Lecture2 - IS2150/TEL2810 IntroductiontoSecurity JamesJoshi

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 1 September 8, 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Objectives Understand the basic principles of  secure system design Learn about the basics of access  control  Understand access control in Unix and  Windows environment 2
Background image of page 2
Some questions Should a system be secure by design or can  system be made secure after it is built? In Unix can you control permissions  associated with files when they are created? Can you specify that “user A, B and C can  read, write and execute, respectively,” your  file - in Unix?, in Windows? 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Design Principles
Background image of page 4
5 Design Principles for Security Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design  Separation of Privilege Least Common Mechanism Psychological Acceptability
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Overview Based on the idea of  simplicity  and  restriction  Why  Simplicity? Why  Restriction?
Background image of page 6
7 Least Privilege A subject should be given only those  privileges necessary to complete its task Assignment of privileges based on Function OR Identity-based, … ? Based on  “Need to know”; “Relevance to situation” … Examples? Confine processes to “minimal protection domain” How can it be enforced?  In Unix? Windows? Challenge? [Complexity?]
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Fail-Safe Defaults What should be the default action? If action fails, how can we keep the  system safe/secure? Transactions based systems? When a file is created, what privileges are  assigned to it? In Unix? In Windows?
Background image of page 8
9 Economy of Mechanism Design and implementation of security  mechanism  KISS Principle (Keep It Simple, Silly!) Simpler means? Careful design of Interfaces and  Interactions
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 Complete Mediation No caching of information Mediate all accesses Why? How does Unix read operation work? Any disadvantage of this principle?
Background image of page 10
11 Open Design Security should not depend on secrecy  of design or implementation Source code should be public? “Security through obscurity” ? Does not apply to certain “information” Secrecy of : keys vs encryption algorithm”? What about the “Proprietary software”?
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
12 Separation of Privilege Restrictive access  Use multiple conditions to grant privilege Equivalent to Separation of duty Example?
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 55

Lecture2 - IS2150/TEL2810 IntroductiontoSecurity JamesJoshi

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online