L18.sp11 - Distributed Systems CS 425 / CSE 424 / ECE 428...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Distributed Systems CS 425 / CSE 424 / ECE 428 Distributed Systems CS 425 / CSE 424 / ECE 428 Security Reading: Chapter 7 (relevant parts) 010, I . Gupta, K. Nahrtstedt, S. Mitra, N. Vaidya, M. T. Harandi, J. Hou Security Threats Security Threats Leakage: An unauthorized party gains access to a service or data. Attacker obtains knowledge of a withdrawal or account balance, e.g., via eavesdropping Tampering: Unauthorized change of data, tampering with a service Attacker changes the variable holding your personal checking $$ total Vandalism: Interference with proper operation, without gain to the attacker Attacker does not allow any transactions to your account E.g., DOS=denial of service More Concerns More Concerns Attacks on Communication Channel / Network Eavesdropping Obtaining copies of messages without authority. Masquerading Sending or receiving messages with the identity of another principal (user or corporation). Message tampering Intercepting messages and altering their contents before passing them onto the intended recipient. Replaying Intercepting messages and sending them at a later time. Denial of Service Attack flooding a channel or other resources (e.g., port) with messages. Addressing the Challenges: Security Addressing the Challenges: Security Leakage: An unauthorized party gains access to a service or data. Confidentiality : protection against disclosure to unauthorized individuals. Tampering: Unauthorized change of data, tampering with a service Integrity : protection against alteration or corruption. Vandalism: Interference with proper operation, without gain to the attacker Availability : protection against interference with the means to access the resources. Security Policies & Mechanisms Security Policies & Mechanisms A Security Policy indicates which actions each entity (user, data, service) is allowed or prohibited to take. E.g., Only an owner is allowed to make transactions to his account. CIA properties....
View Full Document

Page1 / 23

L18.sp11 - Distributed Systems CS 425 / CSE 424 / ECE 428...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online