Beruflich Dokumente
Kultur Dokumente
41900
Welcome to the world of security!
Assessment
2 Quiz (25%: 12.5% each)
At a unified time, week 6, week 10 , 40 min ( I will remind
you again 2 weeks before, Please make arrangements)
Project (20%) Group-based Implementation, you can
code it any language you prefer
assessment on individuals understanding
Exam (55%) you need to get at least 45/100 in the
exam to pass the whole subject.
Textbook
Good news: There is NO textbook for this subject!
Some good reference you may find:
William Stalling,
Cryptography and Network
Security, 4th Edition
William Stalling,
Network Security
Essential, 5th Edition
6cp
6cp
6cp
6cp
6cp
6cp
18cp
54cp
Ok
Lets get started!
Course content
SELinux TE Policy
Type Enforcement:
default: no access
allow <source type> <target type> : <object class>
(<permissions>);
allow a user process to execute a shell script:
allow user_t bin_t : file (read execute
getattr);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#include <stdio.h>
#include <string.h>
void print( const char * );
int main()
{
print( "Mitt Romney" );
print( "Newt Gingrich" );
print( "Rick Santorum" );
print( "Ron Paul" );
return 0;
}
void print( const char *name )
{
int indent = 100 / (strlen(name) - 8) / 2;
for( int i = 0; i < indent; i++ )
printf( " " );
printf( "%s\n", name );
}
Taking from:
http://www.gimpel.com/html/newbugs/
Defense in Depth
To defend a system against any particular attack using
several independent methods:
Anti virus software
Authentication and password
security
Biometrics
Demilitarized zones (DMZ)
Firewalls (hardware or software)
Hashing passwords
Intrusion detection systems (IDS)
Next
We will discuss security goals.
Some of them are more applicable to network
rather than general information security..
36
file1
tom RW
jerry RO
25/02/2015
file2
NONE
NONE
file3
NONE
RW
printer
W
NONE
37
38
Capability Lists
39
40
Capability Lists
Each agent has tickets allowing use of
specified objects
Once acquired provides efficient access by
agent to object
Tickets may be:
Permanent or one-time
Transferable to other agents or
restricted to original owner
Revokable
25/02/2015
41
Comparison
ACLs are object-centric; capabilities are user-oriented
ACLs and capabilities offer similar levels of protection
Capabilities give least privilege
25/02/2015
42
Summary of Terms
The terms we have looked at as Security Goals
are widely used in Network Security literature.
The differences between some of them are
often quite subtle.
You should understand each of them clearly.
They can often apply in non-computing
scenarios.
Particular scenarios often involve the
interaction of a number of security goals.
Lastly
We will be looking at the some of the security
organizations
AISA
The Australian Information Security Association (AISA) is an Australian representative
industry body for the information security profession.