SlideShare une entreprise Scribd logo

Confidentiality policies UNIT 2 (CSS)

Télécharger en tant que PPTX, PDF
SURBHI SAROHA
SURBHI SAROHA

The document discusses various techniques for confining untrusted code, including running it at different levels of isolation such as in a separate hardware system, virtual machine, process, or thread. It describes approaches like system call interposition and software fault isolation that monitor applications and isolate their ability to access resources. The document also covers topics like rootkits, which can provide unauthorized access, and intrusion detection systems, which monitor networks for malicious activity.

Formation
1  sur  33
Confidentiality Policies UNIT 2 BY:SURBHI SAROHA 1 SURBHI SAROHA
SYLLABUS • Confinement Principle • Detour Unix user IDs. • Process IDs and privileges • More on confinement techniques • System call interposition • Error 404 digital Hacking in India part 2 chase • VM based isolation • Confinement principle • Software fault isolation • Rootkits • Intrusion Detection Systems. 2 SURBHI SAROHA
Confinement Principle • Running untrusted code • We often need to run buggy/unstrusted code: • – programs from untrusted Internet sites:desktop and mobile apps, Javascript, browser extensions • – exposed applications: browser, pdf viewer, outlook • – legacy daemons: sendmail, bind • – honeypots • Goal: if application “misbehaves” ⇒ kill it 3 SURBHI SAROHA
Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Hardware: run application on isolated hw (air gap) 4 SURBHI SAROHA
5 SURBHI SAROHA
Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Virtual machines: isolate OS’s on a single machine 6 SURBHI SAROHA
7 SURBHI SAROHA
Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Process: System Call Interposition Isolate a process in a single operating system 8 SURBHI SAROHA
9 SURBHI SAROHA
Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Threads: Software Fault Isolation (SFI) • Isolating threads sharing same address space – • Application level confinement: • e.g. browser sandbox for Javascript and WebAssembly 10 SURBHI SAROHA
Detour Unix user IDs. • https://www.youtube.com/watch?v=yGXTHnV3 124&feature=youtu.be&fbclid=IwAR0DKuRI6e6 GryNnnzrfao7_N2heLTbr2- XILeYNec2ossn3NML7X0OA6ys 11 SURBHI SAROHA
Process IDs and privileges • Process privileges • In systems where security is important, applications should run with the fewest privileges possible. • Doing this helps reduce the impact of possible compromises and can also help lower the privilege escalation attack surface of the device. • The more difficult it is for attackers to elevate an application's privileges, the better; forcing attackers to chain multiple attacks against various applications that each have minimal sets of permissions is ideal. 12 SURBHI SAROHA
Confinement • 1. Uses encapsulation techniques to structurally guarantee that at most one activity at a time can possibly access a given object. • 2. Instead of using dynamic locking on object, encapsulation statically ensures the unique access to a given object • 3. Define methods and classes that establish leak-proof ownership domains so that one thread (at a time) can ever access a confined object. 13 SURBHI SAROHA
Confinement techniques • 1. Scoping • 2. Access control • 3. Data hiding and encapsulation • 4. Problem is information leaking 14 SURBHI SAROHA
Kinds of Confinement • Method confinement – hide access within local scope, including hand-offs • 2. Thread confinement – confine objects to sequence of operations (session) • 3. Object confinement – confine accesses internal to object (host-part) • 4. Group confinement – resource only owned by one object, but can be circulated 15 SURBHI SAROHA
System call interposition • System call interposition: a better approach to confinement. • Observation: to damage host system (i.e. make persistent changes) app must make system calls • To delete/overwrite files: unlink, open, write • • To do network attacks: socket, bind, connect, send. • Monitor app system calls and block unauthorized calls • • Implementation options: • • Completely kernel space (e.g. GSWTK) • • Completely user space 16 SURBHI SAROHA
17 SURBHI SAROHA
Cont…. • Systrace only forwards monitored sys-calls to monitor (saves context switches) • • Systrace resolves sym-links and replaces sys- call path arguments by full path to target • • When app calls execve, monitor loads new policy file • • Fast path in kernel for common/easy cases, ask userspace for complicated/rare cases 18 SURBHI SAROHA
Error 404 digital Hacking in India part 2 chase • https://security.cse.iitk.ac.in/node/178 19 SURBHI SAROHA
VM based isolation • A VM is an isolated environment with access to a subset of physical resources of the computer system. • Each VM appears to be running on the bare hardware, giving the appearance of multiple instances of the same computer, though all are supported by a single physical system. 20 SURBHI SAROHA
Cont… • Temporal isolation or performance isolation among virtual machine (VMs) refers to the capability of isolating the temporal behavior (or limiting the temporal interferences) of multiple VMs among each other, despite them running on the same physical host and sharing a set of physical resources such as processors, memory, and disks. 21 SURBHI SAROHA
Confinement principle • Confinement is a mechanism for enforcing the principle of least privilege. • The problem is that the confined process needs to transmit data to another process. • The confinement mechanism must distinguish between transmission of authorized data and the transmission of unauthorized data. 22 SURBHI SAROHA
Software fault isolation • Software-based Fault Isolation (SFI) is a software-instrumentation technique at the machine-code level for establishing logical protection domains within a process. • In SFI, protection domains stay within the same process, incurring low overhead when switching between domains. 23 SURBHI SAROHA
Cont…. • Way to get programs to behave in a manner consistent with a given security policy is by "brainwashing." • That is, modify the programs so that they behave only in safe ways. • This is embodied by a recent approach to security known as software-based fault isolation (SFI). • So far, the environment has been responsible for policy enforcement, where the environment is either the OS/kernel or the hardware. • Hardware methods include addressing mechanisms (e.g. virtual memory); • OS methods include having two modes (where the supervisor mode has access to everything). • The new approach we discuss today is to construct a piece of software that transforms a given program p into a program p', where p' is guaranteed to satisfy a security policy of interest. 24 SURBHI SAROHA
25 SURBHI SAROHA
Cont… • This SFI SW transformation could be any number of things. • It could be a piece of the compiler or of the loader. It could also involve a separate pass over machine language code before execution commences. • The point is that we are modifying the program before it is executed. • (One easy realization of SFI SW is to always output a program that does nothing. However, there are likely to be properties of the original program that we are interested in preserving, and these properties might not be satisfied by a program that does nothing.) 26 SURBHI SAROHA
Rootkits • A rootkit is a malicious software that allows an unauthorized user to have privileged access to a computer and to restricted areas of its software. • A rootkit may contain a number of malicious tools such as keyloggers, banking credential stealers, password stealers, antivirus disablers, and bots for Distributed denial of service (DDoS) attacks. • 27 SURBHI SAROHA
Well-Known Rootkit Examples • Lane Davis and Steven Dake - wrote the earliest known rootkit in the early 1990s. • NTRootkit – one of the first malicious rootkits targeted at Windows OS. • HackerDefender – this early Trojan altered/augmented the OS at a very low level of functions calls. • Machiavelli - the first rootkit targeting Mac OS X appeared in 2009. This rootkit creates hidden system calls and kernel threads. • Greek wiretapping – in 2004/05, intruders installed a rootkit that targeted Ericsson's AXE PBX. 28 SURBHI SAROHA
Cont… • Zeus, first identified in July 2007, is a Trojan horse that steals banking information by man- in-the-browser keystroke logging and form grabbing. • Stuxnet - the first known rootkit for industrial control systems • Flame - a computer malware discovered in 2012 that attacks computers running Windows OS. It can record audio, screenshots, keyboard activity and network traffic. 29 SURBHI SAROHA
Intrusion Detection Systems. • An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. • It is a software application that scans a network or a system for harmful activity or policy breaching. • Any malicious venture or violation is normally reported either to an administrator or collected centrally using a security information and event management (SIEM) system. • A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms. 30 SURBHI SAROHA
Cont…. • Although intrusion detection systems monitor networks for potentially malicious activity, they are also disposed to false alarms. • Hence, organizations need to fine-tune their IDS products when they first install them. • It means properly setting up the intrusion detection systems to recognize what normal traffic on the network looks like as compared to malicious activity. • Intrusion prevention systems also monitor network packets inbound the system to check the malicious activities involved in it and at once sends the warning notifications. 31 SURBHI SAROHA
Classification of Intrusion Detection System • IDS are classified into 5 types: 1. Network Intrusion Detection System (NIDS) 2. Host Intrusion Detection System (HIDS) 3. Protocol-based Intrusion Detection System (PIDS) 4. Application Protocol-based Intrusion Detection System (APIDS) 5. Hybrid Intrusion Detection System 32 SURBHI SAROHA
THANK YOU  33 SURBHI SAROHA

Recommandé

Computer System Security
Computer System SecurityComputer System Security
Computer System SecuritySURBHI SAROHA
 
Secure architecture principles isolation and leas(CSS unit 3 Part 1)
Secure architecture principles isolation and leas(CSS unit 3 Part 1)Secure architecture principles isolation and leas(CSS unit 3 Part 1)
Secure architecture principles isolation and leas(CSS unit 3 Part 1)SURBHI SAROHA
 
Web security landscape Unit 3 part 2
Web security landscape Unit 3 part 2Web security landscape Unit 3 part 2
Web security landscape Unit 3 part 2SURBHI SAROHA
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Fundamental cloud security
Fundamental cloud securityFundamental cloud security
Fundamental cloud securityAsmaa Ibrahim
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 

Recommandé

Computer System Security
Computer System SecurityComputer System Security
Computer System SecuritySURBHI SAROHA
 
Secure architecture principles isolation and leas(CSS unit 3 Part 1)
Secure architecture principles isolation and leas(CSS unit 3 Part 1)Secure architecture principles isolation and leas(CSS unit 3 Part 1)
Secure architecture principles isolation and leas(CSS unit 3 Part 1)SURBHI SAROHA
 
Web security landscape Unit 3 part 2
Web security landscape Unit 3 part 2Web security landscape Unit 3 part 2
Web security landscape Unit 3 part 2SURBHI SAROHA
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Fundamental cloud security
Fundamental cloud securityFundamental cloud security
Fundamental cloud securityAsmaa Ibrahim
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
Cyber Security Fundamentals
Cyber Security FundamentalsCyber Security Fundamentals
Cyber Security FundamentalsApurv Singh Gautam
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYPranjalShah18
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrimepatelripal99
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vmHome
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDSHitesh Mohapatra
 
Trusted systems
Trusted systemsTrusted systems
Trusted systemsahmad abdelhafeez
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
VMI based malware detection in virtual environment
VMI based malware detection in virtual environmentVMI based malware detection in virtual environment
VMI based malware detection in virtual environmentAyush Gargya
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 

Contenu connexe

Tendances

Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrimepatelripal99
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vmHome
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 

Tendances (20)

Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
Email security
Email securityEmail security
Email security
 
Cyber Security Fundamentals
Cyber Security FundamentalsCyber Security Fundamentals
Cyber Security Fundamentals
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vm
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security Professionals
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security Attacks
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
System Security
System SecuritySystem Security
System Security
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Intruders
IntrudersIntruders
Intruders
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 

Similaire à Confidentiality policies UNIT 2 (CSS)

VMI based malware detection in virtual environment
VMI based malware detection in virtual environmentVMI based malware detection in virtual environment
VMI based malware detection in virtual environmentAyush Gargya
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The CloudTu Pham
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Sandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptxSandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptxArshadFarhad4
 
systemhacking-170425062200.pdf
systemhacking-170425062200.pdfsystemhacking-170425062200.pdf
systemhacking-170425062200.pdfThasnimFathima
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla IsolationCybryx
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 

Similaire à Confidentiality policies UNIT 2 (CSS) (20)

VMI based malware detection in virtual environment
VMI based malware detection in virtual environmentVMI based malware detection in virtual environment
VMI based malware detection in virtual environment
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot
HoneypotHoneypot
Honeypot
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The Cloud
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Sandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptxSandboxing - Malware detection.pptx
Sandboxing - Malware detection.pptx
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
systemhacking-170425062200.pdf
systemhacking-170425062200.pdfsystemhacking-170425062200.pdf
systemhacking-170425062200.pdf
 
System hacking
System hackingSystem hacking
System hacking
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Network Security
Network SecurityNetwork Security
Network Security
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 

Plus de SURBHI SAROHA

Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2SURBHI SAROHA
 
Management Information System(Unit 2).pptx
Management Information System(Unit 2).pptxManagement Information System(Unit 2).pptx
Management Information System(Unit 2).pptxSURBHI SAROHA
 
Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)SURBHI SAROHA
 
Management Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptxManagement Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptxSURBHI SAROHA
 
Introduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxIntroduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxSURBHI SAROHA
 
Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)SURBHI SAROHA
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)SURBHI SAROHA
 
Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1SURBHI SAROHA
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)SURBHI SAROHA
 

Plus de SURBHI SAROHA (20)

Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2
 
Management Information System(Unit 2).pptx
Management Information System(Unit 2).pptxManagement Information System(Unit 2).pptx
Management Information System(Unit 2).pptx
 
Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)
 
Management Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptxManagement Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptx
 
Introduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxIntroduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptx
 
JAVA (UNIT 5)
JAVA (UNIT 5)JAVA (UNIT 5)
JAVA (UNIT 5)
 
DBMS (UNIT 5)
DBMS (UNIT 5)DBMS (UNIT 5)
DBMS (UNIT 5)
 
DBMS UNIT 4
DBMS UNIT 4DBMS UNIT 4
DBMS UNIT 4
 
JAVA(UNIT 4)
JAVA(UNIT 4)JAVA(UNIT 4)
JAVA(UNIT 4)
 
OOPs & C++(UNIT 5)
OOPs & C++(UNIT 5)OOPs & C++(UNIT 5)
OOPs & C++(UNIT 5)
 
OOPS & C++(UNIT 4)
OOPS & C++(UNIT 4)OOPS & C++(UNIT 4)
OOPS & C++(UNIT 4)
 
DBMS UNIT 3
DBMS UNIT 3DBMS UNIT 3
DBMS UNIT 3
 
JAVA (UNIT 3)
JAVA (UNIT 3)JAVA (UNIT 3)
JAVA (UNIT 3)
 
Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)
 
DBMS (UNIT 2)
DBMS (UNIT 2)DBMS (UNIT 2)
DBMS (UNIT 2)
 
JAVA UNIT 2
JAVA UNIT 2JAVA UNIT 2
JAVA UNIT 2
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)
 
Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)
 
OOPs & C++ UNIT 3
OOPs & C++ UNIT 3OOPs & C++ UNIT 3
OOPs & C++ UNIT 3
 

Dernier

How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 

Dernier (20)

How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 

Confidentiality policies UNIT 2 (CSS)

  • 2. SYLLABUS • Confinement Principle • Detour Unix user IDs. • Process IDs and privileges • More on confinement techniques • System call interposition • Error 404 digital Hacking in India part 2 chase • VM based isolation • Confinement principle • Software fault isolation • Rootkits • Intrusion Detection Systems. 2 SURBHI SAROHA
  • 3. Confinement Principle • Running untrusted code • We often need to run buggy/unstrusted code: • – programs from untrusted Internet sites:desktop and mobile apps, Javascript, browser extensions • – exposed applications: browser, pdf viewer, outlook • – legacy daemons: sendmail, bind • – honeypots • Goal: if application “misbehaves” ⇒ kill it 3 SURBHI SAROHA
  • 4. Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Hardware: run application on isolated hw (air gap) 4 SURBHI SAROHA
  • 6. Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Virtual machines: isolate OS’s on a single machine 6 SURBHI SAROHA
  • 8. Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Process: System Call Interposition Isolate a process in a single operating system 8 SURBHI SAROHA
  • 10. Confinement • Confinement: ensure misbehaving app cannot harm rest of system Can be implemented at many levels: • – Threads: Software Fault Isolation (SFI) • Isolating threads sharing same address space – • Application level confinement: • e.g. browser sandbox for Javascript and WebAssembly 10 SURBHI SAROHA
  • 11. Detour Unix user IDs. • https://www.youtube.com/watch?v=yGXTHnV3 124&feature=youtu.be&fbclid=IwAR0DKuRI6e6 GryNnnzrfao7_N2heLTbr2- XILeYNec2ossn3NML7X0OA6ys 11 SURBHI SAROHA
  • 12. Process IDs and privileges • Process privileges • In systems where security is important, applications should run with the fewest privileges possible. • Doing this helps reduce the impact of possible compromises and can also help lower the privilege escalation attack surface of the device. • The more difficult it is for attackers to elevate an application's privileges, the better; forcing attackers to chain multiple attacks against various applications that each have minimal sets of permissions is ideal. 12 SURBHI SAROHA
  • 13. Confinement • 1. Uses encapsulation techniques to structurally guarantee that at most one activity at a time can possibly access a given object. • 2. Instead of using dynamic locking on object, encapsulation statically ensures the unique access to a given object • 3. Define methods and classes that establish leak-proof ownership domains so that one thread (at a time) can ever access a confined object. 13 SURBHI SAROHA
  • 14. Confinement techniques • 1. Scoping • 2. Access control • 3. Data hiding and encapsulation • 4. Problem is information leaking 14 SURBHI SAROHA
  • 15. Kinds of Confinement • Method confinement – hide access within local scope, including hand-offs • 2. Thread confinement – confine objects to sequence of operations (session) • 3. Object confinement – confine accesses internal to object (host-part) • 4. Group confinement – resource only owned by one object, but can be circulated 15 SURBHI SAROHA
  • 16. System call interposition • System call interposition: a better approach to confinement. • Observation: to damage host system (i.e. make persistent changes) app must make system calls • To delete/overwrite files: unlink, open, write • • To do network attacks: socket, bind, connect, send. • Monitor app system calls and block unauthorized calls • • Implementation options: • • Completely kernel space (e.g. GSWTK) • • Completely user space 16 SURBHI SAROHA
  • 18. Cont…. • Systrace only forwards monitored sys-calls to monitor (saves context switches) • • Systrace resolves sym-links and replaces sys- call path arguments by full path to target • • When app calls execve, monitor loads new policy file • • Fast path in kernel for common/easy cases, ask userspace for complicated/rare cases 18 SURBHI SAROHA
  • 19. Error 404 digital Hacking in India part 2 chase • https://security.cse.iitk.ac.in/node/178 19 SURBHI SAROHA
  • 20. VM based isolation • A VM is an isolated environment with access to a subset of physical resources of the computer system. • Each VM appears to be running on the bare hardware, giving the appearance of multiple instances of the same computer, though all are supported by a single physical system. 20 SURBHI SAROHA
  • 21. Cont… • Temporal isolation or performance isolation among virtual machine (VMs) refers to the capability of isolating the temporal behavior (or limiting the temporal interferences) of multiple VMs among each other, despite them running on the same physical host and sharing a set of physical resources such as processors, memory, and disks. 21 SURBHI SAROHA
  • 22. Confinement principle • Confinement is a mechanism for enforcing the principle of least privilege. • The problem is that the confined process needs to transmit data to another process. • The confinement mechanism must distinguish between transmission of authorized data and the transmission of unauthorized data. 22 SURBHI SAROHA
  • 23. Software fault isolation • Software-based Fault Isolation (SFI) is a software-instrumentation technique at the machine-code level for establishing logical protection domains within a process. • In SFI, protection domains stay within the same process, incurring low overhead when switching between domains. 23 SURBHI SAROHA
  • 24. Cont…. • Way to get programs to behave in a manner consistent with a given security policy is by "brainwashing." • That is, modify the programs so that they behave only in safe ways. • This is embodied by a recent approach to security known as software-based fault isolation (SFI). • So far, the environment has been responsible for policy enforcement, where the environment is either the OS/kernel or the hardware. • Hardware methods include addressing mechanisms (e.g. virtual memory); • OS methods include having two modes (where the supervisor mode has access to everything). • The new approach we discuss today is to construct a piece of software that transforms a given program p into a program p', where p' is guaranteed to satisfy a security policy of interest. 24 SURBHI SAROHA
  • 26. Cont… • This SFI SW transformation could be any number of things. • It could be a piece of the compiler or of the loader. It could also involve a separate pass over machine language code before execution commences. • The point is that we are modifying the program before it is executed. • (One easy realization of SFI SW is to always output a program that does nothing. However, there are likely to be properties of the original program that we are interested in preserving, and these properties might not be satisfied by a program that does nothing.) 26 SURBHI SAROHA
  • 27. Rootkits • A rootkit is a malicious software that allows an unauthorized user to have privileged access to a computer and to restricted areas of its software. • A rootkit may contain a number of malicious tools such as keyloggers, banking credential stealers, password stealers, antivirus disablers, and bots for Distributed denial of service (DDoS) attacks. • 27 SURBHI SAROHA
  • 28. Well-Known Rootkit Examples • Lane Davis and Steven Dake - wrote the earliest known rootkit in the early 1990s. • NTRootkit – one of the first malicious rootkits targeted at Windows OS. • HackerDefender – this early Trojan altered/augmented the OS at a very low level of functions calls. • Machiavelli - the first rootkit targeting Mac OS X appeared in 2009. This rootkit creates hidden system calls and kernel threads. • Greek wiretapping – in 2004/05, intruders installed a rootkit that targeted Ericsson's AXE PBX. 28 SURBHI SAROHA
  • 29. Cont… • Zeus, first identified in July 2007, is a Trojan horse that steals banking information by man- in-the-browser keystroke logging and form grabbing. • Stuxnet - the first known rootkit for industrial control systems • Flame - a computer malware discovered in 2012 that attacks computers running Windows OS. It can record audio, screenshots, keyboard activity and network traffic. 29 SURBHI SAROHA
  • 30. Intrusion Detection Systems. • An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. • It is a software application that scans a network or a system for harmful activity or policy breaching. • Any malicious venture or violation is normally reported either to an administrator or collected centrally using a security information and event management (SIEM) system. • A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms. 30 SURBHI SAROHA
  • 31. Cont…. • Although intrusion detection systems monitor networks for potentially malicious activity, they are also disposed to false alarms. • Hence, organizations need to fine-tune their IDS products when they first install them. • It means properly setting up the intrusion detection systems to recognize what normal traffic on the network looks like as compared to malicious activity. • Intrusion prevention systems also monitor network packets inbound the system to check the malicious activities involved in it and at once sends the warning notifications. 31 SURBHI SAROHA
  • 32. Classification of Intrusion Detection System • IDS are classified into 5 types: 1. Network Intrusion Detection System (NIDS) 2. Host Intrusion Detection System (HIDS) 3. Protocol-based Intrusion Detection System (PIDS) 4. Application Protocol-based Intrusion Detection System (APIDS) 5. Hybrid Intrusion Detection System 32 SURBHI SAROHA