Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 23 November 9, 2004.

Published byDavid Mitchell Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 23 November 9, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Session 23 November 9, 2004

2 Computer Science and Engineering Contents  A6 Q/A  Database Security (cont.)  Security in Networks  Group Work  Wenyi’s presentation

3 Computer Science and Engineering Proposal for Multilevel security  Partitioning (Separation)  The database is divided into several databases, each at its own level of security  Encryption (Separation)  Sensitive data are encrypted  Each level of sensitive data can be stored in a table encrypted under a key unique to the level of sensitivity

4 Computer Science and Engineering Integrity Lock (Spray Paint)  The lock is a way to provide both integrity and limited access for a database  At the US Air Force Summer Study on DB Security Secret Agent10FBTS Data ItemSensitivityChecksum

5 Computer Science and Engineering Cryptographic Checksum  Data item  plain text  Sensitivity  unforgeable -- unique – concealed  Checksum  record number, attribute name, data item, sensitivity Secret Agent10FBTS Data ItemSensitivityChecksum AssignmentR07 Record numberAttribute name Checksum

6 Computer Science and Engineering Security Lock  Combination of a unique identifier (record number) and the sensitivity level  Graubert and Kramer Secret AgentTS Data ItemSensitivitySensitivity lock R07 Record number Encryption Function Key

7 Computer Science and Engineering Short Term Solution Untrusted DB manager Users Trusted Access Controller Sensitive database

8 Computer Science and Engineering Trusted Front End Untrusted DB manager Users Trusted Access Controller Sensitive databaseTrusted Front End

9 Computer Science and Engineering Commutative Filters  The filter screens the user’s request, reformats it so that only data of an appropriate sensitivity level are returned. Retrieve NAME where ((OCCUP = engineer) and (CITY = WashDC) retrieve NAME where ((OCCUP = engineer) and (CITY = WashDC) from all records R where (NAME-SEC-LEVEL (R )  USER-SEC-LEVEL) and (OCCUP-SEC-LEVEL (R )  USER-SEC-LEVEL) and (CITY-SEC-LEVEL (R )  USER-SEC-LEVEL)

10 Computer Science and Engineering Computer Network Basics  Wide Area Networks (WAN)  Metropolitan Area Network (MAN)  Local Area Network (LAN)  System or Storage Area Network (SAN)

11 Computer Science and Engineering Routing Schemes  Connection-oriented The entire message follows the same path from source to destination.  Connectionless A message is divided into packets. Packets may take different routes from source to destination Serial number

12 Computer Science and Engineering Network Performance  Gilder’s Law George Gilder projected that the total bandwidth of communication systems triples every twelve months. Ethernet: 10Mbps  10Gbps (1000 times) CPU clock frequency: 25MHz  2.5GHz (100 times)  Metcalfe's Law Robert Metcalfe projected that the value of a network is proportional to the square of the number of nodes Internet

13 Computer Science and Engineering Internet Internet is the collection of networks and routers that form a single cooperative virtual network, which spans the entire globe. The Internet relies on the combination of the Transmission Control Protocol and the Internet Protocol or TCP/IP. The majority of Internet traffic is carried using TCP/IP packets.

14 Computer Science and Engineering Country Internet Users Latest Data Population ( 2004 Est. ) % of Population United States209,518,183294,540,10071.1 % China79,500,0001,327,976,2276.0 % Japan63,884,205127,944,20049.9 % Germany45,315,16682,633,20054.8 % United Kingdom35,089,47059,157,40059.3 % South Korea29,220,00047,135,50062.0 % France22,534,96759,494,80037.9 % Brazil20,551,168183,199,60011.2 % Italy19,900,00056,153,70035.4 % Canada16,841,81132,026,60052.6 %

15 Computer Science and Engineering ISO OSI Network Model Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical LAN Internet

16 Computer Science and Engineering Mail ftp Telnet Transmission Control Protocol (TCP) Internet Protocol (IP) Ethernet Token ring TCP/IP

17 Computer Science and Engineering Addressing  MAC (Media Access Control) address Every host connected to a network has a network interface card (NIC) with a unique physical address.  IP address IPv4  32 bits (129.16.48.6) IPv6  128 bits

18 Computer Science and Engineering IP Protocol  Unreliable packet delivery service  Datagram (IPv4) Service TypeVERSHLENTOTAL LENGTH IDENTIFICATIONFLAGSFRAGMENT OFFSET TIME TO LIVEPROTOCOLHEADER CHECKSUM SOURCE ADDRESS DESTINATION ADDRESS PADDINGOPTIONS (IF ANY) DATA

19 Computer Science and Engineering Group Work  Discuss possible attacks on IP.  IP Spoofing  Teardrop attacks

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 23 November 9, 2004."

Similar presentations

IP Protocol - Introduction Dr. Farid Farahmand. Introduction TDM transport networks are not sufficient for data communications Low utilization TDM networks.

IP Protocol - Introduction Dr. Farid Farahmand. Introduction TDM transport networks are not sufficient for data communications Low utilization TDM networks.
1 Computer Networks IP: The Internet Protocol. 2 IP is a connection-less, unreliable network layer protocol IP provides best effort services in the sense.

1 Computer Networks IP: The Internet Protocol. 2 IP is a connection-less, unreliable network layer protocol IP provides best effort services in the sense.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Introduction To Networking

Introduction To Networking
04/26/2004CSCI 315 Operating Systems Design1 Computer Networks.

04/26/2004CSCI 315 Operating Systems Design1 Computer Networks.
Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.

Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.
Review on Networking Technologies Linda Wu (CMPT 471 2003-3)

Review on Networking Technologies Linda Wu (CMPT )
OSI Model 7 Layers 7. Application Layer 6. Presentation Layer

OSI Model 7 Layers 7. Application Layer 6. Presentation Layer
1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.

1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,

15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
COMPUTER NETWORKS.

COMPUTER NETWORKS.
NETWORKING CONCEPTS. TCP/IP The TCPIIP protocol suite was developed prior to the OSI model TCP/IP protocol suite was defined as having four layers: Host-to-network,

NETWORKING CONCEPTS. TCP/IP The TCPIIP protocol suite was developed prior to the OSI model TCP/IP protocol suite was defined as having four layers: Host-to-network,
15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.

15-1 More Chapter 15 Goals Compare and contrast various technologies for home Internet connections Explain packet switching Describe the basic roles of.
Internet Vulnerabilities & Criminal Activities 1.2 – 9/12/2011 Structure of Internet Communications 1.2 – 9/12/2011 Structure of Internet Communications.

Internet Vulnerabilities & Criminal Activities 1.2 – 9/12/2011 Structure of Internet Communications 1.2 – 9/12/2011 Structure of Internet Communications.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.
The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.

The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,

Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
Review: – computer networks – topology: pair-wise connection, point-to-point networks and broadcast networks – switching techniques packet switching and.

Review: – computer networks – topology: pair-wise connection, point-to-point networks and broadcast networks – switching techniques packet switching and.

Similar presentations

Ads by Google