comp 655: distributed/operating systems summer 2011 dr. chunbo chu week 9: security...
TRANSCRIPT
![Page 1: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/1.jpg)
COMP 655:Distributed/Operating
SystemsSummer 2011
Dr. Chunbo ChuWeek 9: Security
04/21/23 1Distributed Systems - COMP 655
![Page 2: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/2.jpg)
04/21/23 Distributed Systems - COMP 655 2
Agenda• Security basics• Encryption• Major functions of a security
system
![Page 3: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/3.jpg)
04/21/23 Distributed Systems - COMP 655 3
Types of security• Confidentiality
– Information disclosed only to authorized parties
• Integrity– Information can be created, changed,
or deleted only in authorized ways
![Page 4: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/4.jpg)
04/21/23 Distributed Systems - COMP 655 4
Types of threats• Interception (confidentiality)• Interruption (integrity)• Modification (integrity)• Fabrication (integrity)
![Page 5: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/5.jpg)
04/21/23 Distributed Systems - COMP 655 5
Major functions of a security system
• Authentication• Authorization• Administration• Journaling• Intrusion detection
![Page 6: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/6.jpg)
04/21/23 Distributed Systems - COMP 655 6
Security basicsGeneral advice when dealing with
security:• Always stay in touch with the basic
question: what is the problem you are trying to solve?
• Compare the cost of security to the cost of loss
These should be covered in a security policy
![Page 7: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/7.jpg)
04/21/23 Distributed Systems - COMP 655 7
Security policy basics• A security policy defines the security
requirements for a system• A security policy identifies
– Types of entities in the systemFor example, “instructor”, “student”,
“gradebook application”
– Types of actions supported by the systemFor example, “view grades”, “assign grades”
– Which types of entities are allowed to perform which types of actions
![Page 8: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/8.jpg)
04/21/23 Distributed Systems - COMP 655 8
More about security policyExamples of security policy statements:• An instructor is allowed to assign and
view grades for all students in sections taught by the instructor
• An instructor is not allowed to assign or view grades for any section that he or she did not teach
• A student is allowed to view all of his or her grades
• A student is not allowed to assign grades
![Page 9: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/9.jpg)
04/21/23 Distributed Systems - COMP 655 9
Yet more security policy• Policy deals with roles, not individuals.
For example, some Franklin students are also instructors
• Policy must be specific to a system– “users may perform only authorized actions” is
NOT useful policy– “instructors and administrators may assign
grades” is much more useful
• Writing a good policy is usually hard– Can any administrator assign a grade?– Or only department chairs and deans with
responsibility for the course?– Can the college president assign a grade?
![Page 10: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/10.jpg)
04/21/23 Distributed Systems - COMP 655 10
Activity: DiNo Security policy• Imagine that DiNo needs to support
confidential notebooks• Discuss the security aspects of DiNo
– What types of entities and operations are important?
• What should the security priorities be?– List at least five policies about who’s allowed to
do what
• NOTE: “all users must be authenticated” does NOT belong in a security policy – it’s about implementation, not requirements
![Page 11: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/11.jpg)
04/21/23 Distributed Systems - COMP 655 11
Kevin Mitnick’s work today• The simple fact is this: People are, and
always have been, the most vulnerable aspect of any organization's security infrastructure …
http://www.mitnicksecurity.com/
Interview on 60 Minutes
![Page 12: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/12.jpg)
04/21/23 Distributed Systems - COMP 655 12
Security – human aspects• “Human engineering” is the most
effective way to gain unauthorized access to systems– Helpfulness can be abused– Garbage can be sifted– Etc
• Basically, it’s a never-ending dialog between builders and crackers If you remember nothing else from tonight …
![Page 13: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/13.jpg)
04/21/23 Distributed Systems - COMP 655 13
Tools for the security provider
• Encryption• Explicit, well-considered policy• QA for code• Security education for developers (for
example, see http://www.sans.org/)• Security education for others with
access to sensitive information• Firewalls• Audits• Monitoring
![Page 14: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/14.jpg)
04/21/23 Distributed Systems - COMP 655 14
More security tools• Research• Former crackers with changed
motives• Good system administration,
including keeping up with patches• Virus checkers (pattern, heuristic)
![Page 15: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/15.jpg)
04/21/23 Distributed Systems - COMP 655 15
Resources• CERT: www.cert.org/• CSRC (NIST): csrc.nist.gov/• Steve Gibson: grc.com/default.htm
• Counterpane: www.counterpane.com/crypto-gram.html
• And 400,000,000 others …
![Page 16: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/16.jpg)
04/21/23 Distributed Systems - COMP 655 16
Activity – implementing your policy
• For each of the five statements in your security policy exercise, identify one or more techniques that could be used to enforce it.
![Page 17: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/17.jpg)
04/21/23 Distributed Systems - COMP 655 17
Comp 655 - Security• Security basics• Encryption• Major functions of a security
system
![Page 18: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/18.jpg)
04/21/23 Distributed Systems - COMP 655 18
Encryption - general
![Page 19: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/19.jpg)
04/21/23 Distributed Systems - COMP 655 19
More terminology• Symmetric cryptosystem
– aka secret-key, shared-key
• Asymmetric cryptosystem– aka public-key
• Computational infeasibility• Hash function• Block cipher• Stream cipher
![Page 20: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/20.jpg)
04/21/23 Distributed Systems - COMP 655 20
Important encryption algorithms
• DES• AES• RSA• MD5• SHA-1
![Page 21: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/21.jpg)
04/21/23 Distributed Systems - COMP 655 21
Data Encryption Standard (DES)
![Page 22: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/22.jpg)
04/21/23 Distributed Systems - COMP 655 22
DES key generation
![Page 23: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/23.jpg)
04/21/23 Distributed Systems - COMP 655 23
Attacks on DES• Analytical
– DES has held up pretty well
• Brute force– Hardware is now fast enough to allow
practical guess-and-check attacks on 56-bit DES
• Triple DES “appears to be safe for the moment”
• To be replaced by Rijndael algorithm
![Page 24: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/24.jpg)
04/21/23 Distributed Systems - COMP 655 24
AES
• NIST selection process, 1997-2000, whose goal was a symmetric block cipher to replace DES for protection of sensitive unclassified information. AES is– unclassified– publicly disclosed encryption– available royalty-free, worldwide– supports block sizes of at least 128 bits– supports key sizes of 128, 192, and 256 bits.
![Page 25: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/25.jpg)
04/21/23 Distributed Systems - COMP 655 25
AES Selection criteria1. Security was the most important factor, including
– resistance to cryptanalysis
– soundness of mathematical basis
– randomness of the algorithm output
– relative security as compared to other candidates.
2. Cost was a second important area – licensing requirements
– speed on various platforms
– memory requirements
![Page 26: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/26.jpg)
04/21/23 Distributed Systems - COMP 655 26
AES Selection Criteria continued
• Algorithm characteristics – Adaptability to larger key sizes– Adaptability to other applications,
including stream cipher, hash– Adaptability to various
implementation environments including software, firmware, hardware
– Overall simplicity
![Page 27: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/27.jpg)
04/21/23 Distributed Systems - COMP 655 27
AES continued
• Winner was Rijndael (“Rhine-doll”)• NIST evaluation tested C and Java
implementations of the candidates• Implementations have also appeared
in Lisp, Pascal, JavaScript, C++, hardware, etc
• See the NIST crypto toolkit web site:http://csrc.nist.gov/CryptoToolkit/
![Page 28: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/28.jpg)
04/21/23 Distributed Systems - COMP 655 28
RSA
• Widely used for public-key cryptosystems
• Relies on computational infeasibility of factoring a product of large primes
• A key set includes– d (decryption key)– e (encryption key)– n (product of large primes)
![Page 29: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/29.jpg)
04/21/23 Distributed Systems - COMP 655 29
RSA continued• Publish n and one key, keep the other
key private• Which key gets published depends on
the problem you’re trying to solve– Publish encryption key for data
protection– Publish decryption key for authentication
• Expensive! (2-3 orders of magnitude slower than DES)
![Page 30: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/30.jpg)
04/21/23 Distributed Systems - COMP 655 30
Cryptographic hash functions
• With encryption, they guard against modification
• (kind of like a checksum or check digit)• A hash computes a fixed-length summary
(or digest) of a string (message) that is hard to reproduce– Given a message m, it’s computationally
infeasible to find another message m’ such that H(m’) = H(m).
– And it’s even harder to find such an m’ that says what you want …
![Page 31: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/31.jpg)
04/21/23 Distributed Systems - COMP 655 31
Using a cryptographic hash:digital signature
![Page 32: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/32.jpg)
04/21/23 Distributed Systems - COMP 655 32
MD5
‘<<<‘ is a “circular shift”:10110001 <<< 3 = 10001101
![Page 33: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/33.jpg)
04/21/23 Distributed Systems - COMP 655 33
SHA-1(from Adam Back’s web site)• SHA1 (Secure Hash Algorithm 1) is a
cryptographic message digest algorithm.• It is considered to be more secure than
MD5– it has longer hash size– Hans Dobbertin discovered a partial weakness
in the MD5 collision function.
• There was a SHA0 but it had some security problems which were fixed in SHA1.
http://www.cypherspace.org/adam/rsa/sha.html
![Page 34: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/34.jpg)
04/21/23 Distributed Systems - COMP 655 34
Comp 655 - Security• Security basics• Encryption• Major functions of a security
system
![Page 35: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/35.jpg)
04/21/23 Distributed Systems - COMP 655 35
Major functions of a security system
• Authentication• Authorization• Administration• Journaling• Intrusion detection
![Page 36: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/36.jpg)
04/21/23 Distributed Systems - COMP 655 36
Authentication is …Checking that you are who you say
you are
![Page 37: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/37.jpg)
04/21/23 Distributed Systems - COMP 655 37
Implementation – authentication in Kerberos
Kerberos• is a network authentication protocol• provides strong authentication for
client/server applications by using secret-key cryptography
• implementations are available commercially and free from MIT
• assumes black-hats are sniffing and spoofing everywhere
![Page 38: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/38.jpg)
04/21/23 Distributed Systems - COMP 655 38
How Kerberos authentication works
TG Ticket Secret keySession key
Service ticket
![Page 39: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/39.jpg)
04/21/23 Distributed Systems - COMP 655 39
Setting up a secure channel with Kerberos
How does Bob know KB,TGS?
It’s the session key he got at his login
![Page 40: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/40.jpg)
04/21/23 Distributed Systems - COMP 655 40
Activity - authentication• When you talk to someone on the
phone, how do you know who it is?– List at least three ways– For each way, how can it be spoofed?
• If you suspect you’re being spoofed, how can you verify the other person’s identity?
• Same two questions for instant messaging
![Page 41: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/41.jpg)
04/21/23 Distributed Systems - COMP 655 41
Major functions of a security system
• Authentication• Authorization• Administration• Journaling• Intrusion detection
![Page 42: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/42.jpg)
04/21/23 Distributed Systems - COMP 655 42
Authorization is …Granting access to resources so that
the ability to create, read, update, or delete things is available only to those who are authorized.
![Page 43: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/43.jpg)
04/21/23 Distributed Systems - COMP 655 43
Authorization - General
How will it decide?What data will it use?How will it enforce its decision?
![Page 44: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/44.jpg)
04/21/23 Distributed Systems - COMP 655 44
ACLs vs Capabilities
![Page 45: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/45.jpg)
04/21/23 Distributed Systems - COMP 655 45
Java Security• Top-priority problem: protect hosts
from damage or eavesdropping by mobile Java code.
• For applets, security is built on a co-ordinated authorization system called a “sandbox”.
![Page 46: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/46.jpg)
04/21/23 Distributed Systems - COMP 655 46
Java Sandbox overview
![Page 47: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/47.jpg)
04/21/23 Distributed Systems - COMP 655 47
SecurityManager
![Page 48: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/48.jpg)
04/21/23 Distributed Systems - COMP 655 48
SecurityManager security = System.getSecurityManager();
if (security != null) { security.checkXXX(argument, . . . ); }
SecurityManager
![Page 49: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/49.jpg)
04/21/23 Distributed Systems - COMP 655 49
Sandbox vs Playground
![Page 50: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/50.jpg)
04/21/23 Distributed Systems - COMP 655 50
Leaning out of the sandbox …
• Object references as capabilities• Stack introspection• Name space management (bait-n-
switch based on class names)
![Page 51: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/51.jpg)
04/21/23 Distributed Systems - COMP 655 51
Object reference as capability
![Page 52: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/52.jpg)
04/21/23 Distributed Systems - COMP 655 52
Stack introspection
1. Method invocation forces a call to enable_privilege
2. enable_privilege examines the stack for a suitable privilege or prohibition
3. If OK, enable_privilege pushes a disable_privilege frame onto the stack
4. When method returns, disable_privilege turns privileges off
![Page 53: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/53.jpg)
04/21/23 Distributed Systems - COMP 655 53
Major functions of a security system
• Authentication• Authorization• Administration• Journaling• Intrusion detection
![Page 54: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/54.jpg)
04/21/23 Distributed Systems - COMP 655 54
Administrative functions• Setting up
– Exchanging secret keys– Publishing public keys– Granting privileges
• Tearing down– Removing privileges– Changing compromised secret keys– Revoking compromised public keys
• Managing trust– Adding or removing a server– Delegating privileges
![Page 55: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/55.jpg)
04/21/23 Distributed Systems - COMP 655 55
Setup: Diffie-Hellman Key Exchange
For gory details: http://www.faqs.org/rfcs/rfc2631.html
Commercial application: Cisco’s IKE
IKE standard: RFC 2409(the patent expired in 1997)
![Page 56: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/56.jpg)
04/21/23 Distributed Systems - COMP 655 56
Setup: exchanging secret keys
setup
![Page 57: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/57.jpg)
04/21/23 Distributed Systems - COMP 655 57
Setup: publishing keys
If you have K+, how can you know that K- is actually possessed by the person or company you think it is?
![Page 58: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/58.jpg)
04/21/23 Distributed Systems - COMP 655 58
Setup: establishing trust in public keys
• Usually, public keys are published in a certificate, consisting of– Public key– String identifying the owner– Digital signature of a certificate
authority
![Page 59: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/59.jpg)
04/21/23 Distributed Systems - COMP 655 59
Example: “secure” web site
![Page 60: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/60.jpg)
04/21/23 Distributed Systems - COMP 655 60
Example: certificates
![Page 61: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/61.jpg)
04/21/23 Distributed Systems - COMP 655 61
Certificates on the path
![Page 62: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/62.jpg)
04/21/23 Distributed Systems - COMP 655 62
Certification practice statement
https://www.verisign.com/repository/CPS2.1/cps2-1.pdf
Why is this such an elaborate document?
The simple fact is this: People are, and always have been, the most vulnerable aspect of any organization's security infrastructure …
and that means lawsuits
![Page 63: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/63.jpg)
04/21/23 Distributed Systems - COMP 655 63
Certificate Revocation Lists
• The certificate was good at one time, but not anymore
• CAs publish their revocation lists, usually daily
• But clients rarely check
![Page 64: COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 9: Security 10/24/20151Distributed Systems - COMP 655](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649ef15503460f94c02761/html5/thumbnails/64.jpg)
04/21/23 Distributed Systems - COMP 655 64
Major functions of a security system
• Authentication• Authorization• Administration• Journaling• Intrusion detection
http://www.informit.com/articles/article.asp?p=174342