1 / 24

Security and Protection

Security and Protection. Chapter 9. The Security Environment Threats. Security goals and threats. Basics of Cryptography. Relationship between the plaintext and the ciphertext. Secret-Key Cryptography. Monoalphabetic substitution each letter replaced by different letter

phillipsandoval
Download Presentation

Security and Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Protection Chapter 9

  2. The Security EnvironmentThreats Security goals and threats

  3. Basics of Cryptography Relationship between the plaintext and the ciphertext

  4. Secret-Key Cryptography • Monoalphabetic substitution • each letter replaced by different letter • Given the encryption key, • easy to find decryption key • Secret-key crypto called symmetric-key crypto

  5. Public-Key Cryptography • All users pick a public key/private key pair • publish the public key • private key not published • Public key is the encryption key • private key is the decryption key

  6. Digital Signatures • Computing a signature block • What the receiver gets (b)

  7. Authentication Using Passwords The use of salt to defeat precomputation of encrypted passwords , , , , Password Salt

  8. Authentication Using a Physical Object • Magnetic cards • magnetic stripe cards • chip cards: stored value cards, smart cards

  9. Authentication Using Biometrics A device for measuring finger length.

  10. Countermeasures • Limiting times when someone can log in • Automatic callback at number prespecified • Limited number of login tries • A database of all logins • Simple login name/password as a trap • security personnel notified when attacker bites

  11. Mobile Code Sandboxing Applets can be interpreted by a Web browser

  12. Protection MechanismsProtection Domains (1) Examples of three protection domains

  13. Protection Domains (2) A protection matrix

  14. Protection Domains (3) A protection matrix with domains as objects

  15. Access Control Lists (1) Use of access control lists of manage file access

  16. Access Control Lists (2) Two access control lists

  17. Capabilities (1) Each process has a capability list

  18. Capabilities (2) • Cryptographically-protected capability • Generic Rights • Copy capability • Copy object • Remove capability • Destroy object

  19. Windows NT(W2K) Security • Access Control Scheme • name/password • access token associated with each process object indicating privileges associated with a user • security descriptor • access control list • used to compare with access control list for object

  20. Access Token (per user/subject) Security ID (SID) Group SIDs Privileges Default Owner Default ACL

  21. Security Descriptor (per Object) Flags Owner System Access Control List (SACL) Discretionary Access Control List (DACL)

  22. Access Control List ACL Header ACE Header Access Mask SID ACE Header Access Mask SID . . .

  23. Access Mask Delete Read Control Write DAC Write Owner Generic Access Types Synchronize Standard Access Types Specific Access Types Access System Security Maximum allowed Generic All Generic Execute Generic Write Generic Read

  24. Access Control Using ACLs • When a process attempts to access an object, the object manager in W2K executive reads the SID and group SIDs from the access token and scans down the object’s DACL. • If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process.

More Related