A presentation by Robin Upton (2009-03-24) ‏ Latest version at www.altruists.org/ff10 Attribution – NonCommercial - ShareAlike www.altruists.org FF 10.

Slides:



Advertisements
Similar presentations
More on File Management
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Access Control Methodologies
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Issues in Grid Computing Reading: Grid Book, Chapter 16: “Security, Accounting and Assurance” By Clifford Neuman.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Firewalls and Intrusion Detection Systems
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Introduction To Windows NT ® Server And Internet Information Server.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Data Flow Diagram Notations
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Introduction Need: A dynamic, user controlled website Built in forums, security, and news support Work with existing OpenInsight application Seamless.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Lesson 7-Creating and Changing Directories. Overview Using directories to create order. Managing files in directories. Using pathnames to manage files.
A presentation by Robin Upton ( ) ‏ Latest version at Attribution – NonCommercial - ShareAlike FF106:
1 Chapter Client-Server Interaction. 2 Functionality  Transport layer and layers below  Basic communication  Reliability  Application layer.
Introduction to Databases A line manager asks, “If data unorganized is like matter unorganized and God created the heavens and earth in six days, how come.
A presentation by Dr. Robin Upton ( ). Available for download at Attribution – NonCommercial - ShareAlike.
FF 1 : Modules A presentation by Robin Upton ( ) ‏ Latest version at Attribution – NonCommercial - ShareAlike
A presentation by Robin Upton ( ) ‏ latest version at Attribution – NonCommercial - ShareAlike FF 404.
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Unit 1: Protection and Security for Grid Computing Part 2
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
A presentation by Robin Upton ( ) ‏ latest version at Attribution – NonCommercial - ShareAlike FF 4 :
Access Control List (ACL)
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 5 – Configure Site-to-Site VPNs Using Digital Certificates.
Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:
Chapter 11 Heap. Overview ● The heap is a special type of binary tree. ● It may be used either as a priority queue or as a tool for sorting.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
ABone Architecture and Operation ABCd — ABone Control Daemon Server for remote EE management On-demand EE initiation and termination Automatic EE restart.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
FF 12 : Clients A presentation by Robin Upton ( ) ‏ Latest version at Attribution – NonCommercial - ShareAlike
1 Client-Server Interaction. 2 Functionality Transport layer and layers below –Basic communication –Reliability Application layer –Abstractions Files.
FF 11 : Hooks A presentation by Robin Upton ( ) ‏ Latest version at Attribution – NonCommercial - ShareAlike
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
Impersonation Bharat Kadia CS-795. What is Impersonation ? Dictionary-: To assume the character or appearance of someone ASP.NET-: Impersonation is the.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Understanding Security
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
FF 17 : Processes A presentation by Robin Upton ( ) ‏ Latest version at Attribution – NonCommercial - ShareAlike
A presentation by Robin Upton ( ) ‏ Latest version at Attribution – NonCommercial - ShareAlike Recommended.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Chapter 15: Access Control Mechanisms Dr. Wayne Summers Department of Computer Science Columbus State University
ESRIN, 15 December 2009 Slide 1 Web Service Security in HMA-T HMA-T Final Presentation 14 December 2009 S. Gianfranceschi, Intecs.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Research Title:Analysis of Advanced Cryptography Technologies Hash-based Post-quantum One-time Digital Signature Schemes Dr. Douglas Stebila Kaan Osmanagaoglu.
Bing Liu (speaker), Sheng WG, ietf96, July 2016
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Cryptography and Network Security
Authentication Applications
Chapter 2: The Linux System Part 2
Presentation transcript:

A presentation by Robin Upton ( ) ‏ Latest version at Attribution – NonCommercial - ShareAlike FF 10 : Access Control Recommended Pre-requisite: FF9: Filters V

Identity relies on Digital Signatures soft-system Public Key Soft-systems have a cryptographic key-pair soft-system Public Key soft-system Public Key Soft-systems identify incoming packets by their digital signature. Soft-systems use their private key to sign outgoing packets & their friends’ public keys. Private Key Public Key

Incoming Packets External packets arrive at the root signed with / f2f f2f/guests f2f/guests /jim /f2f/lib /f2f/lib /demo f2f/guests /tom /f2f/lib top The root node has a list of all friends’ keys... Soft-nodes track identity & a filter to signed data.key.xml

Outgoing Messages Outgoing messages arrive at the root tagged / f2f f2f/guests f2f/guests /jim /f2f/lib /f2f/lib /demo f2f/guests /tom /f2f/lib top The send-by-uid service manages cryptography & addressing. The root node has a list of all friends’ keys... & a filter to signed data.key.xml

@uid The root node’s filters maintain 2 datastores, indexed The send-by-uid service abstracts away cryptography & addressing from the programmer data.key.xml XSL templates access the caller of a service as $_f2f-thread-uid data.address.xml is at the heart of the soft-system’s access control.

/f2f/example Controlling Access to Services Each soft-node has its own set of access control lists * Although required, the F2F namespace is omitted for brevity. It has either a whitelist (default=“deny”) or a blacklist (default=“allow”)‏ Each service has a list defining may access it ($_f2f-thread-uid)‏......

Subsequent processing has the original Privileged Services A service is processed up to N times in a child thread with a usually that of its module. /f2f/example this If this service The first time it is processed, it has a

Permanent Privilege A service continues with a until processing terminates. /f2f/example this Care should be taken to avoid privileging arbitrary s.

Module Requirements F2F modules’ signature’s public-keys are mapped These identities are given to the module’s privileged services. A may always access its own services, but must list the other services it uses, as follows: This is used to check of dependencies and to grant permissions when a module is added to a soft-system.

Additional Access Considerations Services with admin=“1” may only be used from the administrator’s soft-server. Services with visibility=“private” are hidden from other soft-nodes, so requests from outside will not resolve. F2F basic access control is an XML-based system, on which more advanced layers can be built. Soft-nodes have a wildcard access list that controls can executing any threads. The core services access-get & access-set provide hooks for integration with scripts.

Summary Recommended Follow-up: FF11: Modules Soft-systems allocate uids to signed packets. signed The root node stores keys & addresses in databases. Soft-nodes have a separate ACL for each service.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.