lecture_2

lecture_2 - Security Principles and Policies CS 136...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 2 Page 1 CS 136, Winter 2010 Security Principles and Policies CS 136 Computer Security Peter Reiher January 7, 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 2 Page 2 CS 136, Winter 2010 Outline Security terms and concepts Security policies Basic concepts Security policies for real systems
Background image of page 2
Lecture 2 Page 3 CS 136, Winter 2010 Security and Protection Security is a policy E.g., “no unauthorized user may access this file” Protection is a mechanism E.g., “the system checks user identity against access permissions” Protection mechanisms implement security policies
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 2 Page 4 CS 136, Winter 2010 Trust An extremely important security concept You do certain things for those you trust You don’t do them for those you don’t Seems simple, but . . .
Background image of page 4
Lecture 2 Page 5 CS 136, Winter 2010 Problems With Trust How do you express trust? Why do you trust something? How can you be sure who you’re dealing with? What if trust is situational? What if trust changes?
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 2 Page 6 CS 136, Winter 2010 An Important Example Consider a typical home computer Let’s say it only has one user What’s trust got to do with this case? What if it connects to the Internet? Do we treat everything out on the Internet as trusted? If not, how do we tell what to trust? And just how much?
Background image of page 6
Lecture 2 Page 7 CS 136, Winter 2010 Main() { . . . } Continuing Our Example And what about the software it runs? Main() { . . . } Is it all equally trusted? If not, how do we determine exactly what each program should be allowed to do? Main() { . . . } Main() { . . . } Main() { . . . }
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 2 Page 8 CS 136, Winter 2010 Trust Is Not a Theoretical Issue Most vulnerabilities that are actually exploited are based on trust problems Attackers exploit overly trusting elements of the computer From the access control model to the actual human user Taking advantage of misplaced trust Such a ubiquitous problem that some aren’t aware of its existence
Background image of page 8
Lecture 2 Page 9 CS 136, Winter 2010 A Trust Problem A user is fooled into downloading a Trojan horse program He runs it and it deletes a bunch of files on his computer Why was this program trusted at all? Why was it trusted to order the deletion of unrelated files?
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 2 Page 10 CS 136, Winter 2010 Another Example of Trust Problems Phishing Based on fooling users into clicking on links leading to bad sites Usually resulting in theft of personal information Why does the user (or his computer) trust those sites? Or the email message telling him to go there?
Background image of page 10
Page 11 CS 136, Winter 2010 A Third Example of Trust Problems Buffer overflows A mechanism for taking control of a running program Allows attacker to tell the program to do things it wasn’t designed to Why should that program be able to do arbitrary things, anyway? Why did we
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 63

lecture_2 - Security Principles and Policies CS 136...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online