Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.
Security of JavaCard smart card applets Erik Poll University of Nijmegen
MySQL Access Privilege System
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
Executional Architecture
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Firewalls and Intrusion Detection Systems
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Security Awareness: Applying Practical Security in Your World
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
An Approach to Safe Object Sharing Ciaran Bryce & Chrislain Razafimahefa University of Geneva, Switzerland.
Lecture 7 Access Control
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Access Control and Privilege Management
Security in Java Sunesh Kumra S
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Information Security in Distributed Systems Distributed Systems1.
Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Role Of Network IDS in Network Perimeter Defense.
Security. Digital Signatures Digital Signatures Using MD.
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Chapter 40 Internet Security.
Chapter 14: System Protection
Chapter 14: Protection.
Computer Data Security & Privacy
Outline What does the OS protect? Authentication for operating systems
Introduction to Networking
Firewalls.
Topic: Java Security Models
Outline What does the OS protect? Authentication for operating systems
Chapter 9.3 Security Access Control
CE Operating Systems Lecture 21
Security.
Operating System Concepts
Presentation transcript:

Access Control 1

Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from Prof. Kenneth Chiu at SUNY Binghamton I have modified them and added new slides 2

3 Access Control Once a client and a server have established a secure channel, the client can issue requests to the server Requests can only be carried out if the client has sufficient access rights The verification of access rights is access control, and the granting of access rights is authorization These two terms are often used interchangeably

4 The Basic Model for Access Control This model is generally used to help understand the various issues involved in access control The subject issues requests to access the object, and protection is enforced by a reference monitor that knows which subjects are allowed to issue which requests

5 Access Control Matrix The access control matrix is a matrix with each subject represented by a row, and each object represented by a column The entry M[s, o] lists the operations that subject s may carry out on object o Is this matrix a good way to represent access rights Of course, we dont really want to implement it as a matrix in any system of reasonable size, because there would be a whole lot of wasted space… ? ?

6 Access Control Matrix There are two main approaches that are used instead of an actual matrix: Each object can maintain a list, the access control list, of the access rights of subjects that want to access that object - this effectively distributes the matrix column- wise, leaving out empty entries Each subject can maintain a list of capabilities for objects - this effectively distributes the matrix row-wise, leaving out empty entries Of course, capabilities cant be totally maintained by the subjects - they must be given to the subjects by some other trusted entity (like the reference monitor)

7 Access Control Lists vs. Capabilities

Access Matrix

Access Control List

Capability Lists

11 Protection Domains ACLs and capabilities help to efficiently implement the access control matrix, but can still become quite cumbersome A protection domain is a set of (object, access rights) pairs, where each pair specifies for a given object exactly what operations can be carried out By associating a protection domain with each request, we can cut down on redundant information in access control lists

12 Protection Domains One approach to using protection domains is to construct groups of users Another approach is to use roles instead of groups Roles: head of a department, manager of a project, member of a personnel search committee

13 Firewalls We can use encryption to protect the files that make up the access control matrix, and various secure channel protocols to communicate that information to the objects that need it This works well, as long as all the components in the system play by the same sets of rules - but that might not always be the case…

14 Firewalls - Example Take the idea of an NFS server, which uses UNIX user and group IDs to control access to files This works great on a private network where you can guarantee that none of the machines local user and group databases will be tampered with If I tamper with a machine, create a new user with some existing user ID in my password file, and then hop onto the NFS server, I can access all that users files and exercise all his rights!

15 Firewalls A firewall is a special kind of reference monitor that inspects packets traveling into and out of a private network to ensure that they arent harmful There are two main types: Packet-filtering gateways inspect only the headers of packets travelling on the network, for example, based on the source and destination addresses Application-level gateways inspect the contents of the packets as well, for example, spam filters

16 Secure Mobile Code Code migration: Its important to protect hosts against malicious mobile agents, and also to protect the mobile agents against malicious hosts Much more attention has been paid to the former, because the latter is in a sense impossible - even if you protect the agent from tampering with various cryptographic techniques, nothing prevents a host from simply keeping the agent a prisoner forever

17 Secure Mobile Code Protecting the Host One approach to protecting the host is to build a sandbox, which allows the execution of a downloaded agent to be fully controlled If the agent attempts to execute an instruction that the host doesnt like, it can be terminated by the host Implementing a sandbox is nontrivial Probably the best known example is the Java sandbox model

18 Secure Mobile Code The Java Sandbox Model The Java sandbox model consists of several components: Class Loaders Byte Code Verifier Security Manager

19 Secure Mobile Code The Java Sandbox Model Class loaders are responsible for fetching classes from servers and installing them in the hosts JVM Only trusted class loaders are used - a Java program cant circumvent the sandbox by creating some special kind of class loader A byte code verifier checks whether downloaded classes obey the sandboxs security rules In particular, it checks to see if the code contains illegal instructions or instructions that could corrupt the stack or memory

20 Secure Mobile Code The Java Sandbox Model A security manager performs checks at runtime to ensure that mobile code doesnt break any rules For instance, downloaded code cannot write to the filesystem unless given special permission to do so In the original Java security model, the security manager was very strict and didnt distinguish programs from different servers- Javas current security model is much more flexible

21 Secure Mobile Code Playgrounds An alternative model is to designate a single machine on the local network as a playground in which mobile code can run Resources local to the playground are available to code running in the playground, while resources local to other machines are isolated from the playground

22 Secure Mobile Code Sandboxes vs. Playgrounds (a) illustrates a sandbox-based system, while (b) illustrates a playground-based one

Distributed Denial of Service DDoS Can be classified into two kinds, roughly. Bandwidth depletion and server resource depletion. How does a typical DDoS work? How can we protect against them?

Distributed Denial of Service No single way to protect, need comprehensive plan Protect machines from getting taken over. Monitor egress routers. Monitor ingress (how well does this work?) Monitor overall network.