agenda n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Agenda PowerPoint Presentation
Download Presentation
Agenda

Loading in 2 Seconds...

  share
play fullscreen
1 / 6
judah-weber

Agenda - PowerPoint PPT Presentation

71 Views
Download Presentation
Agenda
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CS G513 / SS G513 Network Security Agenda Threat Model Dolev-Yao Model Solutions Model

  2. Security Model • Networked systems have weaknesses • Vulnerabilities • Malicious entities exist • Threat • individual or group; computer or network or other device; or a combination of these. • When Threats exploit Vulnerabilities systems fail • Attack • Entities referred to as attacker/adversary/intruder/eavesdropper etc. • Security Goals: • Prevent, Avoid, Defend attack • If nothing else, reduce the impact; Recover from;

  3. Security Model • Which attacks to look for? • System Requirements / Guarantees • Security Properties • What do we know about the threat? • Nothing • Does not help • Need a threat model • Dolev-Yao (see Reference on website) proposed one. • Base model used for most security protocols • Needs to be and is adapted for changing requirements. Sundar B.

  4. Dolev-Yao Threat Model • The (potential) attacker can • Obtain any message passing thru’ the network • - as a legitimate user - initiate a conversation with any user • - i.e. will have the opportunity to - become a receiver to any principal • - i.e. has the ability to - send messages to any principal by impersonating any other principal. • Does the attacker have limitations? • We are doomed if none. Sundar B.

  5. Dolev-Yao Threat Model contd… • The attacker does not have unlimited computing power • Leads to reduced available computing time • Often more stringent assumptions possible. • Secrets can be kept (from the attacker) • The form of storage is important. • Private (computing) locations exist. • Non-networked locations?? Sundar B.

  6. Solutions Model • Interested in generic solutions • Not necessarily specific to one network / one application. • Interested in repeatable solutions • He (Lord Voldemort) will come back and must be defeated again and again and again. • - Dumbledore (paraphrased) to Harry Potter in Harry Potter and the Sorcerer’s Stone! • Interested (mostly) in electronic form of solutions. • Assumptions regarding non-electronic components must be spelt out. Sundar B.