Integrity Policies. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.
|
|
- Claude Stevenson
- 6 years ago
- Views:
Transcription
1 CSE497b Introduction to Computer and Network Security - Spring Professor Jaeger Policies CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
2 CSE497b Introduction to Computer and Network Security - Spring Professor Jaeger 2 Does the following access matrix protect the integrity of J s public key file O2? O 1 O 2 O 3 J R R W R W S 2 N R R W S 3 N R R W
3 What determines the integrity of a file or process? The inputs that an object depends on What does this dependency mean? File: integrity of data written into the file Depends on the integrity of the writers... Process: what the execution of the process depends on What concrete actions determine what a process depends on? Read/Execute Code Read/Execute Libraries Read/Write Data CSE497b Introduction to Computer and Network Security - Spring Professor Jaeger 3
4 Approximation A conservative view The integrity of objects (data and code) is determined by the integrity of its writers The integrity of a subjects (processes) is determined by the integrity of the objects it reads of Obj Object of Subj Subject CSE497b Introduction to Computer and Network Security - Spring Professor Jaeger 4
5 Biba Information Flow Works for Secrecy Try Too Very Secret High Mostly Secret? Pretty Secret Good? Solid Secret Low 5
6 Biba Levels High and Low System and users Other levels? 6
7 Example 7 SSH Daemon (sshd) fork openssh Listen *:22 Network Connection openssh (forked for request) Monitor Key Exchange Authentication User Network Data Time
8 8 Biba and SSH Does it work? sshd Requests Guard Remote Subject
9 Low Water Mark (LOMAC) Subject Level Highest integrity level initially Object Level Based on level of subjects that have written (lowest) Subject Level Changes as objects are read Minimum of object levels Highest Good Solid Remote Subject 9
10 10 Self-Revocation Problem Self-Revocation Problem Process starts with high integrity Open high integrity object o1 Read from low integrity object o2 LOMAC semantics reduce process s integrity to low No longer can write to o1 Inconsistent with UNIX Step 1: initial state ps Step 2: ps reads low file pipe grep ps pipe grep Step 3: demotion ps pipe grep Step 4: pipe write denied ps pipe grep
11 SSH and LOMAC 11 Does SSH work with LOMAC? sshd Good Solid Remote Subject
12 Privilege Separation Limit the amount of code that runs with privilege Decompose program Privileged component Unprivileged component Interface between the two Each component is designed to minimize the amount of code with privilege! Build secure application Postfix mail system SSH daemon Not too many others 12
13 Privilege Separated OpenSSH 13 Current version of OpenSSH
14 and Privilege Separated OpenSSH Should this improve integrity? Fewer commands Filter inputs Limit legal command orders Remove direct access to network input Does this enable Biba integrity? Are low integrity inputs made to privileged component? Are they upgraded? Does this enable LOMAC integrity? How do the inputs to the privileged component impact its integrity level? 14
15 Clark-Wilson Propose that high integrity programs can protect themselves from low integrity inputs! How are low integrity inputs processed? Upgrade: turn them into high integrity data Discard: drop them immediately How do we know that the high integrity program did this correctly? Need complete program assurance Still working on this... Discuss later in Linux and Virtual Machine Systems 15
16 Take Away has to do with dependence Harder to pin down than secrecy If dependence is based on reading is the dual of secrecy models Biba, LOMAC, Clark-Wilson Don t exactly correspond to real-world What do we do? Protect the integrity of high secrecy data and code 16
Advanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationWrapup. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.
Wrapup CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Final 2 The final is on Tuesday, May 8, 8:00 in 160 Willard (here) Be late
More informationToward Automated Information-Flow Integrity Verification for Security-Critical Applications
CSE 598A - Spring 2007 - Sandra Rueda Page 1 Toward Automated Information-Flow Integrity Verification for Security-Critical Applications Umesh Shankar, Trent Jaeger and Reiner Sailer Presented by Sandra
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationVerifiable Security Goals
C H A P T E R 5 Verifiable Security Goals 57 In this chapter, we examine access control models that satisfy the mandatory protection system of Definition 2.4 in Chapter 2. A mandatory protection system
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationAdvanced Systems Security: Securing Commercial Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationPolicy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems
Policy vs. Mechanism CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms q Access control policy is a specification
More informationCSE 380 Computer Operating Systems
CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms 1 Policy vs. Mechanism q Access control policy is a specification
More informationPRIMA: Policy-Reduced Integrity Measurement Architecture
PRIMA: Policy-Reduced Integrity Measurement Architecture Trent Jaeger tjaeger@cse.psu.edu Pennsylvania State University University Park, PA 16802 Reiner Sailer sailer@us.ibm.com IBM T. J. Watson Research
More informationPolicy Enforced Remote Login
NPS-CS-03-004 February 2003 white paper The Center for INFOSEC Studies and Research Policy Enforced Remote Login Thuy D. Nguyen and Timothy E. Levin Center for Information Systems Security Studies and
More informationPrivilege Separation
What (ideas of Provos, Friedl, Honeyman) A generic approach to limit the scope of programming bugs Basic principle: reduce the amount of code that runs with special privilege without affecting or limiting
More informationSecurity Models Trusted Zones SPRING 2018: GANG WANG
Security Models Trusted Zones SPRING 2018: GANG WANG Access Control Slides credit to Ethan L. Miller and Scott A. Brandt Protection Domains Three protection domains Each lists objects with permitted operations
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationCS 161 Computer Security. Design Patterns for Building Secure Systems
Song Spring 2015 CS 161 Computer Security 2/23 Thanks to David Wagner for the notes. Design Patterns for Building Secure Systems In these notes we aim to capture some important patterns for building secure
More informationLecture 4 - Authorization
Lecture 4 - Authorization CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Why authenticate? Why do we want to verify the identity
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationOutline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines
Outline Operating System Security CS 239 Computer Security February 23, 2004 Introduction Memory protection Interprocess communications protection File protection Page 1 Page 2 Introduction Why Is OS Security
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAdvanced Systems Security: Security Goals
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 11 - Access Control October 10, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Access Control System Protection Domain What can be accessed by a process Default
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationRSA SECURID ACCESS PAM Agent Implementation Guide
RSA SECURID ACCESS PAM Agent Implementation Guide IBM AIX 7.2 RSA Authentication Agent for PAM John Sammon, RSA Partner Engineering Last Modified: 8/18/16 -- 1 - Solution Summary The AIX operating system
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationSSH with Globus Auth
SSH with Globus Auth Summary As the community moves away from GSI X.509 certificates, we need a replacement for GSI-OpenSSH that uses Globus Auth (see https://docs.globus.org/api/auth/ ) for authentication.
More informationCIS433/533 - Introduction to Computer and Network Security. Access Control
CIS433/533 - Introduction to Computer and Network Security Access Control Professor Butler Winter 2011 Computer and Information Science Trusted Computing Base The trusted computing base is the infrastructure
More informationLECTURE 7. Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH. Marco Spaziani Brunella, Manuel Campo
LECTURE 7 Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH Remote Managing In real life, physical access to network nodes is not always an option. Often, we need
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More information1Z Oracle Linux Fundamentals (Oracle Partner Network) Exam Summary Syllabus Questions
1Z0-409 Oracle Linux Fundamentals (Oracle Partner Network) Exam Summary Syllabus Questions Table of Contents Introduction to 1Z0-409 Exam on Oracle Linux Fundamentals (Oracle Partner Network)... 2 Oracle
More informationDAC vs. MAC. Bell-Lapadula model. Security levels. Security properties. The lattice model top-secret, {Nuclear, Crypto} Straw man MAC implementation
DAC vs. MAC Most people familiar with discretionary access control (DAC) - Unix permission bits are an example - Might set a fileprivate so only groupfriends can read it Discretionary means anyone with
More informationIntroduction to Assurance
Introduction to Assurance Overview Why assurance? Trust and assurance Life cycle and assurance April 1, 2015 Slide #1 Overview Trust Problems from lack of assurance Types of assurance Life cycle and assurance
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationCryptography Application : SSH. Cyber Security & Network Security March, 2017 Dhaka, Bangladesh
Cryptography Application : SSH Cyber Security & Network Security 20-22 March, 2017 Dhaka, Bangladesh Issue Date: [31-12-2015] Revision: [v.1] What is Safely Authentication I am Assured of Which Host I
More informationTutorial: Automating OSSEC HIDS Deployment on Modern Infrastructure Pipelines for Security at a Touch
Tutorial: Automating OSSEC HIDS Deployment on Modern Infrastructure Pipelines for Security at a Touch The more cloud services grow in complexity, size and reach, the more security and automation need to
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationSecurity and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationHOW TO SECURELY CONFIGURE A LINUX HOST TO RUN CONTAINERS
HOW TO SECURELY CONFIGURE A LINUX HOST TO RUN CONTAINERS How To Securely Configure a Linux Host to Run Containers To run containers securely, one must go through a multitude of steps to ensure that a)
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationF-Secure SSH and OpenSHH. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved
F-Secure SSH and OpenSHH VPN Authentication Configuration Guide Copyright 2005 CRYPTOCard Corporation All Rights Reserved http://www.cryptocard.com Overview OpenSSH works with CRYPTOCard PAM authentication
More informationDAC vs. MAC. Bell-Lapadula model. Security properties. Security levels. Straw man MAC implementation. The lattice model top-secret, {Nuclear, Crypto}
DAC vs. MAC Most people familiar with discretionary access control (DAC) - Unix permission bits are an example - Might set a file private so only group friends can read it Discretionary means anyone with
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC) Discretionary means anyone with access can propagate information:
1/39 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Unix permission bits are an example - Might set a fileprivate so only groupfriends can read it Discretionary means anyone
More information1 / Must not leak contents of your files to network - Must not tamper with contents of your files 3 / 42
Outline DAC vs. MAC 1 Mandatory access control 2 Labels and lattices 3 LOMAC 4 SELinux Most people are familiar with discretionary access control (DAC) - Unix permission bits are an example - E.g., might
More informationHow to Back Up Linux/UNIX Data Using SSHFS
The articles in this section refer to Barracuda Backup Legacy Release firmware or newer. Barracuda Backup uses the SSH Filesystem (SSHFS) and public key authentication to connect and back up Linux data.
More informationModule: Operating System Security. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security So, you have built an operating system that enables user-space processes to
More informationFormal Methods for Assuring Security of Computer Networks
for Assuring of Computer Networks May 8, 2012 Outline Testing 1 Testing 2 Tools for formal methods Model based software development 3 Principals of security Key security properties Assessing security protocols
More informationIBM Research Report. PRIMA: Policy-Reduced Integrity Measurement Architecture. Trent Jaeger Pennsylvania State University
RC23898 (W0603-030) March 3, 2006 Computer Science IBM Research Report PRIMA: Policy-Reduced Integrity Measurement Architecture Trent Jaeger Pennsylvania State University Reiner Sailer IBM Research Division
More informationReview of Fundamentals. Todd Kelley CST8207 Todd Kelley 1
Review of Fundamentals Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 GPL the shell SSH (secure shell) the Course Linux Server RTFM vi general shell review 2 These notes are available on
More informationWedge: Splitting Applications into Reduced-Privilege Compartments
Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko Mark Handley Brad Karp University College London April 17, 2008 Vulnerabilities threaten sensitive data Exploits
More informationECE 650 Systems Programming & Engineering. Spring 2018
ECE 650 Systems Programming & Engineering Spring 2018 Programming with Network Sockets Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Sockets We ve looked at shared memory vs.
More informationJackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan
Jackson State University Department of Computer Science CSC 437-01/539-01 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan Lab Project # 2: Running Secure Shell (SSH) Server in a Virtual
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationSSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
SSH 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows
More informationSelecting Software Packages for Secure Database Installations
Selecting Software Packages for Secure Database Installations Afonso Araújo Neto, Marco Vieira This document includes complementary information for the paper Selecting Software Packages for Secure Database
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationMultifactor authentication:
Multifactor authentication: Authenticating people can be based on 2 factors: Something the user KNOWS : e.g. a password or PIN Something the user HAS: e.g. An ATM card, smartcard or hardware token, or
More informationCSC 4320 Test 1 Spring 2017
CSC 4320 Test 1 Spring 2017 Name 1. What are the three main purposes of an operating system? 2. Which of the following instructions should be privileged? a. Set value of timer. b. Read the clock. c. Clear
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2016 Lecture 5 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 User Operating System Interface - CLI CLI
More informationDesign. Secure Application Development Modules 12, 13 Konstantin Beznosov. Copyright Konstantin Beznosov
Design Secure Application Development Modules 12, 13 Konstantin Beznosov Copyright 2004-2005 Konstantin Beznosov What Do you Already Know? What principles of designing secure systems do you already know?
More informationJustifying Integrity Using a Virtual Machine Verifier
Justifying Integrity Using a Virtual Machine Verifier Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel ACSAC 09 1 1 Cloudy Horizons Utility-based cloud computing is
More informationProtection and Security
Protection and Security Security: policy for controlling access to system Protection: mechanism implementing security policy Why: users can do bad things to system either maliciously or unintentionally
More informationBlacklist'd. A daemon to manage network attacks. Christos Zoulas
Blacklist'd A daemon to manage network attacks Christos Zoulas 2015-01-31 Lately my servers have been feeling like There were no successful break-ins But my logs were getting pretty large... Oct 14 20:05:40
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationNETWORK CONFIGURATION AND SERVICES. route add default gw /etc/init.d/apache restart
NETWORK CONFIGURATION AND SERVICES route add default gw 192.168.0.1 /etc/init.d/apache restart NETWORK CONFIGURATION There are two main approaches to configuring a machine for network access: Static configuration
More informationProcesses & Threads. Recap of the Last Class. Layered Structure. Virtual Machines. CS 256/456 Dept. of Computer Science, University of Rochester
Recap of the Last Class Processes & Threads CS 256/456 Dept. of Computer Science, University of Rochester Hardware protection kernel and mode System components process management, memory management, I/O
More informationUH, FB Inf, SVS, 18-Okt covers all traffic on that link, independent of protocols above. application has no visibility of Internet layer.
Security and Network Layers Where shall we put security? Security can be applied at any of the network layers except layer 1 (Physical layer). What are the pros and cons of applying security at each of
More informationCryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan
Cryptography Application : SSH 7 Sept 2017, Taichung, Taiwan What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows Who I Am The Traffic is Encrypted
More informationKerberos-enabled applications. Core services for UNIX shell programs and applications. Kerberos environment. Centrify DirectControl Service Library
Understanding Centrify DirectControl Agents The Centrify DirectControl Agent makes a UNIX, Linux, or Mac OS X computer look and behave like a Windows client computer to Active Directory. The Centrify DirectControl
More informationOperating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
Operating System Security Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own) Hw1 grades out this Friday Announcement Travel: out of town
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2004 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationminit Felix von Leitner September 2004 minit
minit Felix von Leitner felix-minit@fefe.de September 2004 minit What is this all about? This talk is about a new init program called minit. Several itches needed scratching: 1. Typical Linux distributions
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2002 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationUniversidad Carlos III de Madrid Computer Science and Engineering Department Operating Systems Course
Exercise 1 (20 points). Autotest. Answer the quiz questions in the following table. Write the correct answer with its corresponding letter. For each 3 wrong answer, one correct answer will be subtracted
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationReview of Fundamentals. Todd Kelley CST8207 Todd Kelley 1
Review of Fundamentals Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 The CST8207 course notes GPL the shell SSH (secure shell) the Course Linux Server RTFM vi general shell review 2 Linux
More informationManaging GSS User Accounts Through a TACACS+ Server
CHAPTER 4 Managing GSS User Accounts Through a TACACS+ Server This chapter describes how to configure the GSS, primary GSSM, or standby GSSM as a client of a Terminal Access Controller Access Control System
More informationDOWNLOAD OR READ : UNIX SHELL OBJECTS WITH CONTAINS ALL CODE FROM THE BOOK TOOLS PDF EBOOK EPUB MOBI
DOWNLOAD OR READ : UNIX SHELL OBJECTS WITH CONTAINS ALL CODE FROM THE BOOK TOOLS PDF EBOOK EPUB MOBI Page 1 Page 2 unix shell objects with contains all code from the book tools unix shell objects with
More informationSECURITY+ LAB SERIES. Lab 7: Analyze and Differentiate Types of Attacks and Mitigation Techniques
SECURITY+ LAB SERIES Lab 7: Analyze and Differentiate Types of Attacks and Mitigation Techniques Document Version: 2015-09-24 otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported
More information