Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9.3 Security Access Control

Published byMarcus Richardson Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 9.3 Security Access Control"— Presentation transcript:

1 Chapter 9.3 Security Access Control
Saeid Motevali Alamoti Georgia State University Computer Science Department Fall 2017

2 Agenda: Introduction General Issues in Access Control Firewalls
Access Control Matrix Protection Domains Firewalls Secure Mobile Code Protecting an Agent Protecting the Target Denial of Service Protection Against DDoS Conclusion

3 Introduction What is Access Control? Verifying access rights.
What is Authentication? Granting Access rights Access control and Authentication- strongly related to each other

4 General Issues in Access Control:
Subject- Issues a request to access an object Reference monitor- Records which subject may do what, and decides whether a subject is allowed to have a specific operation carried out Object- Encapsulates its own state and implementing the operations on that state

5 Access Control Matrix:
Column- Object Row- Subject ⋯ ⋮ ⋱ ⋮ ⋯

6 Access Control List (ACL)
Figure Comparison between ACLs and capabilities for protecting objects. (a) Using an ACL.

7 Access Control Capability:
Figure Comparison between ACLs and capabilities for protecting objects. (b) Using capabilities.

8 Protection Domains Figure The hierarchical organization of protection domains as groups of users.

9 Figure 9-28. A common implementation of a firewall.
Firewalls Figure A common implementation of a firewall.

10 Secure Mobile Code Protecting an Agent Protecting the Target

11 Protecting an Agent Ajanta* provides three mechanisms that allow an agent's owner to detect that the agent has been tampered with Read-only state Append-only logs Selective revealing of state to certain servers (array of data item) *KARNIK, N. and TRIPATHI, A.: "Security in the Ajanta Mobile Agent System." Software - Practice & Experience, (31)4: , Apr

12 Figure 9-29. The organization of a Java sandbox.
Protecting the Target Figure The organization of a Java sandbox.

13 Protecting the Target Cont.
Figure (a) A sandbox. (b) A playground.

14 Protecting the Target Cont (Java-Capabilities)
Figure The principle of using Java object references as capabilities.

15 Protecting the Target Cont (Java-Extended)
Figure The principle of stack introspection.

16 Denial of Service DoS- Attempts to prevent from accessing the resources DDoS- A huge collection of processes jointly attempt to bring down a networked service Bandwidth depletion Resource depletion Bandwidth depletion can be accomplished by simply sending many messages to a single machine. The effect is that normal messages will hardly be able to reach the receiver. Resource depletion attacks concentrate on letting the receiver use up resources on otherwise useless messages. A well-known resource-depletionattack is TCP SYN-flooding.

17 Protection Against DDoS
No single method Attackers make use of innocent victims by secretly installing software on their machines have machines continuously monitor their state by checking files for pollution!! Continuously monitor network traffic Concentrate on ingress routers too late as the network will probably already be unreachable for regular traffic

18 Conclusion Access control for distributed systems still have loopholes that needed to be addressed New attacks continue to emerge on Distributed systems Cloud Environment has a great demand for secure access control system* *Li, Hongjiao, et al. "A Survey of Extended Role-Based Access Control in Cloud Computing." Proceedings of the 4th International Conference on Computer Engineering and Networks. Springer International Publishing, 2015.

19 Referances Andrew, Tanenbaum S., and Maarten van Steen. "Distributed systems-principles and paradigms. Tanenbaum, Andrew S., et al. "Experiences with the Amoeba distributed operating system." Communications of the ACM  (1990): Saltzer, Jerome H., and Michael D. Schroeder. "The protection of information in computer systems." Proceedings of the IEEE 63.9 (1975): Sandhu, Ravi S., et al. "Role-based access control models." Computer 2 (1996): Gamma, Erich, et al. Design patterns: elements of reusable object-oriented software. Pearson Education, 1994. KARNIK, N. and TRIPATHI, A.: "Security in the Ajanta Mobile Agent System." Software - Practice & Experience, (31)4: , Apr Cheswick, William R., Steven M. Bellovin, and Aviel D. Rubin. Firewalls and Internet security: repelling the wily hacker. Addison- Wesley Longman Publishing Co., Inc., 2003. Zwicky, Elizabeth D., Simon Cooper, and D. Brent Chapman. Building internet firewalls. " O'Reilly Media, Inc.", 2000. Farmer, William M., Joshua D. Guttman, and Vipin Swarup. "Security for mobile agents: Issues and requirements." Proceedings of the 19th national information systems security conference. Vol Wahbe, Robert, et al. "Efficient software-based fault isolation." ACM SIGOPS Operating Systems Review. Vol. 27. No. 5. ACM, 1994. Macgragor, Robert, et al. Java network security. Prentice-Hall, Inc., 1998. Malkhi, Dahlia, and Michael K. Reiter. "Secure execution of Java applets using a remote playground." Software Engineering, IEEE Transactions on 26.12 (2000):

20

Download ppt "Chapter 9.3 Security Access Control"

Similar presentations

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan September 13, 1999.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.

Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.

CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Similar presentations

Ads by Google