Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Slides:

Advertisements

Similar presentations

Akshat Sharma Samarth Shah

Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Lecture 23 Internet Authentication Applications

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Authentication & Kerberos

Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Grid Security. Typical Grid Scenario Users Resources.

PGP Overview 2004/11/30 Information-Center meeting peterkim.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Introduction to Cryptography

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Security Issues in Grid Computing Reading: Grid Book, Chapter 16: “Security, Accounting and Assurance” By Clifford Neuman.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Guide to Network Defense and Countermeasures Second Edition

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

Principles of Information Security, 2nd edition1 Cryptography.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

Security Issues in Grid Computing Presented by: Nisarg Gandhi Aritra Mukherjee Anirudh Sethi.

Secure Socket Layer (SSL)

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

HPC lab Current Practices on Security Technologies Clifford Neuman Book chapter 16(Security, Accounting, and Assurance in “The GRID: Blueprint for.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Chapter 21 Distributed System Security Copyright © 2008.

Module 9: Fundamentals of Securing Network Communication.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

Csci5233 computer security & integrity 1 Cryptography: an overview.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Advanced Operating Systems Lecture notes Dr.

Web Services Security Patterns Alex Mackman CM Group Ltd

Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Chapter 17 Risks, Security and Disaster Recovery

Unit 8 Network Security.

Electronic Payment Security Technologies

Presentation transcript:

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Overview Requirements Requirements What is expected from grids nowadays? What is expected from grids nowadays? Technologies Technologies Which are developed to provide the security. Which are developed to provide the security. Current Practice Current Practice Existing implementation of security services. Existing implementation of security services. Future Directions Future Directions What is met by existing technologies insufficiently? What is met by existing technologies insufficiently?

Requirements Authentication Authentication The process of verifying the identity of a participant. The process of verifying the identity of a participant. A verified entity called principal (e.g. user logged into system). A verified entity called principal (e.g. user logged into system). Authority to use delegation of identity. Authority to use delegation of identity. Authorization Authorization The process determining whether a particular operation is allowed. The process determining whether a particular operation is allowed. Supporting delegation of authority. Supporting delegation of authority.

Requirements (cont’d) Assurance Assurance A form of authorization validating the authority of service provider (i.e. accreditation). A form of authorization validating the authority of service provider (i.e. accreditation). Allow the requester to decide whether a system is secure, reliable, etc. Allow the requester to decide whether a system is secure, reliable, etc. Accounting Accounting A means to manage the quotas. A means to manage the quotas.

Requirements (cont’d) Audit Audit Records what have been performed by a system on behalf of a principal. Records what have been performed by a system on behalf of a principal. Integrity and Confidentiality Integrity and Confidentiality Correct functioning of applications on the network. Correct functioning of applications on the network. Optional Security Services Optional Security Services Is all the described requirements needed for our system? Is all the described requirements needed for our system?

Technologies Cryptography Cryptography The most basic technology for distributed system security. System is conditioned on secrecy of key. The most basic technology for distributed system security. System is conditioned on secrecy of key. Symmetric & Asymmetric methods Symmetric & Asymmetric methods

Technologies (cont’d) Authentication Authentication There is several authentication methods including assertion, passwords, encryption-based protocols. There is several authentication methods including assertion, passwords, encryption-based protocols. Certification Certification Provides binding between a particular key and a principal. Provides binding between a particular key and a principal. This binding certified by a Certification Authority. This binding certified by a Certification Authority.

Technologies (cont’d) Distributed Authorization & Assurance Distributed Authorization & Assurance Privilege attribute certificates or assurance credentials. Privilege attribute certificates or assurance credentials. Accounting Accounting Distributed database Distributed database Intrusion Detection & Auditing Intrusion Detection & Auditing

Current Practice File Encryption, , and Public-Key Auth. File Encryption, , and Public-Key Auth. Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) gpsrc658win32.zip gpsrc658win32.zip gpsrc658win32.zip gpsrc658win32.zip Secure Sockets Layer & Transaction-Level Sec. Secure Sockets Layer & Transaction-Level Sec. Embedded in most Web browser Embedded in most Web browser

Current Practice (cont’d) Kerberos

Current Practice (cont’d) IPSec, IPv6, and Virtual Private Networks IPSec, IPv6, and Virtual Private Networks Disabling sniffers Disabling sniffers Firewalls Firewalls A barrier at the boundary A barrier at the boundary

Future Directions Group Communication Group Communication Better ways needed Better ways needed Distributed Accounting Distributed Accounting NetCheque NetCheque

Thank you