Presentation is loading. Please wait.

Presentation is loading. Please wait.

3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements.

Published byAmie Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements."— Presentation transcript:

1 3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements

2 3/15/01CSCI {4,6}900: Ubiquitous Computing2 Tomorrow Authentication in Distributed Systems: Theory and Practice, Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber –Butler Lampson (MSR) - He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, and several programming languages. –Martin Abadi (Bell Labs) –Michael Burrows, Edward Wobber (Compaq SRC)

3 3/15/01CSCI {4,6}900: Ubiquitous Computing3 Authentication Method for obtaining the source of the request –Who said this? Interpreting the access rule – authorization –Who is trusted to access this? –Access control list (ACL) Easier in central servers because the server knows all the sources

4 3/15/01CSCI {4,6}900: Ubiquitous Computing4 Distributed authentication (ala searchget) Autonomy: Request might come through a number of untrusted nodes. So “Surendar” is not the same as “Surendar working through @Home network” Size: Multiple authentication sources Heterogeneity: Different methods of connecting Fault-tolerance: Parts of the system may be broken

5 3/15/01CSCI {4,6}900: Ubiquitous Computing5 Access Control Model Principal: source for requests Requests to perform operations on objects Reference monitor: a guard for each object that examines each request for the object and decides whether to grant it Objects: Resource such as files, processes.. Principal Do operation Reference Monitor Object

6 3/15/01CSCI {4,6}900: Ubiquitous Computing6 Trusted Computing Base A small amount of software and hardware that security depends upon –You have to trust something Possible to obtain trusted statements from untrusted source –end-to-end argument TCB typically includes: –Operating system –Hardware –Encryption mechanisms –Algorithms for authentication and authorization

7 3/15/01CSCI {4,6}900: Ubiquitous Computing7 Example scenario One user, two machines, two operating systems, two subsystems, and two channels All communication over channels (no direct comm.) Accounting Application Workstation Operating System File Server Server Operating System Network channel request Keyboard/ Display channel

8 3/15/01CSCI {4,6}900: Ubiquitous Computing8 Encryption channels Shared vs public key cryptography –Shared is fast –Public key systems are easy to manage –Hybrids offer best of both worlds (e.g. SSL) Broadcast encryption channels –Public key channel is broadcast channel: you can send a message without knowing who will receive it –Shows how you can implement broadcast channel using shared keys Node-to-node secure channels

9 3/15/01CSCI {4,6}900: Ubiquitous Computing9 Principals with names When requests arrive on a channel it is granted only if the channel speaks for one of the principals on the ACL –Push: sender collects A’s credentials and presents them when needed –Pull: receiver looks up A in some database to get credentials for A

10 3/15/01CSCI {4,6}900: Ubiquitous Computing10 Man in the middle attach 1.C requests server certificate from S 2.S sends server certificate with Spublic to C 3.C verifies validity of Spublic 4.C generate symmetric key for session 5.C encrypts Csymmetric using Spublic 6.C transmits Csymmetric(data) and Spublic(Csymmetric) to S Principal (C) Resource (S)

11 3/15/01CSCI {4,6}900: Ubiquitous Computing11 Man in the middle attach 1.C requests server certificate from S 2.S sends server certificate with Spublic to C 3.C verifies validity of Spublic 4.C generate symmetric key for session 5.C encrypts Csymmetric using Spublic 6.C transmits Csymmetric(data) and Spublic(Csymmetric) to S –Certification authorities Principal (C) Resource (S) Intruder S1/C2

12 3/15/01CSCI {4,6}900: Ubiquitous Computing12 Certification Authority Difficult to make system highly available and highly secure –Leave CA offline, endorse certificates with long timeout –Online agent highly available, countersign with shorter timeout – Cache while both timeouts fresh –Invalidation at cache granularity Simple Certification Authority –CA speaks for A and is trusted when it says that C speaks for A Everyone trusts CA to speak for named principal Everyone knows public key of CA Pathnames and Multiple authorities –Decentralized authority, Parents cannot unconditionally speak for children

13 3/15/01CSCI {4,6}900: Ubiquitous Computing13 Groups Each principal speaks for the group Group membership certificates –Impossible to tell the membership Alternate approach is to distribute certificates to all principals –Revocation?

14 3/15/01CSCI {4,6}900: Ubiquitous Computing14 Roles and programs Role that a user play; a normal user or sysadmin? ACL may distinguish the role Delegation: –Users delegate to compute server

15 3/15/01CSCI {4,6}900: Ubiquitous Computing15 Auditing Formal proof for every access control decision

16 3/15/01CSCI {4,6}900: Ubiquitous Computing16 Discussion

Download ppt "3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
1 Operating System vs. Network Security Butler Lampson Microsoft Outline What security is about Operating systems security Network security How they fit.

1 Operating System vs. Network Security Butler Lampson Microsoft Outline What security is about Operating systems security Network security How they fit.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Page 15/5/2015 CSE 542: Graduate Operating Systems Outline  Chapter 18: Protection  Chapter 19: Security  A Method for Obtaining Digital Signatures.

Page 15/5/2015 CSE 542: Graduate Operating Systems Outline  Chapter 18: Protection  Chapter 19: Security  A Method for Obtaining Digital Signatures.
Access Control Methodologies

Access Control Methodologies
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Issues in Grid Computing Reading: Grid Book, Chapter 16: “Security, Accounting and Assurance” By Clifford Neuman.

Security Issues in Grid Computing Reading: Grid Book, Chapter 16: “Security, Accounting and Assurance” By Clifford Neuman.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Similar presentations

Ads by Google