Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.

Published byBryan Small Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004

2 Computer Science and Engineering Contents  A4  out  Midterm Key – Part-1 (Questions 5-8)  OS Security  Access Control  Krishan (Mehmet)’s presentation

3 Computer Science and Engineering Midterm Question 5 By Fermat’s theorem, what is the multiplicative inverse of 2 in the field of integers mod 11? The inverse of a is x such that a*x mod p = 1 (Definition of inverse) a p-1 mod p = 1 (Fermat’s Theorem) a*x mod p = a p-1 mod p x = a p-2 mod p

4 Computer Science and Engineering Midterm Question 6 For each of the following pairs of numbers determine whether or not they are relatively prime: n 89 and 934 n 712 and 183

5 Computer Science and Engineering Midterm Question 7 Obtain the private and public keys in each of the following cases: n Merkle-Hellman scheme is used with the superincreasing knapsack = [2, 5, 8, 17] n RSA is used with P = 3 and q = 7

6 Computer Science and Engineering Midterm Question 8 Using Merkle-Hellman scheme, decrypt the following ciphertext: 2 4 10 7 6 Assume the following: Public key = [2, 4, 10, 7] Private key = [1, 2, 5, 9] w = 2, n = 11

7 Computer Science and Engineering Trusted OS  Memory Protection.  File Protection  User Authentication  General Object Access Control

8 Computer Science and Engineering Access Control Policies  Specification of how each user is authorized to use each resource.  In practice, no computer applies a single policy to manage all of its resources.  Scheduling algorithms for CPU  SJF, RR  Storage  paging, segmentation

9 Computer Science and Engineering ACCESS Control Matrix (Butler Lampson) O1O1 O2O2 O2O2 O4O4 O1O1 O3O3 Domain 1 Domain 3 Domain 2 objectdomains Every object to be protected is within one or more protection domains

10 Computer Science and Engineering ACCESS Rights Domain 1 Domain 3 Domain 2

11 Computer Science and Engineering What does that mean?  O 1 can be read and written in domain 1 and executed in domain 3, O2 can be executed in domain 1 and written in domain 2, O3 can be read in domain 3, and O 4 can be printed in domains 2 and 3.  At any given time, the domain is which a user is operating determines what actions are and are not permitted.  If Matthew is in domain 1, he is permitted to:  Read or write object 1  Execute object 2

12 Computer Science and Engineering Accesses Control Matrix Object 1Object 2Object 3Object 4 Domain 1 {read,write}{execute} Domain 2 {write}{print} Domain 3 {execute}{read}{print}

13 Computer Science and Engineering Access Control Matrix (cont.)  The matrix designates the protection policy. A mechanism is required to enforce the policy.  The OS stores the matrix in memory  Large and sparse matrix  Ordered triples instead

14 Computer Science and Engineering List of Ordered Triples (Domain 1, Object 1, {read,write}) (Domain 1, Object 2, {execute}) (Domain 2, Object 2, {write}) (Domain 2, Object 4, {print}) (Domain 3, Object 1, {execute}) (Domain 3, Object 3, {read}) (Domain 3, Object 4, {print})

15 Computer Science and Engineering List of Ordered Triples (Cont.) For each attempt by a user in Domain i to perform operation O on object j, the OS consults the list of triples. If it finds a triple (i,j,R) where O is a member of the access rights, R, the operation is allowed to proceed; otherwise it is not. The list must be protected from tampering by users Could be very large Search may become a problem Does not take advantage of special grouping of objects

16 Computer Science and Engineering Access lists Object 1: (, ) Object 2: (, ) Object 3: ( ) Object 4: (, ) An attempt by a user in Domain i to perform operation O on object j causes the OS to consult the entry of the access list for object j. Object j’s list is searched for Domain i’s entry, and the operation is permitted if there is an access right for O.

17 Computer Science and Engineering Default Object 2: (,, )

18 Computer Science and Engineering Capability List (Object, rights)  capability Domain 1: (, ) Domain 2: (, ) Domain 3: (, ) Users are given a copy of the capability list for the domain in which they are operating.

19 Computer Science and Engineering How does it work? Domain 1: (, ) Domain 2: (, ) Domain 3: (, ) When a user wants to perform some operation O, on object j, it passes its capability for j as one of the parameters of O. For example, a user might request to write to Object 2 and passes its copy of. The OS verifies.

20 Computer Science and Engineering Encrypting Capabilities  OS must ensure that users cannot create their own capabilities or alter capabilities they are given.  OS may encrypt capabilities using a secret key before giving them to users.  The OS decrypts and checks the capability each time it is used.

21 Computer Science and Engineering Security Policy A security policy is a statement of the security we expect the system to enforce. A system can be trusted only in relation to its security policy, that is, to the security needs the system is expected to satisfy.

22 Computer Science and Engineering Military Security policy Unclassified Restricted Confidential Secret Top Secret

23 Computer Science and Engineering Access to Information Information access is limited by the need-to-know rule. Compartment: Each piece of classified information may be associated with one or more projects called compartments

24 Computer Science and Engineering Compartments and Sensitivity Levels Unclassified Restricted Confidential Secret Top Secret Compartment 1 Compartment 3 Compartment 2

25 Computer Science and Engineering Classification & Clearance  class of a piece of information Clearance: an indication that a person is trusted to access information up to a certain level of sensitivity.  clearance of a subject

26 Computer Science and Engineering Dominance Relation We say that s dominates o (or o is dominated by s) if o <= s. For a subject s and an object o, o <= s if and only if rank(o) <= rank(s) and compartments(o) is subset of compartments(s) A subject can read an object if the subject dominates the object.

27 Computer Science and Engineering Example Information classified as Which of the following subject clearances can read the above information?:

28 Computer Science and Engineering Models of Security  Security models are used to  Test a particular policy for completeness and consistency  Document a policy  Help conceptualize and design an implementation  Check whether an implementation meets the requirements

29 Computer Science and Engineering Lattice Upper bound Lower bound

30 Computer Science and Engineering Bell-La Padula Model  Formal description of the allowable paths of information flow in a secure system.  Set of subjects and another set of objects  Each subject s has a fixed security clearance C(s)  Each object o has a fixed security class C(o)

31 Computer Science and Engineering Bell-La Padula Model (Cont.)  Two properties characterize the secure flow of information:  A subject s may have read access to an object o only if C(o) <= C(s)  A subject s who has read access to an object o may have write access to an object p only if C(o) <= C(p).

32 Computer Science and Engineering Illustration o1o1 s1s1 o2o2 o3o3 s2s2 o4o4 o5o5 Low High

33 Computer Science and Engineering Harrison, Ruzzo, and Ullman (HRU) Model S1S2S3O1O2O3 S1controlOwner read S2controlOwner Read write readOwner execute S3controlread execute

34 Computer Science and Engineering HRU Model (cont.)  HRU allows the state of the protraction system to be changed by a well defined set of commands:  Add subject s to M  Add object o to M  Delete subject s from M  Delete object o from M  Add right r to M[s,o]  Delete right r from M[s,o] Owner can change rights of an object

35 Computer Science and Engineering Take Grant Model  Unlimited number of subjects and objects  States and state transitions  Directed graph  Four primitive operations:  take  create  grant  revoke

36 Computer Science and Engineering Take Grant Model (Cont.) O2 O1 O3 S1 S2 S3 read execute Read, write

37 Computer Science and Engineering Create OS S rights becomes

38 Computer Science and Engineering Revoke OS r1, r2 becomes OS r1, r2, r3

39 Computer Science and Engineering Take OS2 take becomes S1read OS2 take S1read

40 Computer Science and Engineering Grant becomes OS2 grant S1read OS2 grant S1 read

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004."

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Access Control Methodologies

Access Control Methodologies
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.

Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Chapter 7  Computer Security 1 Overview  Important components of computer security: o User authentication – determine the identity of an individual accessing.

Chapter 7  Computer Security 1 Overview  Important components of computer security: o User authentication – determine the identity of an individual accessing.
Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.

Reasons for Protection n Prevent users from accessing information they shouldn’t have access to. n Ensure that each program component uses system resources.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.

BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.
Lecture 7 Access Control

Lecture 7 Access Control
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

Similar presentations

Ads by Google