Upload
brice-black
View
213
Download
0
Embed Size (px)
Citation preview
Class 6Distributed Systems
CIS 755: Advanced Computer SecuritySpring 2015
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S15/
Administrative stuff
• New teleconference information• Monday office hours moving to 2:30 (will be
2:30 – 4) starting March 23rd
– Except no office hours on March 23rd :(
• Exam I– Thoughts?–Post-mortem
• Quiz next week
Distributed Systems: Definition
• “A system of multiple communicating entities performing a coordinated function”
• “A system where a computer that you’ve never heard of, located somewhere you’ve never been, can cause your computer to stop functioning correctly”
–Humorous paraphrase of Lamport
Distributed Systems: Why?
• Increased robustness (maybe)– Eliminating single point of failure
• Resource sharing–e.g. Beocat–e.g. a mobile device and a server
• Improved scalability (maybe)–e.g. Beocat
Distributed Systems: Security
• Eliminating a single point of failure–Denial of service protection (robustness)
• Eliminating a single point of trust–What if your boss is malicious?
• If we want to reap benefits of distributed system designs, we have to take care of the “maybes” in previous slides
• How?
Distributed Systems: Privacy
• Local system – local information• Distributed system – more access to
potentially private information• Privacy vs. authentication• Sometimes privacy is not a security
requirement, sometimes it is• Are there other potential security
requirements related to privacy?
My voice is my passport; authorize me!
• User A says:– I want access to resource R–Kerberos server, authenticate me!
• R does not know if A has rights to access R• Kerberos server:–Checks if A is who she says she is–Checks if A is authorized for access to R
• R trusts Kerberos server but not A
Authentication → capability → access
• Kerberos server issues a “token” T to A– T is tied to A– T expires– T cannot be generated by anyone other than
Kerberos server (cannot be forged)
• T tells resource R that:– T was issued by the Kerberos server–A has the right to access R for a limited time
Physical security
• Why use physical security?–Do Kerckhoffs’ principle and/or Shannon’s
maxim apply?
• Tamper evidence• Tamper resistance• Properties? Differences?• Assumptions? Trade-offs?• Real-world examples
Exercise
Design and sketch an implementation of an expiring capability
(similar to a Kerberos token)in terms of what we have learned so far
Questions?
Reading discussion