Ch11kiit [Compatibility Mode]

7/30/2019 Ch11kiit [Compatibility Mode]

1/29

ProtectionProtection


2/29

Domain StructureDomain Structure

Access-right =

where rights-setis a subset of all valid operations that can beperformed on the object.

Domain = set of access-rights


3/29

Access MatrixAccess Matrix

View protection as a matrix (access matrix)

Rows represent domains

Columns represent objects

Access(i, j) is the set of operations that a process executing inDomaini can invoke on Objectj


4/29

Access MatrixAccess Matrix


5/29

Use of Access MatrixUse of Access Matrix

If a process in Domain Di tries to do op on object Oj, then op

must be in the access matrix.

Can be expanded to dynamic protection.

Operations to add, delete access rights.

Special access rights:

owner oi

copy op from Oi to Oj

control Dican modify Djaccess rights

transfer switch from domain Di to Dj


6/29

Access Matrix of Figure A With Domains as ObjectsAccess Matrix of Figure A With Domains as Objects

Figure B

Switch access [I,j]


7/29

Access Matrix withAccess Matrix with CopyCopyRightsRights

Ability to copy an access right from one domain of the access matrix

to another is denoted as

[*]. It allows to copy the access rights only within the column for whichright is defined.

There are two different scheme :-

Aright is copied from access [I,j] to access [k,j] ; it is then removedfrom access [I,j] ; this action is a right ,rather then a copy.

Propagation of a copy right may be limited . That is when the right R*is copied from access [I,j] to access [k,j] ; only the right R is created.A process executing in domain Dk can not further copy the right R.

A system may selects only one of three copy rights or it may provide allthree by identifying them as separate rights : copy . Transfer. Limitedcopy.


8/29

Access Matrix withAccess Matrix with CopyCopyRightsRights

A process executing indomain d2 can copy the

read operation into anyentry associated with file f2.


9/29

Addition of new rights or removal ofAddition of new rights or removal of

some rightssome rights

The owner right controls all these operations.

If access [I,j] includes the owner right, then a process executing indomain Di can add & remove any right in any entry in column j.


10/29

Access Matrix WithAccess Matrix With OwnerOwnerRightsRights

Domain D1 is the ownerof F1 & thus can add

and delete any validright in column F1.

Domain D2 is the owner

of F2 & F3 and thus canadd and remove anyvalid right within these

two columns.


11/29

Control Right ( change of entry in row)Control Right ( change of entry in row)

Control right is applicable to only domain objects.

If access [I,j] includes the control right , then a process executing in

domain Di can remove any access right from row j.


12/29

Access Matrix ofAccess Matrix of Figure AFigure A With Domains as ObjectsWith Domains as Objects

Figure B

Switch access [I,j]


13/29

Modified Access Matrix ofModified Access Matrix of Figure BFigure B

Control right in access[D2,D4] .

Then a process executing in domain D2 could modify domain D4.


14/29

End of ChapterEnd of Chapter


15/29

SecuritySecurity


16/29

The Security ProblemThe Security Problem

Security must consider external environment of the system, and

protect the system resources

Intruders (crackers) attempt to breach security

Threat is potential security violation

Attack is attempt to breach security

Attack can be accidental or malicious

Easier to protect against accidental than malicious misuse


17/29

Security ViolationsSecurity Violations

Categories

Breach of confidentiality

Breach of integrity Breach of availability

Theft of service

Denial of service

Methods

Masquerading (breach authentication)

Replay attack

Message modification

Man-in-the-middle attack

Session hijacking


18/29

Standard Security AttacksStandard Security Attacks


19/29

Program ThreatsProgram Threats

Trojan Horse

Code segment that misuses its environment

Exploits mechanisms for allowing programs written by users to

be executed by other users

Spyware, pop-up browser windows, covert channels

Trap Door

S ecific user identifier or assword that circumvents normal

security procedures Could be included in a compiler

Logic Bomb

Program that initiates a security incident under certaincircumstances

Stack and Buffer Overflow

Exploits a bug in a program (overflow either the stack or memorybuffers)


20/29

Cryptography as a Security ToolCryptography as a Security Tool

Broadest security tool available

Source and destination of messages cannot be trusted without

cryptography

Means to constrain potential senders (sources) and / or

receivers (destinations) of messages

Based on secrets (keys)


21/29

Secure Communication over Insecure MediumSecure Communication over Insecure Medium


22/29

EncryptionEncryption

Encryption algorithm consists of

Set of Kkeys

Set of MMessages

Set of Cciphertexts (encrypted messages)

A function E: K (MC). That is, for each k K, E(k) is a function forgenerating ciphertexts from messages.

Both Eand E(k) for any kshould be efficiently computablefunctions.

. , ,

for generating messages from ciphertexts. Both Dand D(k) for any kshould be efficiently computable

functions.

An encryption algorithm must provide this essential property: Given aciphertext c C, a computer can compute msuch that E(k)(m) = conly if itpossesses D(k).

Thus, a computer holding D(k) can decrypt ciphertexts to the plaintextsused to produce them, but a computer not holding D(k) cannot decryptciphertexts.

Since ciphertexts are generally exposed (for example, sent on thenetwork), it is important that it be infeasible to derive D(k) from the

ciphertexts


23/29

Symmetric EncryptionSymmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k), and vice versa

DES is most commonly used symmetric block-encryption algorithm(created by US Govt)

Encrypts a block of data at a time

Triple-DES considered more secure

Advanced Encryption Standard (AES), twofish up and coming RC4 is most common symmetric stream cipher, but known to have

vulnerabilities

Encrypts/decrypts a stream of bytes (i.e wireless transmission)

Key is a input to psuedo-random-bit generator Generates an infinite keystream


24/29

Asymmetric EncryptionAsymmetric Encryption

Public-key encryption based on each user having two keys:

public key published key used to encrypt data

private key key known only to individual user used to decryptdata

Must be an encryption scheme that can be made public withoutmaking it easy to figure out the decryption scheme

os common s oc c p er

Efficient algorithm for testing whether or not a number is prime

No efficient algorithm is know for finding the prime factors of anumber


25/29

Asymmetric Encryption (Cont.)Asymmetric Encryption (Cont.)

Formally, it is computationally infeasible to derive D(kd, N)from E(ke, N), and so E(ke, N) need not be kept secret andcan be widely disseminated

E(ke, N) (or just ke) is the public key

D(kd, N) (or just kd) is the private key

Nis the roduct of two lar e randoml chosen rime

numbers pand q(for example, pand qare 512 bitseach)

Encryption algorithm is E(ke , N)(m) = mkemod N, where

kesatisfies kekdmod (p1)(q1) = 1

The decryption algorithm is then D(kd, N)(c) = ckdmod N


26/29

Asymmetric Encryption ExampleAsymmetric Encryption Example

For example. make p= 7and q= 13

We then calculate N= 713 = 91 and (p1)(q1) = 72

We next select ke

relatively prime to 72 and


27/29

Encryption and Decryption using RSAEncryption and Decryption using RSAAsymmetric CryptographyAsymmetric Cryptography


28/29

AuthenticationAuthentication Digital SignatureDigital Signature

Based on asymmetric keys and digital signature algorithm

Authenticators produced are digital signatures

In a digital-signature algorithm, computationally infeasible to derive S(ks)

from V(kv) Vis a one-way function

Thus, kv is the public key and ks is the private key

Consider the RSA di ital-si nature al orithm

Similar to the RSA encryption algorithm, but the key use is reversed Digital signature of message S(ks)(m) = H(m)

ksmod N

The key ksagain is a pair d, N, where Nis the product of two large,randomly chosen prime numbers pand q

Verification algorithm is V(kv)(m, a) (akvmod N= H(m))

Where kvsatisfies kvksmod (p 1)(q 1) = 1


29/29

End of Chapter 15End of Chapter 15

Documents

Ch11kiit [Compatibility Mode]