1

Security and Protection

Chapter 9

2

The Security EnvironmentThreats

Security goals and threats

3

Basics of Cryptography

Relationship between the plaintext and the ciphertext

4

• Monoalphabetic substitution– each letter replaced by different letter

• Given the encryption key, – easy to find decryption key

• Secret-key crypto called symmetric-key crypto

Secret-Key Cryptography

5

Public-Key Cryptography

• All users pick a public key/private key pair– publish the public key– private key not published

• Public key is the encryption key– private key is the decryption key

6

Digital Signatures

• Computing a signature block

• What the receiver gets

(b)

7

Authentication Using Passwords

The use of salt to defeat precomputation of encrypted passwords

Salt Password

,

,

,

,

8

Authentication Using a Physical Object

• Magnetic cards– magnetic stripe cards– chip cards: stored value cards, smart cards

9

Authentication Using Biometrics

A device for measuring finger length.

10

Countermeasures

• Limiting times when someone can log in

• Automatic callback at number prespecified

• Limited number of login tries

• A database of all logins

• Simple login name/password as a trap– security personnel notified when attacker bites

11

Mobile Code Sandboxing

Applets can be interpreted by a Web browser

12

Protection Mechanisms Protection Domains (1)

Examples of three protection domains

13

Protection Domains (2)

A protection matrix

14

Protection Domains (3)

A protection matrix with domains as objects

15

Access Control Lists (1)

Use of access control lists of manage file access

16

Access Control Lists (2)

Two access control lists

17

Capabilities (1)

Each process has a capability list

18

• Cryptographically-protected capability

• Generic Rights1. Copy capability

2. Copy object

3. Remove capability

4. Destroy object

Capabilities (2)

Server Object Rights f(Objects, Rights, Check)

19

Windows NT(W2K) Security

• Access Control Scheme– name/password– access token associated with each process

object indicating privileges associated with a user

– security descriptor• access control list

• used to compare with access control list for object

20

Access Token (per user/subject)

Security ID (SID)

Group SIDs

Privileges

Default Owner

Default ACL

21

Security Descriptor (per Object)

Flags

Owner

System Access Control List(SACL)

Discretionary Access ControlList (DACL)

22

Access Control List

ACL Header

ACE Header

Access Mask

SID

ACE Header

Access Mask

SID

.

.

.

23

Access Mask

Generic AllGeneric ExecuteGeneric WriteGeneric Read

Access System Security

Maximum allowed

DeleteRead Control

Write DACWrite OwnerSynchronizeGeneric

Access Types

StandardAccess Types

Specific Access Types

24

Access Control Using ACLs

• When a process attempts to access an object, the object manager in W2K executive reads the SID and group SIDs from the access token and scans down the object’s DACL.

• If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process.