ch8 - CHAPTER 8 DISTRIBUTED COMPUTER SECURITY Security and...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CHAPTER 8: DISTRIBUTED COMPUTER SECURITY Security and dependability • Confidentiality - protection from unauthorized disclosure of objects or activities • Integrity - protection from unauthorized modification of data • Availability - protection from denial of service (DoS) • Reliability - tolerance of system faults • Safety - tolerance of user faults 1 Security attacks • External/internal intrusions • Interruption, interception, modification, fabrication Prevention Methods: Security Threats: object subject fabrication modification interception interruption auditing encryption fault-tolerance authorization authentication data access or information flow AAA lines of defense 1. Authentication - outside intruders 2. Authorization - inside intruders 3. Auditing - passive deterrence 2 Security policy, model, and mechanism • Policy - user requirements • Model - formal representation of policies • Mechanism - protection enforcement • Separation of policy and mechanism • Security servers and trusted kernel Authentication - proof of identity What you... • Have (token, key) • Are (biometrics) • Know (password, crypto key) Variants • Weak authentication • Strong authentication (ZKP) 3 Authorization - access control • mandatory - systemwide, e.g., multilevel security • discretionary - individual, e.g., access control matrix Discretionary access control models Access Control Matrix (ACM) • Subjects: identity, class, or role-based • Objects: subjects can also be objects • Rights: access, transfer or copy • ACM a sparse matrix • Reducing the size by using groups and categories • Distributed compartments • Reference monitor 4 Access control matrix examples user A user B user C file a file b file c file d owner owner owner owner read / write execute copy read read append obj....
View Full Document

Page1 / 22

ch8 - CHAPTER 8 DISTRIBUTED COMPUTER SECURITY Security and...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online