SlideShare una empresa de Scribd logo

7.Trust Management

P
phanleson
Tecnología
1 de 49
Descargar para leer sin conexión
Course 1: Overview of Secure Programming, Section 7 Pascal Meunier, Ph.D., M.Sc., CISSP May 2004; updated August 12, 2004 Developed thanks to support and contributions from Symantec Corporation, support from the NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center Copyright (2004) Purdue Research Foundation. All rights reserved.
Course 1 Learning Plan  Security overview and patching  Public vulnerability databases and resources  Secure software engineering  Security assessment and testing  Shell and environment  Resource management  Trust management
Learning objectives  Be able to identify trust relationships and make them explicit  Understand how to analyze and validate trust  Understand how trust relationships can be exploited  Understand the role of authentication, access controls and policies in trust management  Understand attacks on trust
Trust Management: Outline  Trust basis  Trust analysis and validation – Data trustworthiness and flow analysis – Formal trust and policies – Trust modeling – Architecture: client-server paradigm – Trusted computing  Trust verification and limitation – Authentication – Access control – Process privileges
Basis for Trust  Who and what do you trust?  Does trust imply that you’re taking a risk? – What is at stake?  Are there assurances that something can be trusted? – Why do you trust?  What tools and techniques can be used to produce or evaluate those assurances? – Can you justify (verify/validate) trust?  What is trusted computing? – Who doesn't trust who? (goals, perspectives)
Why do you trust?  Reduce costs – Economies of scale – Fewer tests – Simpler procedures  Benefit from the skills of another  Delegate and gain – Power – Focus  Hopefully, not because you have no choice – that's not trust, it's being dependent and at the mercy of ...  Need to balance risks and benefits – What are the threats?
Data Trustworthiness  Track the flow of data – Are appropriate validation checks made on all data paths?  Esp. flows that can contain data from anonymous sources  Run-time checks – Perl taint mode  Static analysis – Compiler-like analysis  Data dependence – Data channel properties – Dependence algebra
Gross Trust Management Failure  Trust web browser client to keep data safe  HTML forms: hidden input <input type=hidden ...>  Cookies  Because the server put the data there, programmer thinks the data is valid  Threat: users can easily view and change those values
Real-Life Example: dansie.net shopping cart  <FORM METHOD=POST ACTION="http://www.dansie.net/cgi- bin/scripts/cart.pl"> Black Leather purse with leather straps<BR>Price: $20.00<BR> <INPUT TYPE=HIDDEN NAME=name VALUE="Black leather purse"> <INPUT TYPE=HIDDEN NAME=price VALUE="20.00"> <INPUT TYPE=HIDDEN NAME=sh VALUE="1"> <INPUT TYPE=HIDDEN NAME=img VALUE="purse.jpg"> <INPUT TYPE=HIDDEN NAME=return VALUE="http://www.dansie.net/demo.html"> <INPUT TYPE=HIDDEN NAME=custom1 VALUE="Black leather purse with leather straps"> <INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart"> </FORM>  http://online.securityfocus.com/archive/1/55172  CVE-2000-0253
Hidden fields in shopping carts  http://www.iss.net/security_center/static/4621.php CAN-2000-0101: Make-a-Store CAN-2000-0102: SalesCart CAN-2000-0103: SmartCart CAN-2000-0104: Shoptron CAN-2000-0106: EasyCart CAN-2000-0108: Intellivend CAN-2000-0110: WebSiteTool CAN-2000-0123: Filemaker example CAN-2000-0134: Check It Out CAN-2000-0135: @Retail CAN-2000-0136: Cart32 CAN-2000-0137: CartIt CVE-2000-0253: dansie
Mini-Lab: Perl's taint mode  Start a script with: – #! /usr/bin/perl -Tw  -T switch turns on taint mode  To untaint data, it must go through a regular expression  Regular expression may do nothing (defeats the purpose) – $tainted =~ /(.*)/;  / / specifies a regular expression  () specifies a match – The $1 variable contains the first match  Example: $clean = $1;
Perl Taint Mode Mini-Lab  Here is a perl script that will safely run the "wc" (word count) command on any file whose 8.3 format name is passed to it as an argument:  #!/usr/bin/perl –wT  $ENV{PATH} = ""; # Try commenting out this line  foreach $file (@ARGV) {  print "Processing $file:n";  if ($file =~ m/(^w{1,8}.w{0,3}$) {  system("/usr/bin/wc $1");  } else {  print "non-conformant file name: %filen";  }  }
Perl Taint Mode Mini-Lab  Run the program and modify it to answer the following questions – perl –wT taint.pl filename.txt2 file2.txt  What happens 1. If you don't purge the PATH environment variable? 2. If you don't use a regular expression? 3. If you use system("/usr/bin/wc", $file)? 4. If the regular expression is changed to m/(.*)/?
Formal Trust and Policies  How to justify (validate/verify) trust  Company security policies should describe standards, specifications and procedures for securing assets – A formally trusted asset complies with all  Asset is used with minimal checking – Partial compliance means partial trust  Requires additional safeguards in any application or system making use of the asset – Trust is not binary (Yes/No)  Calculated risk
Question  An external contractor lets your company access a database but will not let you audit their procedures (auditing wasn't part of the contract). How does that affect the trust put into that database for your applications that use it? § a) Although we "trust" them to do a best effort at security, we design applications by assuming that their database could have been compromised § b) We trust their data, and if their database should get compromised we will sue them for damages § c) Since the contract specifies which procedures they were supposed to follow, we will mostly trust the database but include several basic "sanity checks"
Trick Question Answer  The correct answer depends on your company's security policies, security stance, and perhaps just the policies for that project (and its criticality). § a) Although we "trust" them to do a best effort at security, we design applications by assuming that their database could have been compromised § b) We trust their data, and if their database should get compromised we will sue them for damages § c) Since the contract specifies which procedures they were supposed to follow, we will mostly trust the database but include several basic "sanity checks"
Trust Types  Direct – You perform the validation yourself – No delegation  Transitive – Entities with the same standards and criteria trust the evaluation results of the others  A trusts B  B trusts C  A trusts C transitively through B  Assumptive (a.k.a. "spontaneous") – Trusting the results of an evaluation conducted with different standards, criteria or procedures
Example Assumptive Trust  A friend tells you that Brand Z's mint ice cream is great, so you buy some. – Your tastes are somewhat different but you trust the evaluation  Can you provide another example?
Example Assumptive Trust #2  PGP chain of trust – Signing another's key – What are the criteria and procedures? – You have to accept the signature or not, even if you require 8 pieces of ID, and someone else may sign just on someone's word  PGP key signing is not quite transitive trust Example adapted from Andert et al. (2002), Sun Blueprints Online
Foundations of Trust  Identification  Authentication  Accountability  Authorization  Availability
Trust Modeling  Who and what do you trust? – Trust binds a property or attribute (expected behavior) to an identifiable asset – Need authentication to assert identity – Need access control to provide just enough authority for desired capabilities
Trust Model  A trust model is expressed in relation to a threat model – How can you trust that the threats won't materialize?  Specify defense mechanisms – e.g., security functional requirements  Change design if necessary  Validate implementation  Cost/benefit analysis – Threats vs  Defense mechanisms  More expensive design options  More expensive assurance requirements and processes
Threat Modeling  Identify and enumerate threats – Data flow analysis  design  implementation correctness – Who could do what?  Insider threats are usually significant – Insiders are not necessarily your co-workers » e.g., anyone who can access your internal LAN...  Analyze possible costs of exploits  Danger: shape the threat model with what we know how to solve cheaply, instead of what the threats really are – Discussion: http://iang.org/ssl/wytm.html
Client-Server Paradigm  Offload tasks to the clients so that server load "scales" well  Which tasks can be entrusted to the clients?  Can you trust data from the clients? – Can you trust data that you stored on a client?  How did you store it? – Was it encrypted? – Was the encryption strong enough? – Was it tamper-proof?  Could it be replaced with data you gave another client? – What about data computed on a client?  Distributed computations?  Multiplayer games?
As a client, can you trust  JavaScript to run on your system?  ActiveX?  Java?  Can you trust servers to be fair and uncompromised?  Emails? When is an email considered code?  AIM messages?  How much storage can the server use on your machine (cookies, etc...)?  Am I running spyware, DRM or otherwise potentially user-hostile code?
The ActiveX Trust Model  ActiveX modules are very powerful but foreign pieces of code that run on your system  There are risks associated with the capabilities of the ActiveX model  Every ActiveX module poses threats  A cyptographic signature ties it to its source, so the accountability (through identification and authentication) provides assurance.  Do you trust the module's source? Quick, you are in the middle of something important...
Problems with Authenticode  Users are usually not competent to decide on the security of an ActiveX module – Users have been conditioned to click through the annoying meaningless stuff – XP SP2: No user interface, Active X controls are blocked  Unsigned ActiveX “controls” could also get executed (e.g., Chaos Computer Club demo)  You can make an ActiveX “control” that allows all other ActiveX controls to be executed silently  Anyone can obtain a signing key  Accountability (liability) unclear and may vary. What recourses do you have (typically none)?
JavaScript "Security"  Cross-domain security model: pages from one domain can’t access (and modify) pages from another domain – Often not implemented correctly (Opera 6 & 7, IE, Mozilla 1.0, 1.1, 1.3, 1.4, Netscape 6 &7) – Cross-domain security violated by other technologies and various loopholes  Signed scripts (Mozilla)  Hodgepodge of “hobbles” that still – Allowed a javascript to modify ActiveX security settings to accept all ActiveX controls without prompting – Allowed malicious plugins to be installed
Java Security Model  Code runs inside a virtual machine  Code properties are audited before execution – “Untrusted” applets have limited capabilities  e.g., network connections only to originating host – Network applets are untrusted by default – “Trusted” applets may do a lot  Limited by file access control list – Read and write permissions for given files – Signed applets can become “trusted” (here we go again :-)
Trusted Computing  Who trusts what? – Sounds like users can trust their computers (finally!) but...  Enables servers to trust clients  DRM (Digital Rights Management): – Allow content providers to trust your computer to manage IP appropriately – User loses control, can’t trust computer anymore – Client is trusted by server – Client doesn’t trust user – Hardware precedent: DVD players – Computers need to protect the software
Question  Can you trust code running in client web browsers to perform authentication (e.g., JavaScript, Active X)? § a) Yes, why do you ask? § b) Yes, my ActiveX control is signed so users can't modify it § c) No in most cases
Question  Can you trust code running in client web browsers to perform authentication (e.g., JavaScript, Active X)? § a) Yes, why do you ask? § How do you know your code is even running? § b) Yes, my ActiveX control is signed so users can't modify it § How do you know they are running your ActiveX control? § c) No in most cases § Unless you have assurances that an unmodified browser is running your unmodified code and ... (trusted computing has happened)
How To Build a Threat Model  Identify all the assets – Which aspect of Confidentiality, Integrity and Availability (CIA) is valuable about them?  Identify the threats and attackers – Not just in-the-wild threats  Identify solutions, architectures or technologies that allow you to bind a trust property to the asset, even in presence of the threat  Identify threats to the solutions (sub-threats) and repeat  Who should do it? – Architects and Managers
Example: Browser Threats  You want to enable users to trust urls displayed by the browser  However, urls can be obfuscated (threat) – See http://n3dst4.com/network/obfus  What could you do to help users, if you were designing a web browser?  Additional references – "Threat Modeling", Swiderski and Snyder (Microsoft Press) – NIST special publication 800-30 on risk management:  http://csrc.nist.gov/publications/nistpubs/800-30/sp800- 30.pdf
Exercise: Build a Threat Model  Point your browsers to the "browser threat model": – http://iang.org/ssl/browser_threat_model.html  Form teams of 2 or 3 – Each team will take ownership of one (each different) threat and perform trust modeling on it, assuming the scenario where a Symantec user needs to access resources on the Symantec web site  After 20 minutes, each team will report on its trust modeling effort, for no more than 5 minutes – What security requirements (functional, assurance) applied on what would make you trust the site in general? – What about the Symantec store?
Trust Verification and Limitation  Authentication  Access controls  Process privileges
Authentication  Trust is specific to a user, asset, protocol, applet or group thereof, so identity must be verified  Principle of Separation of Privileges – Two- or three-factor authentication – Problem: proving link between token and person  Cryptographic hashes – Identity of code – Verify version numbers  Trusted Computing – How can you trust remote identity?  Use trusted hardware – Can't hardware be hacked? » Yes, but it can be made difficult
Goal of Access Controls  Limit a user or asset to capabilities that match the trust model and policies  Provide guarantees about the transfer of capabilities and the properties of assets  Tradeoff of flexibility vs complexity and administration costs  Multiple simultaneous mechanisms are possible
Access Control Types  All or none (access to system is complete or nil)  Discretionary a.k.a. Identity-based – Object owner can decide access by others  Mandatory, a.k.a. rule-based – Owner can't change or control access by others  Originator-controlled – Current owner can't change access, but creator can  Role-based – Role is a template applied to a user's privileges  Policy engines – Real-time interpretation of policies
Access Control Management  Access control lists  Access control matrix  Central server and distributed services – Kerberos – Session ID valid over several related web sites, or services
Windows Tokens Contain:  SID – Used for access control lists  Read, write, etc... affecting specific objects  e.g., run as administrator to access the registry remotely  Privileges – System-wide  e.g., backup and restore – Don't need to run as administrator or other
Examples of Windows Process Privileges  Backup and restore privileges – SeBackupPrivilege – SeRestorePrivilege – Note that they override normal file access!  Act as part of the operating system (SeTcbPrivilege)  Debug programs (SeDebugPrivilege)  Replace a process level token  Load and unload device drivers  Take ownership of files and other objects Source: Howard and Leblanc 2003
UNIX Process Permissions  Permissions are determined based on ID  UserIDs in UNIX – Real – Effective – Saved  Group IDs – Real – Effective – Saved  Various functions to change them  Setuid and setgid programs set the effective IDs to the owner or group of the program
Changing IDs in UNIX  setuid, setreuid, etc...  The effective userid and groupid are used for ACLs  Root (super-user) has special capabilities  Normally: – The real user ID can be set to  the effective user ID – The effective user ID can either be set to  the saved user ID  the real user ID  If the effective userid is root: – The real user ID and the effective user ID can be set to any legal value
Windows Exercise (or, What Not To Do)  Suppose service S1 is started with the default “Log On As” of “Local System”. S1 accepts HTTP connections and authenticates normal Windows users. Once authenticated, it then impersonates the user (which means it gets a different, lower privilege token, not a System token) to mediate access to documents on the filesystem. If the service encounters an executable, it runs the executable by calling CreateProcess(). What is the problem?  Hint: The executable will be run with which token?
UNIX Exercise  Suppose that UNIX user Alice starts program P1 which execs program P2. P1 does not have setuid or setguid bits set. User Bob owns P2 which has the setuid bit set. – What are the real user id (RUID), effective user id (EUID), and saved user id (SUID) of P1 and P2? Make a table. – What changes can program P2 make to the RUID and EUID? – If root owns P2, what changes can be made to the RUID and EUID? – Explain why the designers of program P2 might use system calls to change the user id. – What happens if P2 creates a file, closes it, then attempts to open the file?  Do "man setuid" for hints Credit: exercise adapted from a Stanford University CS155 homework
Questions or Comments? §
About These Slides  You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions. – You must give the original author and other contributors credit – The work will be used for personal or non-commercial educational uses only, and not for commercial activities and purposes – For any reuse or distribution, you must make clear to others the terms of use for this work – Derivative works must retain and be subject to the same conditions, and contain a note identifying the new contributor(s) and date of modification – For other uses please contact the Purdue Office of Technology Commercialization.  Developed thanks to the support of Symantec Corporation
Pascal Meunier pmeunier@purdue.edu Contributors: Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera

Recomendados

apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays
 
Proc mate for manufacturing
Proc mate for manufacturingProc mate for manufacturing
Proc mate for manufacturingCompusoft
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
 
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...apidays
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesPrabath Siriwardena
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trustCoforge (Erstwhile WHISHWORKS)
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
 

Recomendados

apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays LIVE New York 2021 - Securing access to high performing API in a regu...
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays
 
Proc mate for manufacturing
Proc mate for manufacturingProc mate for manufacturing
Proc mate for manufacturingCompusoft
 
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
 
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...apidays
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesPrabath Siriwardena
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trustCoforge (Erstwhile WHISHWORKS)
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
 
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.ForgeRock
 
eBMS Business Management Systems
eBMS Business Management SystemseBMS Business Management Systems
eBMS Business Management SystemsAggie Baranda
 
Identity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel RaskinIdentity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel RaskinForgeRock
 
Oracle Blockchain Cloud Service
Oracle Blockchain Cloud ServiceOracle Blockchain Cloud Service
Oracle Blockchain Cloud ServiceDenis Kolupaev
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...dsapps
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingForgeRock
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerWSO2
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...ForgeRock
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
ForgeRock Open Identity Stack Summit - Kick-off by Mike Ellis
ForgeRock Open Identity Stack Summit - Kick-off by Mike EllisForgeRock Open Identity Stack Summit - Kick-off by Mike Ellis
ForgeRock Open Identity Stack Summit - Kick-off by Mike EllisForgeRock
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationForgeRock
 
Identity Live Sydney 2017 - Ian Sorbello
Identity Live Sydney 2017 - Ian SorbelloIdentity Live Sydney 2017 - Ian Sorbello
Identity Live Sydney 2017 - Ian SorbelloForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practicesphanleson
 
Rmi
RmiRmi
Rmiphanleson
 

Más contenido relacionado

La actualidad más candente

T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.ForgeRock
 
eBMS Business Management Systems
eBMS Business Management SystemseBMS Business Management Systems
eBMS Business Management SystemsAggie Baranda
 
Identity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel RaskinIdentity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel RaskinForgeRock
 
Oracle Blockchain Cloud Service
Oracle Blockchain Cloud ServiceOracle Blockchain Cloud Service
Oracle Blockchain Cloud ServiceDenis Kolupaev
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...dsapps
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingForgeRock
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerWSO2
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...ForgeRock
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
ForgeRock Open Identity Stack Summit - Kick-off by Mike Ellis
ForgeRock Open Identity Stack Summit - Kick-off by Mike EllisForgeRock Open Identity Stack Summit - Kick-off by Mike Ellis
ForgeRock Open Identity Stack Summit - Kick-off by Mike EllisForgeRock
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationForgeRock
 
Identity Live Sydney 2017 - Ian Sorbello
Identity Live Sydney 2017 - Ian SorbelloIdentity Live Sydney 2017 - Ian Sorbello
Identity Live Sydney 2017 - Ian SorbelloForgeRock
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA
 

La actualidad más candente (20)

T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
 
eBMS Business Management Systems
eBMS Business Management SystemseBMS Business Management Systems
eBMS Business Management Systems
 
Identity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel RaskinIdentity Live Sydney 2017 - Daniel Raskin
Identity Live Sydney 2017 - Daniel Raskin
 
Oracle Blockchain Cloud Service
Oracle Blockchain Cloud ServiceOracle Blockchain Cloud Service
Oracle Blockchain Cloud Service
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael Dowling
 
Securing Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity ServerSecuring Access to SaaS Apps with WSO2 Identity Server
Securing Access to SaaS Apps with WSO2 Identity Server
 
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
GDPR is coming in Hot. Top Burning Questions Answered to Help You Keep Your C...
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive Security
 
ForgeRock Open Identity Stack Summit - Kick-off by Mike Ellis
ForgeRock Open Identity Stack Summit - Kick-off by Mike EllisForgeRock Open Identity Stack Summit - Kick-off by Mike Ellis
ForgeRock Open Identity Stack Summit - Kick-off by Mike Ellis
 
McKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & AutomationMcKesson Case Study: Pharmacy Systems & Automation
McKesson Case Study: Pharmacy Systems & Automation
 
Identity Live Sydney 2017 - Ian Sorbello
Identity Live Sydney 2017 - Ian SorbelloIdentity Live Sydney 2017 - Ian Sorbello
Identity Live Sydney 2017 - Ian Sorbello
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of Things
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
 

Destacado

Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practicesphanleson
 
30 5 Database Jdbc
30 5 Database Jdbc30 5 Database Jdbc
30 5 Database Jdbcphanleson
 
2.Public Vulnerability Databases
2.Public Vulnerability Databases2.Public Vulnerability Databases
2.Public Vulnerability Databasesphanleson
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfsphanleson
 
7.Canon & Dt
7.Canon & Dt7.Canon & Dt
7.Canon & Dtphanleson
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
IT Best Practices IT Security Assessments 2010
IT Best Practices IT Security Assessments 2010IT Best Practices IT Security Assessments 2010
IT Best Practices IT Security Assessments 2010Donald E. Hester
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesClint Edmonson
 
Best Practices In Corporate Privacy &amp; Information Security
Best Practices In Corporate Privacy &amp; Information SecurityBest Practices In Corporate Privacy &amp; Information Security
Best Practices In Corporate Privacy &amp; Information Securitysatyakam_biswas
 
Best Practices: Data Admin & Data Management
Best Practices: Data Admin & Data ManagementBest Practices: Data Admin & Data Management
Best Practices: Data Admin & Data ManagementEmpowered Holdings, LLC
 
Science Gateways: one portal, many e-Infrastructures and related services
Science Gateways: one portal, many e-Infrastructures and related servicesScience Gateways: one portal, many e-Infrastructures and related services
Science Gateways: one portal, many e-Infrastructures and related servicesriround
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the WorkplaceJohn Macasio
 
GCIO Competency Model
GCIO Competency ModelGCIO Competency Model
GCIO Competency ModelJohn Macasio
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 

Destacado (20)

Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
Rmi
RmiRmi
Rmi
 
30 5 Database Jdbc
30 5 Database Jdbc30 5 Database Jdbc
30 5 Database Jdbc
 
2.Public Vulnerability Databases
2.Public Vulnerability Databases2.Public Vulnerability Databases
2.Public Vulnerability Databases
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfs
 
7.Canon & Dt
7.Canon & Dt7.Canon & Dt
7.Canon & Dt
 
Jdbc
JdbcJdbc
Jdbc
 
Thread
ThreadThread
Thread
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Information security
Information securityInformation security
Information security
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular users
 
IT Best Practices IT Security Assessments 2010
IT Best Practices IT Security Assessments 2010IT Best Practices IT Security Assessments 2010
IT Best Practices IT Security Assessments 2010
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Best Practices In Corporate Privacy &amp; Information Security
Best Practices In Corporate Privacy &amp; Information SecurityBest Practices In Corporate Privacy &amp; Information Security
Best Practices In Corporate Privacy &amp; Information Security
 
Best Practices: Data Admin & Data Management
Best Practices: Data Admin & Data ManagementBest Practices: Data Admin & Data Management
Best Practices: Data Admin & Data Management
 
Science Gateways: one portal, many e-Infrastructures and related services
Science Gateways: one portal, many e-Infrastructures and related servicesScience Gateways: one portal, many e-Infrastructures and related services
Science Gateways: one portal, many e-Infrastructures and related services
 
Information Security at the Workplace
Information Security at the WorkplaceInformation Security at the Workplace
Information Security at the Workplace
 
GCIO Competency Model
GCIO Competency ModelGCIO Competency Model
GCIO Competency Model
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 

Similar a 7.Trust Management

Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalManoj Agarwal
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disneykamensm02
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdfRamya Nellutla
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
STRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingSTRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingMohammad Febri
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scaleOWASP
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamenskamensm02
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 
Cyber review-guide
Cyber review-guideCyber review-guide
Cyber review-guideaqazad
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
 
Securing The Cloud
Securing The CloudSecuring The Cloud
Securing The Cloudgeorge.james
 
Developing Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksDeveloping Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksPayPalX Developer Network
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patchingphanleson
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfBabyBoy55
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...QA or the Highway
 
It For Dummies Kamens 081107
It For Dummies Kamens 081107It For Dummies Kamens 081107
It For Dummies Kamens 081107kamensm02
 

Similar a 7.Trust Management (20)

Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 Final
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
STRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingSTRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat Modelling
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
Cyber review-guide
Cyber review-guideCyber review-guide
Cyber review-guide
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
Securing The Cloud
Securing The CloudSecuring The Cloud
Securing The Cloud
 
Developing Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common AttacksDeveloping Secure Applications and Defending Against Common Attacks
Developing Secure Applications and Defending Against Common Attacks
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patching
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
 
It For Dummies Kamens 081107
It For Dummies Kamens 081107It For Dummies Kamens 081107
It For Dummies Kamens 081107
 
Skillmine-InfoSecurity-VAPT-V.2.
Skillmine-InfoSecurity-VAPT-V.2.Skillmine-InfoSecurity-VAPT-V.2.
Skillmine-InfoSecurity-VAPT-V.2.
 

Más de phanleson

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hackingphanleson
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocolsphanleson
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacksphanleson
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designphanleson
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operationsphanleson
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBasephanleson
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibphanleson
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streamingphanleson
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLphanleson
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Clusterphanleson
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programmingphanleson
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Dataphanleson
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairsphanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagiaphanleson
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLphanleson
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Webphanleson
 

Más de phanleson (20)

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocols
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacks
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table design
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operations
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBase
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlib
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streaming
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQL
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Cluster
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programming
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Data
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairs
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XML
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Web
 

Último

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Último (20)

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

7.Trust Management

  • 1. Course 1: Overview of Secure Programming, Section 7 Pascal Meunier, Ph.D., M.Sc., CISSP May 2004; updated August 12, 2004 Developed thanks to support and contributions from Symantec Corporation, support from the NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise Center Copyright (2004) Purdue Research Foundation. All rights reserved.
  • 2. Course 1 Learning Plan  Security overview and patching  Public vulnerability databases and resources  Secure software engineering  Security assessment and testing  Shell and environment  Resource management  Trust management
  • 3. Learning objectives  Be able to identify trust relationships and make them explicit  Understand how to analyze and validate trust  Understand how trust relationships can be exploited  Understand the role of authentication, access controls and policies in trust management  Understand attacks on trust
  • 4. Trust Management: Outline  Trust basis  Trust analysis and validation – Data trustworthiness and flow analysis – Formal trust and policies – Trust modeling – Architecture: client-server paradigm – Trusted computing  Trust verification and limitation – Authentication – Access control – Process privileges
  • 5. Basis for Trust  Who and what do you trust?  Does trust imply that you’re taking a risk? – What is at stake?  Are there assurances that something can be trusted? – Why do you trust?  What tools and techniques can be used to produce or evaluate those assurances? – Can you justify (verify/validate) trust?  What is trusted computing? – Who doesn't trust who? (goals, perspectives)
  • 6. Why do you trust?  Reduce costs – Economies of scale – Fewer tests – Simpler procedures  Benefit from the skills of another  Delegate and gain – Power – Focus  Hopefully, not because you have no choice – that's not trust, it's being dependent and at the mercy of ...  Need to balance risks and benefits – What are the threats?
  • 7. Data Trustworthiness  Track the flow of data – Are appropriate validation checks made on all data paths?  Esp. flows that can contain data from anonymous sources  Run-time checks – Perl taint mode  Static analysis – Compiler-like analysis  Data dependence – Data channel properties – Dependence algebra
  • 8. Gross Trust Management Failure  Trust web browser client to keep data safe  HTML forms: hidden input <input type=hidden ...>  Cookies  Because the server put the data there, programmer thinks the data is valid  Threat: users can easily view and change those values
  • 9. Real-Life Example: dansie.net shopping cart  <FORM METHOD=POST ACTION="http://www.dansie.net/cgi- bin/scripts/cart.pl"> Black Leather purse with leather straps<BR>Price: $20.00<BR> <INPUT TYPE=HIDDEN NAME=name VALUE="Black leather purse"> <INPUT TYPE=HIDDEN NAME=price VALUE="20.00"> <INPUT TYPE=HIDDEN NAME=sh VALUE="1"> <INPUT TYPE=HIDDEN NAME=img VALUE="purse.jpg"> <INPUT TYPE=HIDDEN NAME=return VALUE="http://www.dansie.net/demo.html"> <INPUT TYPE=HIDDEN NAME=custom1 VALUE="Black leather purse with leather straps"> <INPUT TYPE=SUBMIT NAME="add" VALUE="Put in Shopping Cart"> </FORM>  http://online.securityfocus.com/archive/1/55172  CVE-2000-0253
  • 10. Hidden fields in shopping carts  http://www.iss.net/security_center/static/4621.php CAN-2000-0101: Make-a-Store CAN-2000-0102: SalesCart CAN-2000-0103: SmartCart CAN-2000-0104: Shoptron CAN-2000-0106: EasyCart CAN-2000-0108: Intellivend CAN-2000-0110: WebSiteTool CAN-2000-0123: Filemaker example CAN-2000-0134: Check It Out CAN-2000-0135: @Retail CAN-2000-0136: Cart32 CAN-2000-0137: CartIt CVE-2000-0253: dansie
  • 11. Mini-Lab: Perl's taint mode  Start a script with: – #! /usr/bin/perl -Tw  -T switch turns on taint mode  To untaint data, it must go through a regular expression  Regular expression may do nothing (defeats the purpose) – $tainted =~ /(.*)/;  / / specifies a regular expression  () specifies a match – The $1 variable contains the first match  Example: $clean = $1;
  • 12. Perl Taint Mode Mini-Lab  Here is a perl script that will safely run the "wc" (word count) command on any file whose 8.3 format name is passed to it as an argument:  #!/usr/bin/perl –wT  $ENV{PATH} = ""; # Try commenting out this line  foreach $file (@ARGV) {  print "Processing $file:n";  if ($file =~ m/(^w{1,8}.w{0,3}$) {  system("/usr/bin/wc $1");  } else {  print "non-conformant file name: %filen";  }  }
  • 13. Perl Taint Mode Mini-Lab  Run the program and modify it to answer the following questions – perl –wT taint.pl filename.txt2 file2.txt  What happens 1. If you don't purge the PATH environment variable? 2. If you don't use a regular expression? 3. If you use system("/usr/bin/wc", $file)? 4. If the regular expression is changed to m/(.*)/?
  • 14. Formal Trust and Policies  How to justify (validate/verify) trust  Company security policies should describe standards, specifications and procedures for securing assets – A formally trusted asset complies with all  Asset is used with minimal checking – Partial compliance means partial trust  Requires additional safeguards in any application or system making use of the asset – Trust is not binary (Yes/No)  Calculated risk
  • 15. Question  An external contractor lets your company access a database but will not let you audit their procedures (auditing wasn't part of the contract). How does that affect the trust put into that database for your applications that use it? § a) Although we "trust" them to do a best effort at security, we design applications by assuming that their database could have been compromised § b) We trust their data, and if their database should get compromised we will sue them for damages § c) Since the contract specifies which procedures they were supposed to follow, we will mostly trust the database but include several basic "sanity checks"
  • 16. Trick Question Answer  The correct answer depends on your company's security policies, security stance, and perhaps just the policies for that project (and its criticality). § a) Although we "trust" them to do a best effort at security, we design applications by assuming that their database could have been compromised § b) We trust their data, and if their database should get compromised we will sue them for damages § c) Since the contract specifies which procedures they were supposed to follow, we will mostly trust the database but include several basic "sanity checks"
  • 17. Trust Types  Direct – You perform the validation yourself – No delegation  Transitive – Entities with the same standards and criteria trust the evaluation results of the others  A trusts B  B trusts C  A trusts C transitively through B  Assumptive (a.k.a. "spontaneous") – Trusting the results of an evaluation conducted with different standards, criteria or procedures
  • 18. Example Assumptive Trust  A friend tells you that Brand Z's mint ice cream is great, so you buy some. – Your tastes are somewhat different but you trust the evaluation  Can you provide another example?
  • 19. Example Assumptive Trust #2  PGP chain of trust – Signing another's key – What are the criteria and procedures? – You have to accept the signature or not, even if you require 8 pieces of ID, and someone else may sign just on someone's word  PGP key signing is not quite transitive trust Example adapted from Andert et al. (2002), Sun Blueprints Online
  • 20. Foundations of Trust  Identification  Authentication  Accountability  Authorization  Availability
  • 21. Trust Modeling  Who and what do you trust? – Trust binds a property or attribute (expected behavior) to an identifiable asset – Need authentication to assert identity – Need access control to provide just enough authority for desired capabilities
  • 22. Trust Model  A trust model is expressed in relation to a threat model – How can you trust that the threats won't materialize?  Specify defense mechanisms – e.g., security functional requirements  Change design if necessary  Validate implementation  Cost/benefit analysis – Threats vs  Defense mechanisms  More expensive design options  More expensive assurance requirements and processes
  • 23. Threat Modeling  Identify and enumerate threats – Data flow analysis  design  implementation correctness – Who could do what?  Insider threats are usually significant – Insiders are not necessarily your co-workers » e.g., anyone who can access your internal LAN...  Analyze possible costs of exploits  Danger: shape the threat model with what we know how to solve cheaply, instead of what the threats really are – Discussion: http://iang.org/ssl/wytm.html
  • 24. Client-Server Paradigm  Offload tasks to the clients so that server load "scales" well  Which tasks can be entrusted to the clients?  Can you trust data from the clients? – Can you trust data that you stored on a client?  How did you store it? – Was it encrypted? – Was the encryption strong enough? – Was it tamper-proof?  Could it be replaced with data you gave another client? – What about data computed on a client?  Distributed computations?  Multiplayer games?
  • 25. As a client, can you trust  JavaScript to run on your system?  ActiveX?  Java?  Can you trust servers to be fair and uncompromised?  Emails? When is an email considered code?  AIM messages?  How much storage can the server use on your machine (cookies, etc...)?  Am I running spyware, DRM or otherwise potentially user-hostile code?
  • 26. The ActiveX Trust Model  ActiveX modules are very powerful but foreign pieces of code that run on your system  There are risks associated with the capabilities of the ActiveX model  Every ActiveX module poses threats  A cyptographic signature ties it to its source, so the accountability (through identification and authentication) provides assurance.  Do you trust the module's source? Quick, you are in the middle of something important...
  • 27. Problems with Authenticode  Users are usually not competent to decide on the security of an ActiveX module – Users have been conditioned to click through the annoying meaningless stuff – XP SP2: No user interface, Active X controls are blocked  Unsigned ActiveX “controls” could also get executed (e.g., Chaos Computer Club demo)  You can make an ActiveX “control” that allows all other ActiveX controls to be executed silently  Anyone can obtain a signing key  Accountability (liability) unclear and may vary. What recourses do you have (typically none)?
  • 28. JavaScript "Security"  Cross-domain security model: pages from one domain can’t access (and modify) pages from another domain – Often not implemented correctly (Opera 6 & 7, IE, Mozilla 1.0, 1.1, 1.3, 1.4, Netscape 6 &7) – Cross-domain security violated by other technologies and various loopholes  Signed scripts (Mozilla)  Hodgepodge of “hobbles” that still – Allowed a javascript to modify ActiveX security settings to accept all ActiveX controls without prompting – Allowed malicious plugins to be installed
  • 29. Java Security Model  Code runs inside a virtual machine  Code properties are audited before execution – “Untrusted” applets have limited capabilities  e.g., network connections only to originating host – Network applets are untrusted by default – “Trusted” applets may do a lot  Limited by file access control list – Read and write permissions for given files – Signed applets can become “trusted” (here we go again :-)
  • 30. Trusted Computing  Who trusts what? – Sounds like users can trust their computers (finally!) but...  Enables servers to trust clients  DRM (Digital Rights Management): – Allow content providers to trust your computer to manage IP appropriately – User loses control, can’t trust computer anymore – Client is trusted by server – Client doesn’t trust user – Hardware precedent: DVD players – Computers need to protect the software
  • 31. Question  Can you trust code running in client web browsers to perform authentication (e.g., JavaScript, Active X)? § a) Yes, why do you ask? § b) Yes, my ActiveX control is signed so users can't modify it § c) No in most cases
  • 32. Question  Can you trust code running in client web browsers to perform authentication (e.g., JavaScript, Active X)? § a) Yes, why do you ask? § How do you know your code is even running? § b) Yes, my ActiveX control is signed so users can't modify it § How do you know they are running your ActiveX control? § c) No in most cases § Unless you have assurances that an unmodified browser is running your unmodified code and ... (trusted computing has happened)
  • 33. How To Build a Threat Model  Identify all the assets – Which aspect of Confidentiality, Integrity and Availability (CIA) is valuable about them?  Identify the threats and attackers – Not just in-the-wild threats  Identify solutions, architectures or technologies that allow you to bind a trust property to the asset, even in presence of the threat  Identify threats to the solutions (sub-threats) and repeat  Who should do it? – Architects and Managers
  • 34. Example: Browser Threats  You want to enable users to trust urls displayed by the browser  However, urls can be obfuscated (threat) – See http://n3dst4.com/network/obfus  What could you do to help users, if you were designing a web browser?  Additional references – "Threat Modeling", Swiderski and Snyder (Microsoft Press) – NIST special publication 800-30 on risk management:  http://csrc.nist.gov/publications/nistpubs/800-30/sp800- 30.pdf
  • 35. Exercise: Build a Threat Model  Point your browsers to the "browser threat model": – http://iang.org/ssl/browser_threat_model.html  Form teams of 2 or 3 – Each team will take ownership of one (each different) threat and perform trust modeling on it, assuming the scenario where a Symantec user needs to access resources on the Symantec web site  After 20 minutes, each team will report on its trust modeling effort, for no more than 5 minutes – What security requirements (functional, assurance) applied on what would make you trust the site in general? – What about the Symantec store?
  • 36. Trust Verification and Limitation  Authentication  Access controls  Process privileges
  • 37. Authentication  Trust is specific to a user, asset, protocol, applet or group thereof, so identity must be verified  Principle of Separation of Privileges – Two- or three-factor authentication – Problem: proving link between token and person  Cryptographic hashes – Identity of code – Verify version numbers  Trusted Computing – How can you trust remote identity?  Use trusted hardware – Can't hardware be hacked? » Yes, but it can be made difficult
  • 38. Goal of Access Controls  Limit a user or asset to capabilities that match the trust model and policies  Provide guarantees about the transfer of capabilities and the properties of assets  Tradeoff of flexibility vs complexity and administration costs  Multiple simultaneous mechanisms are possible
  • 39. Access Control Types  All or none (access to system is complete or nil)  Discretionary a.k.a. Identity-based – Object owner can decide access by others  Mandatory, a.k.a. rule-based – Owner can't change or control access by others  Originator-controlled – Current owner can't change access, but creator can  Role-based – Role is a template applied to a user's privileges  Policy engines – Real-time interpretation of policies
  • 40. Access Control Management  Access control lists  Access control matrix  Central server and distributed services – Kerberos – Session ID valid over several related web sites, or services
  • 41. Windows Tokens Contain:  SID – Used for access control lists  Read, write, etc... affecting specific objects  e.g., run as administrator to access the registry remotely  Privileges – System-wide  e.g., backup and restore – Don't need to run as administrator or other
  • 42. Examples of Windows Process Privileges  Backup and restore privileges – SeBackupPrivilege – SeRestorePrivilege – Note that they override normal file access!  Act as part of the operating system (SeTcbPrivilege)  Debug programs (SeDebugPrivilege)  Replace a process level token  Load and unload device drivers  Take ownership of files and other objects Source: Howard and Leblanc 2003
  • 43. UNIX Process Permissions  Permissions are determined based on ID  UserIDs in UNIX – Real – Effective – Saved  Group IDs – Real – Effective – Saved  Various functions to change them  Setuid and setgid programs set the effective IDs to the owner or group of the program
  • 44. Changing IDs in UNIX  setuid, setreuid, etc...  The effective userid and groupid are used for ACLs  Root (super-user) has special capabilities  Normally: – The real user ID can be set to  the effective user ID – The effective user ID can either be set to  the saved user ID  the real user ID  If the effective userid is root: – The real user ID and the effective user ID can be set to any legal value
  • 45. Windows Exercise (or, What Not To Do)  Suppose service S1 is started with the default “Log On As” of “Local System”. S1 accepts HTTP connections and authenticates normal Windows users. Once authenticated, it then impersonates the user (which means it gets a different, lower privilege token, not a System token) to mediate access to documents on the filesystem. If the service encounters an executable, it runs the executable by calling CreateProcess(). What is the problem?  Hint: The executable will be run with which token?
  • 46. UNIX Exercise  Suppose that UNIX user Alice starts program P1 which execs program P2. P1 does not have setuid or setguid bits set. User Bob owns P2 which has the setuid bit set. – What are the real user id (RUID), effective user id (EUID), and saved user id (SUID) of P1 and P2? Make a table. – What changes can program P2 make to the RUID and EUID? – If root owns P2, what changes can be made to the RUID and EUID? – Explain why the designers of program P2 might use system calls to change the user id. – What happens if P2 creates a file, closes it, then attempts to open the file?  Do "man setuid" for hints Credit: exercise adapted from a Stanford University CS155 homework
  • 48. About These Slides  You are free to copy, distribute, display, and perform the work; and to make derivative works, under the following conditions. – You must give the original author and other contributors credit – The work will be used for personal or non-commercial educational uses only, and not for commercial activities and purposes – For any reuse or distribution, you must make clear to others the terms of use for this work – Derivative works must retain and be subject to the same conditions, and contain a note identifying the new contributor(s) and date of modification – For other uses please contact the Purdue Office of Technology Commercialization.  Developed thanks to the support of Symantec Corporation
  • 49. Pascal Meunier pmeunier@purdue.edu Contributors: Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera