Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMPSCI210 Recitation 5 Oct 2012 Vamsi Thummala

Published byMilo Holland Modified over 5 years ago

Similar presentations

Presentation on theme: "COMPSCI210 Recitation 5 Oct 2012 Vamsi Thummala"— Presentation transcript:

1 COMPSCI210 Recitation 5 Oct 2012 Vamsi Thummala
Midterm Exam Review COMPSCI210 Recitation 5 Oct 2012 Vamsi Thummala

2

3

4 My biased view A bit challenging Thought provoking
Tests your reading comprehension skills under time pressure Thought provoking Not a brain dump test Opportunity for learning Just an another class Tests your confidence Not difficult to score but easy to get lost

5 Terminology so far .. Entity Component Context Connector Channel
Principal, Identity, Attribute, Label Component Context Connector Channel Trusted computing base Authentication Authorization Reference monitor Subject, Object, Guard Process Thread Kernel Address space Files Pipes Sockets Binder Event

6 Systems/Abstractions
Traditional single node Unix Linux Mobile Android/Linux Web Chromium/Linux Network basics Client/Server

7 Security, an overview We reduce it to three intertwined issues:
1. What program am I running? Can this program be trusted? Who says? Can I be sure that the program has not been tampered? 2 . Who am I talking to? Can this entity be trusted? Can I be sure the communication has not been tampered? 3. Should I approve this request? R(op, subject, object) Who is the requester? (subject) What program is speaking for the requester? Does the subject have the required permissions?

8 Elements of security Isolation/protection Integrity Authentication
Sandboxes and boundaries prevent unchecked access. Integrity Fingerprint data to detect tampering. Encrypt data to prevent access or tampering. Authentication Identify a peer by proof that it possesses a secret. Identity and attributes Identities have credentials: names, tags, roles... Authorization == access control Guard checks credentials against an access policy.

9 Access Control Triplet
{op, subject, object} Components run within contexts (isolated sandboxes). Each component/context is associated with an identity with some attributes (subject). Components use system calls to interact across context boundaries, or access shared objects. Each object has some access attributes. Principle of least privilege limits the damage a component can do if it “goes rogue”.

10 Crypto primitives Encrypt/Decrypt Signing Secure hashing
Use a shared secret key (symmetric) or use a keypair one public, one private (asymmetric) Signing Secure hashing useful for fingerprinting data

11 Cryptography for Busy People
Standard crypto functions parameterized by keys. Fixed-width “random” value (length matters, e.g., 256-bit) Symmetric (DES: fast, requires shared key K1 = K2) Asymmetric (RSA: slow, uses two keys) “Believed to be computationally infeasible” to break M Encrypt E K1 D Decrypt M K2 [Image: Landon Cox]

12 Two Flavors of “Signature”
A digest encrypted with a private asymmetric key is called a digital signature “Proves” that a particular identity sent the message. “Proves” the message has not been tampered. “Unforgeable” The sender cannot deny sending the message. “non-repudiable” Can be legally binding in the United States A digest encrypted with a shared symmetric key is called a message authentication code (MAC). faster, but…

13 Nonce Verifies the freshness of a message Eavesdropping Tampering
serverNonce Tampering clientNonce

Download ppt "COMPSCI210 Recitation 5 Oct 2012 Vamsi Thummala"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Chapter 31 Network Security

Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:

IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
D u k e S y s t e m s CPS 210 Security in Networked Systems Always Use Protection Jeff Chase Duke University

D u k e S y s t e m s CPS 210 Security in Networked Systems Always Use Protection Jeff Chase Duke University
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.

Similar presentations

Ads by Google