Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 28 (last) November 30, 2004.

Published byBrandon Stephens Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 28 (last) November 30, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Session 28 (last) November 30, 2004

2 Computer Science and Engineering Contents  A7  in  Tommy’s presentation  Presentation evaluation  in  Put-it-all-together  Final  Q/A  Evaluation

3 Computer Science and Engineering Class Inputs ResearchersInstructorStudentsNon-academic CSE 5339/7339

4 Computer Science and Engineering OS Database Networks System Background MathAlgorithms Security Issues EncryptionDecryption

5 Computer Science and Engineering Security

6 Security Goals Availability Availability Confidentiality Integrity Assets are accessed only by authorized people Assets can be modified only by authorized people Assets are accessible to authorized people

7 Computer Science and Engineering senderreceiverMedium Intruder Block it Intercept it Modify it Fabricate an authentic looking message

8 Computer Science and Engineering Important Background

9 Computer Science and Engineering Analysis of Algorithms nSequential Algorithms n Time Complexity n Space Complexity nAn algorithm whose time complexity is bounded by a polynomial is called a polynomial-time algorithm. An algorithm is considered to be efficient if it runs in polynomial time.

10 Computer Science and Engineering Time Complexity  O(n)  O(log n)  O(nlogn)  O(n 2 )  …  O(n k )Polynomial  O(2 n )Exponential  O(k n )  O(n n )

11 Computer Science and Engineering Applications OS -- Review OS – a program that acts as an intermediary between a user of a computer and the computer hardware. OS Hardware Users

12 Computer Science and Engineering OS -- Review OS Services Program Execution I/O Operation File System manipulation Communications Error detection Resource Allocation Accounting Protection

13 Computer Science and Engineering Levels of Abstraction in a DBMS Physical Database View 1 View 2 View n Conceptual Database

14 Computer Science and Engineering Important Concepts in Database  Data independence -- storage media; application  Schema -- record definition  Relation – table  Indexing – B trees  Entity/ Relationship model – entity, entity set, attributes, key, relationship  Relational Database – information for an enterprise  entities and relationships  relational database  SQL – Query language, programming language, embedded vs. interactive

15 Computer Science and Engineering Computer Network Basics  Wide Area Networks (WAN)  Metropolitan Area Network (MAN)  Local Area Network (LAN)  System or Storage Area Network (SAN)

16 Computer Science and Engineering ISO OSI Network Model Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical LAN Internet

17 Computer Science and Engineering Mail ftp Telnet Transmission Control Protocol (TCP) Internet Protocol (IP) Ethernet Token ring TCP/IP

18 Computer Science and Engineering IP Protocol  Unreliable packet delivery service  Datagram (IPv4) Service TypeVERSHLENTOTAL LENGTH IDENTIFICATIONFLAGSFRAGMENT OFFSET TIME TO LIVEPROTOCOLHEADER CHECKSUM SOURCE ADDRESS DESTINATION ADDRESS PADDINGOPTIONS (IF ANY) DATA

19 Computer Science and Engineering Encryption

20 Encryption/Decryption EncryptionDecryption plaintext Original plaintext ciphertext

21 Computer Science and Engineering Ciphers  Substitution Ciphers Substitute a character or a symbol for each character of the original message  Transposition Ciphers The order of letters is rearranged

22 Computer Science and Engineering Symmetric Encryption EncryptionDecryption plaintext Original plaintext ciphertext key

23 Computer Science and Engineering Asymmetric Encryption EncryptionDecryption plaintext Original plaintext ciphertext KEKE KDKD

24 Computer Science and Engineering Hash Functions H M H(M) = h

25 Computer Science and Engineering Cryptographic Hash Functions  Message Digest Functions  Protect integrity  Users create a message digest or fingerprint of a digital document  Message Authentication Codes (MACs)  Protect both integrity and authenticity  MACs produce fingerprints based on both a given document and a secret key

26 Computer Science and Engineering Getting a Message Digest from a document Hash Message Digest

27 Computer Science and Engineering Generating Signature Message Digest Signature Encrypt using private key

28 Computer Science and Engineering Appending Signature to document Append Signature

29 Computer Science and Engineering Verifying Signature Hash Decrypt using public key Message Digest Message Digest

30 Computer Science and Engineering Security in OS

31 Computer Science and Engineering OS User interface Resource allocation Services users DataCPUMemoryI/O devices TablesLibraries Synchronization Concurrency control Deadlock management Communication Accounting OS Functions

32 Computer Science and Engineering In general O S OO SS Gate OOO SSS

33 Computer Science and Engineering User Authentication  Knowledge-based techniques (passwords)  Token-based techniques (smart cards)  Biometric techniques (fingerprint)  Two-factor (Card + PIN)

34 Computer Science and Engineering Security Policy A security policy is a statement of the security we expect the system to enforce. A system can be trusted only in relation to its security policy, that is, to the security needs the system is expected to satisfy.

35 Computer Science and Engineering Military Security policy Unclassified Restricted Confidential Secret Top Secret

36 Computer Science and Engineering Models of Security  Security models are used to  Test a particular policy for completeness and consistency  Document a policy  Help conceptualize and design an implementation  Check whether an implementation meets the requirements

37 Computer Science and Engineering Kernel – OS part that performs lowest level functions User tasks OS OS Kernel Hardware

38 Computer Science and Engineering Combined Security Kernel / OS System User tasks OS OS Kernel Hardware Security activity OS Kernel: - HW interactions - Access control OS: - Resource allocation - Sharing - Access control - Authentication functions

39 Computer Science and Engineering Modules operating in Different Layers Least trusted code Most trusted code User interface User ID lookup Data comparison Data update User Authentication module

40 Computer Science and Engineering Security in DB

41 Computer Science and Engineering Sensitive Data  Data that should not be made public  Nothing sensitive and everything sensitive – can be handled by access control to the database itself  Some but not all are sensitive -- not only data elements but context and meaning  Factors that make data sensitive  Inherently sensitive  From a sensitive source  Declared sensitive  Part of a sensitive attribute or a sensitive record  Sensitive in relation to previously disclosed information

42 Computer Science and Engineering Types of Disclosures  Exact data -- most serious disclosure  Bounds – sensitive data is between L and H  Negative result -- a value that is not a zero  Existence  Probable value -- probability that a certain element has a certain value A successful security strategy must protect against both direct and indirect disclosures

43 Computer Science and Engineering Multilevel Database  Sensitivity is determined not only by attribute NameDepartmentSalaryPhonePerformance  element security  several grades of security  aggregate vs. individual elements

44 Computer Science and Engineering Proposal for Multilevel security  Partitioning (Separation)  The database is divided into several databases, each at its own level of security  Encryption (Separation)  Sensitive data are encrypted  Each level of sensitive data can be stored in a table encrypted under a key unique to the level of sensitivity

45 Computer Science and Engineering Network Security

46 Computer Science and Engineering An Example of an Attack  Attacker send echo request message to broadcast address  Attacker also spoofs source address in the request Intermediary Attacker Victim

47 Computer Science and Engineering attacker master daemon Large number of UDP packets to random ports

48 Computer Science and Engineering Encryption  Link Encryption  End-to-End Encryption BNTSME

49 Computer Science and Engineering Link Encryption Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical BNTSME

50 Computer Science and Engineering End-to-End Encryption Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical BNTSME

51 Computer Science and Engineering IPSec  Security Parameter Index (SPI) – data element, a pointer into a table of security associations  Authentication Header (AH) – immediately follows IP header (authentication for IP traffic)  Encapsulated Security Payload (ESP) – replaces (includes) the conventional TCP header and data portion of packet (encryption for IP data)

52 Computer Science and Engineering TCP/IP Conventional Packets Physical Header IP Header TCP Header Data Physical Trailer

53 Computer Science and Engineering TCP/IP Conventional Packets IP Header AH

54 Computer Science and Engineering Authentication Header Next Header SEQUENCE NUMBER Payload Length Security Parameters Index (SPI) Authentication Data Reserved

55 Computer Science and Engineering IPSec Packets ESP (includes TCP header and Data)

56 Computer Science and Engineering Encapsulated Security Packet Next Header SEQUENCE NUMBER Payload DATA Padding Length Padding Security Parameters Index (SPI) Authentication Data authenticated encrypted

57 Computer Science and Engineering Good Luck!

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 28 (last) November 30, 2004."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
IPSec.

IPSec.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.
Chapter 13 – Network Security

Chapter 13 – Network Security

Similar presentations

Ads by Google