Tuesday, May 4, 2010
Lecture 24: Secure Communications
Monday, May 3, 2010
Saturday, May 1, 2010
Lecture 18: Access Control
After Nathan presented we spent most of the class reviewing operating systems. We went over memory and address protection. This is when the so prevents programs from corruption other programs or data. Often the so can exploit hardware support for this protection. We then went over some protection techniques. For example fence register protects operating systems from user programs. Then there is tagged architecture. This is when each memory word has one or more extra bits that identify access rights to words. We then went over segmentation. Segmentation is when each program has multiple address spaces. Some advantages are users can share access to a segment with potentially different access rights, and users cannot access an unpermitted segment. We then went over paging. And how it is done and used in operating systems. Some advantages of paging are users cannot access an unpermitted page and users can share access to a page with potentially different access rights.
After the review we went over Access Control. We did not make it very far into this topic. We only covered 5 slides. We discussed what the three goals of access control are. These goals are to check every access, enforce least privilege, and verify acceptable use. We then talked about the issues with access control. Some issues are the list becomes too large if many shared objects are accessible to all users, another issue is multiple permissions. This is as far as we got on the slides for this day.
Wednesday, April 28, 2010
Lecture 23: Network Threats
Today's presentation by Troy covered the WEP (Wired-Equivalent Privacy) cryptosystem for wireless networks. The system used a flawed encryption method and revealed too much information in the packets it creates. Cracking the cryptosystem requires the use of thousands of snooped packets, but this can be collected in little time, and after the collection period, key cracking takes very litle time.
Today's lecture covered network security.
Networks and particularly internet-based networks are particularly vulnerable to attacks. Networks afford anonymity of attackers, plenty of points of attack, easier access, and potentially more security holes if computers with different security systems or OSes are part of the network. The protocol used in a network can also be a weak point if it has vulnerabilities.
There are many aspects to possible attackson a network. All attacks first need some sort of information gathering. Reconnaissance on the vulnerabilities of a network is generally easy. Port scans gather the ports which a computer is listening to. People involved in the network are generally good sources of information if a little social engineering is used.
Eavesdropping on a network tends to be simple. Wired connections can usually be wiretapped stealthily. Wireless connections are even easier to eavesdrop.
Impersonation attacks involve pretending to be some member of a network. This involves either obtaining a password or exploiting vulnerabilities in rights management systems.
Spoofing attacks involve a weaker form of impersonation, but is applicable to more than just users. For example, a phishing attack involves the attacker spoofing a website to look just like another website, with a convincing address to add to the illusion. Spoofing attacks also cover session hijacks and man-in-the-middle attacks.
Session hijacking is a spoofing attack where an attacker hijacks a TCP connection or HTTP session and inserts malicious data or obtains private information. Man-in-the-middle attacks are similar, but instead of masquerading as an endpoint, the attacker becomes an intermediate node, possibly masquerading as both endpoints at once. It may also allow the attacker to alter packets as they move around the network.
Attackers may also attack the topology of the network by poisoning DNS caches, creating "evil twins", or creating "black holes" which attract packets and drops them.
In some cases, the existence of communication alone can be an important information, and traffic flow analysis tries to detect these covert conversations.
Websites have their own sets of vulnerabilities, mostly involving the interaction with a server trying to generate web pages. Some exploits include modified state information, cross-site scripting, buffer overflows, etc. Some vulnerabilities involve the server asking the client to run a certain piece of code (for example, Java applets), and this can be exploited by attackers to harm the user.
(Distributed) Denial of Service attacks a network's availability. This can be done by disrupting physical connections, flooding connection attempts via SYN flooding, ping floods via smurf attacks, etc. Attackers may use botnets to perform these attacks, since they tend to require huge amounts of resources.
All of these attacks are doable with easy-to-get, convenient programs.
Lecture 21 : Trusted Operating System
Then, Dr. Gunes gave us an overview of Lecture # 20 during which he talked about trusted operating system design and different security design principles. He highlighted an idea,” after designing a trusted OS how it will complicate the things further”. On one hand he stated an ordinary operating system functions & its security features however on other hand he mentioned a trusted operating system functions and its security features. Further, he mentioned, the kernel is a part of an OS that performs lowest level functions whereas the security kernel is responsible for enforcing security mechanisms for the entire OS. The kernel generally performs 6 functions and those are coverage, separation, unity, modifiability, compactness, and verifiability.
Then, Dr. Gunes moved on to lecture # 21 topics & started with the term reference monitor which is the portion of a security kernel that controls the accesses to objects, in short it acts as a gate keeper. Hardware, processes, primitive files, protected memory & inter-process communication are the system elements on which security enforcement depends. He remarked that a piece of hardware is harder to tamper with, compared to a software. Next, he explained a typical division into TCB & non-TCB sections with the help of a diagram & then he described four basic interactions which TCB monitors & those are: process activation, execution domain switching, memory protection & I/O operation.
Further, he described a combined security kernel/operating system architecture as well as separate security kernel architecture. Physical, temporal, cryptographic & logical are the four ways to separate one process from others. Then, he drew our attention to the concept of virtualization, virtual machine as well as the layered OS design with modules operating in different layers. There are 3 ways to assure that a model, design, & implementations are correct & those are: testing, verification, & validation.
Furthermore, Dr. Gunes moved on to a new chapter & he started with the term security policies. He noted that Military security policy is a hierarchical policy & he emphasized an idea of compartments & sensitivity levels also. He went through classification & clearance concepts. Finally, Dr. Gunes concluded the lecture after describing 4 different security models in brief & those are: Lattice model, Bell-La Padula model, Harrison Ruzzo Ullman model & Take Grant model.
Wednesday, April 14, 2010
Lab assignment on Trusted Computing
You may post questions or comments under this blog entry.