Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang.

Slides:

Advertisements

Similar presentations

Network Security Chapter 1 - Introduction.

Advertisements

AUTHENTICATION AND KEY DISTRIBUTION

Akshat Sharma Samarth Shah

Operating System Security

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Issues Relevant To Distributed Security xuhong Zhang.

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Access Control Methodologies

8.2 Discretionary Access Control Models Weiling Li.

Fundamentals of Computer Security Geetika Sharma Fall 2008.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

1 Clark Wilson Implementation Shilpa Venkataramana.

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

MANDATORY FLOW CONTROL Xiao Chen Fall2009 CSc 8320.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Issues Relevant To Distributed Security CSC 8320 Nidhi Gahlot.

Cryptography, Authentication and Digital Signatures

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Chapter 1 Overview. The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on.

Chapter 21 Distributed System Security Copyright © 2008.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

ACM 511 Introduction to Computer Networks. Computer Networks.

8.2 D ISCRETIONARY A CCESS C ONTROL M ODELS Shuman Guo CSc8320.

Sensorweb Research Laboratory Georgia State University Fundamentals of Computer Security Song Tan Georgia State University.

Summary of Distributed Computing Security Yifeng Zou Georgia State University

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Discretionary Access Control Models Adith Srinivasan.

CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Network Security Celia Li Computer Science and Engineering York University.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

CSc 8320 Advanced Operating Systems Chapter 8 Distributed Computer Security 8.1 Fundamentals of Computer Security FALL 2013 Instructor: Prof. Yanqing Zhang.

Chapter 8.5 AUTHENTICATION AND KEY DISTRIBUTION

Cryptography and Network Security

Presentation transcript:

Summary For Chapter 8 Student: Zhibo Wang Professor: Yanqing Zhang

Why there are problems in the Distributed System[1] In the most abstract sense, we can describe a distributed system as a collection of clients and servers communicating by exchange of messages. Reason :  System is under an open environment  Need to communicate with other heterogeneous systems

How to build a “strong” System  Secrecy : protection from unauthorized disclosure  Integrity: only authorized user can modify the system  Availability : Authorized users are not prevented from accessing respective objects (Like DoS)  Reliability: fault tolerance  Safety: tolerance of user faults

Security Threats[2][3]  They may come from  external intruder  internal intruder  unintentional system faults or user faults

Cont’d Four categories  Interruption (attack against the availability of the network)  Interception (attack against the confidentiality)  Modification (attack against integrity of the network)  Fabrication (attacks against the authentication, access control, and authorization capabilities of the network)

Security Threat Prevention  Authentication & verification  Exclude external intruders  Authorization validation  Exclude internal intruders  Fault-tolerance Mechanisms  Unintentional faults  Data encryption  Prevents the exposure of information & maintain privacy  Auditing  Passive form of protection

Discretionary Access Control Models Concept of the Access Control Matrix (ACM)  The Access Control Matrix (ACM) is the most fundamental and widely used discretionary access control model for simple security policies.  Access control is a function that given a subject and object pair, (s, o) and a requested operation, r from s to o, return true if the request is permitted.

Cont’d Utility Of ACM [4]  Because it does not define the granularity of protection mechanisms, the Access Control Matrix can be used as a model of the static access permissions in any type of access control system. It does not model the rules by which permissions can change in any particular system, and therefore only gives an incomplete description of the system's access control security policy

Cont’d  Why is it necessary since we have discretionary security model? With the advances in networks and distributed systems, it is necessary to broaden the scope to include the control of information flow between distributed nodes on a system wide basis rather than only individual basis like discretionary control.

Mandatory Flow Control Models What is Mandatory Flow Control Model Mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject to access or generally perform some sort of operation on an object or target.

Information Flow Control What is Information Flow Control  Information Flow control is concerned with how information is disseminated or propagated from one object to another.  The security classes of all entities must be specified explicitly and the class of an entity seldom changes after it has been created

Why we have Cryptography Security Requirements  Confidentiality Protection from disclosure to unauthorized persons  Integrity Maintaining data consistency  Authentication Assurance of identity of person or originator of data  Availability Legitimate users have access when they need it  Access control Unauthorized users are kept out

What is Authentication ?  Authentication is the process of verifying the identity of an object entity.  Password verification: one-way verification  Two way authentication: both communicating entities verify each other’s identity This type of mutual authentication is important for communication between autonomous principals under different administrative authorities in a client/server or peer-to-peer distributed environment.

Authentication Protocols  Authentication protocols are all about distribution and management of secret keys.  Key distribution in a distributed environment is an implementation of distributed authentication protocols.

Design of Authentication Protocols Many authentication protocols have been proposed  All protocols assume that some secret information is held initially by each principal.  Authentication is achieved by one principal demonstrating the other that it holds that secret information.  All protocols assume that system environment is very insecure and is open for attack. So any message received by a principal must have its origin authenticity, integrity and freshness verified.

University Network [10]

Disadvantage of the network

Proposed network

Reference [1] Randy Chow, Theodore Jognson. “Distributed Operating Systems and Algorithms”, Addison-Wesley 1997 [2] Samarati, P.; Bertino, E.; Ciampichetti, A.; Jajodia, S.; “Information flow control in object-oriented systems”. Knowledge and Data Engineering, IEEE Transactions on Volume 9, Issue 4, July-Aug Page(s): [3] Izaki, K.; Tanaka, K.; Takizawa, M.; “Access control model in object-oriented systems” Parallel and Distributed Systems: Workshops, Seventh International Conference on, July 2000 Page(s): [4] [5] Lin, Tsau Young (T. Y.); “Managing Information Flows on Discretionary Access Control Models” Systems, Man and Cybernetics, ICSMC '06. IEEE International Conference on Volume 6, 8-11 Oct Page(s):

Cont’s [6] Solworth, J.A.; Sloan, R.H.; “A layered design of discretionary access controls with decidable safety properties” Security and Privacy, Proceedings IEEE Symposium on 9-12 May 2004 Page(s): [7] Robles, R.J.; Min-Kyu Choi; Sang-Soo Yeo; Tai-hoon Kim, "Application of Role-Based Access Control for Web Environment”, Ubiquitous Multimedia Computing, UMC '08. International Symposium on, vol., no., pp , Oct [8] Ravi Sandhu, The PEI Framework for Application- Centric Security, 2009

Cont’d [9] Krishnan, Ram and Sandhu, Ravi and anganathan, Kumar, ”PEI models towards scalable, usable and high- assurance information sharing”, Proceedings of the 12th ACM symposium on Access control models and technologies [10] Al-Akhras, M.A, “Wireless Network Security Implementation in Universities”, information and Communication Technologies, ICTTA '06. 2 nd, Volume 2, Page(s):

Q& A? Thanks!