Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to...
-
date post
19-Dec-2015 -
Category
Documents
-
view
228 -
download
2
Transcript of Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to...
![Page 1: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/1.jpg)
Chapter 4
Logistic Security Approaches
![Page 2: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/2.jpg)
Logistic approaches are based on management techniques to provide the security measurements
Typical approaches: password, Key management protocols, access control, convert channel, composing security, privileges and roles, security kernel
![Page 3: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/3.jpg)
4.1 Passwords
Is the only explicit protection used to authenticate identity for access to a computer system
most common techniques are: user generated password computer generated password tunable password
![Page 4: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/4.jpg)
4.1.1 User Generated Password
Created by user for his own useselected passwords are normally pleasant or
enjoyable images of their mindrequire no writing down of passwords - more
safebut is quite easy to guesscan be cracked by electronic search because
high percentage are words in Dictionary
![Page 5: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/5.jpg)
Example from Internet Attack 1988 with passwords start with ‘a’
Aaa Anything Andromache Aerobics Anvils
Airplane Arrow Amorphous Albatross Ariadne
Albert Atmosphere Aria Alexander Athen
Ama Academia Arthur Alphabet Azure
Anchor Albany aztecs animals analog
answer Aliases
![Page 6: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/6.jpg)
Obvious Personal Attributes
Spouse’s name, children’s name, pet name, birthday
license plate number, telephone numberinitialsyear of marriagefemale surname or name (are sufficient to
get into various account in Bell Labs)
![Page 7: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/7.jpg)
Keyboard Patterns
Ghghghbbbbb123-09qwppo1qazetc
![Page 8: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/8.jpg)
Re-used passwords
Normal users with access to various systems will maintain the same password pattern
if attacker crack a password in a less secured environment, this password may be used to crack some more secured system
![Page 9: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/9.jpg)
4.1.2 Computer Generated Password
Created by computer to be less predictablepoor password can be removed from systemnormal a choice of password is providedto prevent possible attack, password aging
technique is used, that is new password is generated periodically
disadvantage: difficult to remember
![Page 10: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/10.jpg)
4.1.3 Tunable PasswordCompromise approach for user and computer
generated passwordallows system administrator to provide users
with part of a passworduser can use this to construct a new password
according to specified rulesExample: computer generated w5G and user
can provide prawn5GRAND or why55_Go60advanatge: of both user and CG password
![Page 11: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/11.jpg)
4.1.4 Dynamic Password
Similar to tunable passwordthe CG password part is generated by
computer and a tag (portable device) and user part is the same
require synchronization of Password Generation
Advantage: prevent tapping the static password via the network
![Page 12: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/12.jpg)
4.1.5 Password Cracking
Critical consideration for selecting password protection scheme should be more difficult for a determined attacker in cracking the password with automatic assistance
present state of computer (3-400 MIPS) is capable of cracking 4-char length of 128 character sets of ASCII data in few seconds.
![Page 13: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/13.jpg)
4.1.6 Password Encryption
Required if the attacker can simply steal the stored password
use of encryption will help reducing the chance of being cracked
can be attacked by using encrypted password as entry for electronic search instead of the raw password extracted from dictionary
![Page 14: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/14.jpg)
4.1.7 Password salt
Technique is based on adjusting the password by adding some random characters before encryption takes place
this technique can confuse electronic search because a similar tunable password is applied
Example : scrap is modified to scrap7^ for encryption
![Page 15: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/15.jpg)
4.1.8 Example: Unix Password Management
Allow user to define their passwordpassword is stored in file called etc/passwdthe data stored are encrypted version with
loging name and administrative informationExample:
root:vBbddfRT56x34,M.y8:0:0:admin:/:/bin/sh
![Page 16: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/16.jpg)
4.2 Key Management Protocol
Computer system requires to communicate remotely to other systems via communications network
it may not be useful to type in password or use a smart card
approaches are developed to identifying and authenticating the systems
techniques are called key management protocols
![Page 17: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/17.jpg)
4.2.1 Attacks to Remote Communications
The most popular attacks are: disclosure to unauthorized listener receipt of message from a masquerading sender corruption or blocking of sent messages
![Page 18: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/18.jpg)
Disclosure to Unauthorized Listener
When messages are passed by sending entity along some communications medium to a remote receiving entity, the possible emerges that a third malicious entity (an intruder) could read these messages by simply observing and interpreting the data traveling along the medium
intruder
receiversendermessages
“observe”
![Page 19: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/19.jpg)
Attacks require that the intruder has the ability to decipher the information being transmitted along the tapped medium
As a result, encryption will provide a useful means for mitigating the effect of this type of attack
Key management protocols will ensure such an attack cannot occur by encrypting messages with keys that are only known by the appropriately authorized entities
![Page 20: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/20.jpg)
Receipt of Message from Masquerading SenderSome sending entity masquerading as another sender
results bad messages were sent from an intruder
avoided by providing a mean for senders to uniquely identify themselves when messages are sent
intruder
receiversender
Bad messages
![Page 21: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/21.jpg)
Corruption or blocking of sent messagesThis attack involves a message sent by a
sender being corrupted or blocked by an intruder
difficult to encounter, possible to use check sum
intruder
receiversender
Bad messages
Goodmessages
![Page 22: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/22.jpg)
4.2.2 Private Key Protocol
A private key protocol involves a single key that is known by two entities who wish to communicate
Advantages: provides solution for disclosure protection and authentication and work well with DES
Disadvantages: entity needs to maintain a separate key for each remote entity and key distribution can be a problem too
![Page 23: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/23.jpg)
SendMessage
M
Compute[M]k
Compute[[M]k]k]
Receive message
M
[M]k
Sender Receiver
Private Key Protocol
![Page 24: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/24.jpg)
4.2.3 Public Key Protocol
A public key protocol involves a key pair, i.e the secret and public keys, that are held separately by two entities who wish to communicate
Advantages: allow system communications without the need for the storage and maintenance of many private keys
Disadvantages: more complex and computational intensive
![Page 25: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/25.jpg)
SendMessage
M
Compute[[M]SB] PA
Compute[[[[M]SB] PA]SA]PB]
Receive message
M
[[M]SB] PA
Sender(B) Receiver(A)
Public Key ProtocolSA,PA = Secret and Public keys of ASB,PB = Secret and Public keys of B
![Page 26: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/26.jpg)
4.2.4 Example: Secure Terminal/Host CommunicationSystem consists of a host that communicates
with a collection of terminals in a manner that uses key managed encryption protocols to ensure secrecy of all information passed
The host maintains a collection of session keys that dynamically generated for each communication session with a terminal and a collection of terminal keys that are fixed for the set of terminals
![Page 27: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/27.jpg)
Each terminal has its fixed terminal keysThe host maintains a cryptographic facility
that contains master keys to encrypt and decrypt terminal and session keys
Each terminal maintains its own cryptographic facility
Notation: Ek(cleartext) is cleartext encrypted using key K
and Dk is ciphertext decrypted using key K
![Page 28: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/28.jpg)
Silent characteristics
The terminal communicate directly with the host and a new session key is generated for each communication session
Since the host and each terminal contain the terminal key, it is used in private key protocol to distribute the session key. Both the host and terminal can encrypt and decrypt the terminal key using the master terminal key or the specific terminal key at each terminal. Each session is established.
![Page 29: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/29.jpg)
Each time a new session is established, the host updates its session key table with a new encrypted entry Emsk(new session key) where msk is the secret master key for session keys
communication between host and terminal can thus follow a simple key managed protocol using the session key, where messages sent from the host to a terminal i would be of the form Eski(message) [where ski is the session key for i] and messages received from a terminal i would be deciphered by computing Dski(message)
![Page 30: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/30.jpg)
Hosthold: msk, Tk’s and sk’s
Terminal iTki or msk
Step 1: transmission of msk or Tki via secure means
Step 2:
Session key
generate Step 3:Emsk(ski)orETki(ski)
Step 4: Dmsk(Emsk(ski))orDtki(Etki(ski))
Step 5:Message M
Eski(Mih)Eski(Mhi)
Step 6:recover messageDski(Eski(Mhi))
Step 6:recover messageDski(Eski(Mih))
Secure Terminal/Host Communications(Repeat steps 2 to 6 for new transmission)
![Page 31: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/31.jpg)
4.2.5 RSA Implementation
Select two large prime numbers p and q each about 100 digits long
compute n = pq and =(p-1)(q-1)chosse an integer E between 3 and which
has no common factors with select an integer D, such that DE mod =1Make E and n public and keep p,q,D and
secret
![Page 32: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/32.jpg)
Example:
P = 5 and q = 7n = 35 and = 24 choose E = 11 since 3 <
7<24 and HCF(7, 24) = 1select D = 7 where 7x7 =49 and 49 mod 24
=1Let the message = 3, C = 37 mod 35 =2187
mod 35 = 17P = 177mod 35 = 410338673 mod 35 = 3
![Page 33: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/33.jpg)
4.2.6 Arbitrated Protocols with Third PartyAn alternative for point to point key
management protocols between senders and receivers is an arbitrated protocol that utilizes a third party to ensure authentication between communication entities
Two possible schemes arbitrated routing protocol arbitrated communication establishment protocol
![Page 34: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/34.jpg)
Arbitrated Routing Protocol
This scheme requires that the routing not introduce any security problem such as routing a secret message through a party that should not have access to such information
example: message is passed to a router and user associated with that router have access to the message
![Page 35: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/35.jpg)
Arbitrated Communication Establishment Protocol
This involves the third party arbiter establishing authentication between the senders and receivers so that communication can proceed without continued involvement of the arbiter
this scheme often involves the creation of tickets by the arbitrator that allows for subsequent secure communication
![Page 36: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/36.jpg)
A B C
C
B
A
ArbitratorMessage to Cfrom A
Routed messageto C from A
(1) requestcommunications from C
Arbitrator
(2) establishcommunications
(3) communicationsbetween A and C
Arbitrated Routing Protocol
Arbitrated Communications Establishment Protocol
![Page 37: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/37.jpg)
4.2.7 Key Distribution
Key distribution is a key issue for the establishing of a secured key management protocol
Key distribution is normally achieved via a Key Distribution Centre (KDC) via a secure channel
![Page 38: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/38.jpg)
Sender Receiver
KDC
Encrypted Message
key key
Secured channel
normal channel
Centralized Key Distributor
![Page 39: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/39.jpg)
4.2.8 Digital Signatures
Public Key Protocol is applied to “digital signatures”
Digital Signature is useful for direct communication or
as a third party authenticating systemsDS can be included as part of the message
protocol for identity purpose
![Page 40: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/40.jpg)
ConceptStep 1: Sender A transmits the digitally signed
message (H, M, [Checksum(M)]SA) to B where H is the ID, M is the message and [Checksum(M)]SA is encrypted checksum
Step 2: Receiver computes the checksum and compared with the decrypted “encrypted checksum” [[Checksum(M)]SA ]PA
if both checksum are equal, the sender must be H and no message was corrupted during delivery
![Page 41: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/41.jpg)
4.3 Access ControlAccess control provide a degree of
protection from malicious attacksit is defined as comprising those mechanisms
that enforce mediation on subject requests for access to objects as specified in the security policy
Two main types of access control: discretionary access control (DAC) mandatory access control (MAC)
![Page 42: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/42.jpg)
4.3.1 Discretionary Access ControlA DAC mechanism is defined as comprising
those procedures and mechanisms that enforce the specified mediation at the discretion of individual users
This provide users with flexibility to protect their files and resources by setting DAC parameters as they see fit
However DAC parameters are easily changed and thus subject to Trojan Horse attack
![Page 43: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/43.jpg)
4.3.2 Mandatory Access Control
MAC is defined as comprising those procedure and mechanisms that enforce the specified mediation, not at the discretion of individual users but by the system administration
Restriction imposed make it easier to establish an enforceable security policy
Do not allow users to change access control parameters and thus helps to reduce Trojan Horse attacks
![Page 44: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/44.jpg)
4.3.3 Access Matrices and permission mechanism
Access matrices are used to define the access rights of the corresponding subjects (people) to the corresponding objects (resources)
Subjects
S1
.
.
.SN
O1 02 … OM
AccessRight
Objects
![Page 45: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/45.jpg)
Permission Mechanisms: e.g. owner/group/other in UNIX (rwx) (rwx) (rwx) all groups with
read/write/execute permission (r-x) (r-x) (r-x) all groups with read/execute
permission only special program setuid (set user identification)
allows user to perform some task for which they would normally not have proper authorization
![Page 46: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/46.jpg)
4.3.4 ACL and Capability Mechanism
Another ways is by use of access control list (ACL)
Example:Subjects X,Y, Z and objects A,B,C
X: A,B
Y:A
Z:A,B,C
Capacities are represented conceptually as the reverse of ACLs about the specific access
![Page 47: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/47.jpg)
4.3.5 Examples - MAC Implementation
user
Open(a,b)
Underlying openroutine sequence
Call to MAC routine
Operation allowedand sequence
completes
Operation disallowed and
sequence completes
MAC routine
Invocationof command
Systemcallinterface
![Page 48: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/48.jpg)
4.3.6 Attacks Countered by Access Control
Attacks: Malicious attempts to attack certain resources inadvertent requests that could cause harm to
resources on the system
MAC provides a more effective means for countering such attacks
![Page 49: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/49.jpg)
4.4 Covert Channel
A covert channel is defined as existing whenever some computer system mechanism is used in an unexpected manner to provide a means by which information can flow to an unauthorized individual
A perfect channel is defined as having a sender, a receiver and a perfect communication path that passes message between the two entities.
![Page 50: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/50.jpg)
SenderOvert Information flow mechanism receiver
Mechanisms Not Intended for
Information Flow
Covert Channel
Overt channel
Overt and Covert Channels
![Page 51: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/51.jpg)
4.4.1 Covert Storage Channel
One type of covert channel exists is called covert storage channel.
In covert storage channel, information are passed unexpected and unauthorized manner from a high (secure) user to a low (secure) user
Example: ls commands in UNIX where low user can find out the name of the high user
files and initial some attacks..
It can be avoided by hiding the filenames to low user
![Page 52: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/52.jpg)
4.4.2 Covert Timing ChannelsAnother is called a covert timing channel where
some resources are shared between both high and low users
Normally, a monitor program such as cpu_monitor is used to monitor the access control, auditing and authentication of the resources of both types of users.
Attacker (low user) may remove the cpu_monitor program or introduce some noise in confusing the detection of states in order to prolong the processing time and initiate attacks
![Page 53: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/53.jpg)
4.4.3 Resource Matrix ApproachTo analysis possible existence of covert
channel, a resource matrix approach is usedThe matrix is composed of resources as row
and lowest level operation as column.The contents of the matrix elements are M
or/and R which denotes modification and read respectively
The presence of M represents a high potential of establishing a covert channel.
![Page 54: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/54.jpg)
4.4.5 Computers as the Weakest Link
Because computer can be access by both high and low users, the establishment of covert channel is high.
Normally cover channels are fixed if vulnerabilities exist. The simplest way to remove covert channel is by using hardcopy instead of electronic transfer which may not be viable in the IT age.
![Page 55: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/55.jpg)
4.5 Composing SecurityWhen two or more secure systems are
connected together, they may not compose into a secure system as expected.
Because non-deducibility and non-interference security are normally not exist
Compositional analysis must be carried out to ensure two/more systems are connected securely.
The presence of covert channels will further weaken the security properties.
![Page 56: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/56.jpg)
4.6 Privileges and Roles
A privilege is defined as a collection of related computer system operations that can be performed by users of that systems. By operations, we mean low-level system activities.
A role is defined as a collection of related privileges.
![Page 57: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/57.jpg)
Privileges can exist in multiple different roles. This implies that if a given privilege is required, then in some cases, a choice of which role should be allocated
A role might contain only one privilege.A role might be defined to include every
privilege.
Priv Priv Priv
PrivPrivrole
role
role
![Page 58: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/58.jpg)
4.6.1 Role based attacks
Attacks arises when security is not considered in the allocation of roles to users
Example a user was granted with a supervisor role in UNIX based system
This will results a more potentially destructive power to a user then is desired
An attack may occurs if some user is granted a role that contain certain privilege that the user should not have.
![Page 59: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/59.jpg)
The possibility is high if the number of roles is smaller and the associated privilege is larger.
As a results, privileges and roles must be designed in a manner that maximizes the granularity of privilege allocation without so many roles that their administration and allocation becomes overly complex.
![Page 60: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/60.jpg)
4.6.2 Principle of Least Privilege
The principle of least privilege states that users should only be granted privileges to perform operation for which they have a legitimate need.
Designer based on this rule should ensure the granularity of role is fine enough to allow for different types of allocations.
![Page 61: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/61.jpg)
4.6.3 Transformation and Revocation
By transformation, we imply that some change is being associated with the privileges allocated to a user. The transformation of privilege may occur internally to a single user in which certain roles and privilege are changed.
![Page 62: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/62.jpg)
Transformation may also occur externally to a single user in which a user transfer a role or privilege to another user. Usually, external transformation occurs when a user is associated with a role or privilege that allows for such transfer to another user.
Privilege or role revocation is a special type of privilege transform that involves the timely removal of the ability to perform certain operations, presumably because of some event that changes the job requirements.
![Page 63: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/63.jpg)
Example:
if a user associated with some privilege or role and is found to be a malicious intruder with motivation to harm the system, then immediate revocation of that user’s role and privilege may be necessary.
Examples: commands in UNIX
$ su
$ su adduser
$ su deluser
![Page 64: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/64.jpg)
4.7 Security kernels
A security kernel is defined as an isolated portion of a computer system that is designed to enforce the security policy of the system.
![Page 65: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/65.jpg)
Users and Application
Operating System
Hardware
Security Kernel
Security Kernel Organization
![Page 66: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/66.jpg)
4.7.1 Principles of Kernel Design
Avoidance of Tampering: must protect from malicious or inadvertent tampering.Explicit attention must be placed on ensuring the security kernel is tamper-proof.
Avoidance of Bypass: Kernel must be designed in a manner that ensures complete avoidance of security kernel bypass by a subject requesting some service.
![Page 67: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/67.jpg)
Provision for Assurance: Convincing evidence is needed to assure a system is secure: demonstrated secure usage over a period of
time full documentation on security mechanisms,
development methods, relevant information to ensure proper attention is addressed
results of security tests - ensure security results of penetration tests - ensure all possible
attack
![Page 68: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/68.jpg)
Formal methods to prove evaluation, certification or accreditation from
authority individual or agency
Hardware Mechanisms: hardware to implement certain portions of security kernel functionality presents some advantages provide memory protection protect integrity of executing processes provide security support for I/O operations
![Page 69: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/69.jpg)
Minimization of Complexity: if system is large and complex, the formal proof will be hindered. Minimizing the size of kernel is critical.
Fault tolerance: must designed to resist against any classes of faults because recovery from fault is always complicated and needs human intervention.
![Page 70: Chapter 4 Logistic Security Approaches. §Logistic approaches are based on management techniques to provide the security measurements §Typical approaches:](https://reader036.fdocuments.us/reader036/viewer/2022062320/56649d385503460f94a11b73/html5/thumbnails/70.jpg)
References:
Amoroso: chapters 19,21-26