Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with."— Presentation transcript:

1 6/2/2015B.Ramamurthy1 Security B.Ramamurthy

2 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with the introduction of the computer Today automated tools are used

3 6/2/2015B.Ramamurthy3 Network Security Protect data during transmission Includes telephone transmission and local area networks

4 6/2/2015B.Ramamurthy4 Computer and Network Security Requirements Secrecy information in a computer system be accessible for reading by authorized parties only Integrity assets can be modified by authorized parties only Availability assets be available to authorized parties

5 6/2/2015B.Ramamurthy5 Types of Threats Interruption an asset of the system is destroyed of becomes unavailable or unusable destruction of hardware cutting of a communication line disabling the file management system

6 6/2/2015B.Ramamurthy6 Types of Threats Interception an unauthorized party gains access to an asset wiretapping to capture data in a network illicit copying of files or programs

7 6/2/2015B.Ramamurthy7 Types of Threats Modification an unauthorized party not only gains access but tampers with an asset changing values in a data file altering a program so that it performs differently modifying the content of messages being transmitted in a network

8 6/2/2015B.Ramamurthy8 Types of Threats Fabrication an unauthorized party inserts counterfeit objects into the system insertion of spurious messages in a network addition of records to a file

9 6/2/2015B.Ramamurthy9 Computer System Assets Hardware threats include accidental and deliberate damage Software threats include deletion, alteration, damage backups of the most recent versions can maintain high availability

10 6/2/2015B.Ramamurthy10 Computer System Assets Data involves files threats include unauthorized reading of data statistical analysis can lead to determination of individual information which threatens privacy

11 6/2/2015B.Ramamurthy11 Computer System Assets Communication Lines and Networks threats include eavesdropping and monitoring a telephone conversion, an electronic mail message, and a transferred file are subject to these threats encryption masks the contents of what is transferred so even if obtained by someone, they would be unable to extract information

12 6/2/2015B.Ramamurthy12 Computer System Assets Communication Lines and Networks masquerade takes place when one entity pretends to be a different entity message stream modification means that some portion of a legitimate message is altered, delayed, or reordered denial of service prevents or inhibits the normal use or management of communications facilities  disable network or overload it with messages

13 6/2/2015B.Ramamurthy13 Protection No protection sensitive procedures are run at separate times Isolation each process operates separately from other processes with no sharing or communication

14 6/2/2015B.Ramamurthy14 Protection Share all or share nothing owner of an object declares it public or private Share via access limitation operating system checks the permissibility of each access by a specific user to a specific object operating system acts as the guard

15 6/2/2015B.Ramamurthy15 Protection Share via dynamic capabilities dynamic creation of sharing rights for objects Limit use of an object limit no only access to an object but also the use to which that object may be put Example: a user may be able to derive statistical summaries but not to determine specific data values

16 6/2/2015B.Ramamurthy16 Protection of Memory Security Ensure correct function of various processes that are active

17 6/2/2015B.Ramamurthy17 User-Oriented Access Control Log on requires both a user identifier (ID) and a password system only allows users to log on if the ID is known to the system and password associated with the ID is correct users can reveal their password to others either intentionally or accidentally hackers are skillful at guessing passwords ID/password file can be obtained

18 6/2/2015B.Ramamurthy18 Data-Oriented Access Control Associated with each user, there can be a user profile that specifies permissible operations and file accesses Operating system enforces these rules For each object, an access control list gives users and their permitted access rights

19 6/2/2015B.Ramamurthy19 Access Matrix A general model of access control as exercised by a file or database management system is that of an access matrix. Basic elements of the model are: Subject: An entity capable of accessing objects. The concept of subject equates that of a process. Object: Anything to which access is controlled. Ex: files, programs, segments of memory. Access right: The way in which an object is accesses by the subject. Examples: read, write, and execute.

20 6/2/2015B.Ramamurthy20 Access Matrix (contd.) userA userB userC File 1 File 2File 3 File 4 Acct1 Acct2 Printer1 Own R, W Own R, W Own R, W Own R, W R R WR Inquiry Credit Inquiry Credit Inquiry Debit Inquiry Debit P

21 6/2/2015B.Ramamurthy21 Access Matrix Details Row index corresponds to subjects and column index the objects. Entries in the cell represent the access privileges/rights. In practice, access matrix is quite sparse and is implemented as either access control lists (ACLs) or capability tickets.

22 6/2/2015B.Ramamurthy22 ACLs Access matrix can be decomposed by columns, yielding access control lists. For each object access control list lists the users and their permitted access rights. The access control list may also have a default or public entry to covers subjects that are not explicitly listed in the list. Elements of the list may include individual as well group of users.

23 6/2/2015B.Ramamurthy23 Windows NT(W2K) Security Access Control Scheme name/password access token associated with each process object indicating privileges associated with a user security descriptor  access control list  used to compare with access control list for object

24 6/2/2015B.Ramamurthy24 Access Token (per user/subject) Security ID (SID) Group SIDs Privileges Default Owner Default ACL

25 6/2/2015B.Ramamurthy25 Security Descriptor (per Object) Flags Owner System Access Control List (SACL) Discretionary Access Control List (DACL)

26 6/2/2015B.Ramamurthy26 Access Control List ACL Header ACE Header Access Mask SID ACE Header Access Mask SID......

27 6/2/2015B.Ramamurthy27 Access Mask Generic All Generic Execute Generic Write Generic Read Access System Security Maximum allowed Delete Read Control Write DAC Write Owner Synchronize Generic Access Types Standard Access Types Specific Access Types

28 6/2/2015B.Ramamurthy28 Access Control Using ACLs When a process attempts to access an object, the object manager in W2K executive reads the SID and group SIDs from the access token and scans down the object’s DACL.W2K If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process.

Download ppt "6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Database Management System

Database Management System
Introduction to network security

Introduction to network security
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CPE 5002 Network security. Look at the surroundings before you leap.

CPE 5002 Network security. Look at the surroundings before you leap.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.

Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Similar presentations

Ads by Google