the protection of information in computer systems
play

The Protection of Information in Computer Systems Written by - PDF document

Aug 27, 2022 •426 likes •636 views

The Protection of Information in Computer Systems Written by Jerome H. Saltzer Michael D. Schroeder Presented by KeeHong Pang Organization Section I Desired functions Design principles Examples of elementary protection and

  1. The Protection of Information in Computer Systems Written by Jerome H. Saltzer Michael D. Schroeder ♦ Presented by KeeHong Pang Organization ♦ Section I – Desired functions – Design principles – Examples of elementary protection and authentication mechanisms ♦ Section II – Principles of modern protection architectures – The relation between capability systems and access control list systems – Protected subsystems and protected objects ♦ Section III – Review of the state of the art and current research projects 1

  2. The Beginning ♦ Goal – Explores the mechanics of protecting computer information from unauthorized use or modification. ♦ Motive – To control sharing of information among multiple users. ♦ This paper concentrates on – Protection – Authentication Security violation categories ♦ Passive attack – Release of message contents – Traffic analysis ♦ Active attack – Masquerade – Replay – Modification of message – Denial of service 2

  3. Passive Attacks ♦ Release of message contents Read contents of message Darth from Bob to Alice Internet or other comm facility Bob Alice ♦ Traffic analysis Observe pattern of messages Darth from Bob to Alice Internet or other comm facility Bob Alice Active Attacks ♦ Masquerade Message from Darth that Darth appears to be from Bob Internet or other comm facility Bob Alice ♦ Replay Capture message from Bob to Alice; Later replay Darth message to Alice Internet or other comm facility Bob Alice 3

  4. Active Attacks ♦ Modification of messages Darth modifies message from Darth Bob to Alice Internet or other comm facility Bob Alice ♦ Denial of service Darth disrupts service Darth provided by server Internet or other comm facility Bob Alice Protection schemes ♦ Unprotected systems – No provision for protection. ♦ All-or-nothing systems – Provide isolation of users or total sharing of some info. ♦ Controlled sharing – Control who may access each data item stored in the system. ♦ User-programmed sharing controls – Restrict access to a file in a way not provided in the standard. ♦ Putting strings on information – Maintain control over the user of the information even after releasing. 4

  5. Design Principles ♦ Economy of mechanism ♦ Fail-safe defaults ♦ Complete mediation ♦ Open design ♦ Separation of privilege ♦ Least privilege ♦ Least common mechanism ♦ User friendly interface Password scheme - Loading Password File E pwd User id salt Salt Password Load crypt … … … 5

  6. Password scheme - Verifying Password File User id User id salt E pwd Salt Select Password crypt Compare Defects in password systems ♦ Choice of password – Limit of length and combination – Password aging – System-generated password ♦ Plaintext transfer – Encryption – One-time password ♦ One-way authentication – Use LUCIFER system 6

  7. One authentication technique Remote Terminal Server Plaintext username Lookup up the name Swipe the card Password Load the user’s key Load the user’s key P P key key E E Standard exchange Access Control ♦ Authentication Authorization ♦ Terminology – Objects • An entity to which access must be controlled. • EX) process, file, database, semaphore, printer, memory segment • Type: the set of operations – Subjects • An entity whose access to objects must be controlled. • EX) process, user – Protection rules • Definition in which subjects can allowed to access objects. • Access right (subject, object) ♦ Models – Access matrix model – Information flow control model – Security kernel model 7

  8. Protection Domains ♦ An abstract definition of a set of access rights. – Not disjoint – Existence in multiple domains D1 D3 (File1, {Read, Write, Execute}) (File2, {Read}) (File3, {Read, Write, Execute}) {Semaphore1, {Up, Down}) (DapeDrive1, {Read, Write, Rewind}) (File1, {Read, Write}) (File2, {Read, Write, Execute}) (TapeDrive1, {Read}) D2 Access Matrix ♦ A matrix representing which rights on which objects belong to a particular domain. F1 F2 F3 S1 T1 Object Domain (File1) (File2) (File3) (Semaphore1) (Tape drive1) Read Up Read D1 Write Down Execute Read Up Read Read D2 Write Down Write Execute Read Read D3 Write Write Execute Rewind 8

  9. Validation of access ♦ Object monitor with each type of object (D, r, O) S in D O Access matrix Object Monitor O Look for the operation r D r r’ Domain Switching ♦ Guarantee the principle of least privilege. ♦ Operation - switch Object F1 F2 F3 S1 T1 D1 D2 D3 Domain Read Up Read Switch Switch D1 Write Down Execute Read Up Read Read Switch D2 Write Down Write Execute Read Read D3 Write Write Execute Rewind 9

  10. Change to the Protection State (1) ♦ Copy right – Copy an access right from one domain to another – Transfer / Copy with propagation not allowed /Copy with propagation allowed Object F1 F2 F3 Domain Read* Read D1 Write* Execute Read* Read* D2 Write Write Execute* Read D3 Write Execute Change to the Protection State (2) ♦ Owner right – Adding/deleting of rights to column entries Object F1 F2 F3 Domain Read* Write* Read D1 Execute Owner Read* Read* Write D2 Write Execute* Owner Read Write D3 Execute Owner 10

  11. Change to the Protection State (3) ♦ Control right – Only applicable to domain objects – A process can change the entries in a row Object F1 F2 F3 S1 T1 D1 D2 D3 Domain Read Up Switch Switch Read D1 Write Down Control Control Execute Read Up Read Switch Read D2 Write Down Write Control Execute Read Read D3 Write Write Execute Rewind Descriptor ♦ The value of the Descriptor Register to protect information. 11

  12. Separation of Addressing and Protection ♦ All memory accesses were divided into two levels of descriptors � protection and addressing Approaches ♦ Concept ♦ Validation ♦ Sharing ♦ Revocation 12

  13. Capability ♦ Decompose access matrix by rows ♦ Maintain (object, rights) pairs – capability capability Object id. Rights info. program B database Y shared math segment capability routine name for segment X database X A program A Math Catalog for UserA Simple Capability System 13

  14. Access Control Lists ♦ Decompose access matrix by columns ♦ Maintains (domain, rights) pairs for each object addressing descriptor base bound for this segment D1 read write … … access access control list D2 read controller … … principal permission identifier Access Control List System 14

  15. Access Validation - Capability ♦ A capability = An unforgeable ticket ♦ No need to search a list � Only verify that capability is valid ♦ Access the object without any further check. D i O j Object Monitor Object id. Right info. Verify that capability is valid Access Validation – ACLs (1) ♦ The access list for object O is first searched for D. ♦ The rights field of this element is searched. ♦ Check the access list on every access. – More security, but not efficiency Try to access for “R” D i O j Access control list Object Monitor Search the list for domain D i D i RW Search the right fields for rights “R” 15

  16. Access Validation – ACLs (2) ♦ Use of “ shadow ” capability registers – Invisible to the virtual processor. – The shadow register is loaded with directly access to the segment. – EX) file open and close in UNIX system ♦ Limit the number of entries on each access control list. Dynamic Sharing - Capability ♦ One or more object managers for each type of object. Object Manager(a) … 1) A request to create an object Object D i Manager(j) Capability Generate a capability with all rights A request to perform 2) some operation Object D i Manager(j) New capability t y i l i b p a a Generate a new capability c w N e D k 16

  17. Dynamic Sharing – ACLs (1) ♦ To grant access right r for object O to domain D Access control list A request to grant “R” D i O j Search the list for domain D i D i RW Add “R” in the list if found. Otherwise, add a new list element (D, R) ♦ To pass access right r from a domain D1 to another domain D2 – Check if D1 possesses either owner right or copy right for access right r . Dynamic Sharing – ACLs (2) ♦ Self control – Permission to modify the access control list. – Too absolute – no provision for another way to control. 17

  18. Dynamic Sharing – ACLs (3) ♦ Hierarchical control – The creator specifies some previously existing access controller whenever a new object is created. – Too powerful authority in higher level. Revocation (1) - Capability ♦ The capabilities for an object are stored in several capability lists. � Difficulty to determine which subjects have what rights for the object. ♦ Method for implementing revocation – Back Pointers • Keep track of all the capabilities for an object. • Change/Delete the capabilities selectively. � Maintain a list of pointers with the object. D 1 D2 O j D 3 D 5 D 4 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Decidability January 16, 2014 Slide 1 ECS 235B, Foundations of Information and Computer Security

Decidability January 16, 2014 Slide 1 ECS 235B, Foundations of Information and Computer Security

Outline Security Protection Systems Decidability January 16, 2014 Slide 1 ECS 235B, Foundations of Information and Computer Security January 16, 2014 Outline Security Protection Systems 1 Security Mono-operational command case General

791 views • 60 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Information Systems Asset Protection: Monitoring SYSTEM ATTACKS Kevin Henry CISA CISM CRISC

Information Systems Asset Protection: Monitoring SYSTEM ATTACKS Kevin Henry CISA CISM CRISC

Information Systems Asset Protection: Monitoring SYSTEM ATTACKS Kevin Henry CISA CISM CRISC CISSP Kevinmhenry@msn.com Asset Protection Monitoring Agenda: Security Testing Investigating Systems Attacks and Monitoring Incidents

813 views • 35 slides
Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory

Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory

Building Hardware Systems for Information Flow Tracking Hari Kannan Computer Systems Laboratory Stanford University The Computer Security Crisis More systems are online, vulnerable Banking, Power, Water, Government

673 views • 56 slides
Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata

Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata

Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Kernel programming basics Addressing schemes and software protection models Hardware/software protection support

1.44k views • 121 slides
METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

NUCLEAR REGULATORY AUTHORITY, GHANA COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and Computer Security Section Head Instrumentation & ICT Department Radiological &

180 views • 14 slides
Master's Presentations Computer Information Systems Fall 2019 Thursday, December 12, 2019

Master's Presentations Computer Information Systems Fall 2019 Thursday, December 12, 2019

Master's Presentations Computer Information Systems Fall 2019 Thursday, December 12, 2019 8:00-10:00a Grand River Room (2250 KC) School of Computing and Information Systems Masters Presentations Computer Information Systems Thursday,

437 views • 17 slides
CS490W: Web Information Systems CS-490W Web Information Systems Course Review Luo Si

CS490W: Web Information Systems CS-490W Web Information Systems Course Review Luo Si

CS490W: Web Information Systems CS-490W Web Information Systems Course Review Luo Si Department of Computer Science Purdue University Basic Concepts of IR: Outline Basic Concepts of Information Retrieval: Task definition of Ad-hoc IR

657 views • 38 slides
Last Class: File System Abstraction Naming Protection Persistence Fast access

Last Class: File System Abstraction Naming Protection Persistence Fast access

Last Class: File System Abstraction Naming Protection Persistence Fast access Computer Science Computer Science CS377: Operating Systems Lecture 17, page 1 Protection The OS must allow users to control sharing of their

399 views • 9 slides
Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@cise.ufl.edu Trusted Operating Systems (Pfleeger Ch. 7)

653 views • 29 slides
A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and

296 views • 14 slides
Okanagan College Kelowna campus What is CIS? Computer Information Systems CIS is a broad term

Okanagan College Kelowna campus What is CIS? Computer Information Systems CIS is a broad term

Okanagan College Kelowna campus What is CIS? Computer Information Systems CIS is a broad term that encapsulates a number of areas of information technology including software, data, networks, and computer security. 2 What does CIS at OC

327 views • 29 slides
Pairings I Michael Naehrig Eindhoven Institute for the Protection of Systems and Information

Pairings I Michael Naehrig Eindhoven Institute for the Protection of Systems and Information

Pairings I Michael Naehrig Eindhoven Institute for the Protection of Systems and Information Technische Universiteit Eindhoven rtr ECC Summer School 2008, Eindhoven 18 September 2008

336 views • 32 slides
the compelling alternative What is Cyber Security? Definition used: Protection of information

the compelling alternative What is Cyber Security? Definition used: Protection of information

the compelling alternative What is Cyber Security? Definition used: Protection of information systems (hardware, software and associated infrastructure), the data on them and the services they provide, from unauthorised access, harm or misuse .

418 views • 25 slides
Advocacy (P&A) Systems P&As Protection and Advocacy for Individuals with

Advocacy (P&A) Systems P&As Protection and Advocacy for Individuals with

Overview of Protection and Advocacy (P&A) Systems P&As Protection and Advocacy for Individuals with Developmental Disabilities (PADD) program Funded under Part C of the DD Act 57 P&As: In each State, Territory &

894 views • 17 slides
Releases Christopher McIntosh Lead Market Simulation Coordinator Independent 2017 Releases

Releases Christopher McIntosh Lead Market Simulation Coordinator Independent 2017 Releases

Market Simulation Independent 2017 Releases Christopher McIntosh Lead Market Simulation Coordinator Independent 2017 Releases Market Simulation October 9, 2017 Agenda ISO Market Simulation Support Market Simulation Issue

350 views • 18 slides
Satellite Constellation Evolution Session 5.0 17 July 2017 Karen St. Germain, Ph.D. Director,

Satellite Constellation Evolution Session 5.0 17 July 2017 Karen St. Germain, Ph.D. Director,

Satellite Constellation Evolution Session 5.0 17 July 2017 Karen St. Germain, Ph.D. Director, Office of Systems Architecture and Advanced Planning (OSAAP) NOAAs Flagship Satellites NOAA uses satellites to gather data to monitor and

360 views • 22 slides
U.S. ARMY COMBAT CAPABILITIES DEVELOPMENT COMMAND GROUND VEHICLE SYSTEMS CENTER Combat

U.S. ARMY COMBAT CAPABILITIES DEVELOPMENT COMMAND GROUND VEHICLE SYSTEMS CENTER Combat

U.S. ARMY COMBAT CAPABILITIES DEVELOPMENT COMMAND GROUND VEHICLE SYSTEMS CENTER Combat Vehicle Electrification Overview and Motivation DISTRIBUTION A. Approved for public release; distribution unlimited. OPSEC #: 3642 Joshua Tylenda

311 views • 10 slides
Architecture for Modular Frontend Applications std::cout << "Hello Berlin!";

Architecture for Modular Frontend Applications std::cout << "Hello Berlin!";

16:50-17:35, 6 Nov / Hall A2 Architecture for Modular Frontend Applications std::cout << "Hello Berlin!"; Lothar Schttner Florian Rappl CEO and founder of smapiot Solution Architect at smapiot Worked for Accenture

373 views • 24 slides
in Small Projects and Small Organizations Mark C. Paulk February 1999 Software Engineering

in Small Projects and Small Organizations Mark C. Paulk February 1999 Software Engineering

Carnegie Mellon University Software Engineering Institute Using the Software CMM in Small Projects and Small Organizations Mark C. Paulk February 1999 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890

574 views • 33 slides
Marketing Assessment In order for digital marketing to be effective, it is essential to

Marketing Assessment In order for digital marketing to be effective, it is essential to

Marketing Assessment In order for digital marketing to be effective, it is essential to continually improve people, process, systems, execution, strategy and vision (Buscemi, 2014). A logical approach to improvement is to consciously decide to

146 views • 3 slides
Developing Reverse Logistics Maturity Model to Transition to Circular Economy Serhan Alshammari

Developing Reverse Logistics Maturity Model to Transition to Circular Economy Serhan Alshammari

Developing Reverse Logistics Maturity Model to Transition to Circular Economy Serhan Alshammari 13 th Sep 2017 Scottish Institute of Remanufacturing www.cranfield.ac.uk 1 Content Circular economy CE- business motivation. CE

518 views • 38 slides
Supporting Time Planning Aligned with CMMI-DEV and PMBOK GQS Software Quality Group INCoD -

Supporting Time Planning Aligned with CMMI-DEV and PMBOK GQS Software Quality Group INCoD -

Supporting Time Planning Aligned with CMMI-DEV and PMBOK GQS Software Quality Group INCoD - The National Institute of Science and Technology for Digital Convergence Rafael Queiroz Gonalves Andr Marques Pereira Dr. rer. nat. Christiane

355 views • 11 slides

More recommend