lecture 4 - authentication and...
TRANSCRIPT
![Page 1: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/1.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger
Lecture 4 - Authentication and Access
CSE497b - Spring 2007Introduction Computer and Network Security
Professor Jaegerwww.cse.psu.edu/~tjaeger/cse497b-s07/
![Page 2: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/2.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Why authenticate?• Why do we want to verify the identity of a user?
![Page 3: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/3.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Control Access
• An identity permits access to resources• In computer security this is called
– Access control– Authorization
• In authorization, we talk about:– Subjects (for whom an action is performed)– Objects (upon what an action is performed)– Operations (the type of action performed)
• Authorization limits a subject’s access perform an operation on an object– The combination of object and operations allowed are
called a permission
3
![Page 4: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/4.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
“Project” 1
• Login to Playpen VM – We will send you your username, password, IP
• Change your password– Do *not* change the root password
• Need to do some minor Linux administration• Customize your VM
– You have sudo privilege– You are the administrator
• Posted on the calendar (due next Th, Feb 1)– If it’s good enough for the President...
4
![Page 5: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/5.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
A Brief History
• Early computing systems had no isolation– Shared memory space– Shared file space
• Some physical limitations made this OK– Batch processing– Load the tape/disk for the application– Network? What network?
• In the mid-60s people started to work on ‘multiuser’ or ‘time-sharing’ systems– What about a bug?– What about my data?
• Mostly about protection
![Page 6: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/6.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Multiprogrammed Systems
• Multics project – AT&T, MIT, Honeywell, etc.– General purpose, multi-user
system– Comprehensive security
• Hardware protection• Subject labeling• Permission management
• UNIX project– Arose from the ashes of
Multics– A stripped-down multiuser
system
![Page 7: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/7.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Authentication and Access• Authenticate user
– E.g., login and ssh– Verify password or ...
• Create processes with appropriate identity (subject)– E.g., UNIX user id
• Limit access of these processes using subject– E.g., Access control of files based on subject
• Protect one user from another• Q: Is that enough for enforcing security?
![Page 8: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/8.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Security vs. Protection
• Protection – Focus on process isolation and user separation
• Security Requires– Confidentiality: Don’t leak your secret files– Integrity: Don’t overwrite your important data– Availability: Don’t prevent an operation
• System Protection Mechanisms are Not Enough!– Do NOT ensure security of user’s data against an attacker– Functional demands result in system compromise– Does not scale beyond a single system
• Current access control mechanisms fail to enforce security goals
![Page 9: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/9.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Your Programs
• What permissions are available to programs that you run?– Email– Web browser– Game– A little program that you downloaded from the web
• What can these programs do with your permissions?
![Page 10: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/10.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Your Programs
• They can do anything that you can– Use any permission that you have– Including the owner permission
• They can give anyone access to your files
• Worse yet, traditional access control is not comprehensive – A program can send a file anywhere
• What does this mean to the secrecy of your data?• And it gets even worse...
![Page 11: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/11.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Security Model• Adversaries
– Who?• Threats
– What can they do?• Vulnerabilities
– What vulnerabilities can the adversaries leverage?• Trust model
– What are you trusting (implicit in the discussion so far)?
![Page 12: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/12.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Security Model• Adversaries
– Other system users– Program developers– Web responses, emails– Remote parties
• Threats– Code running on same system– Input malicious code
• Vulnerabilities– User can be tricked
• Lots of applications enable the user to run downloaded code– Application vulnerabilities– Misconfigured policy
![Page 13: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/13.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Email Clients
• In addition to reading emails,– Execute attachments (run with your privileges)– May even run a malicious script w/o opening an
attachment (run with your privileges)• What kind of attachments can you open?
– From Granny: May be a forged address– Word or Excel: May contain viruses
• But, I’ve really gotta see it– Plain text– Signed emails– Anti-virus may catch some, but no guarantee
![Page 14: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/14.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Access Matrix
• Describe all possible accesses– Operations of (S2,O2)– E.g., read, write, execute
• Specify which users’ processes can access which files
• Necessary to specify policy to protect users
O1 O2 O3
S1 Y Y N
S2 N Y N
S3 N Y Y
![Page 15: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/15.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Manage the Access Matrix
• How do you give someone access to your file?
• Access matrix also has management permissions– owner permission
• A subject with owner permission can– Give another user permissions to
an object– Even the owner permission itself
• This seems necessary, right?
O1 O2 O3
S1 Y Y N
S2 N Y N
S3 N Y Y
![Page 16: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/16.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
The Door Is Open
• Suppose that you want to download new software – Or a software update
• Typically, users lack the permissions to overwrite system files– Why update a system file?– “Penetrate and patch”
• For convenience, users run with administrative privileges (e.g., Windows)– Now, the downloaded code (and the email attachment)
runs with full privilege
![Page 17: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/17.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Tip of the Iceberg
• Viruses• Worms• Spyware• Keyloggers• What’s next?
![Page 18: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/18.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Remote Access• Suppose you are building a service for remote clients
– E.g., a web application• How are you going to authenticate identity?• What rights are you going to assign to which identity?
• Q: What are your vulnerabilities now?– Consider the network and the remote computer
Client Your ServerName/Password
Services
![Page 19: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/19.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Remote Access
• Client selects a name and password– How does the client protect the password?
• Server stores state on client for ease of use (cookies)– How do we ensure that attacker can’t use this state?
• What other forms of authentication are used in e-commerce?
Client Your ServerName/Password
Services
![Page 20: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/20.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Single Signon• Nice feature for users:
– Login once, then use any number of remote services
• A centralized service provides authenticated users with tokens
Client Your Server
SSOServer
Name/Password
SSO Token
Services
![Page 21: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/21.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Single Signon
• As a remote service provider– What is the basis for trust for the single signon?– Can you trust the token?
• Can we run a business-to-business on such trust?– Is there a second-factor for authentication?
![Page 22: Lecture 4 - Authentication and Accesstrj1/cse497b-s07/slides/cse497b-lecture-4-authorization.pdfLecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and](https://reader030.vdocument.in/reader030/viewer/2022040403/5e8e2c9a8417c477910ed4a7/html5/thumbnails/22.jpg)
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Take Away
• We have just looked at the most common mechanisms– Passwords– User-based Access Control
• There are a slew of problems with each• But, this is what the world uses
– What can we do?
That Is the Topic of This Course