Trust is the Foundations for Computer Security

Similar documents
CERN Certification Authority

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Identity, Authentication and Authorization. John Slankas

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Identity-Based Decryption

Software Development & Education Center Security+ Certification

Technology Safety Quick Tips

The Lord of the Keys How two-part seed records solve all safety concerns regarding two-factor authentication

ING Corporate PKI G3 Internal Certificate Policy

The Shortcut Guide To. Protecting Against Web Application Threats Using SSL. Dan Sullivan

Collaborative Ad-hoc Applications

CS November 2018

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Strong Security Elements for IoT Manufacturing

1. CyberCIEGE Advanced VPNs

5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.

Digital Identity Guidelines aka NIST SP March 1, 2017 Ken Klingenstein, Internet2

Mobility best practice. Tiered Access at Google

Federated Access. Identity & Privacy Protection

Chapter 9: Key Management

Federated Authentication for E-Infrastructures

Networking Infrastructure

A privacy-preserving authentication service using mobile devices

CSE 127: Computer Security. Security Concepts. Kirill Levchenko

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

The Business Case for Electronic or Digital Signatures

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Security Standards for Electric Market Participants

Security Digital Certificate Manager

VSP16. Venafi Security Professional 16 Course 04 April 2016

IBM. Security Digital Certificate Manager. IBM i 7.1

The Match On Card Technology

OCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA)

Federated authentication for e-infrastructures

Integrating HIPAA into Your Managed Care Compliance Program

Singapore s National Digital Identity (NDI):

Overview Brosix stringent corporate security requirements.

Trusona Insurance Formula

Securing ArcGIS for Server. David Cordes, Raj Padmanabhan

Minimum Requirements For The Operation of Management System Certification Bodies

Protecting your Privacy Winchester Cathedral Privacy Notice

CEN MetaLex. Facilitating Interchange in E- Government. Alexander Boer

Cryptography and Network Security

Implementing Secure Socket Layer

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Information Security. Structure. Common sense security. Content. Corporate security. Security, why

Subject: Kier Group plc Data Protection Policy

Public Key Infrastructure. What can it do for you?

Cryptography (Overview)

SSL Certificates Certificate Policy (CP)

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

VSP18 Venafi Security Professional

Technical Overview. Version March 2018 Author: Vittorio Bertola

An Introduction to Trusted Platform Technology

Advent IM Ltd ISO/IEC 27001:2013 vs

Advanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96

Recommendations for Device Provisioning Security

InCommon Federation: Participant Operational Practices

May 1: Integrity Models

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

CCNA Security 1.1 Instructional Resource

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Authentication in Cloud Application: Claims-Based Identity Model

10/4/2016. Advanced Windows Services. IPv6. IPv6 header. IPv6. IPv6 Address. Optimizing 0 s

ITU-T SG 17 Q10/17. Trust Elevation Frameworks

Cryptologic and Cyber Systems Division

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

SAML-Based SSO Solution

Oracle Advanced Security: Enterprise User Management. An Oracle Technical White Paper November 1999

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

DRVerify: The Verification of Physical Verification

Managing Certificates

Using secure multi-party computation when pocessing distributed health data

Lecture Embedded System Security Introduction to Trusted Computing

Trusona Confidence Score Calculating Risk for Online Authentication and Identity-Proofing

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Identity Management: Setting Context

Public Key Infrastructure

Unit code: D/601/1956 QCF Level 5: BTEC Higher National Credit value: 15

Security Using Digital Signatures & Encryption

A PKI For IDR Public Key Infrastructure and Number Resource Certification

IBM SmartCloud Engage Security

Fundamental Concepts and Models

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Aspects of Identity. InfoSec April BCS Security Community of Expertise

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Chapter 4. Fundamental Concepts and Models

ING Public Key Infrastructure Technical Certificate Policy

INFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2

Dell One Identity Cloud Access Manager 8.0. Overview

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

User Authentication Principles and Methods

Access Control. Steven M. Bellovin September 13,

QUICKSIGN Registration Policy

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Transcription:

Christian Damsgaard Jensen Department of Applied Mathematics and Computer Science Technical University of Denmark Christian.Jensen@imm.dtu.dk Security and Trust Computer security is sometimes divided into: Hard security (based on mathematics & formal methods) Authentication and Biometrics information flow and access control Formal modelling and analysis of software and systems Cryptology Soft security (based on other scientific disciplines) Trust-based security mechanisms Wiki-style access control Security usability Security awareness programmes Security based on economic theory and games Claim: Ultimately, it is all based on trust 2 DTU Compute Technical University of Denmark 1

Two Fundamental Models of Security Information Flow Access Control 3 DTU Compute Technical University of Denmark Information Flow Model Definition: The command sequence c causes a flow of information from x to y if, after execution of c, some information about the value of x before c was executed can be deduced from the value of y after c was executed [Matt Bishop] Two types of information flow analysis Program analysis Analysing information flows in a system where all components are known (and available for analysis) Protocol analysis Analysing information flows between components in a system where not all components are known Information flow analysis provides guarantees (assurance) about the enforcement of the security policies Requires that the components are known 4 DTU Compute Technical University of Denmark 2

Access Control Model Security policy is evaluated every time an object is accessed Reference Monitor mediates all access by subjects to objects Guards access to object Interprets access control policy Subjects are active entities (users, processes) Objects are passive entities (resources, e.g. files, devices, ) User ID Role Attribute list policy define map evaluate administrator subject request reference monitor Grant/deny object source guard resource 5 DTU Compute Technical University of Denmark Mapping Subjects in Access Control Identity Based Access Control Permissions are granted directly to users Unique system identifier (UID) for every user User identity must be verified before use (authentication) Role Based Access Control Permissions are granted to roles Users assigned one or more roles User identity must be verified before role is assumed (authentication) Attribute Based Access Control Permissions depend on user s attributes Users must prove possession of attributes Attributes are often encoded in certificates Use of certificates often require user s public-key Use of public-key certificate implies authentication Ultimately, users normally prove identity to exercise access rights 6 DTU Compute Technical University of Denmark 3

Role of Identity in Computer Security The user identity serves three primary purposes: It allows the authentication of subjects Validation of enrolled users Real world identity is difficult/expensive to change It allows different permissions to be granted to different subjects Defined in the access control policy Enforce Principle of Least Privilege Enforce constraints, e.g. Separation of Duty Ultimately based on the identity mapped to the subject It allows accountability Record the identity mapped to the subject performing an action Log serves as evidence if something goes wrong 7 DTU Compute Technical University of Denmark Semantics of Identity in Computer Security Identity defines on which side of the perimeter an agent belongs Only insiders (enrolled in the system) have system identifiers Semantics of (real world) identity String of bits that names an entity (person, machine, process ) Distinguish particular entity from similar entities Difficult and time consuming to get another string of bits What makes me Christian Damsgaard Jensen? My parents liked the name Name recorded in birth certificate Danish government issues identity certificates to me Identity is simply a string that someone is willing to authenticate Nothing more Security properties of system cannot be derived from identity alone 8 DTU Compute Technical University of Denmark 4

Basis for assigning privileges Employment contract Social norms Company policies What constrains the behaviour of subjects? Criminal law Security depends on the system s ability to enforce these rules 9 DTU Compute Technical University of Denmark Human Notion of Trust Decision to trust or not Behaviour of another person Ambiguous path Human notion of trust A person is confronted with an ambiguous path that may lead to something beneficial or something harmful He perceives that the occurrence of the beneficial or harmful event is contingent on the behaviour of another person If he chooses to take an ambiguous path with such properties, he makes a trusting choice but exposes himself to some risk 10 DTU Compute Technical University of Denmark 5

Elements of Trust Trusting Behaviour Trusting Intention Situational Trust Dispositional Trust Trusting Beliefs Belief Formation Processes (McKnight & Chervany, 1997) System Trust 11 DTU Compute Technical University of Denmark Security in Online Transactions Consider a standard e-commerce scenario Alice wants to buy a new camera Trust in directory and reputation services Customer trust in web-shop - Genuine -Honest Both parties must trust -Competent the common infrastructure - computing platform - browser/webserver - plugin and libraries - operating system - hardware - network infrastructure -naming -routing - confidentiality -integrity Web-shop trust in customer - ability to pay 12 DTU Compute Technical University of Denmark 6

Trust in Directory and Reputation Services How do we decide who to interact with? How do we locate service providers Search engines and web portals Google, Yahoo, Pricerunner, Private companies How do we decide which one to interact with? Reputation systems ebay, Trustpilot, Epinions, trip-advisor, Recommendation systems Web-shields Testimonials on service providers web-site Security models and mechanisms don t really consider these issues considered beyond the scope of the model 13 DTU Compute Technical University of Denmark Customer Trust in Service Provider Genuine Link business to webserver (DNS name registration) Link webserver to IP address (DNS resolution) Authenticity of party at the other end of communication channel Authentication protocol (https, SSL, TLS, ) Typically based on certificates and PKI Honesty and Competence Basically not considered by the security model Impossible to enforce through logical security mechanisms 14 DTU Compute Technical University of Denmark 7

Trust in Common Infrastructure Security of the Computing Platform Classic system model Process VM Libraries and Services Operating System Hardware Tool chain is also important Compiler Code Checker Linker Loader Read Ken Thompson s Reflections on Trusting Trust 15 DTU Compute Technical University of Denmark Trust in Common Infrastructure Security of Network Infrastructure Lookup services Lookup Protocol (DNS, ARP, ) Lookup service platform (Name Servers) Same issues as other computing platforms Routing Fabric Routing Information Protocol Routing fabric platform (Routers) Same issues as other computing platforms Message Confidentiality & Integrity (Cryptology) Cryptographic algorithm developers and reviewers Crypto-library developers (and reviewers) Crypto-system installation and operation Key generation and distribution Key management and hygiene 16 DTU Compute Technical University of Denmark 8

Summary From computer models to reality Flickr: LHOON Flickr: McKay Savage 17 DTU Compute Technical University of Denmark Conclusions Computer and network security define properties that can be enforced by the computer system Information flow analysis Access Control Mechanism Most Computer Systems consist of a collection of software executed on hardware and communicating through networks Many of these have never been thoroughly analysed in combination Ultimately, security assurances rely on Correct specifications (trust in system architect) Correct implementation (trust in system developers) Correct execution (trust in hardware manufacturers) Correct configuration (trust in system administrators and HR) Correct operation (trust in the computer users) In order to achieve security, this trust must be explicitly managed 18 DTU Compute Technical University of Denmark 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback