usc-csci530-f08-l06

usc-csci530-f08-l06 - USC CSci530 Computer Security Systems...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  USC CSci530 Computer Security Systems Lecture notes Fall 2008 Dr. Clifford Neuman University of Southern California Information Sciences Institute
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Announcements Mid-term exam Friday October 10 th 9AM-10:40AM, location TBD Open Book, Open Note, No Electronics Lecture from 11-11:50
Background image of page 2
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  CSci530: Computer Security Systems Lecture 6 – 3 October 2008 Authorization and Policy Dr. Clifford Neuman University of Southern California Information Sciences Institute
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Delegated Authentication Usually an authorization problem How to allow an intermediary to perform operations on your behalf. Pass credentials needed to authenticate yourself Apply restrictions on what they may be used for.
Background image of page 4
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Proxies A proxy allows a second principal to operate with the rights and privileges of the principal that issued the proxy Existing authentication credentials Too much privilege and too easily propagated Restricted Proxies By placing conditions on the use of proxies, they form the basis of a flexible authorization mechanism
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Restricted Proxies Two Kinds of proxies Proxy key needed to exercise bearer proxy Restrictions limit use of a delegate proxy Restrictions limit authorized operations Individual objects Additional conditions + Proxy Proxy Conditions: Use between 9AM and 5PM Grantee is user X, Netmask is 128.9.x.x, must be able to read this fine print, can you PROXY CERTIFICATE Grantor
Background image of page 6
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Authenticating Hardware and Software DSSA Delegation is the important issue Workstation can act as user Software can act as workstation if given key Software can act as developer if checksum validated FROM PREVIOUS LECTURE
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Next Generation Secure Computing Base (Longhorn) Secure booting provides known hardware and OS software base. Security Kernel in OS provides assurance
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/21/2010 for the course CS 530 at USC.

Page1 / 70

usc-csci530-f08-l06 - USC CSci530 Computer Security Systems...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online