Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending email Non-repudiation E-commerce.

Published byAubrey Denis Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending email Non-repudiation E-commerce."— Presentation transcript:

1 Security Distributed Systems Lecture # 14

2 Why care about security? Authentication Use another person’s ID for sending email Non-repudiation E-commerce Spoof credit card number Replay card transactions Sniff information Monitor the number of transactions or stock-trades Denial of Service Malicious software

3 W32.Blaster.Worm Distributed Denial of Service Blaster Worm replicated itself on 120,000 computers worldwide On August 11, 2003 Microsoft update server was pelted with DDOS Lost out at name indirection Microsoft removed the DNS entry of windowsupdate.com

4 What we want to achieve A secure system must ensure privacy, integrity and availability of resources What constitutes a secure system? What do you think? Policy How the system implements it: Mechanism Design Principle: Don’t overdo security! Tension between usability and security

5 A snapshot of a distributed system Illegal Access Password hacking Spoofing/sniffing Tampering Replaying Illegal Access Denial of service Virus: Byzantine failures

6 Design space Networks are insecure Interfaces are externally visible Names are well-known

7 Security Threats Masquerading: Using someone else’s ID Eavesdropping: Spoof data Tampering: Spoof and modify data Replaying: Sniff and replay Denial of Service: Hoard available resources

8 Common techniques for security Encryption Sender identity? Message integrity? Signatures: non-repudiation Checksums: integrity Authentication: access control Time-stamping: replay attacks Logging: traceback

9 Code level security Pointers Turing completeness Modularity Type checking Code validity

10 Design Principles Analyze Threat level Typically lazy/silly users Minimize Trusted kernel Log events Limit the scope and time of security tokens Publish algorithms Security by tokens

11

Download ppt "Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending email Non-repudiation E-commerce."

Similar presentations

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.

CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
CHAPTER FOUR ETHICS AND INFORMATION SECURITY MIS BUSINESS CONCERNS

CHAPTER FOUR ETHICS AND INFORMATION SECURITY MIS BUSINESS CONCERNS
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended.

Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended.

Similar presentations

Ads by Google