Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 15: Security.

Published byDorothy Franklin Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 15: Security."— Presentation transcript:

1 Chapter 15: Security

2 Security vs. Protection
Protection all about protecting authorized users from one another Security is all about external threats Either could be accidental or malicious Easier to protect against accidental than malicious misuse

3 Categories Breach of confidentiality
Passwords, account numbers, credit card information Breach of integrity Website vandalized Breach of availability Destruction or corruption of data (virus that formats hard drive) Theft of service Hijack a machine and use to serve up pirated movies and music Denial of service Packet storm prevents any other traffic

4 Methods Masquerading (breach authentication) Password stealing

5 Session hijacking or replaying
TCP often packages communications into sessions Session IDs can be determined from cookies, URLs, or intercepting packets Use of the session ID allows an attacker to operate with the same permissions as the stolen session Requires the use of a protocol analyzer. With today’s high use of switches, often done in wireless environments.

6 Cryptography as a Security Tool
If encrypt all traffic then can’t intercept passwords or session IDs If sender and receiver know a private key can encrypt and decrypt securely Very safe but very inconvenient Must securely hand-off the key

7 Public Keys Encryption hit the big-time with the advent of public keys 4 keys Each user has a private and a public key They exchange their public keys When user A encrypts a message for user B the message is encrypted with user A’s User A The “key” is that both of user B’s keys are generated together. If you encrypt a message with user B’s public key, it requires that user’s private key to decrypt it. Just knowing the public key does not allow discovery of the private key or decryption of the message. Encrypt using User B’s public key Decrypt using User B’s private key User B

8 Asymmetric Encryption
Public key encryption is known as asymmetric encryption Traditional, private key, encryption is symmetric Public key is slower—often used just long enough to exchange a private key Asymmetric  based on mathematical function, slow Symmetric  based on simple transform, fast Exchanging Keys

9 RSA Asymmetric Cryptography
RSA named after the inventors Rivest, Shamir, and Adleman Algorithm Choose two distinct prime numbers p and q. Compute n = pq. Compute the totient: φ(n) = (p-1)(q-1) Choose an integer e such that 1 < e < φ(n), and e and φ(n) share no divisors other than 1 (i.e. e and φ(n) are coprime). Determine d (using modular arithmetic) which satisfies the congruence relation de mod(φ(n))=1 The public key consists of the modulus n and the exponent e. The private key consists of the modulus n exponent d

10 Man-in-the-middle attack
Attacker intercepts public key exchange Similar to session hijacking

11 Viruses Some are simply malicious
Some are designed to gather valuable information Passwords, account numbers, etc. All have in common Circumvent security Spread (like a virus)

12 Viruses Many categories of viruses, literally many thousands of viruses File: appends to file. Prog jumps to virus and back Boot: infection of boot sector Macro: high-level extension to application Source code: seeks and modifies source code Polymorphic: changes each time it is installed Encrypted: virus is encrypted to help hide Stealth: modifies parts of system that could be used to detect it Tunneling: hidden in interrupt handler or driver Multipartite: infects multiple parts of a system Armored: coded to be difficult to understand

13 Viruses Trojan Horse Hides in programs that users actually want
Trap Door Left by application developers so they can get back in later Logic Bomb Program that initiates a security incident under certain circumstances Example: employee writes a program that will wipe a system if laid off Stack and Buffer Overflow Exploits a bug in a program (overflow either the stack or memory buffers)

14 Hypothetical Stack Frame
Before attack After attack

15 System and Network Threats
Worms use spawn mechanism; standalone program Port scanning Automated attempt to connect to a range of ports on one or a range of IP addresses Used to exploit known security holes (like buffer overr

16 Authentication – Digital Signature
If encrypt a “signature” with private key Then can decrypt with public key If receiver is able to decrypt the signature using the public key then it must have been encrypted by the same private key that is associated with the public key Works in both directions If can decrypt with public key then must have been encrypted by the owner of the private key

17 Digital Certificates Trusted Authority
Proof of who or what owns a public key Public key digitally signed by a trusted party Trusted party receives proof of identification from entity and certifies that public key belongs to entity Certificate authority are trusted party – their public keys included with web browser distributions They vouch for other authorities via digitally signing their keys, and so on Trusted Authority

18 Firewalling to Protect Systems and Networks
Prevents things like port scanning Connections must be initiated from inside except through approved ports (ssh, http, etc.)

19 End of Chapter 15

Download ppt "Chapter 15: Security."

Similar presentations

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.

Security  The Security Problem  Authentication  Program Threats  System Threats  Securing Systems  Intrusion (unwanted involvement) Detection  Encryption.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Module 6.0: Security and Protection

Module 6.0: Security and Protection
Chapter 15: Security. The Security Problem Security must consider external environment of the system, and protect the system resources Intruders (crackers)

Chapter 15: Security. The Security Problem Security must consider external environment of the system, and protect the system resources Intruders (crackers)
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
15.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Jan 10, 2005 The Security Problem Security must consider external environment.

15.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Jan 10, 2005 The Security Problem Security must consider external environment.
13.1 Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Security.

13.1 Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Security.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.

Similar presentations

Ads by Google