tools for security
play

Tools for Security Physical security Access control Encryption - PowerPoint PPT Presentation

Jan 18, 2024 •107 likes •465 views

Tools for Security Physical security Access control Encryption Authentication Encapsulation Intrusion detection Common sense Lecture 2 Page 1 CS 236 Online Physical Security Lock up your computer Actually,

  1. Tools for Security • Physical security • Access control • Encryption • Authentication • Encapsulation • Intrusion detection • Common sense Lecture 2 Page 1 CS 236 Online

  2. Physical Security • Lock up your computer – Actually, sometimes a good answer • But what about networking? – Networks poke a hole in the locked door • Hard to prevent legitimate holder of a computer from using it as he wants – E.g., smart phone jailbreaks • In any case, lack of physical security often makes other measures pointless Lecture 2 Page 2 CS 236 Online

  3. Access Controls • Only let authorized parties access the system • A lot trickier than it sounds • Particularly in a network environment • Once data is outside your system, how can you continue to control it? – Again, of concern in network environments Lecture 2 Page 3 CS 236 Online

  4. Encryption • Algorithms to hide the content of data or communications • Only those knowing a secret can decrypt the protection • One of the most important tools in computer security – But not a panacea • Covered in more detail later in class Lecture 2 Page 4 CS 236 Online

  5. Authentication • Methods of ensuring that someone is who they say they are • Vital for access control • But also vital for many other purposes • Often (but not always) based on encryption Lecture 2 Page 5 CS 236 Online

  6. Encapsulation • Methods of allowing outsiders limited access to your resources • Let them use or access some things – But not everything • Simple, in concept • Extremely challenging, in practice Lecture 2 Page 6 CS 236 Online

  7. Intrusion Detection • All security methods sometimes fail • When they do, notice that something is wrong • And take steps to correct the problem • Reactive, not preventative – But it’s unrealistic to believe any prevention is certain • Must be automatic to be really useful Lecture 2 Page 7 CS 236 Online

  8. Common Sense • A lot of problems arise because people don’t like to think • The best security tools generally fail if people use them badly • If the easiest way in is to fool people, that’s what attackers will do Lecture 2 Page 8 CS 236 Online

  9. Access Control • Security could be easy – If we didn’t want anyone to get access to anything • The trick is giving access to only the right people – And at the right time and circumstances • How do we ensure that a given resource can only be accessed when it should be? Lecture 2 Page 9 CS 236 Online

  10. Goals for Access Control • Complete mediation • Least privilege • Useful in a networked environment • Scalability • Acceptable cost and usability Lecture 2 Page 10 CS 236 Online

  11. Access Control Mechanisms • Access control lists • Capabilities • Access control matrices – Theoretical concept we won’t discuss in detail • Role based access control Lecture 2 Page 11 CS 236 Online

  12. The Language of Access Control • Subjects are active entities that want to gain access to something – E.g., users or programs • Objects represent things that can be accessed – E.g., files, devices, database records • Access is any form of interaction with an object • An entity can be both subject and object Lecture 2 Page 12 CS 236 Online

  13. Mandatory vs. Discretionary Access Control • Mandatory access control is dictated by the underlying system – Individual users can’t override it – Even for their own data • Discretionary access control is under command of the user – System enforces what they choose – More common than mandatory Lecture 2 Page 13 CS 236 Online

  14. Access Control Lists • For each protected resource, maintain a single list • Each list entry specifies a user who can access the resource – And the allowable modes of access • When a user requests access to a resource, check the access control list (ACL) Lecture 2 Page 14 CS 236 Online

  15. ACL Objects and Subjects • In ACL terminology, the resources being protected are objects • The entities attempting to access them are subjects – Allowing finer granularity of control than per-user Lecture 2 Page 15 CS 236 Online

  16. ACL Example • An operating system example: – Using ACLs to protect a file • User (Subject) A is allowed to read and write to the file • User (Subject) B may only read from it • User (Subject) C may not access it Lecture 2 Page 16 CS 236 Online

  17. An ACL Protecting a File Subject A File X Subject B read A write ACL for file X B write read Subject C C none denied Lecture 2 Page 17 CS 236 Online

  18. Issues for Access Control Lists • How do you know that the requestor is who he says he is? • How do you protect the access control list from modification? • How do you determine what resources a user can access? • Generally issues for OS design Lecture 2 Page 18 CS 236 Online

  19. Pros and Cons of ACLs + Easy to figure out who can access a resource + Easy to revoke or change access permissions – Hard to figure out what a subject can access – Changing access rights requires getting to the object Lecture 2 Page 19 CS 236 Online

  20. Capabilities • Each subject keeps a set of data items that specify his allowable accesses • Essentially, a set of tickets • Possession of the capability for an object implies that access is allowed Lecture 2 Page 20 CS 236 Online

  21. Properties of Capabilities • Must be unforgeable – In single machine, keep capabilities under control of OS – What about in a networked system? • In most systems, some capabilities allow creation of other capabilities – Process can pass a restricted set of capabilities to a subprocess Lecture 2 Page 21 CS 236 Online

  22. Capabilities Protecting a File Capabilities for A Subject A File X File X Read X Read, Write Read, Write OK! Capabilities File for B X Subject B File X Check Read File X Read, Write validity of Capabilities capability for C Subject C Capability Checking Lecture 2 Page 22 CS 236 Online

  23. Capabilities Denying Access Capabilities for A User A File X Read, Write No Capability Capabilities File for B Provided! X User B File X Check Read validity of Capabilities capability for C User C Capability write Checking Lecture 2 Page 23 CS 236 Online

  24. How Will This Work in a Network? How can we Capabilities tell if it’s a for A good Subject A Subject A capability? File X File X Read, Write Read, Write Capabilities File for B X Subject B Subject B File X File X Read Read Capabilities File X for C Read, Write Subject C Subject C Capability Checking Lecture 2 Page 24 CS 236 Online

  25. Revoking Capabilities How do we take away Fred’s capability? Accounts Fred receivable Without taking away Nancy’s? Nancy Lecture 2 Page 25 CS 236 Online

  26. Options for Revoking Capabilities • Destroy the capability – How do you find it? • Revoke on use – Requires checking on use • Generation numbers – Requires updating non-revoked capabilities Lecture 2 Page 26 CS 236 Online

  27. Pros and Cons of Capabilities + Easy to determine what a subject can access + Potentially faster than ACLs (in some circumstances) + Easy model for transfer of privileges – Hard to determine who can access an object – Requires extra mechanism to allow revocation – In network environment, need cryptographic methods to prevent forgery Lecture 2 Page 27 CS 236 Online

  28. Distributed Access Control • ACLs still work OK – Provided you have a global namespace for subjects – And no one can masquerade • Capabilities are more problematic – Security relies on unforgeability – Provided by cryptographic methods – Prevents forging, not copying Lecture 2 Page 28 CS 236 Online

  29. Role Based Access Control • An enhancement to ACLs or capabilities • Each user has certain roles he can take while using the system • At any given time, the user is performing a certain role • Give the user access to only those things that are required to fulfill that role • Available in some form in most modern operating systems Lecture 2 Page 29 CS 236 Online

  30. A Simple Example Fred is a system But Fred is a also a administrator normal user To:Fred From: Dick Subject: Fun URL ------ Hi, Fred. I found this neat URL . . . Fred should operate under one role while doing And another role while system administration doing normal stuff Lecture 2 Page 30 CS 236 Online

  31. Continuing With Our Example Fred logs on as “fred” He decides to upgrade He reads his email the C++ compiler So he changes his To:Fred From: Dick To:Fred Subject: Fun URL From: Dick role to “sysadmin” To:Fred ------ Subject: Fun URL From: Dick To:Fred Hi, Fred. I found ------ Subject: Fun URL From: Dick this neat URL Hi, Fred. I found ------ Subject: Fun URL . . . this neat URL Hi, Fred. I found ------ Then he has the privileges to . . . this neat URL Hi, Fred. I found . . . this neat URL . . . upgrade the compiler Result: Evil malware in But may have lost the privileges fred’s email can’t to read “fred’s” email “upgrade” the compiler Lecture 2 Page 31 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

592 views • 35 slides
Tools Google, et. al. Also, Ive tended to focus on Windows-based tools (with some mention

Tools Google, et. al. Also, Ive tended to focus on Windows-based tools (with some mention

Tools Here is a list of potentially useful tools and utilities with Computer Security which to fight the onslaught of viruses, worms, Trojan horses, and other malware. Dont consider it in any way a complete list! There are lots of

1.16k views • 9 slides
Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE SECURITY SPECIALIST Agenda Software Security Overview Software Security Methodologies Security Test Methods Analysis Tools Tools

497 views • 25 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow monitoring extended by application layer

1.99k views • 184 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

750 views • 31 slides
SharePoint Security Advanced SharePoint Security Tips and Tools 05 Oct 2010 Presen sented ted

SharePoint Security Advanced SharePoint Security Tips and Tools 05 Oct 2010 Presen sented ted

SharePoint Security Advanced SharePoint Security Tips and Tools 05 Oct 2010 Presen sented ted by: Francis Brown Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W Brief f Intro o to o SharePoint ePoint Overview of

490 views • 45 slides
SharePoint Security Advanced SharePoint Security Tips and Tools 22 Feb 2012 OWASP L.A. 2012

SharePoint Security Advanced SharePoint Security Tips and Tools 22 Feb 2012 OWASP L.A. 2012

SharePoint Security Advanced SharePoint Security Tips and Tools 22 Feb 2012 OWASP L.A. 2012 Los Angeles, CA Presen sented ed b by: Francis Brown Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W Br Brief ef Int

606 views • 58 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
Security and Data Privacy Instructor: Matei Zaharia cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Matei Zaharia cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Matei Zaharia cs245.stanford.edu Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 2 Outline Security requirements Key concepts and tools

873 views • 62 slides
Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 2 Outline Security requirements Key concepts and tools

1.53k views • 86 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University

Practical Network Security: Basic Tools & Techniques Guevara Noubir Northeastern University noubir@ccs.neu.edu G. Noubir Tools 1 1 Lesson Outcomes: you need to be able to Describe and discuss the various security threats to

1.04k views • 39 slides
The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI

The Bro Network Security Monitor Tools of the Trade Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Tools of the Trade Basic Toolbox 1. awk 2. head/tail 3. sort 4. uniq 5. bro-cut 2 / 9

128 views • 9 slides
Lecture 11 Control-flow Hijacking Defenses Stephen Checkoway Oberlin College Slides adapted

Lecture 11 Control-flow Hijacking Defenses Stephen Checkoway Oberlin College Slides adapted

Lecture 11 Control-flow Hijacking Defenses Stephen Checkoway Oberlin College Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation shellcode (aka payload) padding &buf computation +

688 views • 36 slides
A CTIVE M EASUREMENT F OR N EUROSCIENCE LCCC Focus Period on Large-Scale and Distributed

A CTIVE M EASUREMENT F OR N EUROSCIENCE LCCC Focus Period on Large-Scale and Distributed

(Towards) A CTIVE M EASUREMENT F OR N EUROSCIENCE LCCC Focus Period on Large-Scale and Distributed Optimization June 2017 Ross Boczar PhD Student boczar@berkeley.edu B erkeley C enter for C omputational Ben Eric I maging Recht

616 views • 48 slides
Lectures and the transition to university David Pritchard (david.pritchard@strath.ac.uk)

Lectures and the transition to university David Pritchard (david.pritchard@strath.ac.uk)

Lectures and the transition to university David Pritchard (david.pritchard@strath.ac.uk) University of Birmingham, 25 March 2015 Acknowledgements: the roughly 2000 first-year students whove helped me to find out what doesnt work. This is

401 views • 22 slides
Tiddle: A Trace Description Language for Generating Concurrent Benchmarks to Test Dynamic

Tiddle: A Trace Description Language for Generating Concurrent Benchmarks to Test Dynamic

Tiddle: A Trace Description Language for Generating Concurrent Benchmarks to Test Dynamic Analyses Caitlin Sadowski Jaeheon Yi July 20, 2009 University of California at Santa Cruz Monday, July 20, 2009 1 Some

570 views • 28 slides
This paper examines one of the key ways governments of developing countries can entrench a

This paper examines one of the key ways governments of developing countries can entrench a

This paper examines one of the key ways governments of developing countries can entrench a technological culture on her people in rural or semi rural settings. It will discuss the importance of technological governance through the

818 views • 63 slides
Which Material Design Is Commonsense . . . Possible Under Additive Commonsense . . . How

Which Material Design Is Commonsense . . . Possible Under Additive Commonsense . . . How

Additive . . . It Is Important to . . . How Complexity Is . . . Open Problem Which Material Design Is Commonsense . . . Possible Under Additive Commonsense . . . How Accurate Is Any . . . Manufacturing: How to Combine . . . Our Result A

370 views • 16 slides
Service Dogs for Dysautonomia! A service dog is defined in the ADA as any dog that has been

Service Dogs for Dysautonomia! A service dog is defined in the ADA as any dog that has been

Service Dogs for Dysautonomia! A service dog is defined in the ADA as any dog that has been Individually task trained to mitigate an individuals disability. Different countries have different requirements, however in the USA the

822 views • 36 slides
Another introduction to Gaussian Processes Richard Wilkinson School of Maths and Statistics

Another introduction to Gaussian Processes Richard Wilkinson School of Maths and Statistics

Another introduction to Gaussian Processes Richard Wilkinson School of Maths and Statistics University of Sheffield GP summer school September 2017 Why use Gaussian processes? Why use Gaussian processes? A stochastic process is a collection

1.69k views • 152 slides

More recommend