SlideShare a Scribd company logo

Lect13 security

Download as PPT, PDF
U
Umang Gupta
Education
1 of 74
Security
Security     The security requirements are different for different computer systems depending on the environment in which they are supposed to operate. The security goals of a computer system are decided by its security policies, and the methods used to achieve these goals are called security mechanisms. Security policies can be decided independent of the available technology. Security mechanisms are influenced by the available technology.
Common goal of computer security     Secrecy :- Information within the system must be accessible only to authorized users. Privacy :- Misuse of information must be prevented. Authenticity :- when a user receives some data, the user must be able to verify its authenticity. Integrity :- Information within the system must be protected against accidental destruction or intentional corruption by an unauthorized user.
Internal and External security  Aspects of Internal security     External security deals with     User authentication Access control Communication security Fires, floods, earthquakes Stolen disks/tapes Leaking out of stored information by a person who has access to that information. Some methods for external security    Maintaining adequate backup copies pf stored information at places far away from the original information Using security guards to allow the entry of only authorized persons into the computer center. Allowing the access to sensitive information to only trusted users.
Potential attacks to computer systems  Passive attacks    They do not cause any harm to the system being threatened. They are inherently undetectable by the system and can only be dealt with by using preventive measures. Active attacks  They interfere with the normal functioning of the system and often have damaging effects, like corrupting files, destroying data, imitating hardware errors, causing the system to crash, confounding a receiver into accepting fabricated messages, and denial/delay of message delivery.  Active attacks are combated by a combination of prevention, detection, and recovery techniques.
Some methods of passive attacks  Browsing  In this method, intruder attempt to read stored files, message packets passing by the network, other processes’ memory, and so on, without modifying any data.  Access control mechanisms and message encryption are used as a solution.  Leaking  In it, an intruder used an accomplice ( a legitimate user having authority to access the information to be stolen) who leaks the information to him or her.  Prevention requires preventing all types of communication between the accomplice and the intruder.
Some methods of passive attacks  Inferencing   In this method, an intruder tries to draw some inference by closely observing and analyzing the system’s data or the activities carried out by the system, for example, traffic analysis in distributed systems. Masquerading  In this method, an intruder masquerades as an authorized user or program in order to gain access to unauthorized data or resources.  An intruder can also masquerade as a trusted server to a client requesting a service from the system ; called spoofing.
Some forms of active attacks    Viruses Worms Logic bombs
Viruses  A piece of code attached to legitimate program that, when executed, infects other programs in the system by replicating and attaching itself to them.  Virus attacks are active-type Trojan horse attacks.  Precautions to prevent virus problems : Buying software only from respectable stores.  Refusing to accept software in unsealed packages or from untrusted sources.  Avoiding borrowing programs from someone whose security standards are less rigorous than one’s own  Avoiding unloading of free software from public domain,etc.  An effective method to detect viruses is to use a snapshot program and a check routine.
Worms  Worms are programs that spread from one computer to another in a network of computers. They spread by taking advantages of the way in which resources are shared on a computer network and, in some cases, by exploiting flaws in the standard software installed on network systems.  It indirectly cripple a network by subverting the operation of computers on the network to their own purposes, monopolizing their resources, and saturating the communication links in a network.  Worm program has two types of code- bootstrap code and the code forming the main body of the worm.
Viruses vs. Worms    A virus is a program fragment whereas a worm is a complete program itself. Virus does not exist independently whereas worm can exist and execute. A virus spreads from one program to another whereas a worm spreads from one computer to another in a network.
Logic bombs    A logic bomb is a program that lies dormant until some trigger condition causes it to explode. On explosion, it destroys data and spoils system software of the host computer. Logic bombs can be embedded in a Trojan horse or carried about by a virus.
Active attacks associated with message communications  Integrity check  An intruder may change the contents of a message while it is travelling through a communication channel and the receiver may not be aware of this and accept it as the original message.  Authenticity attack  An intruder may cause an authenticity attack by changing the protocol control information (addresses) of the messages so that messages are delivered to wrong destinations.  Denial attack  The intruder causes complete or partial denial of message delivery by blocking the communication path.
Active attacks associated with message communications  Delay attack  An intruder may simply delay the delivery of message passing in an association between two communicating processes to fulfil his/her motive.  Replay attack  An intruder may retransmit old messages that are accepted as new messages by their recipients.
Confinement problem  Memoryless or confined program  Program that cannot retain or leak confidential information.  Confinement problem –  The prevention of confidential information leakage.  It deals with the problem of eliminating every means by which an authorized subject can release any information contained in the object to which it has access to some subjects that are not authorized to access that information.  Channels that can be used to leak information.  Legitimate channels  like the program uses to convey the results of its computation, such as messages or printed output.
Confinement problem  Storage channels   Like that utilize system storage such as shared variables or files to leak information to other processes. Covert channels  Paths that are not normally intended for information transfer at all but could be used to send some information, like  By modulating paging rate  By modulating CPU usage  By acquiring and releasing dedicated resources
Cryptography   Cryptography deals with the encryption of sensitive data to prevent its comprehensive and is the only practical means for protecting information sent over an insecure channel. Basic concepts  Encryption/enciphering is    process of transforming an intelligible information into an unintelligible form. a mathematical function (encryption algorithm) in the form of C= E(P, Ke) where P is plaintext, Ke is an encryption key and C is cipher text. Decryption/deciphering is  Process of transforming the information back from cipher text to plain text.
Cryptography  Decryption is a function inverse of the encryption function E, like D (E (P, Ke), Kd) = P where Kd is the decryption key. Plain text/clear text   Intelligible information or message Cipher text   Unintelligible information or result of encryption Nounce   An information that is guaranteed to be fresh, that is , it has not been used or appeared before.
Basic requirements for Cryptography    Easy to use and efficient encryption and decryption algorithms Dependence on the secrecy of the keys and not on the secrecy of the algorithms Computationally secure
Message Encryption Cipher text algorithm Ke Sender node Cipher text Insecure Channel Cipher text Decryption Message algorithm Kd Receiver node General structure of a cryptosystem
Symmetric and Asymmetric cryptosystems  Symmetric cryptosystems    It is also known as shared-key or private-key cryptosystems because either both the encryption key (K e) and decryption key (Kd) are the same or one is easily derivable from the other. A password-based user authentication system may use this scheme for saving passwords in encrypted form. Asymmetric cryptosystems   It is also known as public-key cryptosystems because the decryption key (Kd) is not equal to the encryption key (Ke) and it is computationally impractical to derive Kd from Ke. Advantages and disadvantages  Unlike asymmetric cryptosystems, Symmetric cryptosystems require that both encryption and decryption of information be performed by a trusted subsystem.
Symmetric and Asymmetric cryptosystems   Symmetric subsystems require a secure channel by which the sender can inform the receiver of the key used to encipher the messages but in asymmetric cryptosystem, both the public-key and the messages can be transmitted through an insecure channel. Asymmetric cryptosystems are computationally much more expensive than symmetric cryptosystems and are inefficient for bulk data encryption.
Key distribution in symmetric cryptosystems   Key distribution center (KDC) is used here, which is a trusted entity and is shared by all communicating users of the system. Common approaches used here are:   Centralized approach Fully distributed approach Partially distributed approach
Centralized approach  A single centralized KDC is used that maintains a table of secret keys for each user.  A user’s secret key is known only to the user and KDC.  Advantage :   Simple and easy to implement Drawbacks :  If there are n users in the system, n prearranged key pairs are needed to provide secure communications.  Poor reliability and performance bottleneck of the single KDC.
Centralized approach m3 m1 KDC IDa Ka IDb Kb . . . . . . Table of secret keys for each user m1= (Ra, IDa, IDb) A m2 m4 B m5 where Ra= code for the request made by user A IDa = identifier of user A IDb= identifier of user B m2= E((Ra, IDa, Kab, C1), Ka) Where Kab= secret key generated by the KDC for secrure communications between users A and B C1= E((Kab, IDa), Kb) Where Kb = private key of user B Ka= private key of user A m3= C1 m4= C2= E(Nr, Kab) where Nr= a random number generated by user B m5= C3= E(Nt, Kab) where Nt= f(Nr) and f is a previously defined function
Fully Distributed approach  In this approach, there is a KDC at each node of the distributed system.  Each KDC has a table of secret keys having private keys of all other KDCs.  Advantage :   It is highly reliable. Drawback :  In a system having n nodes, each KDC keeps n-1 keys, resulting in a total of n(n-1)/2 key pairs in the system.
Fully Distributed approach KDC m2 m1 A m3 m5 m6 Node N1 m1= (Ra, IDa, IDb) where Ra= code for the request made by user A IDa = identifier of user A IDb= identifier of user B m2= (Ra, IDa, Kab) Where Kab= secret key generated by the KDC of node N1 for secrure communications between users A and B m3= C1=E((Kab, IDa, IDb), K2) where K2 = private key of KDC of node N2 KDC m4 B Node N2 m4= (Kab, IDa) m5= C2= E(Nr, Kab) where Nr= a random number generated by user B m6= C3= E(Nt, Kab) where Nt= f(Nr) and f is a previously defined function
Partially Distributed approach  In this approach, the nodes of the system are partitioned into regions and, instead of having a KDC for each node, there is a KDC only for each region that resides on one of the nodes of that region.  Advantage:  The reliability of this approach lies in between the reliabilities of the centralized and the fully distributed approaches.  Failure of the KDC of a particular region will only disrupt key distribution activities that involve a user of that region.
Partially Distributed approach N1 N3 N6 m3 KDC N4 m1 m2 A N5 KDC N2 m4 m5 B m6 N7 Region R1 N8 N9 N10 Region R2 Let there be 10 nodes in the system that are partitioned into two regions R1 and R2 as shown above. The KDCs of regions R1 and R2 are located on nodes N1 and N6, respectively. m1= (Ra, IDa, IDb) where Ra= code for the request made by user A IDa = identifier of user A IDb= identifier of user B m4=C3 = E( (Kab, IDa), Kb) where Kb = private key of user B m5= C4= E(Nr, Kab) where Nr= a random number generated by user B m2= C1= E((Ra, IDa, Kab), Ka) Where Kab= secret key generated by the KDC of region R1 for secrure communications between users A and B m3= C2=E((Kab, IDa, IDb), K2) where K2 = private key of KDC of region R2 m6= C5= E(Nt, Kab) where Nt= f(Nr) and f is a previously defined function
Key Distribution in Asymmetric Cryptosystems    In asymmetric cryptosystems, a public-key manager (PKM) process is used to maintain a directory of public keys of all users in the system. There is a key pair (Pk, Sk) for the PKM also. The public key Pk is known to all users and the secret key Sk is known exclusively to the PKM.
Key Distribution in Asymmetric Cryptosystems PKM Sk m1 m4 m2 A Sa Pk m3 m6 m7 m5 B Sb Pk Pk = Public key of PKM Sk = secret key of PKM Pb = Public key of user B Sb = secret key of user B Pa = public key of user A Sa= secret key of user A IDa = user identifier of A IDb = user identifier of B m1 = C1= E ((Ra, T1, IDa,IDb) , Pk) m4= C4= E ((Rb, T2, IDa, IDb), Pk) where Ra = code for the request made by user A where Rb = code for the request made by user B T1= a timestamp T2= a timestamp m2= C2= E ((Ra, T1, Pb), Pa) m5= C5= E ((Rb, T2, Pa), Pb) m3= C3= E ((IDa, Na), Pb) m6= C6 = E ((Na, Nb), Pa) where Na= a random number generated by user A where Nb = a random number generated by user B m7= C7= E (Nb, Pb)
Authentication    Authentication deals with the problem of verifying the identity of a user before permitting access to the requested resource. It involves identification and verification. Types of authentication    User logins authentication One-way authentication of communicating entities Two-way authentication of communicating entities
Approaches of authentication  Proof by knowledge  Authentication involves verifying something that can only be known by an authorized principal, e.g., authentication based on user’s password.  Proof by possession  A user proves his/her identity by producing some item that can only be possessed by the authorized principal, e.g., a plastic card with a magnetic strip (having a user identifier number).  Proof by property  The system is designed to verify the identity of a user by measuring some physical characteristics of the user that are hard to forge, like fingerprints, person’s appearance, etc.
User login authentication  User identity is established at login, and all subsequent user activities, all access-control and accounting functions are attributed to this identity.  Most systems employ the direct demonstration method based on passwords.  Mechanisms of a password-based authentication  Keeping passwords secret  Making passwords difficult to guess  Limiting damages done by a compromised password  Identifying and discouraging unauthorized user logins  Single sign-on for using all resources in the system
Techniques to make passwords difficult to guess   Longer passwords Salting the password table   To artificially lengthen passwords by associating an n-bit random number with each password when it is first entered. System assistance in password selection
Techniques to identify and discourage unauthorized user logins  Thread monitoring  It detects security violations by checking for suspicious patterns of activity.  For example, the system may count the number of incorrect passwords given when a user is trying to log in, and may make an alarm to security personal after some failed login attempts.  Audit logs  The system maintains a record of all logins.  Baited traps  The system may maintain some special login names with easy passwords. Whenever anyone logs in using any of these names, the system security personal are immediately notified.
One-way authentication of communicating entities   Protocols based on symmetric cryptosystems Protocols based on asymmetric cryptosystems
Protocols based on symmetric cryptosystems  The verifier verifies the identity of a claimant by checking if the claimant can correctly encrypt a message by using a key that the verifier believes is known only to an entity with the claimed identity (outside the entities used in the verification process).
One-way authentication protocol based on symmetric cryptosystem Problems :m1 A m2 B m3 m1=IDa = identifier of user A 1. The scheme requires that each user must store the secret key for every other user it would ever want to authenticate. This may not be practically feasible in a large system having too many users and in which the number of users keeps changing frequently. 2. The compromise of one user can potentially compromise the entire system. m2= Nr= a random number generated by user B m3= C1= E(Nt, K) where K is the symmetric key shared between users A and B B decrypts C1 using K and compares the result with original Nr. If they are equal, A is accepted, otherwise rejected.
One-way authentication protocol based on symmetric cryptosystem and the use of a centralized authentication server. m4 AS m1 B m5 IDa Kb . . . . . . A m3 Ka IDb m2 Table of secret keys for each user AS = Authentication Server IDa = identifier of user A m1= IDa = identifier of user A IDb = identifier of user B m3= C1= E(Nr, Ka) Ka = secret key of user A m4= C2= E (( IDa, C1), Kb) Kb = secret key of user B The AS retrieves Nr by first decrypting C2 with Kb and then decrypting C1 with Ka. m2= Nr= a random number generated by user B m5= C3= E(Nr, Kb) B decrypts C3 with Kb and compares the result with original Nr. If they are equal, then A is accepted, otherwise rejected.
Protocols based on asymmetric cryptosystems  The verifier verifies the identity of a claimant by checking if the claimant can correctly encrypt a message by using the secret key of the user whose identity is being claimed.
One-way authentication protocol based on asymmetric cryptosystem Problems :- Storage distribution problems m1 A m2 B m3 m1=IDa = identifier of user A m2= Nr= a random number generated by user B m3= C1= E(Nt, Sa) where Sa =secret key of user A B decrypts C1 using the public key of user A and compares the result with original Nr. If they are equal, A is accepted, otherwise rejected. and key
One-way authentication protocol based on asymmetric cryptosystem and the use of a centralized authentication server m4 AS Ss m1 B Sb Ps m5 m2 A Sa Ps m3 m1= Ida Pa = public key of A m2= Nr= a random number generated by user B Pb = public key of B m3= C1= E(Nr, Sa) IDa Pa IDb Pb Ps = public key of AS m4= (Rb, IDa) . . . . . . IDa = identifier of user A where Rb = code for requesting the public key of a user m5= C2= E (( IDa, Pa), Ss) Table of secret keys for each user IDb = identifier of user B Sa = secret key of user A Sb = secret key of user B Ss = secret key of AS B decrypts Nr by first decrypting C2 with Ps and then decrypting C1 with Pa. The value of Nr obtained in this way is compared with the original value of Nr.If they are equal, then A is accepted, otherwise rejected.
Two-way authentication of communicating entities  Two-way authentication protocols allow both communicating entities to verify each other’s identity before establishing a secure logical communication channel between them.  Although the authentication protocol is based upon an asymmetric cryptosystem, the actual communications between users, after the secure logical communication channel is established between them, take place by a symmetric cryptosystem.
Two-way authentication protocol based on asymmetric cryptosystem and the use of a centralized authentication server. AS Table of secret keys for each user Sk m1 m2 A Sa Pk m3 m6 m7 IDa B Sb Pk Pb . . . m5 Pa IDb m4 . . . Pk = Public key of PKM Sk = secret key of PKM Pb = Public key of user B Sb = secret key of user B Pa = public key of user A Sa= secret key of user A IDa = user identifier of A IDb = user identifier of B m1 = C1= E ((Ra, T1, IDa,IDb) , Pk) m4= C4= E ((Rb, T2, IDa, IDb), Pk) where Ra = code for the request made by user A where Rb = code for the request made by user B T1= a timestamp T2= a timestamp m2= C2= E ((Ra, T1, Pb), Pa) m5= C5= E ((Rb, T2, Pa), Pb) m3= C3= E ((IDa, Na), Pb) m6= C6 = E ((Na, Nb), Pa) where Na= a random number generated by user A where Nb = a random number generated by user B m7= C7= E (Nb, Pb)
Access Control  Access control mechanisms are used for authorization, as    all resources are centrally located in a centralized systems, and access control can be performed by a central authority. Objects    It is an entity to which access must be controlled. It may be abstract entity, such as a process, a file, a semaphore, a tree data structure, etc. Subjects    It is an active entity whose access to objects must be controlled. These are entities wishing to access and perform operations on objects and to which access authorizations are granted, like processes and users. Protection rules  They define the possible ways in which subjects and objects are allowed to interact.
Principle of least privilege  The principle of least privilege requires that at any time a subject should be able to access only those objects that it currently requires to complete its task.
Protection domains  Domain    It is an abstract definition of a set of access rights. It is defined a set of (object, right) pairs. Each pair specifies an object and one or more operations that can be performed on the object. Protection domains are:   Each user as a domain Each process as a domain Each procedure as a domain
(file-1, {read, write, execute}) (file-2, {read}) (semaphore-1, {up, down}) (file-3, {read, write, execute}) (TapeDrive-1, {read, write, execute}) (file-1, {read, write}) (file-2, {read, write, execute}) (tapedrive-1, {read}) A system having three protection domains.
Protection domains  Points observed    Domain need not be disjoint. The same object can exist in multiple domains with different rights in each domain. If an object exists only in a single domain, it can be accessed only by the subjects in that domain.
Protection domains  Some ways of realizing a domain :   Each user as a domain Each process as a domain Each procedure as a domain
Access matrix   In the domain-based protection approach, the system must keep track of which rights on which objects belong to a particular domain. In the access matrix model, this information is represented as a matrix, called an access matrix. At any instance of time, the protection state of the system is defined by the contents of the access matrix.
(file-3, {read, write, execute}) (TapeDrive-1, {read, write, execute}) Object F1 F2 F3 (file-1) (file-2) (file-3) Read Write Execute Read Up Down Read Write Read Write Execute Up Down Domain D1 (file-1, {read, write, execute}) (file-2, {read}) D2 (semaphore-1, {up, down}) (file-1, {read, write}) (file-2, {read, write, execute}) (tapedrive-1, {read}) Protection domains D3 Read Write Execute Access Matrix S1 T1 (semaphore-1) (TapeDrive1) Read Read Write rewind
Deciding the contents of the access matrix entries   The contents of the access matrix entries corresponding to user-defined objects are decided by the users. The contents of the entries corresponding to systemdefined objects are decided by the system.
Validating access to objects by subjects  Object Monitor is associated with each type of object, and every attempted access by a subject to an object is validated.
Allowing controlled domain switching   The principle of least privilege requires that a process should be allowed to switch from one domain to another during its domain so that at any instance of time the process is given only as many rights as are necessary for performing its task at that time. Domain switching from domain Di to domain Dj is permitted if and only if the right switch is present in the (Di,Dj)th entry of the acess matrix.
Object F1 F2 F3 S1 Read Write Execute Read Up Down Read Write Read Write Execute Up Down T1 D1 D2 D3 Switch Switch Domain D1 D2 D3 Read Write Execute Read Switch Read Write rewind The access matrix with the domains included as objects
Allowing controlled change to the protection state   If the content of a domain cannot be changed, the same effect can be provided by created a new domain with the changed contents and switching to that new domain when we want to change the domain contents. In an access matrix model, it can be provided by treating the access matrix itself as an objet to be protected with rights- copy, owner and control.
Allowing changes to the column entries   The copy and owner rights allow a process to change the entries in a column. Three variants of copy right:     Transfer Copy with propagation not allowed Copy with propagation allowed The owner right is used to allow the adding/deleting of rights to column entries in a controlled manner.
Object F1 Object F1 F2 F3 D1 D2 D3 Read* Write D1 Read Read* Write Execute* D2 Read Write Execute An access matrix with copy rights Read* Write* Execute Owner Read Read* Write F3 Read* Write Execute* Owner Domain Domain Read* Write* Execute F2 D3 Read Write Execute Owner An access matrix with owner rights
Allowing changes to the row entries  The control right, which is only applicable to domain objects, is used to allow a process to change the entries in row.
Object F1 F2 F3 S1 Read Write Execute Read Up Down Read Write Read Write Execute Up Down T1 D1 D2 D3 Switch Control Switch control Domain D1 D2 D3 Read Write Execute Read Read Write rewind An access matrix with control rights. Switch Control
Methods to implement access matrix    Access control lists Capabilities Hybrid approach
Access control lists    In this method, the access matrix is decomposed by columns, and each column of the matrix is implemented as an access list for the object corresponding to that column. For each object, a list of ordered pair (domain, rights) is maintained, which defines all domains with a nonempty set of access rights for that object. Access validation  Whenever a subject in domain D executes an operation r on an object O, the access list for object O is first searched for the list element whose domain field is D. Then the rights field of this element is searched for r. If found, the operation is allowed to continue; otherwise, a protection violation occurs.
Access control lists    Granting rights  The access list for object O is first searched for the list element whose domain field is D. If found, right r is added to the rights field of this list element. Otherwise, a new list element is added to the access list for the object O. The domain field and rights field of this list element are set to D and r, respectively. Passing rights  Access list for object O is first checked to ensure that D1 possesses either owner right for object O or copy right for access right r. If D1 possesses any of the these two rights, access right r for object O is granted to domain D2. Otherwise, a protection violation occurs. Rights revocation  Access rights r for object O is invoked from domain D simply by deleting r from the rights set of domain D in the access list for O.
Access control lists  Advantage of access control lists   For a given object the set of domains from which it can be accessed can be determined efficiently. Drawback of access control lists  For a given domain the set of access rights cannot be determined efficiently.
Capabilities     In this method, the access matrix is decomposed by rows, and each row is associated with its domain. A list of ordered pairs (object, rights) is maintained, called capabilities, which defines all objects for which the domain possesses some access rights. The list associated with a domain is called a capability list. Purpose of a capability:   To uniquely identify an object To allow its holder to access the object it identifies in one or more permission modes.
Two basic parts of a capability Object Identifier Rights Information
Capabilities  Access validation   Granting and passing of rights   Once a process establishes the possession of a capability for an object, it can access the object in one of the modes allowed by the capability without any further check by the security system. For this object managers are used. Protecting capabilities against unauthorized access  Requirements:   A capability must uniquely identify an object in the entire system. Capabilities must be protected from user tampering. Guessing of a valid capability should be impossible or at least very difficult.
Capabilities  Methods to meet these requirements:  Tagged architecture   Partitioned implementation    In this method, each object has a tag to denote its type as either a capability or an ordinary accessible data. Store the capability separately from data in special segments that can only be accessed by the operating system. One way to implement this is to partition the address of a user process into two parts- one accessible to the process and the other accessible only to the operating system. Encryption of sparse capabilities  In this method, a large name space that is sufficiently sparse is used for the capabilities.
Capabilities  Methods for implementing revocation for capabilities are :    Back pointers Indirection Use of keys
Hybrid approach     In the hybrid approach, both ACLs and capabilities are employed along with the concept of a session. A session is a logical concept of a period during which a process accesses an object. When a process first tries to start a session for accessing an object, it specifies the access modes that it may perform on the object during the session. The ACL of the object is searched for the types of operations desired. If access is denied, a protection violation occurs. Otherwise, the system creates a new capability for the object and attaches it to the process. After this, all accesses to the object by this process during the session are made using the capability so that an access control check can be performed efficiently. After the session is over, the capability is destroyed.
Digital signatures   A digital signature is a code, or a large number, that is unique for each message and to each message originator. It is obtained by first processing the message with a hash function (called a digest function) to obtain a small digest dependent on each bit of information in the message and then encrypting the digest by using the originator’s secret key.
Design principles             Least privilege Fail-safe defaults Open design Built in to the system Check for current authority Easy granting and revocation of access rights Never trust other parties Always ensure freshness of messages Build firewalls Efficient Convenient to use Cost effective

Recommended

23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Security
Security Security
Security chian417
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 

Recommended

23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Security
Security Security
Security chian417
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Intruders
IntrudersIntruders
Intruderstechn
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Windows network security
Windows network securityWindows network security
Windows network securityInformation Technology
 
NSA and PT
NSA and PTNSA and PT
NSA and PTRahmat Suhatman
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 introKhawar Nehal khawar.nehal@atrc.net.pk
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and ToolsKaran Bhandari
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authenticationmbadhi
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsInformation Technology
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Computer organiztion6
Computer organiztion6Computer organiztion6
Computer organiztion6Umang Gupta
 
Graph theory narsingh deo
Graph theory narsingh deoGraph theory narsingh deo
Graph theory narsingh deoUmang Gupta
 

More Related Content

What's hot

Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Intruders
IntrudersIntruders
Intruderstechn
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and ToolsKaran Bhandari
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authenticationmbadhi
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsInformation Technology
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 

What's hot (20)

Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Intruders
IntrudersIntruders
Intruders
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Windows network security
Windows network securityWindows network security
Windows network security
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability Assessments
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 

Viewers also liked

Computer organiztion6
Computer organiztion6Computer organiztion6
Computer organiztion6Umang Gupta
 
Graph theory narsingh deo
Graph theory narsingh deoGraph theory narsingh deo
Graph theory narsingh deoUmang Gupta
 
Computer organiztion2
Computer organiztion2Computer organiztion2
Computer organiztion2Umang Gupta
 
Computer organiztion3
Computer organiztion3Computer organiztion3
Computer organiztion3Umang Gupta
 
Computer organiztion4
Computer organiztion4Computer organiztion4
Computer organiztion4Umang Gupta
 
Lecture43 network security
Lecture43 network securityLecture43 network security
Lecture43 network securityUmang Gupta
 
Computer organiztion1
Computer organiztion1Computer organiztion1
Computer organiztion1Umang Gupta
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010Umang Gupta
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture NotesFellowBuddy.com
 
Communication systems
Communication systemsCommunication systems
Communication systemsUmang Gupta
 
periodic functions and Fourier series
periodic functions and Fourier seriesperiodic functions and Fourier series
periodic functions and Fourier seriesUmang Gupta
 
Angle modulation
Angle modulationAngle modulation
Angle modulationUmang Gupta
 

Viewers also liked (12)

Computer organiztion6
Computer organiztion6Computer organiztion6
Computer organiztion6
 
Graph theory narsingh deo
Graph theory narsingh deoGraph theory narsingh deo
Graph theory narsingh deo
 
Computer organiztion2
Computer organiztion2Computer organiztion2
Computer organiztion2
 
Computer organiztion3
Computer organiztion3Computer organiztion3
Computer organiztion3
 
Computer organiztion4
Computer organiztion4Computer organiztion4
Computer organiztion4
 
Lecture43 network security
Lecture43 network securityLecture43 network security
Lecture43 network security
 
Computer organiztion1
Computer organiztion1Computer organiztion1
Computer organiztion1
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture Notes
 
Communication systems
Communication systemsCommunication systems
Communication systems
 
periodic functions and Fourier series
periodic functions and Fourier seriesperiodic functions and Fourier series
periodic functions and Fourier series
 
Angle modulation
Angle modulationAngle modulation
Angle modulation
 

Similar to Lect13 security

Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptxBisharSuleiman
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Security communication
Security communicationSecurity communication
Security communicationSay Shyong
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyManjunath G
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.pptSwapnaPavan2
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
It security
It securityIt security
It securityavi2607
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with securityeSAT Publishing House
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocolseSAT Journals
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 

Similar to Lect13 security (20)

OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
Module 1.pptx
Module 1.pptxModule 1.pptx
Module 1.pptx
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptx
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Security communication
Security communicationSecurity communication
Security communication
 
Data security
Data securityData security
Data security
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Computer security
Computer securityComputer security
Computer security
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.ppt
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
It security
It securityIt security
It security
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with security
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocols
 
Security and management
Security and managementSecurity and management
Security and management
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 

Recently uploaded

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 

Recently uploaded (20)

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 

Lect13 security

  • 2. Security     The security requirements are different for different computer systems depending on the environment in which they are supposed to operate. The security goals of a computer system are decided by its security policies, and the methods used to achieve these goals are called security mechanisms. Security policies can be decided independent of the available technology. Security mechanisms are influenced by the available technology.
  • 3. Common goal of computer security     Secrecy :- Information within the system must be accessible only to authorized users. Privacy :- Misuse of information must be prevented. Authenticity :- when a user receives some data, the user must be able to verify its authenticity. Integrity :- Information within the system must be protected against accidental destruction or intentional corruption by an unauthorized user.
  • 4. Internal and External security  Aspects of Internal security     External security deals with     User authentication Access control Communication security Fires, floods, earthquakes Stolen disks/tapes Leaking out of stored information by a person who has access to that information. Some methods for external security    Maintaining adequate backup copies pf stored information at places far away from the original information Using security guards to allow the entry of only authorized persons into the computer center. Allowing the access to sensitive information to only trusted users.
  • 5. Potential attacks to computer systems  Passive attacks    They do not cause any harm to the system being threatened. They are inherently undetectable by the system and can only be dealt with by using preventive measures. Active attacks  They interfere with the normal functioning of the system and often have damaging effects, like corrupting files, destroying data, imitating hardware errors, causing the system to crash, confounding a receiver into accepting fabricated messages, and denial/delay of message delivery.  Active attacks are combated by a combination of prevention, detection, and recovery techniques.
  • 6. Some methods of passive attacks  Browsing  In this method, intruder attempt to read stored files, message packets passing by the network, other processes’ memory, and so on, without modifying any data.  Access control mechanisms and message encryption are used as a solution.  Leaking  In it, an intruder used an accomplice ( a legitimate user having authority to access the information to be stolen) who leaks the information to him or her.  Prevention requires preventing all types of communication between the accomplice and the intruder.
  • 7. Some methods of passive attacks  Inferencing   In this method, an intruder tries to draw some inference by closely observing and analyzing the system’s data or the activities carried out by the system, for example, traffic analysis in distributed systems. Masquerading  In this method, an intruder masquerades as an authorized user or program in order to gain access to unauthorized data or resources.  An intruder can also masquerade as a trusted server to a client requesting a service from the system ; called spoofing.
  • 8. Some forms of active attacks    Viruses Worms Logic bombs
  • 9. Viruses  A piece of code attached to legitimate program that, when executed, infects other programs in the system by replicating and attaching itself to them.  Virus attacks are active-type Trojan horse attacks.  Precautions to prevent virus problems : Buying software only from respectable stores.  Refusing to accept software in unsealed packages or from untrusted sources.  Avoiding borrowing programs from someone whose security standards are less rigorous than one’s own  Avoiding unloading of free software from public domain,etc.  An effective method to detect viruses is to use a snapshot program and a check routine.
  • 10. Worms  Worms are programs that spread from one computer to another in a network of computers. They spread by taking advantages of the way in which resources are shared on a computer network and, in some cases, by exploiting flaws in the standard software installed on network systems.  It indirectly cripple a network by subverting the operation of computers on the network to their own purposes, monopolizing their resources, and saturating the communication links in a network.  Worm program has two types of code- bootstrap code and the code forming the main body of the worm.
  • 11. Viruses vs. Worms    A virus is a program fragment whereas a worm is a complete program itself. Virus does not exist independently whereas worm can exist and execute. A virus spreads from one program to another whereas a worm spreads from one computer to another in a network.
  • 12. Logic bombs    A logic bomb is a program that lies dormant until some trigger condition causes it to explode. On explosion, it destroys data and spoils system software of the host computer. Logic bombs can be embedded in a Trojan horse or carried about by a virus.
  • 13. Active attacks associated with message communications  Integrity check  An intruder may change the contents of a message while it is travelling through a communication channel and the receiver may not be aware of this and accept it as the original message.  Authenticity attack  An intruder may cause an authenticity attack by changing the protocol control information (addresses) of the messages so that messages are delivered to wrong destinations.  Denial attack  The intruder causes complete or partial denial of message delivery by blocking the communication path.
  • 14. Active attacks associated with message communications  Delay attack  An intruder may simply delay the delivery of message passing in an association between two communicating processes to fulfil his/her motive.  Replay attack  An intruder may retransmit old messages that are accepted as new messages by their recipients.
  • 15. Confinement problem  Memoryless or confined program  Program that cannot retain or leak confidential information.  Confinement problem –  The prevention of confidential information leakage.  It deals with the problem of eliminating every means by which an authorized subject can release any information contained in the object to which it has access to some subjects that are not authorized to access that information.  Channels that can be used to leak information.  Legitimate channels  like the program uses to convey the results of its computation, such as messages or printed output.
  • 16. Confinement problem  Storage channels   Like that utilize system storage such as shared variables or files to leak information to other processes. Covert channels  Paths that are not normally intended for information transfer at all but could be used to send some information, like  By modulating paging rate  By modulating CPU usage  By acquiring and releasing dedicated resources
  • 17. Cryptography   Cryptography deals with the encryption of sensitive data to prevent its comprehensive and is the only practical means for protecting information sent over an insecure channel. Basic concepts  Encryption/enciphering is    process of transforming an intelligible information into an unintelligible form. a mathematical function (encryption algorithm) in the form of C= E(P, Ke) where P is plaintext, Ke is an encryption key and C is cipher text. Decryption/deciphering is  Process of transforming the information back from cipher text to plain text.
  • 18. Cryptography  Decryption is a function inverse of the encryption function E, like D (E (P, Ke), Kd) = P where Kd is the decryption key. Plain text/clear text   Intelligible information or message Cipher text   Unintelligible information or result of encryption Nounce   An information that is guaranteed to be fresh, that is , it has not been used or appeared before.
  • 19. Basic requirements for Cryptography    Easy to use and efficient encryption and decryption algorithms Dependence on the secrecy of the keys and not on the secrecy of the algorithms Computationally secure
  • 20. Message Encryption Cipher text algorithm Ke Sender node Cipher text Insecure Channel Cipher text Decryption Message algorithm Kd Receiver node General structure of a cryptosystem
  • 21. Symmetric and Asymmetric cryptosystems  Symmetric cryptosystems    It is also known as shared-key or private-key cryptosystems because either both the encryption key (K e) and decryption key (Kd) are the same or one is easily derivable from the other. A password-based user authentication system may use this scheme for saving passwords in encrypted form. Asymmetric cryptosystems   It is also known as public-key cryptosystems because the decryption key (Kd) is not equal to the encryption key (Ke) and it is computationally impractical to derive Kd from Ke. Advantages and disadvantages  Unlike asymmetric cryptosystems, Symmetric cryptosystems require that both encryption and decryption of information be performed by a trusted subsystem.
  • 22. Symmetric and Asymmetric cryptosystems   Symmetric subsystems require a secure channel by which the sender can inform the receiver of the key used to encipher the messages but in asymmetric cryptosystem, both the public-key and the messages can be transmitted through an insecure channel. Asymmetric cryptosystems are computationally much more expensive than symmetric cryptosystems and are inefficient for bulk data encryption.
  • 23. Key distribution in symmetric cryptosystems   Key distribution center (KDC) is used here, which is a trusted entity and is shared by all communicating users of the system. Common approaches used here are:   Centralized approach Fully distributed approach Partially distributed approach
  • 24. Centralized approach  A single centralized KDC is used that maintains a table of secret keys for each user.  A user’s secret key is known only to the user and KDC.  Advantage :   Simple and easy to implement Drawbacks :  If there are n users in the system, n prearranged key pairs are needed to provide secure communications.  Poor reliability and performance bottleneck of the single KDC.
  • 25. Centralized approach m3 m1 KDC IDa Ka IDb Kb . . . . . . Table of secret keys for each user m1= (Ra, IDa, IDb) A m2 m4 B m5 where Ra= code for the request made by user A IDa = identifier of user A IDb= identifier of user B m2= E((Ra, IDa, Kab, C1), Ka) Where Kab= secret key generated by the KDC for secrure communications between users A and B C1= E((Kab, IDa), Kb) Where Kb = private key of user B Ka= private key of user A m3= C1 m4= C2= E(Nr, Kab) where Nr= a random number generated by user B m5= C3= E(Nt, Kab) where Nt= f(Nr) and f is a previously defined function
  • 26. Fully Distributed approach  In this approach, there is a KDC at each node of the distributed system.  Each KDC has a table of secret keys having private keys of all other KDCs.  Advantage :   It is highly reliable. Drawback :  In a system having n nodes, each KDC keeps n-1 keys, resulting in a total of n(n-1)/2 key pairs in the system.
  • 27. Fully Distributed approach KDC m2 m1 A m3 m5 m6 Node N1 m1= (Ra, IDa, IDb) where Ra= code for the request made by user A IDa = identifier of user A IDb= identifier of user B m2= (Ra, IDa, Kab) Where Kab= secret key generated by the KDC of node N1 for secrure communications between users A and B m3= C1=E((Kab, IDa, IDb), K2) where K2 = private key of KDC of node N2 KDC m4 B Node N2 m4= (Kab, IDa) m5= C2= E(Nr, Kab) where Nr= a random number generated by user B m6= C3= E(Nt, Kab) where Nt= f(Nr) and f is a previously defined function
  • 28. Partially Distributed approach  In this approach, the nodes of the system are partitioned into regions and, instead of having a KDC for each node, there is a KDC only for each region that resides on one of the nodes of that region.  Advantage:  The reliability of this approach lies in between the reliabilities of the centralized and the fully distributed approaches.  Failure of the KDC of a particular region will only disrupt key distribution activities that involve a user of that region.
  • 29. Partially Distributed approach N1 N3 N6 m3 KDC N4 m1 m2 A N5 KDC N2 m4 m5 B m6 N7 Region R1 N8 N9 N10 Region R2 Let there be 10 nodes in the system that are partitioned into two regions R1 and R2 as shown above. The KDCs of regions R1 and R2 are located on nodes N1 and N6, respectively. m1= (Ra, IDa, IDb) where Ra= code for the request made by user A IDa = identifier of user A IDb= identifier of user B m4=C3 = E( (Kab, IDa), Kb) where Kb = private key of user B m5= C4= E(Nr, Kab) where Nr= a random number generated by user B m2= C1= E((Ra, IDa, Kab), Ka) Where Kab= secret key generated by the KDC of region R1 for secrure communications between users A and B m3= C2=E((Kab, IDa, IDb), K2) where K2 = private key of KDC of region R2 m6= C5= E(Nt, Kab) where Nt= f(Nr) and f is a previously defined function
  • 30. Key Distribution in Asymmetric Cryptosystems    In asymmetric cryptosystems, a public-key manager (PKM) process is used to maintain a directory of public keys of all users in the system. There is a key pair (Pk, Sk) for the PKM also. The public key Pk is known to all users and the secret key Sk is known exclusively to the PKM.
  • 31. Key Distribution in Asymmetric Cryptosystems PKM Sk m1 m4 m2 A Sa Pk m3 m6 m7 m5 B Sb Pk Pk = Public key of PKM Sk = secret key of PKM Pb = Public key of user B Sb = secret key of user B Pa = public key of user A Sa= secret key of user A IDa = user identifier of A IDb = user identifier of B m1 = C1= E ((Ra, T1, IDa,IDb) , Pk) m4= C4= E ((Rb, T2, IDa, IDb), Pk) where Ra = code for the request made by user A where Rb = code for the request made by user B T1= a timestamp T2= a timestamp m2= C2= E ((Ra, T1, Pb), Pa) m5= C5= E ((Rb, T2, Pa), Pb) m3= C3= E ((IDa, Na), Pb) m6= C6 = E ((Na, Nb), Pa) where Na= a random number generated by user A where Nb = a random number generated by user B m7= C7= E (Nb, Pb)
  • 32. Authentication    Authentication deals with the problem of verifying the identity of a user before permitting access to the requested resource. It involves identification and verification. Types of authentication    User logins authentication One-way authentication of communicating entities Two-way authentication of communicating entities
  • 33. Approaches of authentication  Proof by knowledge  Authentication involves verifying something that can only be known by an authorized principal, e.g., authentication based on user’s password.  Proof by possession  A user proves his/her identity by producing some item that can only be possessed by the authorized principal, e.g., a plastic card with a magnetic strip (having a user identifier number).  Proof by property  The system is designed to verify the identity of a user by measuring some physical characteristics of the user that are hard to forge, like fingerprints, person’s appearance, etc.
  • 34. User login authentication  User identity is established at login, and all subsequent user activities, all access-control and accounting functions are attributed to this identity.  Most systems employ the direct demonstration method based on passwords.  Mechanisms of a password-based authentication  Keeping passwords secret  Making passwords difficult to guess  Limiting damages done by a compromised password  Identifying and discouraging unauthorized user logins  Single sign-on for using all resources in the system
  • 35. Techniques to make passwords difficult to guess   Longer passwords Salting the password table   To artificially lengthen passwords by associating an n-bit random number with each password when it is first entered. System assistance in password selection
  • 36. Techniques to identify and discourage unauthorized user logins  Thread monitoring  It detects security violations by checking for suspicious patterns of activity.  For example, the system may count the number of incorrect passwords given when a user is trying to log in, and may make an alarm to security personal after some failed login attempts.  Audit logs  The system maintains a record of all logins.  Baited traps  The system may maintain some special login names with easy passwords. Whenever anyone logs in using any of these names, the system security personal are immediately notified.
  • 37. One-way authentication of communicating entities   Protocols based on symmetric cryptosystems Protocols based on asymmetric cryptosystems
  • 38. Protocols based on symmetric cryptosystems  The verifier verifies the identity of a claimant by checking if the claimant can correctly encrypt a message by using a key that the verifier believes is known only to an entity with the claimed identity (outside the entities used in the verification process).
  • 39. One-way authentication protocol based on symmetric cryptosystem Problems :m1 A m2 B m3 m1=IDa = identifier of user A 1. The scheme requires that each user must store the secret key for every other user it would ever want to authenticate. This may not be practically feasible in a large system having too many users and in which the number of users keeps changing frequently. 2. The compromise of one user can potentially compromise the entire system. m2= Nr= a random number generated by user B m3= C1= E(Nt, K) where K is the symmetric key shared between users A and B B decrypts C1 using K and compares the result with original Nr. If they are equal, A is accepted, otherwise rejected.
  • 40. One-way authentication protocol based on symmetric cryptosystem and the use of a centralized authentication server. m4 AS m1 B m5 IDa Kb . . . . . . A m3 Ka IDb m2 Table of secret keys for each user AS = Authentication Server IDa = identifier of user A m1= IDa = identifier of user A IDb = identifier of user B m3= C1= E(Nr, Ka) Ka = secret key of user A m4= C2= E (( IDa, C1), Kb) Kb = secret key of user B The AS retrieves Nr by first decrypting C2 with Kb and then decrypting C1 with Ka. m2= Nr= a random number generated by user B m5= C3= E(Nr, Kb) B decrypts C3 with Kb and compares the result with original Nr. If they are equal, then A is accepted, otherwise rejected.
  • 41. Protocols based on asymmetric cryptosystems  The verifier verifies the identity of a claimant by checking if the claimant can correctly encrypt a message by using the secret key of the user whose identity is being claimed.
  • 42. One-way authentication protocol based on asymmetric cryptosystem Problems :- Storage distribution problems m1 A m2 B m3 m1=IDa = identifier of user A m2= Nr= a random number generated by user B m3= C1= E(Nt, Sa) where Sa =secret key of user A B decrypts C1 using the public key of user A and compares the result with original Nr. If they are equal, A is accepted, otherwise rejected. and key
  • 43. One-way authentication protocol based on asymmetric cryptosystem and the use of a centralized authentication server m4 AS Ss m1 B Sb Ps m5 m2 A Sa Ps m3 m1= Ida Pa = public key of A m2= Nr= a random number generated by user B Pb = public key of B m3= C1= E(Nr, Sa) IDa Pa IDb Pb Ps = public key of AS m4= (Rb, IDa) . . . . . . IDa = identifier of user A where Rb = code for requesting the public key of a user m5= C2= E (( IDa, Pa), Ss) Table of secret keys for each user IDb = identifier of user B Sa = secret key of user A Sb = secret key of user B Ss = secret key of AS B decrypts Nr by first decrypting C2 with Ps and then decrypting C1 with Pa. The value of Nr obtained in this way is compared with the original value of Nr.If they are equal, then A is accepted, otherwise rejected.
  • 44. Two-way authentication of communicating entities  Two-way authentication protocols allow both communicating entities to verify each other’s identity before establishing a secure logical communication channel between them.  Although the authentication protocol is based upon an asymmetric cryptosystem, the actual communications between users, after the secure logical communication channel is established between them, take place by a symmetric cryptosystem.
  • 45. Two-way authentication protocol based on asymmetric cryptosystem and the use of a centralized authentication server. AS Table of secret keys for each user Sk m1 m2 A Sa Pk m3 m6 m7 IDa B Sb Pk Pb . . . m5 Pa IDb m4 . . . Pk = Public key of PKM Sk = secret key of PKM Pb = Public key of user B Sb = secret key of user B Pa = public key of user A Sa= secret key of user A IDa = user identifier of A IDb = user identifier of B m1 = C1= E ((Ra, T1, IDa,IDb) , Pk) m4= C4= E ((Rb, T2, IDa, IDb), Pk) where Ra = code for the request made by user A where Rb = code for the request made by user B T1= a timestamp T2= a timestamp m2= C2= E ((Ra, T1, Pb), Pa) m5= C5= E ((Rb, T2, Pa), Pb) m3= C3= E ((IDa, Na), Pb) m6= C6 = E ((Na, Nb), Pa) where Na= a random number generated by user A where Nb = a random number generated by user B m7= C7= E (Nb, Pb)
  • 46. Access Control  Access control mechanisms are used for authorization, as    all resources are centrally located in a centralized systems, and access control can be performed by a central authority. Objects    It is an entity to which access must be controlled. It may be abstract entity, such as a process, a file, a semaphore, a tree data structure, etc. Subjects    It is an active entity whose access to objects must be controlled. These are entities wishing to access and perform operations on objects and to which access authorizations are granted, like processes and users. Protection rules  They define the possible ways in which subjects and objects are allowed to interact.
  • 47. Principle of least privilege  The principle of least privilege requires that at any time a subject should be able to access only those objects that it currently requires to complete its task.
  • 48. Protection domains  Domain    It is an abstract definition of a set of access rights. It is defined a set of (object, right) pairs. Each pair specifies an object and one or more operations that can be performed on the object. Protection domains are:   Each user as a domain Each process as a domain Each procedure as a domain
  • 49. (file-1, {read, write, execute}) (file-2, {read}) (semaphore-1, {up, down}) (file-3, {read, write, execute}) (TapeDrive-1, {read, write, execute}) (file-1, {read, write}) (file-2, {read, write, execute}) (tapedrive-1, {read}) A system having three protection domains.
  • 50. Protection domains  Points observed    Domain need not be disjoint. The same object can exist in multiple domains with different rights in each domain. If an object exists only in a single domain, it can be accessed only by the subjects in that domain.
  • 51. Protection domains  Some ways of realizing a domain :   Each user as a domain Each process as a domain Each procedure as a domain
  • 52. Access matrix   In the domain-based protection approach, the system must keep track of which rights on which objects belong to a particular domain. In the access matrix model, this information is represented as a matrix, called an access matrix. At any instance of time, the protection state of the system is defined by the contents of the access matrix.
  • 53. (file-3, {read, write, execute}) (TapeDrive-1, {read, write, execute}) Object F1 F2 F3 (file-1) (file-2) (file-3) Read Write Execute Read Up Down Read Write Read Write Execute Up Down Domain D1 (file-1, {read, write, execute}) (file-2, {read}) D2 (semaphore-1, {up, down}) (file-1, {read, write}) (file-2, {read, write, execute}) (tapedrive-1, {read}) Protection domains D3 Read Write Execute Access Matrix S1 T1 (semaphore-1) (TapeDrive1) Read Read Write rewind
  • 54. Deciding the contents of the access matrix entries   The contents of the access matrix entries corresponding to user-defined objects are decided by the users. The contents of the entries corresponding to systemdefined objects are decided by the system.
  • 55. Validating access to objects by subjects  Object Monitor is associated with each type of object, and every attempted access by a subject to an object is validated.
  • 56. Allowing controlled domain switching   The principle of least privilege requires that a process should be allowed to switch from one domain to another during its domain so that at any instance of time the process is given only as many rights as are necessary for performing its task at that time. Domain switching from domain Di to domain Dj is permitted if and only if the right switch is present in the (Di,Dj)th entry of the acess matrix.
  • 58. Allowing controlled change to the protection state   If the content of a domain cannot be changed, the same effect can be provided by created a new domain with the changed contents and switching to that new domain when we want to change the domain contents. In an access matrix model, it can be provided by treating the access matrix itself as an objet to be protected with rights- copy, owner and control.
  • 59. Allowing changes to the column entries   The copy and owner rights allow a process to change the entries in a column. Three variants of copy right:     Transfer Copy with propagation not allowed Copy with propagation allowed The owner right is used to allow the adding/deleting of rights to column entries in a controlled manner.
  • 60. Object F1 Object F1 F2 F3 D1 D2 D3 Read* Write D1 Read Read* Write Execute* D2 Read Write Execute An access matrix with copy rights Read* Write* Execute Owner Read Read* Write F3 Read* Write Execute* Owner Domain Domain Read* Write* Execute F2 D3 Read Write Execute Owner An access matrix with owner rights
  • 61. Allowing changes to the row entries  The control right, which is only applicable to domain objects, is used to allow a process to change the entries in row.
  • 63. Methods to implement access matrix    Access control lists Capabilities Hybrid approach
  • 64. Access control lists    In this method, the access matrix is decomposed by columns, and each column of the matrix is implemented as an access list for the object corresponding to that column. For each object, a list of ordered pair (domain, rights) is maintained, which defines all domains with a nonempty set of access rights for that object. Access validation  Whenever a subject in domain D executes an operation r on an object O, the access list for object O is first searched for the list element whose domain field is D. Then the rights field of this element is searched for r. If found, the operation is allowed to continue; otherwise, a protection violation occurs.
  • 65. Access control lists    Granting rights  The access list for object O is first searched for the list element whose domain field is D. If found, right r is added to the rights field of this list element. Otherwise, a new list element is added to the access list for the object O. The domain field and rights field of this list element are set to D and r, respectively. Passing rights  Access list for object O is first checked to ensure that D1 possesses either owner right for object O or copy right for access right r. If D1 possesses any of the these two rights, access right r for object O is granted to domain D2. Otherwise, a protection violation occurs. Rights revocation  Access rights r for object O is invoked from domain D simply by deleting r from the rights set of domain D in the access list for O.
  • 66. Access control lists  Advantage of access control lists   For a given object the set of domains from which it can be accessed can be determined efficiently. Drawback of access control lists  For a given domain the set of access rights cannot be determined efficiently.
  • 67. Capabilities     In this method, the access matrix is decomposed by rows, and each row is associated with its domain. A list of ordered pairs (object, rights) is maintained, called capabilities, which defines all objects for which the domain possesses some access rights. The list associated with a domain is called a capability list. Purpose of a capability:   To uniquely identify an object To allow its holder to access the object it identifies in one or more permission modes.
  • 68. Two basic parts of a capability Object Identifier Rights Information
  • 69. Capabilities  Access validation   Granting and passing of rights   Once a process establishes the possession of a capability for an object, it can access the object in one of the modes allowed by the capability without any further check by the security system. For this object managers are used. Protecting capabilities against unauthorized access  Requirements:   A capability must uniquely identify an object in the entire system. Capabilities must be protected from user tampering. Guessing of a valid capability should be impossible or at least very difficult.
  • 70. Capabilities  Methods to meet these requirements:  Tagged architecture   Partitioned implementation    In this method, each object has a tag to denote its type as either a capability or an ordinary accessible data. Store the capability separately from data in special segments that can only be accessed by the operating system. One way to implement this is to partition the address of a user process into two parts- one accessible to the process and the other accessible only to the operating system. Encryption of sparse capabilities  In this method, a large name space that is sufficiently sparse is used for the capabilities.
  • 71. Capabilities  Methods for implementing revocation for capabilities are :    Back pointers Indirection Use of keys
  • 72. Hybrid approach     In the hybrid approach, both ACLs and capabilities are employed along with the concept of a session. A session is a logical concept of a period during which a process accesses an object. When a process first tries to start a session for accessing an object, it specifies the access modes that it may perform on the object during the session. The ACL of the object is searched for the types of operations desired. If access is denied, a protection violation occurs. Otherwise, the system creates a new capability for the object and attaches it to the process. After this, all accesses to the object by this process during the session are made using the capability so that an access control check can be performed efficiently. After the session is over, the capability is destroyed.
  • 73. Digital signatures   A digital signature is a code, or a large number, that is unique for each message and to each message originator. It is obtained by first processing the message with a hash function (called a digest function) to obtain a small digest dependent on each bit of information in the message and then encrypting the digest by using the originator’s secret key.
  • 74. Design principles             Least privilege Fail-safe defaults Open design Built in to the system Check for current authority Easy granting and revocation of access rights Never trust other parties Always ensure freshness of messages Build firewalls Efficient Convenient to use Cost effective