This is a guide of topics that may be covered in the final exam. Note that questions pertaining to any of these topics may appear on the final exam.
ch12 Design Principles
1. Overview
Simplicity: To minimize the interaction of system components.
Restriction: To minimize the power of an entity
2. Principle of least privilege
Function controls
Rights added as needed, discarded after use
3. Principle of fail-safe defaults
How privileges are initialized?
Default action is to deny access
4. Principle of economy of mechanism
Keep it as simple as possible (KISS)
Less can go wrong
5. Principle of complete mediation
Check every access
If permission change after, may get authorized access
6. Principle of open design
security should not depend on secrecy of design or implementation
7. Principle of separation of privilege
require multiple conditions to grant privileges
separation of duty
defense in depth
8. Principle of least common mechanism
mechanisms should not be shared
information can flow along shared channels
isolation
9. Principle of psychological acceptability
security mechanisms should not add to difficulty of accessing resource
ease of installation, configuration, use
hide complexity introduced by security mechanisms
be clear in error messages
10. Key points
understanding of goal of mechanism, environment
careful analysis and design
careful implementation
ch13 Representing Identity
1. What is Identity?
a computer's representation of an entity
principal: a unique entity
2. Files and Objects
Different names for one object
human: file name
process: file handle (descriptor)
kernel: inode
Multiple names, deletion
Name must encode location
3. Users
Representation tied to a system
uid: user identification number
Multiple identities: real uid, effective uid, saved uid
4. Groups and Roles
Assign privilege to a set of principals simultaneously
5. Naming and Certificates
Identifiers <---> Principals = People
Can we use names as identifiers?
Certification Authorities (CA)
Meaning of Identity
When a user obtains a certificate, the CA is vouching
6.Identity on the web
Host identity
connected: one or many names
spoof IP address: attackers spoof identity of another host
Dynamic identifiers
change as a result of an event or over time
Cookies: token contains information about state of transaction on a network
ch16 Confinement Problem
1. The problem of preventing a server from leaking information
total isolation
covert channel: not designed to be used for communication
rule of transitive confinement
2. Isolation
Virtual machine
a program emulates computer systems
VMM knows nothing about processes running on each VM
VMM mediates interactions of VM with resources
VMM is a security kernel, and it satisfied the rule of transitive confinement
Sandboxes
actions of processes are restricted according to a security policy
Java VM is a sandbox; its security manager limits access of downloaded program to system resources as dictated by a security policy
add breakpoints and memory access check to programs; analyze the state of processes, determine which access is allowed
3. Covert channels
covert storage channel
covert timing channel
Detection
sharing
model flow of information through shared resources: covert flow tree
system: attributes, primities -> detection -> covert channels?
Mitigation
obscure amount of resources a process uses
receivers can't determine what part senders are using
ch 19 Malicious Logic
1. Trojan Horse
Program: overt purpose and covert purpose
propagating: slow, hard to detect
2. Computer Virus
program: insert itself, performs actions
boot sector infectors: brain virus, alters the boot sector of floppy disks, spreads to other uninfected
executable infectors: infect executable programs
multipartite viruses: two parts, infect either boot sectors or executables
TSR-Terminate and Stay Resident
after applications are completed
non-TSR appends itself to the ends of executables
Stealth Viruses: conceal the infection of files
check length of uninfected file
open: disinfect, reinfect on closing
Encrypted viruses
Polymorphic viruses: change forms when being inserted
virus: equivalent, different instructions
different implementations or algorithms
Macro viruses: interpreted, command language, infect data files
3. Computer worms
copy themselves from one computer to another
virus-like attack, insert instructions into running processes
recover
prevent
4. Other forms
rabbits and bacteria,
logic bomb: performs an action that violates security policies
5. Defense
data vs. instruction
information flow metrics: limit distance a virus can spread
reducing protection domain
application of principle of least privilege
remove rights from a process, so that it only performs its function
protection domain: impractical
manipulation detection: integrity-based schemes
fault-tolerant techniques: treat viruses as errors
assumption: majority not infected
alter statistical characteristics
check programming style