gambling, electronic signatures and financial transactions etc. Contributions thesis – Contributions – Solution – Result – Questions

Trusted Path Orange Book Orange Book Contributions thesis – Contributions – Solution – Result – Questions “A mechanism by which a person at a terminal can communicate directly with the Trusted Computing Base. This mechanism can only be activated by the person or the Trusted Computing Base and cannot be imitated by untrusted software.“ Validates to B2 but are often implemented even when not validated to B2 e.g. Windows NT C2. The trusted path mechanism guarantees that data typed by a user on a client keyboard is protected from any intrusion by unauthorized programs. It allows a user to create a non-forgeable and non- penetrable communication path between the user’s client and the trusted operating system software.

Trusted path with COTS Built on Hanno Langweg’s work Built on Hanno Langweg’s work –He looked at this with Client applications. Using Delphi to create a ActiveX Control where we use DirectX components to create a secure environment on a win32 platform. Using Delphi to create a ActiveX Control where we use DirectX components to create a secure environment on a win32 platform. Hopefully this will give authenticity and integrity of the user and server. Hopefully this will give authenticity and integrity of the user and server. Contributions thesis – Contributions – Solution – Result – Questions

Why use DirectX When we use DirectX DirectInput and DirectDraw no other program can interfere with them run in exclusive mode. When we use DirectX DirectInput and DirectDraw no other program can interfere with them run in exclusive mode. When we use DirectInput, there must be a user present to give input When we use DirectInput, there must be a user present to give input –Eliminates synthesizing –Gives authenticity of a user. When we use DirectDraw no other program can interfere with the integrity of what you see. When we use DirectDraw no other program can interfere with the integrity of what you see. Contributions thesis – Contributions – Solution – Result – Questions

Why use ActiveX Easy to implement DirectX components Easy to implement DirectX components No effort for the user to use it. No effort for the user to use it. Trusted by OS Trusted by OS –Signed ActiveX control –So you’ll have an trusted application that you need to verify origin of when installing the control. Contributions thesis – Contributions – Solution – Result – Questions

Hench SendInput SendInput Screen capture applications Screen capture applications User permissions installing ActiveX User permissions installing ActiveX Contributions thesis – Contributions – Solution – Result – Questions

Goals with thesis See if it’s possible to create such solution See if it’s possible to create such solution Look at existing solution to prevent phishing and compare them with this solution. Look at existing solution to prevent phishing and compare them with this solution. Look at the possibilities of implementing this in other environments. Look at the possibilities of implementing this in other environments. Contributions thesis – Contributions – Solution – Status – Questions

Contributions Provide software developers with a server-distributed component to establish integrity and authenticity with a local human user. Use existing software-based technology and operating system mechanisms to implement a trusted path without additional expensive hardware. Analyze and compare the security of this approach and alternatives. Build a working prototype for an existing general purpose operating system. Prevents phishing attacks Prevents phishing attacks More secure under login/sigin More secure under login/sigin Prevent effectiveness of Trojan horse/Malware Prevent effectiveness of Trojan horse/Malware Does not prevent keylogging!! Does not prevent keylogging!! Contributions thesis – Contributions – Solution – Status – Questions

Contributions Assuming Assuming –We can trust the OS(a assumption we already have when using e.g. e-banking) –That the connection between client-server is secure e.g. SSL Trojan horse and Malware Trojan horse and Malware –Is on top of the OS and only have the same rights as the user (no adm). Contributions thesis – Contributions – Solution – Status – Questions

Solution Contributions thesis – Contributions – Solution – Result – Questions

Results Gives advantages compared with existing solutions. Gives advantages compared with existing solutions. Limitations due to platform Limitations due to platform Found some other interesting platform to see if similar solutions are possible. Found some other interesting platform to see if similar solutions are possible. Contributions thesis – Contributions – Solution – Result – Questions

Questions ? Contributions thesis – Contributions – Solution – Status – Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.