1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
-
date post
21-Dec-2015 -
Category
Documents
-
view
233 -
download
1
Transcript of 1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
4
• Monoalphabetic substitution– each letter replaced by different letter
• Given the encryption key, – easy to find decryption key
• Secret-key crypto called symmetric-key crypto
Secret-Key Cryptography
5
Public-Key Cryptography
• All users pick a public key/private key pair– publish the public key– private key not published
• Public key is the encryption key– private key is the decryption key
7
Authentication Using Passwords
The use of salt to defeat precomputation of encrypted passwords
Salt Password
,
,
,
,
8
Authentication Using a Physical Object
• Magnetic cards– magnetic stripe cards– chip cards: stored value cards, smart cards
10
Countermeasures
• Limiting times when someone can log in
• Automatic callback at number prespecified
• Limited number of login tries
• A database of all logins
• Simple login name/password as a trap– security personnel notified when attacker bites
18
• Cryptographically-protected capability
• Generic Rights1. Copy capability
2. Copy object
3. Remove capability
4. Destroy object
Capabilities (2)
Server Object Rights f(Objects, Rights, Check)
19
Windows NT(W2K) Security
• Access Control Scheme– name/password– access token associated with each process
object indicating privileges associated with a user
– security descriptor• access control list
• used to compare with access control list for object
20
Access Token (per user/subject)
Security ID (SID)
Group SIDs
Privileges
Default Owner
Default ACL
21
Security Descriptor (per Object)
Flags
Owner
System Access Control List(SACL)
Discretionary Access ControlList (DACL)
23
Access Mask
Generic AllGeneric ExecuteGeneric WriteGeneric Read
Access System Security
Maximum allowed
DeleteRead Control
Write DACWrite OwnerSynchronizeGeneric
Access Types
StandardAccess Types
Specific Access Types
24
Access Control Using ACLs
• When a process attempts to access an object, the object manager in W2K executive reads the SID and group SIDs from the access token and scans down the object’s DACL.
• If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process.