CS703 - Advanced Operating Systems

Slides:



Advertisements
Similar presentations
Lecture 6 User Authentication (cont)
Advertisements

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
1 November Applicability of Biometrics As a Means of Authentication Scholarship for Service William Kwan.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Video- and Audio-based Biometric Person Authentication Motivation: Applications. Modalities and their characteristics. Characterization of a biometric.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
SE571 Security in Computing
NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Security-Authentication
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
FORESEC Academy FORESEC Academy Security Essentials (II)
CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Lecture 11: Strong Passwords
Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
G53SEC 1 Authentication and Identification Who? What? Where?
G53SEC 1 Access Control principals, objects and their operations.
Protection in General- Purpose OS Week-3. Our Main Concern In what way do operating systems protect one user’s process from inadvertent or malicious interaction.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Security in Computing Protection in General-Purpose Operating Systems.
G53SEC 1 Authentication and Identification Who? What? Where?
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Understand User Authentication LESSON 2.1A Security Fundamentals.
Challenge/Response Authentication
Outline The basic authentication problem
Data security OCR Cambridge Nationals in ICT Level 1/2 © Hodder & Stoughton 2013.
Access Control Model SAM-5.
Identification and Authentication
Challenge/Response Authentication
Outline What does the OS protect? Authentication for operating systems
Outline What does the OS protect? Authentication for operating systems
Authentication.
Discretionary Access Control (DAC)
Resource Management Chapter 19 9/20/2018 Crowley OS Chap. 19.
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
Protection in Operating Systems
Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput +92 – 301-
OS Access Control Mauricio Sifontes.
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
CS703 - Advanced Operating Systems
COEN 351 Authentication.
Operating Systems Concepts
CS703 - Advanced Operating Systems
Presentation transcript:

CS703 - Advanced Operating Systems By Mr. Farhan Zaidi

Lecture No. 40

Overview of today’s lecture User authentication Password based authentication UNIX password scheme One-time password schemes Challenge response authentication Biometrics and other authentication schemes Access control and authorization Access control matrix

Authentication Usually done with passwords. This is usually a relatively weak form of authentication, since it’s something that people have to remember Empirically is typically based on wife’s/husband’s or kid’s name, favorite movie name etc. Passwords should not be stored in a directly-readable form Use some sort of one-way-transformation (a “secure hash”) and store that if you look in /etc/passwords will see a bunch of gibberish associated with each name. That is the password Problem: to prevent guessing (“dictionary attacks”) passwords should be long and obscure unfortunately easily forgotten and usually written down.

Authentication (2) Unix password security Encrypt passwords One time passwords Lamport’s clever scheme (Read Tanenbaum for details) Challenge-Response based authentication Used in PPP and many other applications

Authentication alternatives Badge or key Does not have to be kept secret. usually some sort of picture ID worn on jacket (e.g., at military bases) Should not be forgeable or copy-able Can be stolen, but the owner should know if it is (but what to do? If you issue another, how to invalidate old?) This is similar to the notion of a “capability” that we’ll see later

Biometrics Biometrics Example features: Authentication of a person based on a physiological or behavioral characteristic.  Example features: Face, Fingerprints, Hand geometry, Handwriting, Iris, Retinal, Vein, Voice. Strong authentication but still need a “Trusted Path”.

Decide whether user can apply operation to resource Access control Context System knows who the user is User has entered a name and password, or other info Access requests pass through gatekeeper OS must be designed so monitor cannot be bypassed ? Resource User process Reference monitor Decide whether user can apply operation to resource

Access control matrix [Lampson] Subjects Objects File 1 File 2 File 3 … File n User 1 read write - User 2 User 3 User m

Two implementation concepts Access control list (ACL) Store column of matrix with the resource Capability User holds a “ticket” for each resource File 1 File 2 … User 1 read write - User 2 User 3 User m Access control lists are widely used, often with groups Some aspects of capability concept are used in Kerberos, …

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.