Professional Documents
Culture Documents
ICOM6115
Introduction to Cybersecurity
Based on slides from: Tanenbaum & Woodhull, Operating Systems: Design and Implementation, (c) 2006 Prentice-Hall, Inc. All rights reserved. 0-13-142938-8 and
Silberschatz, Galvin and Gagne, Operating System Concepts 9th Edition 2013
Domain Implementation
Domain Implementation
User
Supervisor
Access Matrix
Access Matrix
If A[i,j] includes
owner right, then it
means that Domain i is
the owner domain of
object j.
Owner domain can
grant and remove
rights to object j to any
other domain.
Owner right gives
power over the matrix
column.
Access Control
Capability-Based Systems
Hydra
Fixed set of access rights known to and
interpreted by the system
Interpretation of user-defined rights performed
solely by user's program; system provides access
protection for use of these rights
Language-Based Protection
Reacquisition
Back-pointers
Indirection
Keys
Protection in Java 2
Stack Inspection
Categories
Breach of confidentiality - unauthorized
reading of data
Breach of integrity - unauthorized
modification of data
Breach of availability - unauthorized
destruction of data
Theft of service - unauthorized use of
resources
Denial of service - preventing legitimate
use of the system
Methods
Masquerading (breach authentication) participant pretends to be someone else
Replay attack - malicious repeat of valid
data transmission
Message modification
Man-in-the-middle attack
Session hijacking
Trojan Horse
Code segment that misuses its environment
For example: a compiler that adds malicious
code to a compiled program, an editor program
may still important data on edited files, ..
Exploits mechanisms for allowing programs
written by users to be executed by other users
Spyware, pop-up browser windows, covert
channels
Trap Door
Specific user identifier or password that
circumvents normal security procedures
Could be included in a compiler, a system may
have hardwired users,
Logic Bomb
Program that initiates a security incident under
certain circumstances
#include <stdio.h>
int main(int argc, char *argv[]) {
execvp( \bin\sh , \bin \sh , NULL);
return 0;
}
#include <stdio.h>
int main(int argc, char *argv[]) {
execvp( \bin\sh , \bin \sh , NULL);
return 0;
}
Viruses
Code fragment embedded in legitimate program
Very specific to CPU architecture, operating
system, applications
Usually borne via email or as a macro
Visual Basic Macro to reformat hard drive
Before attack
After attack
Sub AutoOpen()!
Dim oFS!
!Set oFS =
CreateObject( Scripting.FileSystemObject
)!
!vs = Shell( c:command.com /k format
!c: ,vbHide)!
End Sub!
File
Boot
Macro
Source code
Polymorphic
-
-
-
-
-
Encrypted
Stealth
Tunneling
Multipartite
Armored
Port scanning
Automated attempt to connect to a range of ports
on one or a range of IP addresses
Denial of Service
Denial of Service
Overload the targeted computer preventing it from
doing any useful work
Distributed denial-of-service (DDOS) come from
multiple sites at once
Encryption (1)
Set of K keys
Set of M Messages
Set of C ciphertexts (encrypted messages)
A function E : K (MC). That is, for each k K,
E(k) is a function for generating ciphertexts from
messages
Both E and E(k) for any k should be efficiently
computable functions
A function D : K (C M). That is, for each k K,
D(k) is a function for generating messages from
ciphertexts
Both D and D(k) for any k should be efficiently
computable functions
Encryption (2)
Cryptography (Cont.)
Authentication (1)
Algorithm components
A set K of keys
A set M of messages
A set A of authenticators
Authentication (2)
A function S : K (M A)
That is, for each k K, S(k) is a function for
generating authenticators from messages.
Both S and S(k) for any k should be efficiently
computable functions
A function V : K (M A {true, false}). That is,
for each k K, V(k) is a function for verifying
authenticators on messages.
Both V and V(k) for any k should be efficiently
computable functions.
Authentication (Cont.)
Authentication (Cont.)
Basis of authentication
Creates small, fixed-size block of data
(message digest, hash value) from m
Hash Function H must be collision resistant
on m
Must be infeasible to find an m m such that
H(m) = H(m )
V is a one-way function
Thus, kv is the public key and ks is the private
key
Authentication (Cont.)
Key Distribution
Man-in-the-middle Attack on
Asymmetric Cryptography
Digital Certificates
Virus protection
Auditing, accounting, and logging of all or
specific system or network activities