Upload File

systems security ii - joshlf.com · 2020. 10. 15. · “tl 30” - a professional safecracker with...

  • Home
  • Documents
  • Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker
22
Systems Security II

Upload: others

Post on 27-Mar-2021

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

Systems Security II

Page 2: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Beyond Fear

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 3: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

● Similar to defense in depth● Secure various assets separately● Compromising one asset doesn’t necessarily

allow an attacker to compromise others

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 4: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

Asset

Attacker

Asset Asset

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 5: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

Asset

Attacker

Asset Asset

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 6: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

● Non-technical examples?

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 7: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

● Non-technical examples○ Travelers’ money○ Street drug dealers (separating money and drugs)○ Top-secret information: clearance plus “need to know”○ Offices with separate keys

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 8: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

● Technical examples?

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 9: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

● Technical examples○ Beyond Corp vs VPNs○ Untrusted software isolation

■ VMs■ AppArmor

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 10: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

● Different assets deserve different security● Examples?

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 11: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Compartmentalization

● Different assets deserve different security● Examples

○ Master keying systems○ Certificate trees

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 12: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Secret Sharing

● DNSSEC is a certificate hierarchy for DNS● Single DNSSEC root● Root key is split so that 5 of 7 people must

convene in order to reconstruct it● Secret sharing

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 13: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Shamir Secret Sharing

● Key insights:○ Any k distinct points define a k - 1 degree polynomial○ Given < k points, all k - 1 degree polynomials are

equally likely

https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/3_polynomials_of_degre

e_2_through_2_points.svg/220px-3_polynomials_of_degree_2_through_2_points.svg.png

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/3_polynomials_of_degree_2_through_2_points.svg/220px-3_polynomials_of_degree_2_through_2_points.svg.png
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/3_polynomials_of_degree_2_through_2_points.svg/220px-3_polynomials_of_degree_2_through_2_points.svg.png
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/3_polynomials_of_degree_2_through_2_points.svg/220px-3_polynomials_of_degree_2_through_2_points.svg.png
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/3_polynomials_of_degree_2_through_2_points.svg/220px-3_polynomials_of_degree_2_through_2_points.svg.png
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/3_polynomials_of_degree_2_through_2_points.svg/220px-3_polynomials_of_degree_2_through_2_points.svg.png
Page 14: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Shamir Secret Sharing

● Generate a random k - 1 degree polynomial○ The description of this polynomial is the secret key

● Pick S random points on the curve● Each point is a secret● Any k of the S points are sufficient to

reconstruct the key

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 15: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response

● Who here is murder-proof?● Whose house/apartment/dorm is burglary-

proof?● How much do you worry about being

murdered or burgled?● Why?

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 16: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response

● Good prevention is hard (and expensive)● “Detection works where prevention fails”● Often, detection and response are cheaper

and more effective

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 17: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response● Example: safes are rated based on time

○ “TL 30” - a professional safecracker with tools will take 30 minutes to crack

○ “TL-TR 60” - resist the same safecracker with an oxyacetylene torch for 60 minutes

● Gives enough time for the guards to notice● No guard? Anyone will crack it eventually● “Our job is to slow ’em down or make ’em make a lot of

noise”

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 18: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response● Other examples?

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 19: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response

● Response○ Reaction○ Mitigation○ Recovery○ Forensics○ Counterattack

● Examples?

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 20: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response

● Response○ Reaction: security guards○ Mitigation: increasing security, disabling services○ Recovery: backups, changing passwords, etc○ Forensics: find out who did it○ Counterattack: prosecute them

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 21: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response

● Belgian jewelry thieves

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/
Page 22: Systems Security II - joshlf.com · 2020. 10. 15. · “TL 30” - a professional safecracker with tools will take 30 minutes to crack “TL-TR 60” - resist the same safecracker

© 2016 J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.5Brown University CS166

Detection and Response

San Jose, Costa Rica

https://creativecommons.org/licenses/by-sa/2.5/
http://cs.brown.edu/courses/cs166/

For TL-1, TL-2, TL-3 Applications - Energy · PDF fileTriton Barrier® For TL-1, TL-2, TL-3 Applications Product Description Manual Part No. 619487B Revision F July 2012

TP-Link - TL-WR1043N / TL-WR1043ND - Exetelexewiki.exetel.com.au/images/d/da/TP-Link-TL-WR1043ND-Exetel_User... · TP-Link - TL-WR1043N / TL-WR1043ND 300Mbps Wireless N Gigabit Router

TL-WR940N TL-WR941ND 450Mbps Wireless N Router · 2016. 8. 10. · The Router or TL-WR940N/TL-WR941ND mentioned in this guide stands for TL-WR940N/TL-WR941ND ; 450Mbps Wireless N

TI-OOI TI-OIO Tl-019 Tl-028 Tl-037 T7-046 72ü D7(R) eeü Tl-009 Tl … · 2019-07-10 · TI-OOI TI-OIO Tl-019 Tl-028 Tl-037 T7-046 72ü D7(R) eeü Tl-009 Tl-018 Tl-æ7 Tl-036 Tl-045

Safecracker: Leaking Secrets through Compressed Cachespeople.csail.mit.edu/poantsai/papers/2020.safecracker.asplos.pdf · Sanchez. 2020. Safecracker: Leaking Secrets through Compressed

TL-SG105E/TL-SG108E/TL-SG108PE TL-SG1016DE/TL ... - TP-Link · TL-SG105E/TL-SG108E/TL-SG108PE . TL-SG1016DE/TL-SG1024DE . Gigabit Easy Smart Switch . REV1.0.3 . 1910011479

TL-SG1016 8.0, TL-SG1024 7.0, TL-SG1048 2 · TL-SG1016 / TL-SG1024 / TL-SG1048 16/24/48-Port Gigabit Rackmount Switch TP-LINK Green Technology This new generation TL-SG1016/TL-SG1024/TL-SG1048

City of North Pole City Boundary...0 4 1 2 5 2 5 1 9 0 1 TL-830 TL-700 TL-630 TL-1700 TL-623 TL-634 TL-625 TL-605 TL-632 TL-638 TL-636 TL-627 TL-645 TL-635 TL-626 TL-637 TL-642 TL-643

TL-SG1016 9.0, TL-SG1024 8 - dustinweb.azureedge.net · TL-SG1016 / TL-SG1024 16/24-Port Gigabit Rackmount Switch The TL-SG1016/TL-SG1024 Gigabit Ethernet Switch provides you with

TRN 11 30 38 CL 85 TL WWB - Artech Lighting · TRN 11 30 38 CL 85 TL WWB Lamp Type Wattage Lumen output Colour Temperature CRI Beam angle IP Rating Control Gear Dimensions Colour

POWER SLEEVE [BB386EVO] — TL-PWS 86 — TL …...POWER SLEEVE [BB386EVO] — TL-PWS 86 — TL-PWS Is Jk9—ÄlJ— TC-PWS 86Y—JL-ey (IRA) 00 —[*13 -30 < D 0) TL-PWS < — PWS

300Mbps Wireless N USB Adapter - TP-Link · 2016-08-10 · TL-WN821N/TL-WN822N/TL-WN823N . 300Mbps Wireless N USB Adapter . TL-WN821N TL-WN822N TL-WN823N . Rev: 4.1.0 1910010863

With prestigious virtual office service YOU CHOOSE YOUR ... › admin › pdf › 1564405193EN.pdf250 tl - 200 tl 350 tl - 300 tl 500 tl - 450 tl 800 tl - 750 tl 300 tl - 250 tl 400

Installation Guide · 2016. 8. 10. · Installation Guide Gigabit Unmanaged Switch TL-SG1048/TL-SG1024 TL-SG1024D/TL-SG1016 TL-SG1016D/TL-SG1008 Enterprise Networking Solution

Saptamana TL, nr. 30

TL TL TL TL TL TL TL TL TL TL TL TL TL TL TL TL …...2019/06/30  · 2 A KGVI used collection in red SG Crown album, with good ranges of sets and part sets, noted Br. Occ. of Italian

TL-WPA4220 300Mbps AV500 WiFi Powerline Extender TL … · TL-WPA4220/TL-WPA281 300Mbps AV500/AV200 WiFi Powerline Extender 2 1.3 Conventions The extender, or TL-WPA4220/TL-WPA281,

Banbridge Town lies on the River Bann and was named Bridge …... · 2020. 2. 13. · LP LP LP LP SC SC SC SC SC SC B TL TL TL TL TL TL TL TL TL C/Box IL=51.64 MH IL=54.18 MH SV SV

Safecracker Feynman - Computer · PDF fileCreated Date: 11/15/2004 2:38:06 PM

TL-WN721N/TL-WN722N/TL-WN821N Wireless N … Wireless N USB Adapter 1 Package Contents Please verify that all the package contents below are available. ¾ One TL-WN721N/TL-WN722N/TL-WN821N

PVI-3.0-TL PVI-3.6-TL PVI-3.8-TL PVI-4.2-TL

MSW1002-TL,MSW1004-TL,MSW1006-TL,MSW1008-TL Mo • … file1 MSW1002-TL,MSW1004-TL,MSW1006-TL,MSW1008-TL 6T 7236.d TR GB Açıklama Toggle Switch; / Bağlantı / T Supply voltage 21...30V

SUN MON TUE WED THUR FRI SAT - Clark-Lindsey · 3:00 BINGO (TL) 4:00 Making Honor Flight Cards (TL) 4:00 Hallmark Shows (TL) 6:30 Movies (TL) 9:30 Word Play (MC) 10:00 Eucharistic

Manual - SafeCracker

TL-WR740N TL-WR741ND 150Mbps Wireless N Routerstatic.tp-link.com/res/down/doc/TL-WR740N_V5_UG.pdf · 4.17.3 Firmware Upgrade ... TL-WR740N/TL-WR741ND 150Mbps Wireless N Router ; 1.2

Tl-wn353g, Tl-wn353gd User Guide_pol

ATTENDANCE · roll no. name of the student tl % tl % tl % tl % tl % tl % tl % tl % tl % tl % tl % tl % 8 100 47 100 4 100 46 100 7 100 46 100 6 100 45 100 4 100 50 100 29 100 234

TL-189 Scope Draft · Accreditation Standard ISO/IEC ... LLC TL-189 Page of 23 TL-189 Page of 23 TL-189 Page of 23 TL-189 Page of 23 TL-189 Page of 23 TL-189 Page of 23

1.84 mm TL 1.84 mm TL 5.0 mm (dorsal view) 37.0 mm TL 15 ...molaPage.pdf1.84 mm TL 1.84 mm TL 5.0 mm (dorsal view) 37.0 mm TL 15 mm TL 37.0 mm TL Body spines reach maximum size at

TL-WN721N/TL-WN722N/TL-WN821N Wireless N USB Adapter€¦ · TL-WN721N/TL-WN722N/TL-WN821N Wireless N USB Adapter Rev: 3.0.0 1910010563 TL-WN721N TL-WN722N TL-WN821N

CONTENTS · 2018. 9. 7. · TL-SG2452 TL-SG2216 TL-SG2008 TL-SG2210P TL-SG1008 TL-SG1008PE TL-SG1008P TL-SF1008P TL-SG108E 48 24 16 8 5 Speed Ports L2 Managed Switches L3/L2+ Managed

TL-SG3216/TL-SG3424 JetStream L2 Managed Switch · TL-SG3216/TL-SG3424 JetStream L2 Managed Switch ... The device mentioned in this Guide stands for TL-SG3216/TL-SG3424 JetStream

TL-WR940N TL-WR941ND 450Mbps Wireless N Router · The Router or TL-WR940N/TL-WR941ND mentioned in this guide stands for TL-WR940N/TL-WR941ND ; 450Mbps Wireless N Router. without any

HASIL TRY OUT PMB PKN STAN 2019 - Adzkia STAN · 64 MUTHIA ARINI HSB 40 12 28 0 20 TL 20 6 14 0 10 TL 30 Nilai Mati 65 HARI DWIKY PRASSETIA 40 11 29 0 15 TL 20 7 13 0 15 TL 30 Nilai

TL-WN350G/TL-WN350GD 54M Wireless PCI Adapter · TL-WN350G/TL-WN350GD 54M Wireless PCI Adapter without any explanations. TL-WN350G/TL-WN350GD 54M Wireless PCI Adapter User Guide 2