Security - Advanced Operating System - Lecture Slides, Slides of Computer Science

These are the lecture Slides of Advanced Operating System which includes Virtual Memory Performance, Resident Set Management, Allocating Pages, Page Fault Frequency Algorithm, Working Set Strategy, Thrashing, Replacement Policy, Multiprogramming Level etc. Key important points are: Security, Levels of Threat, Cost of Security, Security Goals, Threats to System Security, Methods of Attack, Methods of Defense, Cryptography, Encryption Media, Types of Encryption

Typology: Slides

2012/2013

Uploaded on 03/20/2013

dharmaketu
dharmaketu 🇮🇳

4.6

(165)

99 documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security
Networked Computer Systems 1
Security
Levels of Threat
The level of system security required
depends upon the expertise of the
attacker.
1. Ordinary web user
2. Sophisticated user (CS students)
3. Professional Thief
4. Insider
5. Corporate
6. Government
Cost of Security
Security has a cost in hardware,
software and user convenience.
The cost of defeating a security
system must be greater than
the value of the data it protects.
Security Goals
The goals for protecting any system are to
assure that the following criteria are met:
1. Availability services up and running.
2. Integrity Control data is created/modified by
authorized parties only.
3. Secrecy/Confidentiality access is restricted to
authorized parties.
4. Authentication verifying identity
5. Non-repudiation verification of action or data
Threats to System Security
Threats to network security typically come
in any of four forms:
1. Interception sniffing, wiretapping, eavesdropping
2. Modification unauthorized access/tampering
3. Fabrication impersonation or fabrication of data
or objects to gain access to services/information.
4. Interruption Denial of Service
Methods of Attack
Eavesdropping
Viewing data or passwords on the network.
Easy to do on broadcast networks.
Message Tampering
Changing messages as they travel the
network.
Masquerading
Sending messages and programs with
invalid sender identification.
Docsity.com
pf3
pf4
pf5

Partial preview of the text

Download Security - Advanced Operating System - Lecture Slides and more Slides Computer Science in PDF only on Docsity!

Security

Levels of Threat

The level of system security required depends upon the expertise of the attacker.

  1. Ordinary web user
  2. Sophisticated user (CS students)
  3. Professional Thief
  4. Insider
  5. Corporate
  6. Government

Cost of Security

  • Security has a cost in hardware, software and user convenience.
  • The cost of defeating a security

system must be greater than

the value of the data it protects.

Security Goals

The goals for protecting any system are to assure that the following criteria are met:

1. Availability – services up and running. 2. Integrity Control – data is created/modified by authorized parties only. 3. Secrecy/Confidentiality – access is restricted to authorized parties. 4. Authentication – verifying identity 5. Non-repudiation – verification of action or data

Threats to System Security

Threats to network security typically come in any of four forms:

1. Interception – sniffing, wiretapping, eavesdropping 2. Modification – unauthorized access/tampering 3. Fabrication – impersonation or fabrication of data or objects to gain access to services/information. 4. Interruption – Denial of Service

Methods of Attack

  • Eavesdropping
    • Viewing data or passwords on the network.
    • Easy to do on broadcast networks.
  • Message Tampering
    • Changing messages as they travel the network.
  • Masquerading
    • Sending messages and programs with invalid sender identification.

Docsity.com

Methods of Attack (cont.)

  • Replay
    • Interception and duplication of transmissions at a later time.
  • Denial of Service
    • Crashing the system or flooding it with messages or tasks.
  • False Identification
    • Password Guessing
  • Malicious Software
    • Viruses, Worms, Trojan Horses, etc.

Methods of Defense

  • Cryptography – encoding of data or messages
  • Software Controls – Antivirus
  • Hardware Controls – smartcards, biometrics
  • Physical Controls – locked doors
  • Security Policies & Procedures
  • User Education
  • Penalty of Law
  • for effective security, many/all of the above should be utilized in cooperation/coordination.

Cryptography

  • Cryptography in general represents the process of encrypting a plain-text message into an unreadable cipher so that it can be sent through a network to be decrypted/deciphered by the intended recipient.
  • Cryptography is an important tool for security.

Plaintext Encryption Decryption Plaintext

Key Key

Encryption Media

  • Encryption can be used to secure messages sent over a network.
  • Encryption can also be used to secure data stored on a computer.
  • Think of a data file as a very slow message.

Types of Encryption

  • Secret Key
    • The encryption key is the same as the decryption key.
    • Sender and receiver have to securely share a key.
  • Public Key
    • The key to decrypt is different, but related to, the key to encrypt.
    • The encryption key can be made public while the decryption key is kept secret.

Secret Key Cryptography

  • Keys exchanged prior to communications. Parties verified at that time.
  • Key to encrypt message is the same as key to decrypt.
  • DES and AES encryption are examples of Secret Key Cryptography.

Plaintext

D

Secret Key (^) Same Secret Key

E

Plaintext Ciphertext

Network

Ciphertext

User1 User

Docsity.com

Encryption Methods

  • Block Cipher – one block of plaintext is encrypted to one block of cipher text.

Plaintext 1

Cipher text 1

Key

Plaintext 2

Cipher text 2

Key

Encryption Methods

  • Stream Cipher – blocks are XORed with previous blocks.

Plaintext 1

Cipher text 1

Key

Plaintext 2

Cipher text 2

Key

Digital Signatures

  • Offer similar protections as hand- written signatures in the real world. 1. Difficult to forge. 2. Easily verifiable. 3. Not deniable. 4. Easy to implement. 5. Differs from document to document.

Message Hash

  • A message hash is a checksum like value or condensed version of a file.
  • Any change to a file will produce a different message hash.
  • Message hashes are one way functions. There is no known method of creating a data file to match a known message hash.
  • SHA-1 is a Standard Hash Algorithm

Digital Signature

  • Digitally signed messages can have clearly viewed plaintext in the body of the message, the objective is to verify the sender.
  • With RSA public key encryption either key can be used to encrypt or decrypt.

Digital Signature Process

  • A hash of the data is created. The name of the sender is appended to the hash.
  • The hash is encrypted with the private key of the sender.
  • The hash is appended to the data and transmitted together.
  • The receiver decrypts the hash with the public key of the sender.
  • The receiver calculates a hash of the message and compares it to the received hash.

Docsity.com

Digital Signature

User 1 Public Key

Plaintext

Signature

Network

User User

Remote Public Key Directory: User 1

One Way Hash

Condensed Bits E

User 1 PublicKey Private Key

Encryption

Public Key Decryption

(general - public key)

Signature

One Way Hash Bits

D C VerifiableOutput

Plaintext

Compare hashes

Digital Signature Use

  • Digitally signed email verifies the sender.
  • Signed applets or programs come from a known source and have not been modified.
  • Digitally signed programs cannot be modified or infected with a virus.
  • Digitally signed documents cannot be changed.

Key Distribution

  • If you are going to rely on public key encryption, it is necessary to ensure the authenticity of public keys.
  • Keys can be distributed by
    • Key Servers
    • Digital Certificates

Key Servers

  • Key servers are computers that have a database of public keys.
  • Upon receiving a request for a public key, a key server sends the client the desired public key.
  • The messages from the key server are digitally signed.
  • Clients have to know the key server’s public key.

Digital Certificates

  • A digital certificate contains a user’s public key along with some information about the user, such as their email address.
  • The digital certificate is digitally signed by a Certificate Authority.
  • Certificate Authorities are venders of digital certificates.
  • Clients must know the public key of the Certificate Authority.

Digital Certificates

Docsity.com

Secure Logon

  • Sending your password in plaintext across the network is not very secure.
  • Does encrypting the password before you send it provide additional security?

Malicious Software Zoo

  • Trojan Horse – Functionality hidden in a software package.
  • Worm – Self replicating software
  • Virus – Self replicating software that attaches itself to other programs.
  • Malicious software can only attack a system if it is executed.

Docsity.com