Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS703 - Advanced Operating Systems

Published byИгорь Злобин Modified over 5 years ago

Similar presentations

Presentation on theme: "CS703 - Advanced Operating Systems"— Presentation transcript:

1 CS703 - Advanced Operating Systems
By Mr. Farhan Zaidi

2 Lecture No. 40

3 Overview of today’s lecture
User authentication Password based authentication UNIX password scheme One-time password schemes Challenge response authentication Biometrics and other authentication schemes Access control and authorization Access control matrix

4 Authentication Usually done with passwords. This is usually a relatively weak form of authentication, since it’s something that people have to remember Empirically is typically based on wife’s/husband’s or kid’s name, favorite movie name etc. Passwords should not be stored in a directly-readable form Use some sort of one-way-transformation (a “secure hash”) and store that if you look in /etc/passwords will see a bunch of gibberish associated with each name. That is the password Problem: to prevent guessing (“dictionary attacks”) passwords should be long and obscure unfortunately easily forgotten and usually written down.

5 Authentication (2) Unix password security Encrypt passwords
One time passwords Lamport’s clever scheme (Read Tanenbaum for details) Challenge-Response based authentication Used in PPP and many other applications

6 Authentication alternatives
Badge or key Does not have to be kept secret. usually some sort of picture ID worn on jacket (e.g., at military bases) Should not be forgeable or copy-able Can be stolen, but the owner should know if it is (but what to do? If you issue another, how to invalidate old?) This is similar to the notion of a “capability” that we’ll see later

7 Biometrics Biometrics Example features:
Authentication of a person based on a physiological or behavioral characteristic.  Example features: Face, Fingerprints, Hand geometry, Handwriting, Iris, Retinal, Vein, Voice. Strong authentication but still need a “Trusted Path”.

8 Decide whether user can apply operation to resource
Access control Context System knows who the user is User has entered a name and password, or other info Access requests pass through gatekeeper OS must be designed so monitor cannot be bypassed ? Resource User process Reference monitor Decide whether user can apply operation to resource

9 Access control matrix [Lampson]
Subjects Objects File 1 File 2 File 3 File n User 1 read write - User 2 User 3 User m

10 Two implementation concepts
Access control list (ACL) Store column of matrix with the resource Capability User holds a “ticket” for each resource File 1 File 2 User 1 read write - User 2 User 3 User m Access control lists are widely used, often with groups Some aspects of capability concept are used in Kerberos, …

Download ppt "CS703 - Advanced Operating Systems"

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.

Protection and Security. Policy & Mechanism Protection mechanisms are tools used to implement security policies –Authentication –Authorization –Cryptography.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
1 November 2004 1 Applicability of Biometrics As a Means of Authentication Scholarship for Service William Kwan.

1 November Applicability of Biometrics As a Means of Authentication Scholarship for Service William Kwan.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
Video- and Audio-based Biometric Person Authentication Motivation: Applications. Modalities and their characteristics. Characterization of a biometric.

Video- and Audio-based Biometric Person Authentication Motivation: Applications. Modalities and their characteristics. Characterization of a biometric.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
SE571 Security in Computing

SE571 Security in Computing
NS-H0503-02/11041 System Security. NS-H0503-02/11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.

NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Security-Authentication

Security-Authentication
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.

Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)

Similar presentations

Ads by Google