1 / 32

Lesson 4 Computer Security

Lesson 4 Computer Security. Overview. Definition/Goals Access Controls Security Models Authentication Protocols. Secrets

scott-massey
Download Presentation

Lesson 4 Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lesson 4Computer Security

  2. Overview • Definition/Goals • Access Controls • Security Models • Authentication Protocols

  3. Secrets In a world where data is coin of the realm, and transmissions are guarded by no better sentinels than man-made codes and corruptible devices, there is no such thing as a secret. “This Alien Shore”, C. S. Friedman (C) 1998

  4. Computer Security The Prevention and/or detection of unauthorized actions by users of a computer system. In the beginning, this meant ensuring privacy on shared systems. Today, interesting aspect of security is in enabling different access levels.

  5. What are our goals in Security? • The “CIA” of security • Confidentiality • Integrity • Data integrity • Software Integrity • Availability • Accessible and usable on demand • (authentication) • (nonrepudiation)

  6. Access Controls • “Access controls serve to enforce an authorization policy, which specifies what activity is allowed and who is allowed to initiate it.” • Governs not only activities by human actors but non-human actors as well. • Can apply to any media – print, tapes, networks, memory, . . .

  7. Access modes • Read – allows entity to read the file or view the file’s attributes • Write – allows the entity to write to the file, which may include creating, modifying, or appending to the file. • Execute – the entity may load the file and run it. • Delete – the entity may remove the file from the system. • Change Permissions, change ownership

  8. Protection Table • Illustrates what access controls are designed to do File 1 File 2 File 3 Printer Disk User 1 Read Write Write User 2 Execute Read Write Read Write Prog 1 Read Read Write • Protection Table seems like an easy solution to access control problem but . . . • Required table extremely large • Table generally sparsely populated

  9. File Passwords • In order to gain access to a file the user must present the system with the file’s password. • Initial assignment can be accomplished by sysadmin or creator of file. • In order to control the type of access granted to the file, multiple passwords for each file may be necessary. • Method is easy to implement and understand.

  10. File passwords - problems • Since users will have to remember different passwords for each file it will mean LOTS of passwords to remember (or write down!). • No easy way to keep track of who has access to the password for a file. • Passwords distributed manually which leaves no automated audit trail. • Hard to control. • Revocation easy to do (change a password), problem is doing it without affecting all of the other users. • Files (programs) that require access to other files requires that all passwords be identified before program is executed or execution has to be interrupted to wait for a user to enter the required password.

  11. Biometrics • Basic premise: “you are the indentification and authenticator” • physical recognition • voice recognition • finger prints • retinal scans • iris scans

  12. Access Tokens • Basic premise: a physical object serves to authenticate the holder, most systems combine access token with a password • ATM Card (authentication example : insert token, enter PIN) • Smart cards • Credit Card (authentication example : signature, expiration date, addition ID)

  13. Access Control Lists (ACL) • Divides protection table by columns. • ACLs are created for each object. File 1 Disk 1 User 1 Execute User 2 Read, Write, List User 4 Read, List Program 1 Write User 1 Read User 2 Read User 3 Read, Execute, List Program 1 Write

  14. Access Control Lists • Can easily answer question “which subjects have access to a specific object?” • This is the more frequently asked question. • Hard to answer “which objects does a specific subject have access to?” • Access to a file can easily be revoked. • Storage space is saved. • Generally more objects than subjects

  15. Protection Bits • A modification of ACLs. • Protection bits are attached to each file but instead of providing a complete list of all users they specify permissions for specific classes. • Sometimes referred to as “permission bits”. • Example classes: Owner, Group, World File 1 r,w,x, , , r, ,x, , , , , x, , , File 2 r, ,x,d, , r, ,x, , , , , , , ,

  16. Protection Bits Owner Group World R W E R W E R W E UNIX Example UNIX Example: R W E, R, , E, , , E 1 1 1 1 0 1 0 0 1 7 5 1 Thus, permission set for this object can be contained in 9 bits

  17. Security Models • Bell-LaPadula • Aimed at “military style” security • Multi-level security • Two main properties • “Simple Security Property” • No subject is allowed to read information which is of a higher classification (no read up) • *-Property • A subject may not write to an object with a lower classification (no write down) • Disclosure (confidentiality) is the issue • But, doesn’t address data aggregation

  18. Security Models • Chinese Wall • Separation between mutually distrustful individuals (but that have same “clearance”) • Clark-Wilson • Concerned with data integrity as opposed to confidentiality • Thus, commercial applications in mind • Constrained data – limit what processes an individual can run which will limit the data they can view/affect

  19. The “Orange Book” • The NCSC (NSA) developed the Trusted Computer System Evaluation Criteria (TCSEC) • Designed to meet three objectives • to provide guidance to manufacturers as to what security features to build into their products • to provide the DoD customers with a metric to evaluate the degree of trust they could place in a computer system • to provide a basis for specifying security requirements in acquisition specifications • Particular emphasis is on preventing unauthorized disclosure of information. • Based on Bell-La Padula security model

  20. The Orange Book

  21. Discretionary –vs- MandatoryAccess Controls • Controls so far have granted access at the “discretion” of the user. • Mandatory access controls are designed to maintain controls that have been mandated – There MUST be a separation. • Mandatory access controls place additional restrictions on access by attaching a label to all subjects and objects indicating the clearance or security level classification. • Considerable overhead associated with this.

  22. Covert Channels • Covert channels take advantage of illicit communication through a legitimate information channel. • An issue for Mandatory Access Controls. • Two types of covert channels • storage channels • any communication path that results when one process causes an object to be written and another process observes the effect. • timing channels • any communication path that results when a process produces some effect on system performance that is observable by another process and is measurable with a timing base such as a real-time clock

  23. Security Kernel Audit File Subjects Reference Monitor Objects Access Control Database • The HW and SW that implements the “reference monitor” • All accesses that subjects make to objects are authorized on information in an access control database. • The specific checks that are made and all modifications to the access control database are controlled by the reference monitor in accordance with the established security policy.

  24. Authentication • “Authentication is the process of determining whether information is trustworthy and genuine.” • Key question for computers and networks is how do you verify that the user is who they claim to be? • 3 general methods to authenticate • Something you know • Something you have • Something about you/that you are

  25. Something you Know • Most common technique for Authentication -- userids/password combination • Theoretically not a bad technique if chosen correctly • Length and size of character set have direct relationship on the strength of the chosen password For example, if lower case alphabet used: • 1 character length = 26 possible passwords • 2 character length = 26 x 26 = 676 possible passwords • 3 character length = 26 x 26 x 26 = 17,576, and so on If upper and lower case alphabetic characters used • 1 character length = 52 possible passwords • 2 character length = 52 x 52 = 2704 possible passwords • 3 character length = 52 x 52 x 52 = 140,608 possible passwords • Password Cracking • NT, brute force • Unix, Dictionary attack

  26. Something you have (access tokens) • May combine this method and userid/password • Physical keys • Magnetic cards • information stored on card, example is credit card • Smart cards • more information stored, may be encrypted • “calculators” • device that looks like (and may even function as) a calculator. • Process may proceed as follows: user presents userid or name system responds with challenge challenge punched into calculator - returns response user supplies response to system

  27. Something about you • Biometrics • Voice prints • Fingerprint • Retinal Scan • Hand Geometry • Signature analysis

  28. Problems with the 3 basic Authentication Techniques • Something you know: • people write things down, they choose poorly • Something you have • requires additional hardware ($) • People lose them • Something about you • requires additional hardware ($$) • things about you can change

  29. Authentication Protocols Basic Approach User types in name and password. The client sends them in the clear. Server Client Server looks name up in DB and retrieves password. If retrieved and sent passwords match, user is allowed access.

  30. Authentication Protocols The client sends name in the clear. Client sends hashed password. Updated Approach Server Client Server looks name up in DB and retrieves hashed password. If retrieved and sent hashed passwords match, user is allowed access. User types in name and password. Client produces hashed version of password.

  31. Authentication Protocols User requests permission from Kerberos Server to log into server. If user is allowed on server, Kerberos responds with Ticket and session key. Client sends Ticket and authenticator Kerberos Model Kerberos server Client Server Client uses session key to create an “authenticator” that will be used to prove identity of user to server. Server validates everything. (Server and Kerberos server share long-term key. The ticket is a message from the Kerberos server to the server encrypted with this key)

  32. Summary • Definition/Goals • The “CIA” of security • Access Controls • Modes, Passwords, ACLS, Biometrics • Security Models • Bell-LaPadula, Chinese Wall, Clark-Wilson • Authentication Protocols • Basic, Hashing, Kerberos

More Related