CMSC 414 Computer and Network Security Lecture 11 - PowerPoint PPT Presentation

About This Presentation

Title:

CMSC 414 Computer and Network Security Lecture 11

Description:

Compiler must explicitly designate capabilities to use in a particular situation ' ... Capabilities do not require subjects to 'know' object names a priori ... – PowerPoint PPT presentation

Number of Views:17

Avg rating:3.0/5.0

Slides: 8

Provided by: jka9

Learn more at: https://www.cs.umd.edu

Category:

Tags: cmsc | computer | lecture | network | priori | security

Transcript and Presenter's Notes

Title: CMSC 414 Computer and Network Security Lecture 11

1
CMSC 414Computer and Network SecurityLecture 11

Jonathan Katz

2
Exam review
3
Example use of capabilities

From The Confused Deputy, by Hardy
Compiler in directory SYS
User can provide file for debugging output
Compiler can write statistics to SYS/stat
Compiler given ability to write to SYS
User set debugging file to SYS/billing
Allowed
Overwrote billing file!

4
Example continued

Underlying problem authority from two sources
static authority of caller
How to solve this problem?
Check filenames explicitly?
They can change
Legitimate access to SYS files
Add specific list of conditions?
Complexity grows
Switch authorities?
What if more than two authorities are possible?
ACLs do not work (why?)

5
Suggested solution

Use capabilities
Give compiler capability to write to SYS/stat
Calling user can provide additional capabilities,
if needed
Compiler must explicitly designate capabilities
to use in a particular situation

6
Capability myths

Equivalence myth ACLs and capabilities are
just two views of the AC matrix
Confinement myth Capability systems cannot
enforce confinement
Irrevocability myth Capabilities cannot be
revoked

7
Equivalence myth

ACLs have arrows from objects to subjects
capabilities have arrows from subjects to
objects
Capabilities do not require subjects to know
object names a priori
Capabilities do not require subjects to know
whether they have authority

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

Introducing-PowerShowcom PowerPoint PPT Presentation

Introducing-PowerShowcom - Introducing-PowerShowcom (Without Music)

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

CMSC 414 Computer and Network Security Lecture 25 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 25 - CMSC 414 Computer and Network ... (can then be handled out-of-band) Honeypots Decoy systems to lure ... address spoofing Stateful firewalls Typical packet ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 10 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 10 - Bad cryptography, bad implementations, bad design ... Server just rebooted and needs randomness....is there enough entropy after being ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 4 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 4 - CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz Review If we want perfect secrecy, we face several inherent limitations Key as long as the message Key ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 23 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 23 - CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz Input validation Buffer overflows can be viewed as an example of problems caused by improper input ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 24 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 24 - CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz Administrivia Zeller-Felten paper on webpage HW4 Final exam reminder + study guide Course evaluations ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 17 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 17 - No impersonation (obviously!) No off-line password guessing ... In contrast to eavesdropping, server impersonation, and man-in-the-middle ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer (and Network) Security Lecture 2 PowerPoint PPT Presentation

CMSC 414 Computer (and Network) Security Lecture 2 - What if this locksmith is trustworthy? Why do we assume that she is trustworthy? More assumptions Two assumptions are (almost) always made: ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 20 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 20 - CMSC 414 Computer and Network ... Based on everything from last midterm through today Zero knowledge (ZK) ZK proofs can offer deniability and secrecy A zero ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 12 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 12 - CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz Password selection User selection of passwords is typically very poor Low-entropy password makes ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 6 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 6 - CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz ... = H(x ) Hash functions in practice MD5 128-bit output Introduced in 1991 ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 15 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 15 - ... design. E.g., recognize dependencies between columns ... One might expect that by limiting to aggregate information, individual privacy can be preserved ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 9 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 9 - Unless a subject is given explicit access to an object, it should be denied access ... All accesses to objects should be checked to ensure they are allowed ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 14 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 14 - Biometrics. How much entropy is there? How private are these? How reliable are they? ... Biometrics. Difficult to use securely. Errors. Non-uniform. Still need ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 9 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 9 - CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 7 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 7 - CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 5 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 5 - Main goal is collision resistance: Hard to find distinct x, x' such ... No longer collision resistant (as of 2004) Still second pre-image resistant (for now... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 21 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 21 - CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 27 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 27 - CMSC 414 Computer and Network Security Lecture 27 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 14 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 14 - ... BIOS boot block BIOS OS loader OS Application TPM Hardware measuring Extend PCR Collision resistance of SHA1 ensures uniqueness * * Mandatory access ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 22 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 22 - CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz Network layers Application Transport Network Data link Physical Roughly Application layer: the ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 24 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 24 - ret. Basic exploit. Suppose stack looks like: When func() exits, user will ... str ret Code for P. Program P: exec( '/bin/sh' ) (exact shell code by Aleph One) ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 11 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 11 - Equivalence myth: ACLs and capabilities are 'just' two views of ... Capabilities can also expire with time. If OS stores capabilities, can delete upon request ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 17 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 17 - ... and have user decrypt it. Mutual authentication (if decrypts 'validly' ... And how to fix it... Public-key based... Include Epk(session-key) in protocol? ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 26 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 26 - SSL runs on top of TCP, in a user-level process. Recall, does not ... Using TCP rather than UDP simplifies things. Recall, this opens a potential DoS attack ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 10 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 10 - E.g., 'append' may not be distinct from 'write' E.g., in UNIX, no access controls for root ... Granularity of rights (e.g., 'append' ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer (and Network) Security Lecture 13 PowerPoint PPT Presentation

CMSC 414 Computer (and Network) Security Lecture 13 - If user not present in ACL, nor member of any group in ACL, deny access ... Note: an explicit deny overrides any permissions ... all access denied. Why brackets? ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 18 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 18 - Client sends Epk(R, password, session-key) Insecure in general! ... 'Dos and Don'ts of Client. Authentication on the Web' (Fu, et al.) Authentication using 'cookies' ... | PowerPoint PPT presentation | free to view