Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci555: Advanced Operating Systems Lecture.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci555: Advanced Operating Systems Lecture."— Presentation transcript:

1 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci555: Advanced Operating Systems Lecture 5 - September 23, 2005 Security Dr. Dongho Kim Dr. Tatyana Ryutov University of Southern California Information Sciences Institute

2 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Security Goals Confidentiality –inappropriate information is not disclosed Integrity –Authenticity of document –That it hasn’t changed Availability –the ability of authorized entities to use the information or resource

3 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE System Security: Terminology vulnerability is a weakness in the system that might be exploited to cause loss or harm. threat is a potential violation of security attack is the actual attempt to violate security. It is the manifestation of the threat –Interception –Modification –Disruption security policy defines what is and is not allowed security mechanism is a method or tool for enforcing security policy –Prevention –Detection –Reaction

4 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Basic Security Services Protection Authentication Access Control, Authorization Accounting Payment Audit Assurance Privacy Policy

5 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Security Models Discretionary Access Control –Users have complete control over his/her resources Mandatory Access Control –Administrators decide what you have access to as well as what you can give access to (as opposed to discretionary access control). –Users must deal with not having control over how they use their own resources.

6 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Security Policy Access Matrix –implemented as: ▪Capabilities or ▪Access Control list

7 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Access Control Lists Advantages –Easy to see who has access –Easy to change/revoke access Disadvantages –Time consuming to check access Extensions to ease management –Groups –EACLs

8 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Extended Access Control Lists Conditional authorization –Implemented as restrictions on ACL entries and embedded as restrictions in authentication and authorization credentials

9 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Example Conditions Authentication method specifies mechanisms suitable for authentication. Payment specifies currency and amount. Time time periods expressed as time of day or days of week when access is granted. Location access is granted to principals connecting from specific hosts. Notification enables automatic generation of notification messages. Audit enables automatic generation of application level audit data. System Threat Level specifies system threat level, e.g., high, medium or low.

10 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Capabilities Advantages –Easy and efficient to check access –Easily propagated Disadvantages –Hard to protect capabilities –Easily propagated –Hard to revoke Hybrid approach –EACL’s/proxies

11 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Protecting capabilities Stored in TCB –Only protected calls manipulate Limitations ? –Works in centralized systems Distributed Systems –Tokens with random or special coding –Possibly protect through encryption –How does Amoeba do it? (claimed)

12 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Network Threats –Unauthorized release of data –Unauthorized modification of data –Impersonation ( spurious association initiation ) –Denial of use –Traffic analysis Attacks may be –Active or passive

13 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Likely points of attack (location)

14 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Likely points of attack (module) Against the protocols –Sniffing for passwords and credit card numbers –Interception of data returned to user –Hijacking of connections Against the server –The commerce protocol is not the only way in –Once an attacker is in, all bets are off Against the client’s system –You have little control over the client’s system

15 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Network Attacks Eavesdropping Listening for passwords or credit card numbers Message stream modification Changing links and data returned by server Hijacking Killing client and taking over connection CS Attacker

16 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Network Attack Countermeasures Don’t send anything important Not everything needs to be protected Encryption For everything else Mechanism limited by client side software CS Attacker

17 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Encryption for confidentiality and integrity Encryption used to scramble data PLAINTEXT CIPHERTEXT ENCRYPTION (KEY) DECRYPTION (KEY) ++

18 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Authentication Proving knowledge of encryption key –Nonce = Non repeating value {Nonce or timestamp}K c CS

19 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Today’s security deployment Most of the deployment of security services today handles the easy stuff, implementing security at a single point in the network, or at a single layer in the protocol stack: –Firewalls, VPN’s –IPSec –SSL Unfortunately, security isn’t that easy. It must be better integrated with the application. –At the level at which it must ultimately be specified, security policies pertain to application level objects, and identify application level entities (users).

20 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Common Countermeasures Encryption: link, end2end, application Firewalls Authentication, Access control, Audit Intrusion Detection Systems (IDS), integrity checkers DMZ Firewall Server (web server, email, etc) Network IDS audit logs Host IDS Internal Network Router Firewall Access Control Internet

21 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Attack Example Attacker Phf attack (Remote-to-Local): GET phf /bin/cat /etc/passwd LAN Web Server DMZ Firewall allows only http (80) and SSH (22) traffic Router blocks tcp/udp ports 135-139 Server Firewall allows only http (80) and smtp (25), SSH (22) traffic Neither Firewalls nor cryptography provide complete protection encrypted connection

22 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Conclusion: Integration is hard to do The majority of applications were not being modified to use security services. –In fact, the only widespread interoperable integration of security services with applications was SSL integration with the web, and SSL is used primarily as a confidentiality mechanism and only rarely for user authentication.

23 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Conclusion: Integration is hard to do The reason –Integration with applications involved many changes: ▪Multiple calls to GSS-API or other authentication interfaces ▪Calls to decide what the user is authorized to do –Home grown policy databases or protocol extensions requiring even more calls to complete. ▪Custom integration with other security services –Confidentiality, integrity, payment, audit

24 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Focus on Authorization Focusing on authorization and the management of policies used in the authorization decision. –Not really new - this is a reference monitor. –Applications shouldn’t care about authentication or identity. ▪Separate policy from mechanism –Authorization may be easier to integrate with applications. –Hide the calls to the key management and authentication functions.

25 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Generic Authorization and Access-control API Allows applications to use the security infrastructure to implement security policies. gaa_get_object_eacl function called before other GAA API routines which require a handle to object EACL to identify EACLs on which to operate. Can interpret existing policy databases. gaa_check_authorization function tells application whether requested operation is authorized, or if additional application specific checks are required Application GAA API input output gaa_get_ object_eacl gaa_check_ authorization Yes,no,maybe SC,obj_id,op

26 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Credential transport (needed) The GAA-API gets user & connection info from Security Context: Evaluated and unevaluated credentials Delegated authority Cross-calls to transport to retrieve additional creds The security context is provided as: –Output from GSS-API (requires many calls) –Credentials from transport or session protocols –SSL, ARDP –Other extensions are needed: –IPSec, pulled from Kernel, other extensions

27 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Integrating security services The GAA-API calls must be made by applications. –This is a major undertaking, but one which must be done no matter how one chooses to do authorization. These calls are at the control points in the app –They occur at auditable events, and this is where records should be generated for ID systems –They occur at the places where one needs to consider dynamic network threat conditions. –Adaptive policies use such information from ID systems. –They occur at the right point for billable events.

28 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Electronic commerce Some authorization policies do not require user authentication at all - just that an item is paid for. –Policy specifies required payment. –Cross call to credential transport retrieves payment credentials and grants access. –If application used GAA-API, no change to the application is necessary, simply specify the payment policy instead of a more traditional identity based policy.

29 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE ID and Audit relation to GAA-API SECURITY AUDIT RECORDS THREAT CONDITION UNDER ATTACK POLICY gaa_get_object_eacl gaa_check_authorization GAA API App EACL... GAA API Security Context GSS-API LIBRARY Transport Mechanism 23 14 4a 6a 5 6 7 5a 6b

30 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Application based ID Without the GAA-API –Convince each application developer to add calls to audit functions in addition to all the other security calls they make (good luck). Of course it needs to do authentication too. With the GAA-API –Get developers to use the GAA for authorization decisions instead of making multiple calls to implement their own authorization database. –Create module for GAA implementation that generates audit records according to policy. –Write policy (inc. adaptive or credential based) that says when to generate audit records.

31 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Example 1: Web Server Exploit Attacker Firewall DMZ Firewall LAN Router GAA-API Web Server Local EACL Entry 1: - * pre-cond: “*phf*, */////////////////*” rr-cond:on failure notify admin rr-cond:on failure update BlackList [remote.ip] * Entry 2: + Phf attack update firewall rules BlackList rr-cond:on failure guardian “%ban #[remote.ip]” remote.IP System EACL - * pre-condition: BlackList + *

Download ppt "Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci555: Advanced Operating Systems Lecture."

Similar presentations

Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CS582: Distributed Systems Lecture 10, 11 –

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CS582: Distributed Systems Lecture 10, 11 –
Copyright © 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Drs.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Drs.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authorization.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authorization.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Six –

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Six –
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Similar presentations

Ads by Google