Last time - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Last time

Description:

postmortem on the message-passing problem. RSA. midterm review ... midterm Thursday 5/1, covers all reading material ... Postmortem on the Message ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 13
Provided by: Steve57
Category:
Tags: last | postmortem | time

less

Transcript and Presenter's Notes

Title: Last time


1
04/29
  • Last time
  • Diffie-Hellman key exchange protocol
  • a message passing problem
  • This time
  • postmortem on the message-passing problem
  • RSA
  • midterm review
  • Administrative
  • review schedule for rest of quarter
  • Work
  • midterm Thursday 5/1, covers all reading material
    through Chapter 9
  • first assignment back Thursday or Tuesday notes
    on book questions available on the course web
    tomorrow
  • second assignment out 5/6, due 5/15
  • light reading for Dittrich's lecture

2
Postmortem on the Message-Passing Problem
  • The problem Alices were given a message and
    told to send it to Bobs within an hour.
  • Eves were listening to all messages between
    Alices and Bobs, and had 24 hours to decode
  • The result a message (of sorts) was sent, but
    not decoded
  • Why the failure?
  • What happened, and what could have happened to
    make success more likely?

3
Pre-Midterm Reading
  • Bishop Chapter 1 Overview
  • Schneier, excerpts from Secrets and Lies
  • Bishop, Chapter 2 Access control matrices
  • Bishop, Chapter 4 Security Policies (overview)
  • Bishop, Chapter 5 Confidentiality Policies
  • skip 5.2.3, 5.2.4, 5.4
  • Bishop, Chapter 6 Integrity Policies
  • Bishop, Chapter 7 Hybrid Policies
  • skip 7.1.2
  • "Inside the Orange Book" chapter from Computer
    Security
  • Bishop, Chapter 9 Basic Cryptography
  • Two chapters from Crypto by Steven Levy "The
    Standard" and "Public Key"

4
Bishop Chapter 1 Overview
  • Basic components confidentiality, integrity,
    availability
  • Threats disclosure, deception, disruption,
    usurpation
  • Policy and mechanism
  • Goals of security prevention, detection,
    recovery
  • Trust and assurance
  • Operational issues
  • the role of cost-benefit analysis
  • Human issues

5
Schneier Secrets and Lies
  • Security as a property of a system
  • Nature of attacks (why are attacks the same as
    and different from security breach in
    conventional systems)
  • Criminal, publicity, and legal attacks
  • Knowing your adversaries motives and resources
  • Security needs
  • security versus integrity versus privacy versus
    anonymity

6
Bishop Chapter 2 Access Control Matrix
  • State of a system and protection state
  • access control matrix describes a protection
    state
  • Subjects, objects, and rights
  • Control of access of aggregate properties (access
    controlled by history)
  • Changes to the matrix attenuation of privilege

7
Bishop Chapter 4 Policies
  • Definition of a security model, a security
    policy, a secure system, and a security
    mechanism
  • Definition of confidentiality, integrity, and
    availability
  • Military versus commercial policies
  • Types of access control discretionary versus
    mandatory versus originator controlled
  • Policy languages high-level versus low-level

8
Bishop Chapter 5 Confidentiality Policies
  • The goal of a confidentiality policy
  • The Bell-LaPadula model
  • preliminary version and full version
  • The MAC system for mandatory access control
  • Tranquility

9
Bishop Chapter 6 Integrity Policies
  • Lipner's basic requirements, and justifications
    for them
  • Basic principles
  • separation of duty
  • separation of function
  • auditing
  • The Biba integrity model
  • low water mark, ring, strict model
  • Lipner's implementation (Biba / Bell LaPadula
    combo)
  • Clark-Wilson model (transactions, constrained
    data items, integrity constraints)

10
Bishop Chapter 7 Hybrid Policies
  • Chinese Wall model
  • Clinical Information Systems security policy
  • Originator Controlled access control
  • Role-based access control

11
Inside the Orange Book
  • Basic purpose of the book measurement,
    guidance, acquisition
  • Four broad divisions of protection
  • what are D, C, B, A, and what technology
    distinguishes them
  • Trusted computing base
  • Policy requirements discretionary access
    control, object reuse, labels, mandatory access
    control
  • Accountability requirements authentication,
    trusted path, audit
  • Assurance requirements operational assurance,
    life-cycle assurance
  • Documentation requirements
  • Compartmented Mode Workstations

12
Bishop Chapter 9 Basic Cryptography
  • Terms cryptosystem, plaintext, ciphertext
  • Types of attacks ciphertext only, known
    plaintext, chosen plaintext, adaptive plaintext
  • Transposition ciphers
  • Substitution ciphers
  • Vignere
  • cracking substitution ciphers
  • word frequencies, index of coincidence, Kasiski
    method
  • one-time pad
  • DES and AES
  • Feistel ciphers, diffusion and confusion
  • Public key Diffie-Hellman and RSA
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Last time" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!