Lecture2 - IS 2150 TEL 2810 Introduction to Security James...

Info iconThis preview shows pages 1–16. Sign up to view the full content.

View Full Document Right Arrow Icon
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 2 September 6, 2011
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Objectives Understand the basic principles of secure system design Learn about the basics of access control Understand access control in Unix and Windows environment 2
Background image of page 2
Some questions Should a system be secure by design or can system be made secure after it is built? In Unix can you control permissions associated with files when they are created? Can you specify that “user A, B and C can read, write and execute, respectively,” your file - in Unix?, in Windows? 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 Design Principles
Background image of page 4
5 Design Principles for Security Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 Overview Based on the idea of simplicity and restriction Why Simplicity? Why Restriction?
Background image of page 6
7 Least Privilege A subject should be given only those privileges necessary to complete its task Assignment of privileges based on Function OR Identity- based, … ? Based on “Need to know”; “Relevance to situation” … Examples? Confine processes to “minimal protection domain” How can it be enforced? In Unix? Windows? Challenge? [Complexity?]
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8 Fail-Safe Defaults What should be the default action? If action fails, how can we keep the system safe/secure? Transactions based systems? When a file is created, what privileges are assigned to it? In Unix? In Windows?
Background image of page 8
9 Economy of Mechanism Design and implementation of security mechanism KISS Principle (Keep It Simple, Silly!) Simpler means? Careful design of Interfaces and Interactions
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
10 Complete Mediation No caching of information Mediate all accesses Why? How does Unix read operation work? Any disadvantage of this principle?
Background image of page 10
11 Open Design Security should not depend on secrecy of design or implementation Source code should be public? “Security through obscurity” ? Does not apply to certain “information” Secrecy of : keys vs encryption algorithm”? What about the “Proprietary software”?
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
12 Separation of Privilege Restrictive access Use multiple conditions to grant privilege Equivalent to Separation of duty Example? Changing to root account in Berkley-based Unix … need two conditions!
Background image of page 12
13 Least Common Mechanism Mechanisms should not be shared What is the problem with shared resource? Covert channels? Isolation techniques Virtual machine Sandbox
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
14 Psychological Acceptability Security mechanisms should not add to difficulty of accessing resource Hide complexity introduced by security mechanisms Ease of installation, configuration, use Human factors critical here Proper messages
Background image of page 14
15 Access Control - Introduction
Background image of page 15

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 16
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 57

Lecture2 - IS 2150 TEL 2810 Introduction to Security James...

This preview shows document pages 1 - 16. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online