Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There.

Published byBenjamin Curtis Modified over 9 years ago

Similar presentations

Presentation on theme: "Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There."— Presentation transcript:

1 Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There are many places for things to go wrong. Networks enable Anonymous attacks from anywhere Automated infection Hostile code and hostile hosts People don’t trust new things.

2 Real-World Security It’s about value, locks, and punishment.
Locks good enough that bad guys don’t break in very often. Police and courts good enough that bad guys that do break in get caught and punished often enough. Less interference with daily life than value of loss. Security is expensive—buy only what you need.

3 Elements of Security Policy: Specifying security What is it supposed to do? Mechanism: Implementing security How does it do it? Assurance: Correctness of security Does it really work?

4 Dangers Vandalism or sabotage that Theft of money Theft of information
damages information disrupts service Theft of money Theft of information Loss of privacy integrity availability secrecy

5 Vulnerabilities Bad (buggy or hostile) programs
Bad (careless or hostile) people giving instructions to good programs Bad guy interfering with communications

6 Defensive strategies Keep everybody out Keep the bad guy out
Isolation Keep the bad guy out Code signing, firewalls Let him in, but keep him from doing damage Sandboxing, access control Catch him and prosecute him Auditing, police

7 The Access Control Model
Guards control access to valued resources. Do Reference Principal Object operation monitor Source Request Guard Resource

8 Mechanisms—The Gold Standard
Authenticating principals Mainly people, but also channels, servers, programs Authorizing access. Usually for groups of principals Auditing Assurance Trusted computing base

9 Assurance: Making Security Work
Trusted computing base Limit what has to work to ensure security Ideally, TCB is small and simple Includes hardware and software Also includes configuration, usually overlooked What software has privileges Database of users, passwords, privileges, groups Network information (trusted hosts, …) Access controls on system resources . . . The unavoidable price of reliability is simplicity.—Hoare

10 Assurance: Configuration
Users—keep it simple At most three levels: self, friends, others Three places to put objects Everything else done automatically with policies Administrators—keep it simple Work by defining policies. Examples: Each user has a private home folder Each user belongs to one workgroup with a private folder System folders contain vendor-approved releases All executable programs are signed by a trusted party Today’s systems don’t support this very well

11 Assurance: Defense in Depth
Network, with a firewall Operating system, with sandboxing Basic OS (such as NT) Higher-level OS (such as Java) Application that checks authorization directly All need authentication

12 Why We Don’t Have “Real” Security
A. People don’t buy it: Danger is small, so it’s OK to buy features instead. Security is expensive. Configuring security is a lot of work. Secure systems do less because they’re older. Security is a pain. It stops you from doing things. Users have to authenticate themselves. B. Systems are complicated, so they have bugs.

13 Standard Operating System Security
Assume secure channel from user (without proof) Authenticate user by local password Assign local user and group SIDs Access control by ACLs: lists of SIDs and permissions Reference monitor is the OS, or any RPC target Domains: same, but authenticate by RPC to controller Web servers: same, but simplified Establish secure channel with SSL Authenticate user by local password (or certificate) ACL on right to enter, or on user’s private state

14 End-to-End Security Authenticate secure channels
Work uniformly between organizations Microsoft can securely accept Intel’s authentication Groups can have members from different organizations Delegate authority to groups or systems Audit all security decisions

Download ppt "Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There."

Similar presentations

Building Secure Mashups D. K. Smetters PARC Usable.

Building Secure Mashups D. K. Smetters PARC Usable.
Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
1 Computer Security in the Real World Butler Lampson Microsoft August 2005.

1 Computer Security in the Real World Butler Lampson Microsoft August 2005.
1 Accountability and Freedom Butler Lampson Microsoft September 26, 2005.

1 Accountability and Freedom Butler Lampson Microsoft September 26, 2005.
1 Computer Security in the Real World Butler Lampson Microsoft.

1 Computer Security in the Real World Butler Lampson Microsoft.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1 Operating System vs. Network Security Butler Lampson Microsoft Outline What security is about Operating systems security Network security How they fit.

1 Operating System vs. Network Security Butler Lampson Microsoft Outline What security is about Operating systems security Network security How they fit.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 Accountability and Freedom Butler Lampson Microsoft October 27, 2005.

1 Accountability and Freedom Butler Lampson Microsoft October 27, 2005.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Web Services, SOA and Security May 11, 2009 Michael Burnett.

Web Services, SOA and Security May 11, 2009 Michael Burnett.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
CSE331: Introduction to Networks and Security Lecture 15 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 15 Fall 2002.

Similar presentations

Ads by Google