lesson 4 computer security
DESCRIPTION
Lesson 4 Computer Security. Overview. Definition/Goals Access Controls Security Models Authentication Protocols. Secrets - PowerPoint PPT PresentationTRANSCRIPT
Lesson 4Computer Security
Overview
Definition/Goals Access Controls Security Models Authentication Protocols
Secrets
In a world where data is coin of the realm, and transmissions are guarded by no better sentinels than man-made codes and corruptible devices, there is no such thing as a secret.
Secrets
In a world where data is coin of the realm, and transmissions are guarded by no better sentinels than man-made codes and corruptible devices, there is no such thing as a secret.
“This Alien Shore”, C. S. Friedman (C) 1998
Computer Security
The Prevention and/or detection of unauthorized actions by users of a computer system.
In the beginning, this meant ensuring privacy on shared systems.Today, interesting aspect of security is in enabling different access levels.
What are our goals in Security?
The “CIA” of security Confidentiality Integrity
Data integritySoftware Integrity
AvailabilityAccessible and usable on demand
(authentication) (nonrepudiation)
Access Controls
“Access controls serve to enforce an authorization policy, which specifies what activity is allowed and who is allowed to initiate it.”
Governs not only activities by human actors but non-human actors as well.
Can apply to any media – print, tapes, networks, memory, . . .
Access modes
Read – allows entity to read the file or view the file’s attributes
Write – allows the entity to write to the file, which may include creating, modifying, or appending to the file.
Execute – the entity may load the file and run it.
Delete – the entity may remove the file from the system.
Change Permissions, change ownership
Protection Table
Illustrates what access controls are designed to do
File 1 File 2 File 3 Printer DiskUser 1 Read Write
WriteUser 2 Execute Read Write Read
WriteProg 1 Read Read
Write
• Protection Table seems like an easy solution to access control problem but . . .• Required table extremely large• Table generally sparsely populated
File Passwords
In order to gain access to a file the user must present the system with the file’s password.
Initial assignment can be accomplished by sysadmin or creator of file.
In order to control the type of access granted to the file, multiple passwords for each file may be necessary.
Method is easy to implement and understand.
File passwords - problems
Since users will have to remember different passwords for each file it will mean LOTS of passwords to remember (or write down!).
No easy way to keep track of who has access to the password for a file. Passwords distributed manually which leaves no automated audit
trail. Hard to control.
Revocation easy to do (change a password), problem is doing it without affecting all of the other users.
Files (programs) that require access to other files requires that all passwords be identified before program is executed or execution has to be interrupted to wait for a user to enter the required password.
Biometrics
Basic premise: “you are the indentification and authenticator” physical recognition voice recognition finger prints retinal scans iris scans
Access Tokens
Basic premise: a physical object serves to authenticate the holder, most systems combine access token with a password
ATM Card (authentication example : insert token, enter PIN)
Smart cards Credit Card (authentication example : signature,
expiration date, addition ID)
Access Control Lists (ACL)
Divides protection table by columns. ACLs are created for each object.
User 1 ExecuteUser 2 Read, Write, ListUser 4 Read, ListProgram 1 Write
User 1 ReadUser 2 ReadUser 3 Read, Execute, ListProgram 1 Write
File 1 Disk 1
Access Control Lists
Can easily answer question “which subjects have access to a specific object?” This is the more frequently asked question. Hard to answer “which objects does a specific
subject have access to?”
Access to a file can easily be revoked. Storage space is saved.
Generally more objects than subjects
Protection Bits
A modification of ACLs. Protection bits are attached to each file but instead of
providing a complete list of all users they specify permissions for specific classes.
Sometimes referred to as “permission bits”. Example classes: Owner, Group, World
File 1 r,w,x, , , r, ,x, , , , , x, , ,File 2 r, ,x,d, , r, ,x, , , , , , , ,
Protection Bits
Owner
R W E
Group
R W E
World
R W E
UNIX Example
UNIX Example: R W E, R, , E, , , E 1 1 1 1 0 1 0 0 1
7 5 1Thus, permission set for this object can be contained in 9 bits
Security Models
Bell-LaPadula Aimed at “military style” security
Multi-level security Two main properties
“Simple Security Property” No subject is allowed to read information which is of a
higher classification (no read up) *-Property
A subject may not write to an object with a lower classification (no write down)
Disclosure (confidentiality) is the issue But, doesn’t address data aggregation
Security Models
Chinese Wall Separation between mutually distrustful individuals
(but that have same “clearance”) Clark-Wilson
Concerned with data integrity as opposed to confidentiality Thus, commercial applications in mind
Constrained data – limit what processes an individual can run which will limit the data they can view/affect
The “Orange Book”
The NCSC (NSA) developed the Trusted Computer System Evaluation Criteria (TCSEC)
Designed to meet three objectives to provide guidance to manufacturers as to what security
features to build into their products to provide the DoD customers with a metric to evaluate the
degree of trust they could place in a computer system to provide a basis for specifying security requirements in
acquisition specifications Particular emphasis is on preventing unauthorized
disclosure of information. Based on Bell-La Padula security model
The Orange Book
Discretionary –vs- MandatoryAccess Controls
Controls so far have granted access at the “discretion” of the user.
Mandatory access controls are designed to maintain controls that have been mandated – There MUST be a separation.
Mandatory access controls place additional restrictions on access by attaching a label to all subjects and objects indicating the clearance or security level classification. Considerable overhead associated with this.
Covert Channels
Covert channels take advantage of illicit communication through a legitimate information channel.
An issue for Mandatory Access Controls. Two types of covert channels
storage channels any communication path that results when one process causes
an object to be written and another process observes the effect. timing channels
any communication path that results when a process produces some effect on system performance that is observable by another process and is measurable with a timing base such as a real-time clock
Security Kernel
The HW and SW that implements the “reference monitor” All accesses that subjects make to objects are authorized on information
in an access control database. The specific checks that are made and all modifications to the access
control database are controlled by the reference monitor in accordance with the established security policy.
Audit File
ReferenceMonitor
AccessControl
Database
ObjectsSubjects
Authentication
“Authentication is the process of determining whether information is trustworthy and genuine.”
Key question for computers and networks is how do you verify that the user is who they claim to be?
3 general methods to authenticate Something you know Something you have Something about you/that you are
Something you Know
Most common technique for Authentication -- userids/password combination Theoretically not a bad technique if chosen correctly Length and size of character set have direct relationship on the
strength of the chosen passwordFor example, if lower case alphabet used:
1 character length = 26 possible passwords 2 character length = 26 x 26 = 676 possible passwords 3 character length = 26 x 26 x 26 = 17,576, and so on
If upper and lower case alphabetic characters used 1 character length = 52 possible passwords 2 character length = 52 x 52 = 2704 possible passwords 3 character length = 52 x 52 x 52 = 140,608 possible passwords
Password Cracking NT, brute force Unix, Dictionary attack
Something you have (access tokens)
May combine this method and userid/password Physical keys Magnetic cards
information stored on card, example is credit card Smart cards
more information stored, may be encrypted “calculators”
device that looks like (and may even function as) a calculator.
Process may proceed as follows:user presents userid or namesystem responds with challengechallenge punched into calculator - returns responseuser supplies response to system
Something about you
Biometrics Voice prints Fingerprint Retinal Scan Hand Geometry Signature analysis
Problems with the 3 basic Authentication Techniques
Something you know: people write things down, they choose poorly
Something you have requires additional hardware ($) People lose them
Something about you requires additional hardware ($$) things about you can change
Authentication Protocols
Basic Approach
Client Server
User types in name and password.The client sends them in the clear.
Server looks name up inDB and retrieves password.If retrieved and sent passwords match, user is allowed access.
Authentication Protocols
Updated Approach
Client Server
The client sends name in the clear.
Server looks name up inDB and retrieves hashed password. If retrieved and sent hashed passwords match, user is allowed access.
User types in name and password.Client produces hashed version of password.
Client sends hashed password.
Authentication ProtocolsKerberos Model
Client
Server
Server validates everything. (Server and Kerberos server share long-term key. The ticket is a message from the Kerberos server to the server encrypted with this key)
Client uses session key to create an “authenticator” that will be used to prove identity of user to server.
Kerberosserver
User requests permission from Kerberos Server to log into server.
If user is allowed on server, Kerberos responds with Ticket and session key.
Client sends Ticket and authenticator
Summary
Definition/Goals The “CIA” of security
Access Controls Modes, Passwords, ACLS, Biometrics
Security Models Bell-LaPadula, Chinese Wall, Clark-Wilson
Authentication Protocols Basic, Hashing, Kerberos