CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.

Slides:

Advertisements

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Advertisements

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Access Control Chapter 3 Part 5 Pages 248 to 252.

Firewalls and Intrusion Detection Systems

Intrusion Detection Systems and Practices

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Part 2  Access Control 1 Access Control Part 2  Access Control 2 Access Control  Two parts to access control  Authentication: Are you who you say.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Controls for Information Security

Present by Napasakorn Sukjay Poom Samaharn

Department Of Computer Engineering

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.

Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Computer Science 653 Lecture Authorization

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

What is FORENSICS? Why do we need Network Forensics?

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Operating system Security By Murtaza K. Madraswala.

Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:

Chapter 5 Network Security

Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 8 Authorization Access control matrix Multilevel Security Multilateral security Covert channel Inference control CAPTCHA Firewalls IDS.

Li Xiong CS573 Data Privacy and Security Access Control.

ECE Prof. John A. Copeland fax Office: GCATT Bldg.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.

Chapter 8 Authorization Access control matrix Multilevel Security Multilateral security Covert channel Inference control CAPTCHA Firewalls IDS.

Cryptography and Network Security Sixth Edition by William Stallings.

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.

Security. Digital Signatures Digital Signatures Using MD.

Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Computer and Information Security Chapter 8 Advanced Cryptanalysis 1.

Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.

Cryptography and Network Security

Chapter Seven: Authorization 2013Term 2 INTRODUCTION Additional forms of Access Control CAPTCHAs, which are designed to restrict access to humans Firewalls,

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Some Great Open Source Intrusion Detection Systems (IDSs)

CS580 Internet Security Protocols

CompTIA Security+ Study Guide (SY0-401)

Access Control Model SAM-5.

Security+ All-In-One Edition Chapter 1 – General Security Concepts

or call for office visit,

Outline Introduction Characteristics of intrusion detection systems

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

OS Access Control Mauricio Sifontes.

Lecture 3: Secure Network Architecture

Chapter 1: Introduction

Introduction Security Intro 1.

CS703 - Advanced Operating Systems

Computer and Information Security

Presentation transcript:

CS 483 – SD SECTION (8) AUTHORIZATION

INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is allowed to have access to data, functionality or service Y. The authorization is usually after a successful authentication. In this chapter, we will describe:  additional forms of Access Control  CAPTCHAs, which are designed to restrict access to humans  Firewalls, which view as a form of access control for networks  Intrusion Detection systems, which come into play when firewalls fail to keep the bad guys out

ACCESS CONTROL MATRIX The fundamental concepts in authorization are derived from Lampson’s access control matrix, which has a row for every subject and a column for every object Payroll Data Insurance Data Accounting Data Accounting Program OS --rrx Bob rw rrx Alice rw rrwx Sam rrw rx acct. program

ACCESS CONTROL MATRIX Problem: dealing with a large matrix Solution: spilt it into manageable pieces using one of the two fundamental concepts in authorization : 2. Capabilities (C-lists) Split the matrix into its rows and store each row with it corresponding subject 1. Access Control Lists (ACLs) Split the matrix into its columns and store each column with it corresponding object Payroll Data Insur. Data Ac. Data Ac. Prog. OS --rrx Bob rw rrx Alice rw rrwx Sam rrw rx acct. Payroll Data Insur. Data Ac. Data Ac. Prog. OS --rrx Bob rw rrx Alice rw rrwx Sam rrw rx acct.

CONFUSED DEPUTY Problem:  Alice and Bob has the same privilege to invoke the compiler.  The complier has a privileges (rw) to access Bill when Alice invokes the compiler, while the complier has a privileges (r only) to access Bill when Bob invokes the compiler. Solution:  Use C-lists

ACL’s vs. C-List

MULTILEVEL SECURITY MODELS (MLS) These models tell us what to be protected. MLS systems are designed to restrict legitimate channels of communication. In MLS subjects are the users and the object are the data. Classification apply to object while clearances apply to subjects.  For example US. DoD separate their employs into four levels: (TOP SECRET > SECRET > CONFIDENTIAL > UNCLASSIFIED) MLS is needed when subjects and objects at different levels and use the same system resources.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). CAPTCHA is a test that a human can pass, but a computer can’t pass with a probability better than guessing. This test is the “gold standard” in artificial intelligence. If attackers are able to break such CAPTCHAs, they have solved a hard AI problem.

FIREWALLS The firewall examines requests to access the network, and it decides whether they pass a reasonableness test. A firewall acts like a lot like a secretary for your network. There is no standard firewall terminology. The classification of firewalls:  A packet filter is a firewall that lives at the network layer.  A stateful packet filter is a firewall that operates at the transport layer.  An application proxy is a firewall that operates at the application layer where it functions as a proxy.

INTRUSION DETECTION Authentication can be viewed as a way to prevent intrusions, and firewalls are certainly a form of intrusion prevention, as are most types of virus protection The primary focus of computer security is intrusion prevention, where the goal is to keep bad guys out of your system or network There are essentially only two methods of intrusion detection:  Signature-based IDSs attempt to detect attacks based on known “signatures” or patterns. This is analogous to signature-based virus detection.  Anomaly-based IDSs attempt to define a baseline, or normal, behavior of a system and provide a warning whenever the system strays too far from this baseline.