computer security in the real world
play

Computer Security in the Real World Butler Lampson Microsoft 1 - PowerPoint PPT Presentation

Dec 30, 2023 •98 likes •391 views

Computer Security in the Real World Butler Lampson Microsoft 1 Security: The Goal Computers are as secure as real world systems, and people believe it . This is hard because: Computers can do a lot of damage fast. There are many

  1. Computer Security in the Real World Butler Lampson Microsoft 1

  2. Security: The Goal Computers are as secure as real world systems, and people believe it . This is hard because: – Computers can do a lot of damage fast. – There are many places for things to go wrong. – Networks enable » Anonymous attacks from anywhere » Automated infection » Hostile code and hostile hosts – People don’t trust new things. 2

  3. Real-World Security It’s about value, locks, and punishment. − Locks good enough that bad guys don’t break in very often. − Police and courts good enough that bad guys that do break in get caught and punished often enough. − Less interference with daily life than value of loss. Security is expensive—buy only what you need. 3

  4. Elements of Security Policy : Specifying security What is it supposed to do? Mechanism : Implementing security How does it do it? Assurance : Correctness of security Does it really work? 4

  5. Dangers Vandalism or sabotage that – damages information integrity – disrupts service availability Theft of money integrity Theft of information secrecy Loss of privacy secrecy 5

  6. Vulnerabilities Bad (buggy or hostile) programs Bad (careless or hostile) people giving instructions to good programs Bad guy interfering with communications 6

  7. Defensive strategies Keep everybody out – Isolation Keep the bad guy out – Code signing, firewalls Let him in, but keep him from doing damage – Sandboxing, access control Catch him and prosecute him – Auditing, police 7

  8. The Access Control Model Guards control access to valued resources. Do Reference Object Principal operation monitor Source Request Guard Resource 8

  9. Mechanisms—The Gold Standard Authenticating principals − Mainly people, but also channels, servers, programs Authorizing access. − Usually for groups of principals Auditing Assurance – Trusted computing base 9

  10. Assurance: Making Security Work Trusted computing base – Limit what has to work to ensure security » Ideally, TCB is small and simple – Includes hardware and software – Also includes configuration, usually overlooked » What software has privileges » Database of users, passwords, privileges, groups » Network information (trusted hosts, …) » Access controls on system resources » . . . The unavoidable price of reliability is simplicity. —Hoare 10

  11. Assurance: Configuration Users—keep it simple – At most three levels: self, friends, others » Three places to put objects – Everything else done automatically with policies Administrators—keep it simple – Work by defining policies. Examples: » Each user has a private home folder » Each user belongs to one workgroup with a private folder » System folders contain vendor-approved releases » All executable programs are signed by a trusted party Today’s systems don’t support this very well 11

  12. Assurance: Defense in Depth Network, with a firewall Operating system, with sandboxing – Basic OS (such as NT) – Higher-level OS (such as Java) Application that checks authorization directly All need authentication 12

  13. Why We Don’t Have “Real” Security A . People don’t buy it: – Danger is small, so it’s OK to buy features instead. – Security is expensive. » Configuring security is a lot of work. » Secure systems do less because they’re older. − Security is a pain. » It stops you from doing things. » Users have to authenticate themselves. B . Systems are complicated, so they have bugs. 13

  14. Standard Operating System Security Assume secure channel from user (without proof) Authenticate user by local password – Assign local user and group SIDs Access control by ACLs: lists of SIDs and permissions – Reference monitor is the OS, or any RPC target Domains: same, but authenticate by RPC to controller Web servers: same, but simplified – Establish secure channel with SSL – Authenticate user by local password (or certificate) – ACL on right to enter, or on user’s private state 14

  15. End-to-End Security Authenticate secure channels Work uniformly between organizations – Microsoft can securely accept Intel’s authentication – Groups can have members from different organizations Delegate authority to groups or systems Audit all security decisions 15

  16. End-to-End example Alice is at Intel, working on Atom , a joint Intel- Microsoft project Alice connects to Spectra , Atom’s web page, with SSL Chain of responsibility: – K SSL ⇒ K temp ⇒ K Alice ⇒ Alice@Intel ⇒ Atom@Microsoft ⇒ r/w Spectra Microsoft says Intel Alice@Intel Atom@Microsoft says Spectra ACL says K Alice K Alice K temp K SSL Alice’s Alice’s login Spectra smart card system web page 16

  17. Principals Authentication: Who sent a message? Authorization: Who is trusted? Principal — abstraction of “who”: – People Alice , Bob – Services microsoft.com , Exchange – Groups UW-CS , MS-Employees – Secure channels key #678532E89A7692F , console Principals say things: – “Read file foo ” – “Alice’s key is #678532E89A7692F ” 17

  18. Speaks For Principal A speaks for B : A ⇒ Τ Β – Meaning: if A says something in set T , B says it too. » Thus A is stronger than B , or responsible for B , about T – Examples » Alice ⇒ Atom group of people » Key #7438 ⇒ Alice key for Alice Delegation rule: If A says “ B ⇒ A ” then B ⇒ A – We trust A to delegate its own authority. » Why should A delegate to B ? Needs case by case analysis. – Need a secure channel from A for “ A says” » Easy if A is a key. » Channel can be off-line (certificate) or on-line (Kerberos) 18

  19. Authenticating Channels Chain of responsibility: K SSL ⇒ ⇒ K Alice ⇒ Alice@Intel ⇒ … K temp K temp says K Alice says (SSL setup) (via smart card) Microsoft says Intel Alice@Intel Atom@Microsoft says Spectra ACL says K Alice K Alice K temp K SSL Alice’s Alice’s login Spectra smart card system web page 19

  20. Authenticating Names: SDSI/SPKI A name is in some name space, defined by a key The key speaks for any name in its name space – K Intel ⇒ K Intel / Alice (which is just Alice@Intel ) – K Intel says … K temp ⇒ K Alice ⇒ Alice@Intel ⇒ … Microsoft says Intel Alice@Intel Atom@Microsoft says Spectra ACL says K Alice K Alice K temp K SSL Alice’s Alice’s login Spectra smart card system web page 20

  21. Authenticating Groups A group is a principal; its members speak for it ⇒ Atom@Microsoft – Alice@Intel ⇒ Atom@Microsoft – Bob@Microsoft – … Evidence for groups: Just like names and keys. … K Alice ⇒ Alice@Intel ⇒ Atom@Microsoft ⇒ r/w … Microsoft says Intel Alice@Intel Atom@Microsoft says Spectra ACL says K Alice K Alice K temp K SSL Alice’s Alice’s login Spectra smart card system web page 21

  22. Authorization with ACLs View a resource object O as a principal An ACL entry for P means P can speak for O – Permissions limit the set of things P can say for O If Spectra ’s ACL says Atom can r/w , that means Spectra says … Alice@Intel ⇒ Atom@Microsoft ⇒ r/w Spectra Microsoft says Intel Alice@Intel Atom@Microsoft says Spectra ACL says K Alice K Alice K temp K SSL Alice’s Alice’s login Spectra smart card system web page 22

  23. End-to-End Example: Summary Request on SSL channel: K SSL says “read Spectra ” Chain of responsibility: K SSL ⇒ K temp ⇒ K Alice ⇒ Alice@Intel ⇒ Atom@Microsoft ⇒ r/w Spectra Microsoft says Intel Alice@Intel Atom@Microsoft says Spectra ACL says K Alice K Alice K temp K SSL Alice’s Alice’s login Spectra smart card system web page 23

  24. Compatibility with Local OS? (1) Put network principals on OS ACLs (2) Let network principal speak for local one – Alice@Intel ⇒ Alice@microsoft – Use network authentication » replacing local or domain authentication – Users and ACLs stay the same (3) Assign SIDs to network principals – Do this automatically – Use network authentication as before 24

  25. Authenticating Systems A digest X can authenticate a program Word : – K Microsoft says “If image I has digest X then I is Word ” X ⇒ K Microsoft / Word formally A system N can speak for another system Word : – K Microsoft says N ⇒ K Microsoft / Word The first cert makes N want to run I if N likes Word , and it makes N assert the running I is Word The second cert lets N convince others that N is authorized to run Word 25

  26. Auditing Checking access: – Given a request K Alice says “ read Spectra ” an ACL Atom may r/w Spectra K Alice ⇒ Atom – Check K Alice speaks for Atom r/w ≥ read rights suffice Auditing: Each step is justified by – A signed statement (certificate), or – A delgation rule 26

  27. Implement: Tools and Assurance Gold standard – Authentication Who said it? – Authorization Who is trusted? – Auditing What happened? End-to-end authorization – Principals: keys, names, groups – Speaks for: delegation, chain of responsibility Assurance: Trusted computing base – Keep it small and simple. – Include configuration, not just code. 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

+ = Autonomous Sensing Board SENSOR Computer NODE FOSAD'09 2 Components of the sensor node

+ = Autonomous Sensing Board SENSOR Computer NODE FOSAD'09 2 Components of the sensor node

WSN Security Javier Lopez Computer Science Department University of Malaga Spain Sensor node FOSAD'09 1 Real World Computer SENSE Computer World Real World FOSAD'09 Sensor nodes + = Autonomous Sensing Board SENSOR Computer

1.1k views • 55 slides
Real-World Protocols Prof. Tom Austin San Jos State University Real-World Protocols Next,

Real-World Protocols Prof. Tom Austin San Jos State University Real-World Protocols Next,

CS 166: Information Security Real-World Protocols Prof. Tom Austin San Jos State University Real-World Protocols Next, we look at real protocols SSH a simple & useful security protocol SSL practical security on the Web

1.27k views • 112 slides
XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( ) 2006.10 RSS is cool ! RSS RSS Really Simple Syndication Tired of checking your favorite news and blogs sites everyday?

786 views • 75 slides
Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world Security decisions based on: Value: How much is it worth? Locks: How hard is it to circumvent protection? Police: What are the

980 views • 47 slides
Accountability and Freedom Butler Lampson Microsoft September 26, 2005 1 Real-World Security

Accountability and Freedom Butler Lampson Microsoft September 26, 2005 1 Real-World Security

Accountability and Freedom Butler Lampson Microsoft September 26, 2005 1 Real-World Security It s about risk, locks, and deterrence . Risk management: cost of security < expected loss Perfect security costs way too much

707 views • 26 slides
CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and

CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and

CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and Implantable Cardiac Defibrillators Professor Adam Bates Fall 2016 Security & Privacy Research at Illinois (SPRAI) Oct 4th Deliverable

792 views • 20 slides
Collaborative Computer Meditated Communication Computing Real-world communication

Collaborative Computer Meditated Communication Computing Real-world communication

Topics Collaborative Computer Meditated Communication Computing Real-world communication Email Computer Literacy 1 Lecture 12 How to express emotions in verbal environment 16/10/2008 Chat/Desktop Conferencing (internetphone)

545 views • 6 slides
Security 1 - Passwords Computer security is a big and kind of dramatic area which lends itself to

Security 1 - Passwords Computer security is a big and kind of dramatic area which lends itself to

Security 1 - Passwords Computer security is a big and kind of dramatic area which lends itself to movie plots and fear. There are real threats our there, but staying safe is not that hard. Computer -- The Castle The computer is like a

416 views • 37 slides
Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides
Security in a Quantum World Vladimir Zamdzhiev Department of Computer Science Tulane University

Security in a Quantum World Vladimir Zamdzhiev Department of Computer Science Tulane University

Security in a Quantum World Security in a Quantum World Vladimir Zamdzhiev Department of Computer Science Tulane University November 7 2017 Vladimir Zamdzhiev Security in a Quantum World 1 / 12 Security in a Quantum World Physical Theories

483 views • 24 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Augmented Reality made More Real Amitabh Varshney Institute for Advanced Computer Studies

Augmented Reality made More Real Amitabh Varshney Institute for Advanced Computer Studies

Augmented Reality made More Real Amitabh Varshney Institute for Advanced Computer Studies (UMIACS) and Computer Science Augmented Reality An Interface to facilitate our awareness of the Digital (Virtual) World coexisting with the Real World

671 views • 25 slides
Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on

Real-World Authenticated Key Exchange Tibor Jager Paderborn University Summer School on Real-World Crypto and Privacy ibenik, Croatia June 17 th , 2019 Outline Security of the Diffie-Hellman Key Exchange Man-in-the-Middle attacks

1.09k views • 85 slides
Software Security Smashing the Stack: Real-World Examples Jan Nordholz Prof. Jean-Pierre Seifert

Software Security Smashing the Stack: Real-World Examples Jan Nordholz Prof. Jean-Pierre Seifert

Software Security Smashing the Stack: Real-World Examples Jan Nordholz Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2014 jan (sect) Software Security SoSe 2014 1 / 24 Example 1: the Morris worm (1988) first

695 views • 24 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
CryptoPuces 2011 Introduction State of the art SCWS / BIP The HTTP protocol

CryptoPuces 2011 Introduction State of the art SCWS / BIP The HTTP protocol

Matthieu BARREAUD, Guillaume BOUFFARD & Jean-Louis LANET {matthieu.barreaud,guillaume.bouffard,jean-louis.lanet}@xlim.fr SSD team XLIM University of Limoges http://secinfo.msi.unilim.fr This work is based on the M1 students project.

669 views • 23 slides
Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela E.Fourneret J.Jurjens P. Yousefi ARES 2011 OUTLINE Introduction Background UMLsec Model-based Testing Security in smart-card

356 views • 17 slides
Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya HAMADOUCHE , Jean-Louis LANET , Mohamed MEZGHICHE 1 LIMOSE Laboratory, University

898 views • 36 slides
Mark Hickman Professor in Civil Engineering, University of Queensland Brisbane, Australia

Mark Hickman Professor in Civil Engineering, University of Queensland Brisbane, Australia

Mark Hickman Professor in Civil Engineering, University of Queensland Brisbane, Australia Brisbane Research Topics Analytics for service / operations planning / control Passenger smart card data Vehicle location and trajectory data

634 views • 4 slides
Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and

Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and

Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and Machine Learning Resistance 18th Smart Card Research and Advanced Application Conference: CARDIS 2019 Nils Wisiol, Georg T. Becker, Marian Margraf,

952 views • 21 slides
Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk,

Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk,

Department of Technology & Operations Management Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk, Timo Polman, Leo Kroon, Peter Vervest and Gbor Marti Complexity in Public Transport:

2.21k views • 55 slides
FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium

FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium

FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium Contents Who am I? GNU Privacy Guard FSIJ USB Token PCB design V-USB (AVR-USB) CCID/ICCD Protocol OpenPGP Protocol RSA

991 views • 26 slides
Exploring the use of Intel SGX for Secure Many-Party Applications SysTEX16 K. A. Kucuk

Exploring the use of Intel SGX for Secure Many-Party Applications SysTEX16 K. A. Kucuk

Exploring the use of Intel SGX for Secure Many-Party Applications SysTEX16 K. A. Kucuk University of Oxford, UK December 12, 2016 Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure

607 views • 23 slides

More recommend