Intrusion Detection Types

Similar documents
Access Control. Discretionary Access Control

Discretionary Vs. Mandatory

Security Models Trusted Zones SPRING 2018: GANG WANG

Access Control Mechanisms

CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Information Security Theory vs. Reality

Operating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)

Access Control Models

Last time. User Authentication. Security Policies and Models. Beyond passwords Biometrics

CS 356 Lecture 7 Access Control. Spring 2013

SDR Guide to Complete the SDR

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

Advanced Systems Security: Multics

Data Security and Privacy. Unix Discretionary Access Control

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Access Control (slides based Ch. 4 Gollmann)

May 1: Integrity Models

Computer Security. Access control. 5 October 2017

CCM Lecture 12. Security Model 1: Bell-LaPadula Model

INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

Xerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers

Information Security. Structure. Common sense security. Content. Corporate security. Security, why

CSE 565 Computer Security Fall 2018

INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

DAC vs. MAC. Most people familiar with discretionary access control (DAC)

CIS433/533 - Introduction to Computer and Network Security. Access Control

Summary. Final Week. CNT-4403: 21.April

Complex Access Control. Steven M. Bellovin September 10,

CSE543 - Computer and Network Security Module: Virtualization

Secure Architecture Principles

Outline. INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control

CIS 5373 Systems Security

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Protection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger

Secure Development Guide

Data quality attributes in network-centric systems

Computer Security 3e. Dieter Gollmann. Chapter 5: 1

Access Control. Chester Rebeiro. Indian Institute of Technology Madras

CHAPTER 8 FIREWALLS. Firewall Design Principles

Chapter 6: Integrity Policies

Real4Test. Real IT Certification Exam Study materials/braindumps

Computer Security Operating System Security & Access Control. Dr Chris Willcocks

Access control models and policies. Tuomas Aura T Information security technology

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

CSE Computer Security

Advanced Systems Security: Principles

Labels and Information Flow

19.1. Security must consider external environment of the system, and protect it from:

Course No. S-3C-0001 Student Guide Lesson Topic 5.1 LESSON TOPIC 5.1. Control Measures for Classified Information

CIS 5373 Systems Security

P1_L6 Mandatory Access Control Page 1

Access Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy

Issues of Operating Systems Security

HIPAA Security and Privacy Policies & Procedures

Voting System Security as per the VVSG

Case Study: Access Control. Steven M. Bellovin October 4,

CSE361 Web Security. Access Control. Nick Nikiforakis

Secure Architecture Principles

CCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson

Protection Kevin Webb Swarthmore College April 19, 2018

Security Audit What Why

Multilevel relations: Schema and multiple instances based on each access class. A multilevel relation consists of two parts:

Access Control. Steven M. Bellovin September 13,

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Oracle Hierarchical Storage Manager and StorageTek QFS Software

Why secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem

Security Principles for Stratos. Part no. 667/UE/31701/004

L1: Computer Security Overview. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Access Control. Tom Chothia Computer Security, Lecture 5

Chapter 18: Evaluating Systems

Access Control and Protection

Principles of Information Security, Fourth Edition. Chapter 1 Introduction to Information Security

DATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security

OS Security Basics CS642: Computer Security

Intergrity Policies CS3SR3/SE3RA3. Ryszard Janicki. Outline Integrity Policies The Biba Integrity Model

CSE Computer Security

Process System Security. Process System Security

CS 425 / ECE 428 Distributed Systems Fall 2017

Hardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users

QuickBooks Online Security White Paper July 2017

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

CSE509: (Intro to) Systems Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Storage and File Hierarchy

Operating System Security

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC

MULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE

COS 318: Operating Systems

Security Philosophy. Humans have difficulty understanding risk

IT Services IT LOGGING POLICY

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

Sumy State University Department of Computer Science

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Securing Institutional Data in a Mobile World

Access Control Part 3 CCM 4350

T Salausjärjestelmät (Cryptosystems) Introduction to the second part of the course. Outline. What we'll cover. Requirements and design issues

The GenCyber Program. By Chris Ralph

Access Control Part 1 CCM 4350

Transcription:

Intrusion Detection Continued Tom Longstaff SM Software Engineering Institute Pittsburgh PA 1521 The is sponsored by the Advanced Research Projects Agency (ARPA). The Software Engineering Institute is sponsored by the U.S. Department of Defense. 1 Intrusion Detection Types Pattern Detection Anomaly Detection Policy-Based Detection handout 2 Page 1

Main Points on IDS Most do not add any protection at all, but can help with recognition Not a lot of science involved in IDS design Measurement is problematic The future of IDS is uncertain Real key is to focus on incident response 3 Operating System Security Architectures Tom Longstaff Software SM Engineering Institute Pittsburgh PA 1521 The is sponsored by the Advanced Research Projects Agency (ARPA). The Software Engineering Institute is sponsored by the U.S. Department of Defense. 4 Page 2

Differences in OS and OS Security Architectures Security architecture exposes Availability Confidentiality Integrity Should expose security protection mechanisms and their interconnections Level of abstraction should describe the interaction between security objects and the objects to be secured 5 Objects of Interest in OS Memory Raw memory plus process memory and higher levels of abstraction External storage Both access to raw storage and devices within the file system I/O and other specific services The operating system itself 6 Page 3

Goals of OS Security Corruption of the OS Prevent unauthorized disclosure Prevent unauthorized inter-process communication Prevent corruption and deletion of information Detection and Recovery from the above threats is also important 7 Mechanisms Access Control (ACL, Capabilities, permission bits, etc) Memory Protection (virtual memory, page protection) Gates and guards Run levels (protection rings) Mechanisms are placed in an architecture based on policy 8 Page 4

OS Security Models Usually specified in terms of subjects and objects Subjects: active objects representing action on behalf of a user/intruder Objects: either active or passive objects that are acted upon by subjects Models consist of the properties and relationships between the subjects and objects 9 Bell-LaPadula Model Implements the * property for access control between subjects and objects Matrix that categorizes all subjects as to clearance level, and all objects as to classification level Top Secret Secret Confidential Unclassified Model allows write up and read down 10 Page 5

Bell LaPadula Matrix File 1 TS File 2 S File 3 C File 4 U User1 TS User 2 S User 3 C User 4 U RW R R R W RW R R W W RW R W W W RW 11 Biba Integrity Model Requires Subject to dominate object s security level to allow write(the opposite of write-up) Designed to protect the integrity of objects (does not address the confidentiality) In practice, does not allow read down Using both Biba and Bell-LaPadula model creates a system that cannot communicate between levels at all 12 Page 6

C Biba Matrix File 1 TS File 2 S File 3 C File 4 U User 1 TS User 2 S User 3 C User 4 U RW RW RW RW * RW RW RW * * RW RW * * * RW 13 Access Control Two primary types: Access control lists Capability lists Not just about files, but includes Services Resources Processes Network connections Dial-out lines etc 14 Page 7

ACLs Each object in the system has a list of subjects and authorized actions that user can perform on the object Usually these actions are Read Write and Delete (note that delete is a special case of write) Other actions are sometimes listed Modify Copy Rename Link/Unlink Execute (not really a security attribute) 15 ACLs (continued) ACLs answer the question who can access this object Disadvantage is that these lists can get very long for lots of subjects (making them really impractical for Internet use) Difficult to know what objects a subject has access to 16 Page 8

Unix Permission bits Shorthand way of dealing with the main disadvantage of ACLs Breaks down the subjects into owner, group, and world Requires each object to be associated with one group, which can contain a number of subjects RWD are the three actions - delete has to do with the implementation details of unlinking a file 17 Capability-Based Systems Places access control with the subject, rather than the object referenced Inherently greater risk in this scheme Users need to save and manage the unique permission strings needed to access a resource Common implementations Shared passwords (with no uid) Cookies Encryption keys Usually these are cryptographically strong strings based on a secret key held in the object 18 Page 9

Capabilities (continued) Subjects can copy and give away capabilities Easy for a subject to know all objects that can be manipulated Disadvantage - impossible for an object to know how many subjects have access to the object Revoking access is difficult Requires strong architectural support to enforce access controls in this case But very good for distributed systems 19 Page 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback