Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 Access Control Manage Principals operations in system.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 4 Access Control Manage Principals operations in system."— Presentation transcript:

1 Chapter 4 Access Control Manage Principals operations in system

2 Resources Access control Which principals have access to what resources on the system and when Applications Middleware Operating system Hardware

3 Access control system System authenticates principal using some method, then controls access to system resources. Often a matrix of permissions Triple of User Program File See matrix page 53 Matrices grow very large Control this through groups or roles Certificated based systems coming about I have a certificate signed by some authority that I have a specific right.

4 Groups and roles Do not assign rights individually Assign to groups that represents the activities or job titles of employees They define the rules, you implement them ACL Access Control List Column of the matrix who has what rights to resource

5 UNIX Root can access everything. Not a good thing, even system admin should not have access to certain files: Audit trails Logs Newer versions of UNIX have worked to separate out these duties Military versions even more so

6 Granularity Security and Database Database is 1 file so OS must give access to this one file Within in the database security is controlled by the DBMS This creates various issues with passwords, management and control Many systems, many passwords Companies striving for 1 central directory service This is why Microsoft wants it’s Active Directory product to become a “standard”

7 Sandboxing Java uses this Applet runs in a virtual restricted environment Does not have access to hard drive JVM has limited local access

8 Object Request Brokers Mediates communications between objects Outgrowth of Object Oriented programming Common Object Request Broker Architecture (CORBA) Industry standard

9 Hardware protection Protect one process from interfering with another Memory Metadata (data about processes) Hardware access control Rings of protection Less privileged process (user program) needs to access more privileged process (device driver)

10 Processors Intel processors page 63 ARM processors page 63 Security processors page 64 QoS Quality of Service issues. One process does not hog CPU

11 What goes wrong Smashing the stack Syn flooding Trojan horse Root kits Single commands Full root kits Active web content And many more programming defects

12 NSA Deep distrust of application security Heavy emphasis on trusted OS security

13 Environmental creep UNIX original use was in trusted environment Todays use is in the most untrusted environment (internet) Many tools also develop for trusted environment FTP, SMTP, DNS… Used in most untrusted environment Code used to be buggy, now is malicious Script kiddies anyone can attack system

14 Discussion topics Current stack smashing article Environment Creep and OS attacks Current state of windows root kit Where should security lie? OS, applications, middleware? Certificate based security.

15 Articles Root Kit articles: http://www.viruslist.com/en/analysis?pubid= 168740859 http://www.viruslist.com/en/analysis?pubid= 168740859 http://searchwindowssecurity.techtarget.co m/originalContent/0,289142,sid45_gci10864 69,00.html http://searchwindowssecurity.techtarget.co m/originalContent/0,289142,sid45_gci10864 69,00.html

16 List of resources Access control http://en.wikipedia.org/wiki/Access_control http://www.owasp.org/documentation/topten/a2.htm l http://www.owasp.org/documentation/topten/a2.htm l Groups roles http://www.microsoft.com/windowsxp/evaluation/fea tures/accesscntrl.mspx http://www.microsoft.com/windowsxp/evaluation/fea tures/accesscntrl.mspx http://www.tech-faq.com/role-based-access-control- rbac.shtml http://www.tech-faq.com/role-based-access-control- rbac.shtml http://technet2.microsoft.com/WindowsServer/en/Li brary/72b55950-86cc-4c7f-8fbf- 3063276cd0b61033.mspx http://technet2.microsoft.com/WindowsServer/en/Li brary/72b55950-86cc-4c7f-8fbf- 3063276cd0b61033.mspx

17 List of resources Sandboxing http://www.kernelthread.com/publications/se curity/sandboxing.html http://www.kernelthread.com/publications/se curity/sandboxing.html http://internetweek.cmp.com/trends/0825.ht m http://internetweek.cmp.com/trends/0825.ht m

18 List of resources Object Request Brokers http://en.wikipedia.org/wiki/Object_request_ broker http://en.wikipedia.org/wiki/Object_request_ broker http://www.sei.cmu.edu/str/descriptions/corb a_body.html http://www.sei.cmu.edu/str/descriptions/corb a_body.html Rings http://www.devx.com/Intel/Article/30125

19 List of Resources NSA http://www.nsa.gov/selinux/ http://www.nsa.gov/selinux/info/faq.cfm

Download ppt "Chapter 4 Access Control Manage Principals operations in system."

Similar presentations

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:

CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Operating System Security Mike Swift CSE 451 Autumn 2003.

Operating System Security Mike Swift CSE 451 Autumn 2003.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Similar presentations

Ads by Google