Chapter 4 Access Control Manage Principals operations in system.

Slides:

Advertisements

Similar presentations

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Advertisements

Welcome to Middleware Joseph Amrithraj

Trusted System Elements and Examples CS461/ECE422 Fall 2011.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Security+ Guide to Network Security Fundamentals, Fourth Edition

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Chapter 5 Database Application Security Models

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Operating System Security Mike Swift CSE 451 Autumn 2003.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.

Week 6 Operating Systems.

Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Ajmer Singh PGT(IP) Software Concepts. Ajmer Singh PGT(IP) Operating System It is a program which acts as an interface between a user and hardware.

Systems Security & Audit Operating Systems security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

Database Application Security Models Database Application Security Models 1.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Chapter Two Clients and Servers: Who’s the Boss?.

Android Security Auditing Slides and projects at samsclass.info.

G53SEC 1 Access Control principals, objects and their operations.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

CS 7: Introduction to Computer Programming Java and the Internet Sections ,2.1.

Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.

SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.

Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There.

1 Mobile Code l Java Review –Java code is platform independent and runs within a “sandbox”, or a set of restrictions that keep downloaded applets from.

Operating Systems Security

Chapter 1 Computers, Compilers, & Unix. Overview u Computer hardware u Unix u Computer Languages u Compilers.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

Chapter 9: Networking with Unix and Linux. Objectives: Describe the origins and history of the UNIX operating system Identify similarities and differences.

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

Linux-vs-Windows Security

Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Computer Security: Principles and Practice

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.

Identity and Access Management

Introduction to Windows Server 2008

Computer Data Security & Privacy

POPULAR POWER Security Issues of Peer-to-Peer Systems

What is an Operating System?

Chapter 14: Protection.

Chapter 27: System Security

Chapter 2: System Structures

Presentation transcript:

Chapter 4 Access Control Manage Principals operations in system

Resources Access control Which principals have access to what resources on the system and when Applications Middleware Operating system Hardware

Access control system System authenticates principal using some method, then controls access to system resources. Often a matrix of permissions Triple of User Program File See matrix page 53 Matrices grow very large Control this through groups or roles Certificated based systems coming about I have a certificate signed by some authority that I have a specific right.

Groups and roles Do not assign rights individually Assign to groups that represents the activities or job titles of employees They define the rules, you implement them ACL Access Control List Column of the matrix who has what rights to resource

UNIX Root can access everything. Not a good thing, even system admin should not have access to certain files: Audit trails Logs Newer versions of UNIX have worked to separate out these duties Military versions even more so

Granularity Security and Database Database is 1 file so OS must give access to this one file Within in the database security is controlled by the DBMS This creates various issues with passwords, management and control Many systems, many passwords Companies striving for 1 central directory service This is why Microsoft wants it’s Active Directory product to become a “standard”

Sandboxing Java uses this Applet runs in a virtual restricted environment Does not have access to hard drive JVM has limited local access

Object Request Brokers Mediates communications between objects Outgrowth of Object Oriented programming Common Object Request Broker Architecture (CORBA) Industry standard

Hardware protection Protect one process from interfering with another Memory Metadata (data about processes) Hardware access control Rings of protection Less privileged process (user program) needs to access more privileged process (device driver)

Processors Intel processors page 63 ARM processors page 63 Security processors page 64 QoS Quality of Service issues. One process does not hog CPU

What goes wrong Smashing the stack Syn flooding Trojan horse Root kits Single commands Full root kits Active web content And many more programming defects

NSA Deep distrust of application security Heavy emphasis on trusted OS security

Environmental creep UNIX original use was in trusted environment Todays use is in the most untrusted environment (internet) Many tools also develop for trusted environment FTP, SMTP, DNS… Used in most untrusted environment Code used to be buggy, now is malicious Script kiddies anyone can attack system

Discussion topics Current stack smashing article Environment Creep and OS attacks Current state of windows root kit Where should security lie? OS, applications, middleware? Certificate based security.

Articles Root Kit articles: m/originalContent/0,289142,sid45_gci ,00.html m/originalContent/0,289142,sid45_gci ,00.html

List of resources Access control l l Groups roles tures/accesscntrl.mspx tures/accesscntrl.mspx rbac.shtml rbac.shtml brary/72b cc-4c7f-8fbf cd0b61033.mspx brary/72b cc-4c7f-8fbf cd0b61033.mspx

List of resources Sandboxing curity/sandboxing.html curity/sandboxing.html m m

List of resources Object Request Brokers broker broker a_body.html a_body.html Rings

List of Resources NSA