Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten –

Slides:



Advertisements
Similar presentations
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Advertisements

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing -Lecture Twelve.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Drs.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing - Lecture Fifteen.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Eleven.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Six –
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Seven.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing - Lecture Fourteen.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Nine –
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Distributed Systems Shahab Baqai Lahore University.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
I Information Systems Technology Ross Malaga 3 "Part I Understanding Information Systems Technology" Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.
Software Development, Programming, Testing & Implementation.
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Lightweight Mobile Applications Certification: Prepared By: Rahul Biswas.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Computer & Network Security
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
School Census Summer 2008 for Secondary Schools Jim Haywood – Version 1.1.
Copyright © Clifford Neuman and Dongho Kim - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Advanced Operating Systems Lecture.
44222: Information Systems Development Documenting a Solution Ian Perry Room:C41C Extension:7287
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Copyright © Clifford Neuman and Dongho Kim - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Advanced Operating Systems Lecture.
Security Vulnerabilities in A Virtual Environment
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Advanced Operating Systems Lecture notes Dr.
Understand Permissions LESSON Security Fundamentals.
Usability Heuristics Avoid common design pitfalls by following principles of good design Nielsen proposes 10 heuristics, others propose more or less. Inspect.
Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.
Copyright © Clifford Neuman and Dongho Kim - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Advanced Operating Systems Lecture.
Copyright © Clifford Neuman and Dongho Kim - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Advanced Operating Systems Lecture.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
ONLINE TOPIC Legislation & Codes of Practice. This PowerPoint will support you in working through the requirements of Theory Assignment 2: ‘Identify the.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Advanced Higher Computing Science
BEST CLOUD COMPUTING PLATFORM Skype : mukesh.k.bansal.
3 August 2016 M.Dimou - A.Racine 1.
Introduction to Systems Security
Chapter 22: Malicious Logic
Security.
SOFTWARE TECHNOLOGIES
Operating System Concepts
Presentation transcript:

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten – Protecting the Platform March 28, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Friday’s Lecture Friday’s lecture will be used for discussion of student projects. I will provide feedback on all of your proposals by this evening. For Friday’s lecture, each of you should prepare to speak for 8 minutes describing your projects. The class will provide feedback. If you wish to use slides (not required) please send them to me by Noon Friday.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Today’s lecture Intended to promote discussion. Think about what other issues are relevant to protecting the platform. We can discuss these questions during lecture – when we discuss related issues, or we can discuss other questions / issues at the end of lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE What is Platform Protection Attesting to the code that runs Mitigating effect of malicious code Preventing modification of system code Providing a sandboxed environment Containing effects of even “trusted” code

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Code Attestation How to ensure that the code that is running has not been maliciously modified. –Problem: What is legitimate code. –Easy, but problematic solution: Check the PCR’s against a list of valid code.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE A Policy Problem The base TC policies work: –i.e. making sure that the PCR’s reflect the real code that runs. The higher level policy is more difficult. –Which code can we run –Which versions. –What if customizations present.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solutions Exhaustive list of valid PCR values. –Impractical or limits flexibility. Solve the Halting Problem –Then determine if the code that is present is safe (uncomputable) List valid modifications –Provide list that is present and calculate if PCR’s match

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Limits on Unknown Modifications Still need to know what each of the modifications does, and how it affects security. Question: Can we allow legitimate mods, yet with sufficient constraints that certain unknown mods are still sandboxed in terms of which properties they may violate.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Examples Browser plug-ins –These are often used by malicious code. –Perhaps limit effect of installed plug-ins to specific virtual systems. –How does this relate to securing today’s systems/browsers.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Mitigating Effect of Malicious Code Limiting parts of the system that can be modified. –E.g. plug-ins to browsers only effect: ▪Current session ▪Current Virtual System ▪Current user ▪Vs. whole system

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Preventing Modification Limiting parts of the system that can be modified. –Constraints on file access ▪Write as well as read –Copy on write for new sandboxed virtual system ▪Question is when to discard ▪How to tag objects that move out of sandboxed system. Detecting Modification through PCRs –But what about changes to code already running

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Sandboxed Environments Limits on reads and writes Limits on ability to communicate –But might be needed by application –Might want to list which communication is acceptable Limits on resource consumption Clear user interface deliniation

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Containing Trusted Code Explicit authorization vs explicit denial of access. –Sandboxes –E.g. use virtual systems to limit the resources which can be accessed, not just the processes that can access protected resources. Firewalls and other defenses

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.