Contenu connexe
Similaire à boundary_security.pptx
Similaire à boundary_security.pptx (20)
Plus de KelvinDube4
Dernier
Dernier (20)
boundary_security.pptx
- 1. Boundary Controls • The boundary subsystem establishes the interface between the would-be user of a computer system and the computer system itself. • Once boundary subsystem functions are complete, the user can commence to use the resources of the system. • Boundary subsystem controls have one primary pu rpose: to establish the identity and authenticity of would-be users of a system. • This chapter examines some of the major types of security exercised in the boundary subsystem.
- 2. Boundary Controls Access Controls • An Access Control Mechanism is used in a compute r installation for preventing unauthorized access to and use of resources.
- 3. Boundary Controls Functions of an Access Control Mechanism. • An access control mechanism associates with ident ified, authorized users the resources they are perm itted to access and the action privileges they have with respect to those resources. • The mechanism processes user's requests in three steps, identification, authentication, and authorizat ion
- 4. Boundary Controls Identification and Authentication • Four classes of authentication are remembered inf ormation, possessed information, personal charact eristics and dialog. • There is need to understand the weaknesses in ea ch of the class of authentication. • Passwords, possessed objects, and personal charac teristics all have a further weakness that the authe ntication information is reduced to a bit stream wh ich can be wiretapped.
- 5. Boundary Controls Object Resources • In a generalized access control mechanism, all reso urces must be named since the mechanism must c ouple users with resources they are permitted to u se. • It is important that the access control mechanism h ave a means of identifying the authenticity of the o bject resources it provides to a user .e.g assigning object resources a unique identity that can not be copied.
- 6. Boundary Controls Action Privileges • If a user has the permission to use a commodity, th e amount of the commodity that the user can cons ume must be specified. • The most complex action privileges relate to the us e of data resources • ADD, INSERT, APPEND,MODIFY file1 File2 file3 John Own Read Write Alice Read Own Read Write Read bob Read Write Read Own Read Write
- 7. Boundary Controls Action privileges • Data independent – all the contents of a file ar e subject to the action privilege assigned to th e file • Data dependent – can apply to data items wit hin a file e.g salary < 15000
- 8. Boundary Controls • One of the important restrictions on action privileg es is a temporal restriction e.g no access to the ter minal after working hours. Implementing an Access Control Mechanism • Full implementation of an ACM can be costly. In pr actise, some trade offs must be made; overall contr ol must be decreased to reduce costs and improve performance. • The tradeoffs made in the ACM must be reasonabl e, given the overall control requirements of the ins tallation
- 9. Boundary Controls Problems in Implementing ACM (1)Open Vs Closed Environment • While an open environment allows for an easier im plementation of an ACM, only in a closed environm ent can effective control be exercised over users. (2)Approaches to Authorization • They are two approaches to implementing the aut horization module in an access control mechanism:
- 10. Boundary Controls • A ticket oriented approach? • A list oriented approach? (3)Dynamics of Authorization • Some difficult implementation problems arise in th e area of authorization dynamics.
- 11. Boundary Controls Cryptographic Controls • Cryptology is the science of secret codes • Cryptography deals with systems for translating dat a into codes that are meaningless to anyone who d oes not possess the system for recovering the initia l data. • Cryptanalysis are the techniques for recovering enc rypted data • Cipher is an algorithm for performing encryption o r decryption
- 12. Boundary Controls Cryptographic Techniques They are three classes of techniques for enciphering plaintext: • Substitution ciphers • Transposition ciphers. • Product ciphers
- 13. Boundary Controls Choosing a Cipher System • A cipher system has two components: algorithm an d the key • Five desirable properties of a cipher system: • High Work Factor • Small key • Simplicity • Low error propagation • Little expansion of message size.
- 14. Boundary Controls Public Key Cryptosystems • Ensuring the secure distribution of a private key to parties who need the key is a difficult task. • The widely known public key cryptosystem is the R SA scheme. • The disadvantage of public key cryptosystems is th at they are slow relative to the processing time req uired for private-key cryptosystems.
- 15. Boundary Controls Key Distribution • Maintaining the secrecy of the cryptographic key is of paramount importance. • The method chosen to distribute a key must be reli able; and maintain the secrecy of the keys thus mai ntaining overall secrecy of the cryptosystem. • Reminder: assignment diffie-hellman key exchange protocol
- 16. Boundary Controls Explain Diffie-Hellman key exchange, El-gamal a nd RSA Algorithms.
- 17. Boundary Controls Digital Signatures • Establishing the authenticity of individuals and pre venting the disavowal of messages and or contract s are still critical requirements when data is exchan ged in electronic form. • A digital signature is simply a string of 0s and 1s rat her than a line drawn on a page. • Public key cryptosystems can be used to establish: secret messages signed messages signed, secret messages.
- 18. Boundary Controls Secret Message • S Pur(m) • R Prr[Pur(m)] Signed Secret Message • S Pur(m) • S Prs[Pur(m)] • R Pus (Prs[Pur(m)]) • R Prr[Pur(m)]