UNIVERSITY OF SURREY c
|
|
- Laureen Sutton
- 6 years ago
- Views:
Transcription
1 CS/M27/14/AS07 UNIVERSITY OF SURREY c Faculty of Engineering and Physical Sciences Department of Computing MSc Security Technologies and Applications Module ; 99 credits CSM27: Computer Security Level M Examination Time allowed: 2 hours Autumn Semester 2007 Answer TWO questions. Use \calculatorstrue or \calculatorsfalse in your preamble! Each question carries b± b 2 4ac 2a marks Where appropriate the mark carried by an individual part of a question is indicated in square brackets [ ] Solutions
2 CS/M27/14/AS07 Page 2 Solutions 1. This question concerns security policies and security issues using a hypothetical business (NetMail) as an example. NetMail provides accounts to private users (charging a monthly fee), where the can be accessed remotely from any location over the network. (a) Define Organisational Security Policy. [3 marks] The set of laws, rules, and practices that regulate how an organisation manages, protects, and distributes resources to achieve specified security policy objectives. (b) Define Automated Security Policy, and explain its relation to the Organisational Security Policy. [5 marks] The set of restrictions and properties that specify how a computing system prevents information and computing resources from being used to violate an organisational security policy. [3 points] The scope of the organisational policy is the entire organisation including people, computer systems, and other systems. The scope of the automated policy is limited to the computer system, and includes those restrictions that can be handled by a computer system. [2 points] (c) Suggest a Policy Objective for NetMail, where you address both the needs of the service provider and the needs of the customers. [5 marks] Many phrasings are possible. As a minimum the answer should address the confidentiality of (user need) and protecting resources against unauthorised use (ensuring payment of fees for the provider). (d) List four assets which NetMail would have to protect. E.g. goodwill/reputation, /secrets belonging to the customers, network resources, payments due. [one mark per example] (e) List and explain four threats which NetMail would have to address. [8 marks] Tricksters maliciously disabling services (as demonstrated by DOS attacks) (availability) Unauthorised users benefitting from services without payment. (confidentiality) sent with a falsified sender identity on the service (integrity). QUESTION 1 CONTINUES ON NEXT PAGE
3 CS/M27/14/AS07 Page 3 Solutions Spying (unauthorised access) to users (confidentiality). [2 marks per threat] (f) For each of your four threats, answer whether it is one of availability, confidentiality, or integrity. See above [1 mark per reasonable classification] (g) Explain the difference between a threat, a vulnerability, and an attack. Use an example from computer security to clarify your explanation. [5 marks] A vulnerability is a weakness in the computer system which can be exploited by a threat. A threat is an object or entity which can cause damage or loss. For instance unauthorised users wanting to take advantage of Net- Mail without payment is a threat. There are many possible vulnerabilities which this threat could exploit, such as weak passwords (users using overintuitive passwords) or inadequate input-checking or escaping (opening for sql-insertion attacks). An attack is an explicit action by an unauthorised user, such as doing sqlinsertion (exploiting the lack of input-checking) or making a password search (exploiting either weak passwords or insufficient size of the password space). (h) Give two examples of common vulnerabilities which are relevant for NetMail. [2 marks] Two common examples are inadequate input checking in web forms and weak passwords (as mentioned above). (i) It is suggested to use authentication with username and password to limit access to unauthorised users. Give one other purpose of user authentication, and give examples of how this can be used to control vulnerabilities. The other purpose is auditing/logging, which allows tracing (detection) of users in the event of an attack. In the event that a legitimate user abuses his privileges for illegitimate actions, the audit log makes it possible to identify the offender and react to the damage (by seeking legal or criminal justice, closing the account, etc.). (j) A consultant recommends setting a two-month expiry time on passwords; e.g. forcing users to change their password every two months. Would you recom- QUESTION 1 CONTINUES ON NEXT PAGE
4 CS/M27/14/AS07 Page 4 Solutions mend this? Write a short argument for your view, including at least one reason in support of and one reason against the suggestion. [6 marks] Limited lifetime on passwords makes search attacks harder as they would have to succeed within the lifespan of the password to be useful. [2 points] On the other side, having to change the password often, users are unlikely to be able to find good passwords which are hard to guess all the time. They may find it harder to remember, and hence choose to write them down. [2 points] Own conclusion is an open question. Marking should focus on clarity and consistency of the argument. [2 points] (k) Imagine you are sysadmin for a relatively small organisation, with people working in different locations. A person working off-site calls you. He has forgotten his password and needs urgent, remote access to the system. There is no predefined security policy. What precautions would you take before issuing a new password to him? A reasonable approach would be to check with the person s manager that he has a legitimate need off-site. Then get a mobile phone number from a trusted source and call the person back with a new, machine-generated password. In general, at least two precautions should be included. Total marks: 50 SEE NEXT PAGE
5 CS/M27/14/AS07 Page 5 Solutions 2. This question concerns software security and related issues. Please note that Part 2(d) concerns a security bug in the code in the appendix (pages 13-14). (a) Why does the Intel 80x86 processor offer different protection rings? [3 marks] The protection rings provide a coarse access control. It allows the OS to restrict access to privileged resources (like memory) to using a limited set of system calls running in an inner ring. User processes running in an outer ring gets no access to protected resources. (b) Which security policies are implemented using the protection rings? Give reasons for the policies. [5 marks] A process can only get access to object in an outer ring (i.e. no direct access to data at a higher security level). [2 points] A process can only invoke procedures in its own ring. [1 points] If a process could invoke procedures in an outer ring, another process in the outer ring could modify the procedure and wait until an inner ring process invokes it with higher privileges. [2 points] (c) Give two examples of how security mechanisms can be bypassed by an attacker with access to a lower layer. A harddrive can be removed and accessed and modified using a separate computer, including changing the password file. A database server will often have its own user database and access control. An administrator with superuser privileges in the operating system, even without any privileges in the database, can modify the database and/or its access modes by tampering with directly in memory or on disk. [2 marks per example] (d) A Unix password file looks as follows. root:htlh542ynpo/a:0:0:root:/root:/bin/bash georg:djfqe126gxvwk:1000:1000:george Doe:/home/georg:/bin/tcsh andre:cfelol3t152jg:1003:1003:andre:/home/andre:/bin/bash Each line is one user account, each of which has a number of fields separated by colons (:). The fields are (1) username, (2) encrypted (hashed) password, QUESTION 2 CONTINUES ON NEXT PAGE
6 CS/M27/14/AS07 Page 6 Solutions (3) numeric user ID (which is 0 for the superuser), (4) group ID (of the user s default group), (5) real name (so-called GECOS field), and (6) login shell. It is technically possible to have several lines with the same numeric user ID, but these will be treated as the same user by the system. It is desirable to let the users change the GECOS field. (This can contain phone number and other information besides the real name, but for simplicity we consider only the real name.) The appendix (pages 13-14) gives the C code (chfn.c) of a program designed to do this. This program will always run as the superuser (via the setuid bit), so it is absolutely essential that it be safe. (i). Give three examples of general principles for secure coding (programming), including rationale (e.g. in the form of examples of common vulnerabilities they may prevent). [6 marks] (A) Check your inputs. Defining all bad inputs may be difficult. Better practice is to define good inputs (e.g. alphanumeric characters and space in this case), and refuse anything which is not defined as good. Examples: SQL injection. (B) Check data passed to complex subsystems (programs). Users may exploit unused functionality, such as the -f option to login(1) in the rlogin bug. (C) Principle of least privilege. Access should be denied by default, and just enough privileges granted for the task at hand. This limits the damage of other vulnerabilities. [one point per principle; two if supported by an example] (ii). There is a security bug in chfn.c. Explain how a regular user can make an attack to obtain superuser access. [10 marks] There is nothing to prevent the users from including both colons and newlines in the argument. An argument like foobar:/bin/bash\nwheel::0:0::/bin/bash (where \n is a newline character), would effectively give a new superuser account with no password. (iii). Make the necessary corrections to the code, to prevent the attack above. (Correct C code is not necessary. Unambiguous pseudo-code is completely satisfactory.) [5 marks] QUESTION 2 CONTINUES ON NEXT PAGE
7 CS/M27/14/AS07 Page 7 Solutions The keyword is input checking. If the argument string contains any newlines or colons, the program should exit immediately with an error message. The perfect solution adds a loop at 39, looping through the string to return an error if anything but an alphanumeric character or punctuation character is detected. (iv). Why is the password file itself only modified by using the rename() system call in Line 88 to let the temporary file take the place of the password file? What vulnerability would be caused by writing directly to the password file in Line 63? [5 marks] If an interrupt appears during the loop surrounding Line 65, it would potentially leave the password file in an inconsistent state. Users can cause interrupts, so this would be very vulnerable to sabotage. [2 points] Using rename() has two advantages. Firstly, the work involving the password file is shorter and faster, and it becomes less likely that an event such as power-loss can affect it. [1 points] Secondly, it is a system call which is atomic preventing interrupts (signals). (It is still vulnerable to sudden hardware failure though.) [2 points] (e) When you log onto a Windows computer on the console, it is recommended always to hit Ctrl+Alt+Del before typing username and password. What happens when you hit Ctrl+Alt+Del? What is the risk if you do not use it? [6 marks] Ctrl+Alt+Del is a secure attention sequence [1 points]. It sends a signal directly to the OS to invoke the login screen [1 points], and it cannot be intercepted by other software [1 points]. A common attack would be to start a program pretending to be the login screen, and let it run waiting for a naïve user to try to log in. The program would then record the username and password before launching the real login program, giving the attacker access to your username and password. [3 points] (f) Most CPUs do not distinguish between different types of data, but there are some exceptions. In what way do these exceptions improve security? Address both threats and controls in your answer. [6 marks] QUESTION 2 CONTINUES ON NEXT PAGE
8 CS/M27/14/AS07 Page 8 Solutions Motorola can distinguish between code and data. Viruses place executable code in memory intended for data, and redirect pointers to cause this code to be executed (threat). If the CPU considers this memory space to be data, it will not accept to execute it (control). [4 points] Some CPUs can distinguish between different data types, and raise exceptions if a type violation occurs. This can prevent software bugs from being exploited. [2 points] Total marks: 50 SEE NEXT PAGE
9 CS/M27/14/AS07 Page 9 Solutions 3. The Bell-LaPadula model is a state-machine used to formulate security properties. (a) A state is normally written as a tuple (b, M, f). Give a short definition of each of the three parameters defining the state. (It does not matter if you mix up the three symbols b, M, and f. You should focus on the information provided by the state parameters.) [9 marks] The set of accesses currently in use b. E.g. b is a list of tuples (s, o, a), where subject s has opened object o in mode specified by a (read/write/etc). M is the access control matrix M = [M s,o ] where M s,o is a list of access rights s has to o. f defines the security levels of objects and subjects, including three functions f S (s), f C (s), and f O (o) giving respectively the security level of subject s, the current security level of s, and the security level of an object o. (b) Define the Simple Security (SS) Property of Bell-LaPadula. A state (b, M, f) satisfies the SS-property if (s, o, a) b, (a {read, write} f O (o) f S (s)). (c) Define the *-Property of Bell-LaPadula. A state (b, M, f) satisfies the SS-property if both (i). (s, o, a) b, (a {append, write} f C (s) f O (o)). (ii). (s, o, a) b, a {append, write}; (s, o, a ) b, a {read, write}; f O (o ) f O (o) A definition with more English and less Maths would be equally good. (d) Describe the information flows that the Bell-LaPadula policies intend to prevent. Bell-LaPadula intends to forbid all information flows from a subject to subjects of lower classification. (e) What is a covert channel? Give an example of a covert channel in Bell- LaPadula and explain why this is a problem. QUESTION 3 CONTINUES ON NEXT PAGE
10 CS/M27/14/AS07 Page 10 Solutions A covert channel is a means to transmit information outside the objects recognised by the model, and thus provides a way to transmit information independently of the policies in the model [2 points] The most famous example of a covert channel in BLP is the following. A subject with low clearance creates an object o. A subject with high clearance can either upgrade o to a higher level (1) or leave it unchanged (0). When the low subject tries to read o, it will either have a success (0) or be denied access (1). One bit of information has been transmitted. [2 points] (f) Mention three important limitations of Bell-LaPadula. Does not consider integrity Does not consider management of access rights Allows covert channels. [9 marks] (g) What are the purpose and applications of the Chinese Wall model? [2 marks] The Chinese Wall model is made to avoid conflicts of interests [1 points] in a consultancy business, i.e. avoid information flow between competing clients [1 points]. (h) Give a brief summary of the security policies in the Chinese Wall model. [3 marks] The clients are divided into conflict of interest (COI) classes. An object may be sanitised (declassified) in which case it can be read freely, despite any following policy [1 points]. If a subject has ever had access to an object associated with client A, it can never access any object belonging to other clients in the same COI class. [1 points] If a subject has read access to an object o, than he can only get write access to object associated with the same client as o [1 points]. (i) Consider processing of expense claims in a medium-sized business/department. Staff who incur expenses in their line of work can claim it back from the employer. Explain the concept of Separation of Duties. [2 marks] Separation of duties means that certain tasks can only be performed when two subject co-operate. The typical paper-based example is a signature of approval, where a requestor cannot approve his own requests. QUESTION 3 CONTINUES ON NEXT PAGE
11 CS/M27/14/AS07 Page 11 Solutions Give an example of a threat which can be controlled using separation of duties (in the scenario of expense claims), and explain how it might be controlled. The best example is excessive (ill-judged) expenses. [2 points] Requiring approval from a second person makes it more difficult to abuse the system. [2 points] False claims could be picked up as well, but this does not require the same level of judgement, and can thus more easily be picked up during processing of the claim. [1 mark for false claims if excessive claims is not mentioned] Identify a suitable security model for the processing of expense claims, and briefly sketch the key features needed in the scenario. [5 marks] The Clark-Wilson model considers integrity problems and supports separation of duties. [1 points] An expense claim, as written by the employer, is an unconstrained data item (UDI), as it originates outside the model. [1 points] An UDI has to be validated and transformed to a constrained data item (CDI) before it can be processed by the finance department. [1 points] This would have to involve checking that the data in the claim are complete and consistent with adequate receipts. [1 points] Then a budget holder (or an approver different from the claimant) would have to countersign the claim. A claim without independent approval cannot lead to any payment (but can be considered a consistent CDI in the model). [1 points] (The approval probably could be made before the consistency check on the claim, without making a difference.) Total marks: 50 INTERNAL EXAMINER: Hans Georg Schaathun EXTERNAL EXAMINER: Keith Martin October 6, 2010, 14:19
12 CS/M27/14/AS07 Page 12 Solutions Appendix SEE NEXT PAGE
13 CS/M27/14/AS07 Page 13 Solutions chfn.c for Question 2 1 / $Id : chfn. c, v /10/19 14:54:08 c s s 1 h s Exp $ / 2 / Snipped i n c l u d e d header f i l e s / 3 4 char ptmp = "/ e t c /ptmp" ; / temporary l o c k f i l e ( filename ) / 5 char passwd = "/ e t c /passwd" ; / password f i l e ( filename ) / 6 7 struct passwd g e t p a s s e n t ( ) ; / compatible v e r s i o n o f getpwent / 8 / the s t r u c t ( record ) c o n t a i n s the f i e l d s pw_name ( username ), 9 pw_passwd ( encrypted password ), pw_uid ( user ID ; i n t e g e r ), 10 pw_gid ( group ID ; i n t e g e r ), pw_gecos (GECOS/ aka Real Name), 11 pw_dir (home d i r e c t o r y ), pw_shell ( l o g i n s h e l l ). / int main ( int argc, char argv [ ] ) { 14 char username ; username = get_username ( ) ; / g e t name o f a c t i v e user / 17 i f ( argc <= 1 ) { 18 p r i n t ( " Error : no argument. \ n" ) ; 19 return 1 ; 20 } 21 chfn ( username, argv [ 1 ] ) ; / F i r s t argument i s the new r e a l name. / return 0 ; 24 } / The chfn ( ) f u n c t i o n a c t u a l l y changes the passwd f i l e. / 27 int chfn ( char uname, char newfn ) { 28 / Input parameters : username o f account to be changed 29 new data f o r the GECOS f i e l d / 30 struct passwd pwd ; 31 int fd, gotcha =0; 32 FILE t f ; / i s t h i s too long a f u l l name to change to? / 35 i f ( s t r l e n ( newfn ) > GECOSMAXLEN) { 36 f p r i n t f ( stdout, " 550 I n v a l i d gecos too long \ r \n" ) ; 37 return ( 1 ) ; 38 } / The ptmp f i l e i s used as a l o c k f i l e. I f i t e x i s t s, 41 some o t h e r program i s working on the password f i l e. 42 I f i t does not e x i s t, we are a l l o w e d to c r e a t e i t. / 43 while ( ( f d = open ( ptmp, O_WRONLY O_CREAT O_EXCL, 6 4 4)) <0) { 44 s l e e p ( 1 ) ; / Wait u n t i l f i l e can be opened / 45 } / Make a b u f f e r e d stream a s s o c i a t e d with the ptmp f i l e j u s t opened. / SEE NEXT PAGE
14 CS/M27/14/AS07 Page 14 Solutions 48 i f ( ( t f = fdopen ( fd, "w" ) ) == NULL) { 49 ( void ) unlink (ptmp ) ; 50 f p r i n t f ( stdout, " 550 f a t a l system e r r o r ( fdopen )\ r \n" ) ; 51 return ( 1 ) ; 52 } / Copy password to temp f i l e, f i x i n g the r i g h t l i n e. 56 The g e t p a s s e n t ( ) reads the system password f i l e, 57 r e t u r n i n g a passwd s t r u c t. / 58 for ( gotcha =0; (pwd = g e t p a s s e n t ( ) )!= NULL; ) { 59 i f ( strcmp ( pwd >pw_name, uname) == 0) { 60 pwd >pw_gecos=newfn ; 61 gotcha++; 62 } 63 f p r i n t f ( t f, "%s :% s :%d:%d:% s :% s :% s \n", 64 pwd >pw_name, pwd >pw_passwd, 65 pwd >pw_uid, pwd >pw_gid, 66 pwd >pw_gecos, pwd >pw_dir, 67 pwd >pw_ shell ) ; 68 } / did I f i n d t h i s guy in / e t c / passwd ( he might be in YP) / 71 i f (! gotcha ) { 72 ( void ) unlink (ptmp ) ; 73 f p r i n t f ( stdout, " 550 User %s not found in %s \n",uname, passwd ) ; 74 return ( 1 ) ; 75 } / and clean up / 78 ( void ) f f l u s h ( t f ) ; 79 i f ( f e r r o r ( t f ) ) { 80 ( void ) unlink (ptmp ) ; 81 f p r i n t f ( stdout, " 550 f a t a l system e r r o r ( f e r r o r )\ r \n" ) ; 82 return ( 1 ) ; 83 } 84 ( void ) f c l o s e ( t f ) ; / move temp f i l e i n t o r e a l f i l e / i f ( rename (ptmp, passwd ) < 0) { 89 ( void ) unlink (ptmp ) ; 90 f p r i n t f ( stdout, " 550 f a t a l system e r r o r ( rename )\ r \n" ) ; 91 return ( 1 ) ; 92 } f p r i n t f ( stdout, " 220 Gecos changed f o r user %s \ r \n", uname ) ; 95 return ( 0 ) ; 96 }
Session objectives. Identification and Authentication. A familiar scenario. Identification and Authentication
Session objectives Background Identification and Authentication CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 Week 3 Recognise the purposes of (password) identification.
More informationCS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES
CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES Your name: SUNet ID: In accordance with both the letter and the spirit of the Stanford Honor Code, I did not cheat on this exam. Furthermore,
More informationCSE509: (Intro to) Systems Security
CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Integrity Policies Hybrid Policies 2005-12 parts by Matt Bishop, used with permission Integrity Policies: Overview Requirements Very different than
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationDetecting Insider Attacks on Databases using Blockchains
Detecting Insider Attacks on Databases using Blockchains Shubham Sharma, Rahul Gupta, Shubham Sahai Srivastava and Sandeep K. Shukla Department of Computer Science and Engineering Indian Institute of Technology,
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationInformation Security. Structure. Common sense security. Content. Corporate security. Security, why
Information Security Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi Structure 1. Information security What, why, content
More informationCCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson
CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall, Clark Wilson Introduction Bell-LaPadula model designed to capture a specific military security policy. At one time treated as the model of security.
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/1516/ Chapter 4: 1 Chapter 4: Identification & Authentication Chapter 4: 2 Agenda User authentication Identification & authentication Passwords
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Homework 1 Due: Wednesday, February 9, at 9:59pm Instructions. Submit your solution by Wednesday, February 9, at 9:59pm, in the drop box labelled CS161 in 283
More informationAsset Analysis -I. 1. Fundamental business processes 2.Critical ICT resources for these processes 3.The impact for the organization if
Asset Analysis Asset Analysis -I It discovers the assets that result in an impact (a loss for the organization) if successfully attacked It should discover which ICT resources an organization needs to
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 OBJECTIVES OF THIS GUIDE... 1 1.2 ORGANIZATION OF THIS GUIDE... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 5 2 BASIC KNOWLEDGE
More informationInstructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play
More informationThe Security Problem
CSC 4103 - Operating Systems Spring 2007 Lecture - XX Protection and Security Tevfik Koşar Louisiana State University April 12 th, 2007 1 The Security Problem Security must consider external environment
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOS COMPONENTS OVERVIEW OF UNIX FILE I/O. CS124 Operating Systems Fall , Lecture 2
OS COMPONENTS OVERVIEW OF UNIX FILE I/O CS124 Operating Systems Fall 2017-2018, Lecture 2 2 Operating System Components (1) Common components of operating systems: Users: Want to solve problems by using
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationPreview. Review. System Data Files (Password File) System Data Files (Password File) System Data Files (Password File)
Review Preview link(), unlink() System Call remove(), rename() System Call Symbolic Links Symbolic link to directory Symbolic link to a executable file symlink() System Call File Times utime() System Call
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Removable Storage Media Security Standard This standard is applicable to all VCU School of Medicine personnel.
More informationIntegrity Policies. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Integrity Policies Murat Kantarcioglu Requirements of Policies for Commercial Applications [Lipner 1982] 1. Users will not write their own
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationCCM Lecture 12. Security Model 1: Bell-LaPadula Model
CCM 4350 Lecture 12 Security Model 1: Bell-LaPadula Model Why Security Models? When we have implemented a security policy, do we know that it will (and can) be enforced? E.g., if policies get too intricate,
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationLanguage-Based Protection
Language-Based Protection Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. Language implementation can provide
More informationCloud Under Control. HyTrust Two-Man Rule Solution Brief
HyTrust Two-Man Rule Solution Brief Summary Summary The exposure of extremely confidential national security information by an N.S.A. systems administrator highlighted the catastrophic consequences of
More informationYour Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team
Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust Wise Athena Security Team Contents Abstract... 3 Security, privacy and trust... 3 Artificial Intelligence in the cloud and
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationInformation Security CS 526
Information Security CS 526 s Security Basics & Unix Access Control 1 Readings for This Lecture Wikipedia CPU modes System call Filesystem Permissions Other readings UNIX File and Directory Permissions
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationCOMP 2355 Introduction to Systems Programming
COMP 2355 Introduction to Systems Programming Christian Grothoff christian@grothoff.org http://grothoff.org/christian/ 1 Processes A process is an instance of a running program. Programs do not have to
More informationOutline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016
Networks and Communication Department NET 412 NETWORK SECURITY PROTOCOLS Lecture 7: DNS Security 2 Outline Part I: DNS Overview of DNS DNS Components DNS Transactions Attack on DNS Part II: DNS Security
More informationCSM27 Exercises. Hans Georg Schaathun. November 25, Week In session. 1.2 Weekly Exercises. Security problems brain storming
CSM27 Exercises Hans Georg Schaathun November 25, 2008 1 Week 1 1.1 In session Security problems brain storming Classication of brain stormed problems. 1.2 Weekly Exercises 1.2.1 Current Security Problems
More informationELECTRONIC MAIL POLICY
m acta I. PURPOSE The Information Systems (IS) Department is responsible for development and maintenance of this policy. The Finance and Administration Division is responsible for publishing and distributing
More informationTop 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy
Top 10 Database Security Threats and How to Stop Them Rob Rachwald Director of Security Strategy Data Has Value Data Has Value Top 7 Attacks Discussed in Hacker Forums 11% 9% 12% 12% 15% 21% 20% dos/ddos
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationWriter Corporation. Data Protection Policy
Writer Corporation Data Protection Policy 1. Introduction The Data Protection Policy (DPP) lays a solid foundation for the development and implementation of secure practices within Writer Corporation (the
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationPassword Standard Version 2.0 October 2006
Password Standard Version 2.0 October 2006 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 POLICY 4 3.2 PROTECTION 4 3.3 LENGTH 4 3.4 SELECTIONS 4 3.5 EXPIRATION 5 3.6
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationSysSec. Aurélien Francillon
SysSec Aurélien Francillon francill@eurecom.fr https://www.krackattacks.com/ https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-ofhigh-security-keys-750k-estonian-ids/
More informationFortify Security Report. Sep 30, 2010 Aleks
Sep 30, 2010 Aleks Executive Summary Issues Overview On Sep 30, 2010, a source code review was performed over the src code base. 124 files, 9053 LOC (Executable) were scanned and reviewed for defects that
More informationExtract of Summary and Key details of Symantec.cloud Health check Report
SYMANTEC.CLOUD EXAMPLE HEALTH CHECK SUMMARY REPORT COMPUTER SECURITY TECHNOLOGY LTD. 8-9 Lovat lane, London, London. EC3R 8DW. Tel: 0207 621 9740. Email: info@cstl.com WWW.CSTL.COM Customer: - REDACTED
More informationSecure Internet Commerce -- Design and Implementation of the Security Architecture of Security First Network Bank, FSB. Abstract
Secure Internet Commerce -- Design and Implementation of the Security Architecture of Security First Network Bank, FSB. Nicolas Hammond NJH Security Consulting, Inc. 211 East Wesley Road Atlanta, GA 30305-3774
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationP1_L6 Mandatory Access Control Page 1
P1_L6 Mandatory Access Control Page 1 We discussed access control in the last lesson. But that was only one kind of access control called discretionary access control, or DAC. That allows you to decide
More informationWeb Application Whitepaper
Page 1 of 16 Web Application Whitepaper Prepared by Simone Quatrini and Isa Shorehdeli Security Advisory EMEAR 6 th September, 2017 1.0 General Release Page 2 of 16 1. Introduction In this digital age,
More informationChapter 7: Hybrid Policies
Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Slide #7-1 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines
More informationProgram Structure I. Steven M. Bellovin November 8,
Program Structure I Steven M. Bellovin November 8, 2016 1 Program Structure We ve seen that program bugs are a major contributor to security problems We can t build bug-free software Can we build bug-resistant
More informationACCEPTABLE USE POLICY (AUP) 3W INFRA reserves the right to unilaterally amend the conditions set out in the Acceptable Use Policy (the Policies ).
ACCEPTABLE USE POLICY (AUP) 1. SERVICE AGREEMENT 3W INFRA and CUSTOMER have executed a Service Agreement (the Agreement ). The Parties agree that the terms and conditions of the Agreement govern this document.
More informationProtection and Security
Protection and Security CS 502 Spring 99 WPI MetroWest/Southboro Campus Three Circles of Computer Security Inner Circle Memory, CPU, and File protection. Middle Circle Security Perimeter. Authentication
More informationKeys and Passwords. Steven M. Bellovin October 17,
Keys and Passwords Steven M. Bellovin October 17, 2010 1 Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationTest Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,
Test Conditions Closed book, closed notes, no calculator, no laptop just brains 75 minutes Steven M. Bellovin October 19, 2005 1 Form 8 questions I m not asking you to write programs or even pseudo-code
More informationCloud Security Standards Supplier Survey. Version 1
Cloud Security Standards Supplier Survey Version 1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved Version
More informationPrivacy & Cookie Statement
Privacy & Cookie Statement Version: 8 May 2018 Since day 1, WeTransfer has cared a great deal about privacy and respecting our users. We have always had a lean data policy: no sign up, no install, no retargeting.
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More informationMobile Phones/Devices Acquisition and Usage Policy
Page 1 of Mobile Phones/Devices Acquisition and Purpose of the Policy: This document sets out the Mobile Phones/Devices Acquisition and for UCC. The policy outlines UCC s approach to: The approval process
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationISO/IEC Common Criteria. Threat Categories
ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used
More informationSecure Application Development. OWASP September 28, The OWASP Foundation
Secure Application Development September 28, 2011 Rohini Sulatycki Senior Security Consultant Trustwave rsulatycki@trustwave.com Copyright The Foundation Permission is granted to copy, distribute and/or
More information5 IT security hot topics How safe are you?
5 IT security hot topics How safe are you? Why this whitepaper? We meet many people in IT, of various levels of experience and fields of work. This whitepaper is written for everybody who wants to read
More informationUNIT I INTRODUCTION TO UNIX & FILE SYSTEM
INTRODUCTION TO UNIX & FILE SYSTEM Part A 1. What is UNIX? UNIX(Uniplexed Information Computing System) it is an operating system was developed in Early 1970 at Bell Labs. It was initially a character
More informationCS 155 Final Exam. CS 155: Spring 2012 June 11, 2012
CS 155: Spring 2012 June 11, 2012 CS 155 Final Exam This exam is open books and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection
More informationHow we use your personal and business information
How we use your personal and business information Correct as at 13 January 2018 IMPORTANT INFORMATION If we prov ide you w ith an account or other banking serv ices then you agree that we can use your
More informationData Protection Policy
Introduction In order to; provide education, training, assessment and qualifications to its customers and clients, promote its services, maintain its own accounts and records and support and manage its
More informationGDPR Draft: Data Access Control and Password Policy
wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR
More informationThis Policy applies to all staff and other authorised users in St Therese School.
St. Therese School Computer and Internet Policy STAFF Policy Statement All staff and other authorised users of St Therese information and communications technology are to use the technology only in a way
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationChapter 15: Security. Chapter 15: Security
Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Firewalling to Protect Systems and Networks
More informationCentralized Policy, Virus, and Outbreak Quarantines
Centralized Policy, Virus, and Outbreak Quarantines This chapter contains the following sections: Overview of Centralized Quarantines, page 1 Centralizing Policy, Virus, and Outbreak Quarantines, page
More informationLecture 03 Bits, Bytes and Data Types
Lecture 03 Bits, Bytes and Data Types Computer Languages A computer language is a language that is used to communicate with a machine. Like all languages, computer languages have syntax (form) and semantics
More information