class 6 distributed systems cis 755: advanced computer security spring 2015 eugene vasserman...
TRANSCRIPT
![Page 1: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/1.jpg)
Class 6Distributed Systems
CIS 755: Advanced Computer SecuritySpring 2015
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S15/
![Page 2: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/2.jpg)
Administrative stuff
• New teleconference information• Monday office hours moving to 2:30 (will be
2:30 – 4) starting March 23rd
– Except no office hours on March 23rd :(
• Exam I– Thoughts?–Post-mortem
• Quiz next week
![Page 3: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/3.jpg)
Distributed Systems: Definition
• “A system of multiple communicating entities performing a coordinated function”
• “A system where a computer that you’ve never heard of, located somewhere you’ve never been, can cause your computer to stop functioning correctly”
–Humorous paraphrase of Lamport
![Page 4: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/4.jpg)
Distributed Systems: Why?
• Increased robustness (maybe)– Eliminating single point of failure
• Resource sharing–e.g. Beocat–e.g. a mobile device and a server
• Improved scalability (maybe)–e.g. Beocat
![Page 5: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/5.jpg)
Distributed Systems: Security
• Eliminating a single point of failure–Denial of service protection (robustness)
• Eliminating a single point of trust–What if your boss is malicious?
• If we want to reap benefits of distributed system designs, we have to take care of the “maybes” in previous slides
• How?
![Page 6: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/6.jpg)
Distributed Systems: Privacy
• Local system – local information• Distributed system – more access to
potentially private information• Privacy vs. authentication• Sometimes privacy is not a security
requirement, sometimes it is• Are there other potential security
requirements related to privacy?
![Page 7: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/7.jpg)
My voice is my passport; authorize me!
• User A says:– I want access to resource R–Kerberos server, authenticate me!
• R does not know if A has rights to access R• Kerberos server:–Checks if A is who she says she is–Checks if A is authorized for access to R
• R trusts Kerberos server but not A
![Page 8: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/8.jpg)
Authentication → capability → access
• Kerberos server issues a “token” T to A– T is tied to A– T expires– T cannot be generated by anyone other than
Kerberos server (cannot be forged)
• T tells resource R that:– T was issued by the Kerberos server–A has the right to access R for a limited time
![Page 9: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/9.jpg)
Physical security
• Why use physical security?–Do Kerckhoffs’ principle and/or Shannon’s
maxim apply?
• Tamper evidence• Tamper resistance• Properties? Differences?• Assumptions? Trade-offs?• Real-world examples
![Page 10: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/10.jpg)
Exercise
Design and sketch an implementation of an expiring capability
(similar to a Kerberos token)in terms of what we have learned so far
![Page 11: Class 6 Distributed Systems CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader038.vdocuments.us/reader038/viewer/2022110206/56649f425503460f94c61072/html5/thumbnails/11.jpg)
Questions?
Reading discussion