Professional Documents
Culture Documents
Network Security
Lecture 2: Fundamentals and Definitions
• Definitions
• Models
• Approaches
• Principals
• Ethics
Defining "Security"
3
Security Properties
Alternatively, what are the bad things that could be done to this
message?
4
Confidentiality
5
Integrity
"Retreat at dawn."
6
Authenticity
• Establishment of identity
• Or, verification of "genuineness"
• Again, cryptography has long considered this
• e.g., HMAC, signatures
7
Availability
8
Non-repudiation
9
Access Control
• Policy specifying how entities can interact with resources
• i.e., Who can access what?
• Requires authentication and authorization
• Access control primitives
10
Authentication
11
Authorization
12
Types of Access Control
13
Access Control Matrices
Given subjects si ∈S, objects oj ∈O, rights {R,W,X},
o1 o2 o3
s1 RW RX
s2 R RWX RW
s3 RWX
14
• Definitions
• Models
• Approaches
• Principals
• Ethics
Abstract Security Models
16
Practical Security Models
• UNIX permissions
• Windows access control
• Java permissions
• Web (same-origin policy)
• Android permissions
• iOS (MAC model)
17
Limitations of Access Matrices
• The Unix model is very simple
• Users and groups, read/write/execute
• Not all possible policies can be encoded
file 1 file 2
• file 1: two users have high
user 1 --- rw-
user 2 r-- r-- privileges
user 3 rw- rwx – If user 3 and user 4 are in a group,
user 4 rw- --- how to give user 2 read and user 1
nothing?
• file 2: four distinct privilege levels
– Maximum of three levels (user, group, other)
18
Access Control List (ACL)
19
Capabilities
20
Capabilities
21
Bell-LaPadula (BLP)
22
Bell-LaPadula
23
Biba Integrity
24
Covert Channels
25
Non-interference
26
Information Flow
27
Explicit Flows
28
Implicit Flows
Given program variables h: high, l: low,
l = 0;
h = h % 2;
if (h == 1) {
l = 1;
}
29
Information Flow Control
30
Side Channels
31
• Definitions
• Models
• Approaches
• Principals
• Ethics
Approaches to Security
33
Avoidance
34
Prevention
35
Detection
36
Recovery
37
• Definitions
• Models
• Approaches
• Principals
• Ethics
Security Principles
39
Economy of Mechanism
41
Defense in Depth
42
Fail-safe Defaults
43
Complete Mediation
44
Complete Mediation
45
Open Design
46
Separation of Privilege
47
Least Privilege
48
Work Factor
49
Work Factor
50
Compromise Recording
51
Threat Models
52
Trust
53
Security vs. Usability
54
• Definitions
• Models
• Approaches
• Principals
• Ethics
Ethics
56
Case Study: Forced Inoculation
57
Flash Worms
58
Case Study: Forced Inoculation
59
Case Study: Disclosure
60
Full Disclosure
61
Responsible Disclosure
62
No Disclosure
63
Conclusion
64