DAC: Users, Groups -> Permisions || RBAC: Roles-> Permisions; Users->Roles; Many-Many rel.

|| Groups: many users; Roles: permisions/users RBAC0: min. funct. | RBAC1: 0 + Role hier. | 2: 0 + Constraints | 3: 0 + 1 + 2 SSD(Static Separation of Duty): Prevents conflicts of interest, size constraint on a set of mutually exclusive roles DSD: similar to SSD but activated within sessions, used for temporal conflicts of interest. Access control list: Access Matrix by Column | Capability list: Access Matrix by Row Unix Access Control: Owner, group, other, R, W, X Bell-LaPadula multi-level MAC, for subject(clearance)/object(classification) pair Simple security property, Level(O) <= Level(S), no read up *-Property, Level(S) <= Level(O), no write down Ds-property, allowed DAC check after MAC passes Strong Tranquility: Clearances of subjects/classification of objects never change | Weak: Changes with policy Biba Model: Dual of Bell-LaPadula. Write/execute down, read up Clark-Wilson Integrity:Separation of Duty Defined by constraints. CSIs constrained data items. UDIs unconstrained. IVPs: integrity ver. Procedure. TPs: transaction Trusted Computing Base (TCB): hardware/software that enforce Reference monitor. Must be tamperproof and un-circumvent TPM: Binding encrypt with public key. Signing: Encrypt with private key/ Sealing: Bind msg with set of platform metrics. TPM: Once sealed, cannot move to another system TCSEC Func. Req: DAC, Object Reuse, MAC/Labels, Identification and Auth., Audit, Trusted Path (unspoofable talk to TCB CtrlAtDel) Assurance Req: Config. Management, Trusted distribution, System Arch., Design Spec., Verification, Structural Testing, Prod. Doc. TCSEC Classes: D:Catch all; C1: Discretionary Protection-Minimal assurance; C2:Control access protection-Ob reuse B1: Labeled Security protection- adds mac; B2- Struc. Protection-mac for all; B3:Security Domans-Implements RVM. Modularity/layering simplicity. A1:Verified protection: More assurance than B3. SSL transport, IPSec network PP: Profile that describes sec. reqs. For a class of products AH-Auth Header, ESP - Encapsulating Security Payload Memory Protection Rings implemented in hardware, privilege levels enforced by CPU ACL - acl(Xray) = (Alice, {r}) Code segment CPL (current privilege level) Biba low water mark policy: reset subject's int. level to min of orig sub's int. lvl &obj's int. lvl Operand segment selector RPL (requested privilege level) Biba ring policy Data Segment Descriptor each memory has DPL (data privilege level) Segment loaded if CPL DPL and RPL DPL

Calling through gates, CPL

CG DPL, RPL CG DPL, Dst CS DPL CPL: For JMP, Dst CS DPL == CPL

Stack switching when calling more privileged code, each task has a stack defined for each privilege level Hardware: 2 rings, installed base Limits on Memory Access Type, read/only vs read/write, Execute Disable Bit (XD-bit), AMD (NX-bit) Zero Day Exploit no patch available, big splash but fast discovery Malicious code cause security policy to be violated Virus attaches itself to program and copies to other programs Trapdoor allows unauthorized access to functionality Worm propagates copies of itself through a network Rabbit replicates infinitely to exhaust resources Netbot trapdoor programs with control channel Root kit hooks standard OS calls to hide data, replace function table entries Virus infection mechanism, trigger and payload. Initially had a detectable signature. Polymorphous virus (variants) and stealth virus (actively hides its presence). Lower level address discovery (Address Resolution Protocol - ARP) Error Messages (Internet Control Message Protocol - ICMP), can be used to map out network STRIDE: Spoof, Tamper, Repudiation, Info. Disclosure, DoS, Elevation of privilege. Threat profile: ID, Name, STRIDE, Mitigated Entry Points, Assets Application Proxy Firewall: Block java/active X, filter URLs, well-formed protocol CFAA of 1986 Criminalizes: unauth. Access to protected computers, extortion/fraud/pws/malware Economic Espionage of 1996: theft of trade secrets CALEA - service providers need to comply with legal wiretap requests DMCA: technical controls, service providers must track IP BLP with sec. lvls and "dominates" relation = partial order 4th Amendment: Privacy shall not be violated, need warrants to search 2phase DB commit = integrity Electronic Communication Privacy Act of 1986: expands wiretap to include electronic communication Gramm-Leach-Bliley of 1999: Financial institutions protect confidentiality of customers. Health Insurance Portability and Accountability Act of 1996: hospitals to take care of privacy. SOX: Requires annual reports, heavy auditing reqs(Comp use/confg: GLB, HIPAA). ALE - revenue * loss days/365 Tension between Privacy/Security: 4th amendment, wiretapping, Patriot Act, Key Escrow/DES, Freedom of Info. Act Risk exposure: risk-impact * risk probability, Risk Leverage - (ALE - ALECTRL)/CtrlCost Risk analysis: Establish context, identify assets, threats/risks/vulnerabilities,analyze risk. Determine likelihood: 1-5bad. Impact:1-7bad Transposition Cipher: Rail cipher, column major cipher Cipher terms: Period- length of key, tableau- table used to encipher/decipher, polyaphabetic-several letters

Block cipher: Ek(m) = Ek(b1)Ek(b2), DES, AES, ECB(electronic Code Book Mode) Stream cipher: Ek(m) = Ek1(b1)Ek2(b2), RC4, OFB, Counter, ECB DES: |bi| = 64 bits, |k| = 56 bits, too weak. Symmetric Avalanche Effect: Where a change of one input or key bit results in changing approx half of the output bits; DES Fiestel Network: Key division/swapping: L(i) = R(i-1); R(i) = L(i-1) xor f(K(i), R(i-1)) Double DES: only requires 2n+1 steps due to meet-in-the-middle attack. C = Ek2(Ek1(P)) Triple DES: 168 bit keys but 112 due to meet-itm AES: Private key symmetric block cipher. 128-bit data. 128/192/256-bit keys. Stronger and faster than Triple-DES <- Rijindael ECB: Problem, identical text produces identical ciphertext <- CBC Ency:Self-healing after 2 blocks RC4: Period 1010. Variable length key 1-256 bytes. uses OFB Needs Init Vec.

OFB

<-Counter Mode: Fatal loss of Sync. CFB: Self-healing after n bits. Need to know k, E to decipher ciphertext CRC: XOR all bytes in file. Detects accidental errors Birthday probability: 1-(365!/(365n*(365-n)!). When n = sqrt(M) p > .5 MD5/SHA: Keyless crypto hashes, MD5:128bits, SHA-1:160bits HMAC: Keyed cypto checksums. Ipad is 00110110. Opad is 01011100. HMAC-h(k, m) = h(k opad || h(k ipad || m)) HMAC-SHA512(k, m) = SHA512(k [01011100]8 || SHA512(k [00110110]8 || m)) Public key systems, a lot slower. Diffie-Hellman: n = gk mod p Public Constants: prime p, integer g 0, 1, or p1 Choose private keys and compute public keys Alice chooses private key kAlice, computes public key KAlice = gkAnne mod p. Similarly Bob chooses kBob, computes Kbob = gkBob mod p. Exchange public keys and compute shared information. To communicate with Bob, Alice computes Kshared = KBobkAlice mod p To communicate with Alice, Bob computes Kshared = KAlicekBob mod p RSA: uses large integers. Security due to hardness: Choose two large prime numbers p, q. Let n = pq; then f(n) = (p1)(q1). Choose e < n such that e is relatively prime to f(n). Compute d such that ed mod f(n) = 1. Public key: (e, n); private key: d. Encipher: c = me mod n. Decipher: m = cd mod n. Generically: F(V, x) = Vx mod n If reuse key stream in stream cipher, can xor cipher txt streams which is xor of plaintxt, danger Smurf attack amplification DoS attack, small amount of information sent to be expanded DHCP runs over UDP. Syn flood attack breaks TCP, DoS on three-way handshake, keep many half-open connections Solution to Syn flood constrainer, syn cookie WEP - name of keystream given with packet, in AES in counter mode for WPA2, doesn't. DNS Open Relays amplification DoS attack Application Proxy Firewall - drop HTTP 1.0 requests DNS Cache Poisoning change name to address mapping, false authoritative name server, fixed by Bailiwick Honey Pots fake system used to gather information Network Intrusion Detection System - log/drop traffic that matches suspicious char. Ingress/Egress(Packet fil fw) filtering Filter out packets from invalid addresses before entering/leaving your network. Teardrop Attack send series of fragments that dont fit together. Firewall tunnel mode - src/dest of tunnel en.pts not same as traffic en.pts Firewalls limits encrypted traffic, port 80, tracks IP not people, expensive, Unified Threat Management (UTM) Amplification attack vs reflection attack: An amplification attack is an extension of a reflection attack. The attacker creates a packet and puts the victims address as the source of the packet. The packet is sent to a server or via a broadcast/multicast address a series of machines. The server or machines send their response to the victim. The thing that differentiates the amplification attack from the basic reflection attack is that the amount of data received by the victim is much greater than the amount of data originally sent by the attacker. The volume of the attack is amplified. State h(C)dCA mod NCA = signature, to undo X = signatureeCA mod NCA and can check if it matches h(C) Certificate: CA = eA || Alice || T || {h(eA || Alice || T )} dC SSL built on TCP - reliable transport, thus doesn't need to be restarted only conn. SSL: The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and presents a list of supported CipherSuites (ciphers and hash functions). From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision. The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA) and the server's public encryption key. The client may contact the server that issued the certificate (the trusted CA as above) and confirm the validity of the certificate before proceeding. In order to generate the session keys used for the secure connection, the client encrypts a random number with the server's public key and sends the result to the server. Only the server should be able to decrypt it, with its private key. From the random number, both parties generate key material for encryption and decryption. Screen display dither good for making info easy for emanation analys. but not obvious for viewer