Chapter 8.ppt

ACLs vs Capabilities Alice r --r Bob w r --- Fred rw r r Access Control List file1 file2 file3 Alice r w rw file1 Bob --r r file2 Fred r --r file3 Capability • Note that arrows point in opposite directions… • With ACLs, still need to associate users to files 1 Confused Deputy • Two resources  Access control matrix • Compiler and BILL file Compiler (billing info) • Compiler can write file BILL • Alice can invoke compiler with a debug filename • Alice not allowed to write to BILL Alice Compiler BILL x --- rx rw 2 ACL’s and Confused Deputy debug BIL filename BILL L Compiler Alice BILL • Compiler is deputy acting on behalf of Alice • Compiler is confused • Alice is not allowed to write BILL • Compiler has confused its rights with Alice’s 3 Confused Deputy • Compiler acting for Alice is confused • There has been a separation of authority from the purpose for which it is used • With ACLs, difficult to avoid this problem • With Capabilities, easier to prevent problem • Must maintain association between authority and intended purpose • Capabilities make it easy to delegate authority 4 ACLs vs Capabilities • ACLs • Good when users manage their own files • Protection is data-oriented • Easy to change rights to a resource • Capabilities • Easy to delegate---avoid the confused deputy • Easy to add/delete users • More difficult to implement • Capabilities loved by academics • Capability Myths Demolished 5 CAPTCHA • CAPTCHA • Completely Automated Public Turing test to tell Computers and Humans Apart • Automated  test is generated and scored by a computer program • Public  program and data are public • Turing test to tell…  humans can pass the test, but machines cannot pass • Also known as HIP == Human Interactive Proof • Like an inverse Turing test (well, sort of…) 6 CAPTCHA Paradox? • “…CAPTCHA is a program that can generate and grade tests that it itself cannot pass…” • Paradox  computer creates and scores test that it cannot pass! • CAPTCHA used so that only humans can get access (i.e., no bots/computers) • CAPTCHA is for access control 7 CAPTCHA Uses? • Original motivation: automated bots stuffed ballot box in vote for best CS grad school • SJSU vs Stanford? • Free email services  spammers like to use bots to sign up for 1000’s of email accounts • CAPTCHA employed so only humans get accounts • Sites that do not want to be automatically indexed by search engines • CAPTCHA would force human intervention 8 CAPTCHA: Rules of the Game • Easy for most humans to pass • Difficult or impossible for machines to pass • Even with access to CAPTCHA software • From Trudy’s perspective, the only unknown is a random number • Analogous to Kerckhoffs’ Principle • Desirable to have different CAPTCHAs in case some person cannot pass one type • Blind person could not pass visual test, etc. 9 Do CAPTCHAs Exist? • Test: Find 2 words in the following  Easy for most humans  A (difficult?) OCR problem for computer o OCR == Optical Character Recognition 10 CAPTCHAs • Current types of CAPTCHAs • Visual like previous example • Audio  distorted words or music • No text-based CAPTCHAs • Maybe this is impossible… 11 CAPTCHA’s and AI • OCR is a challenging AI problem • Hard part is the segmentation problem • Humans good at solving this problem • Distorted sound makes good CAPTCHA • Humans also good at solving this • Hackers who break CAPTCHA have solved a hard AI problem • So, putting hacker’s effort to good use! • Other ways to defeat CAPTCHAs??? 12 Firewalls Internet Firewall Internal network • Firewall decides what to let in to internal network and/or what to let out • Access control for the network 13 Firewall as Secretary • A firewall is like a secretary • To meet with an executive • First contact the secretary • Secretary decides if meeting is important • So, secretary filters out many requests • You want to meet chair of CS department? • Secretary does some filtering • You want to meet the POTUS? • Secretary does lots of filtering 14 Firewall Terminology • No standard firewall terminology • Types of firewalls • Packet filter works at network layer • Stateful packet filter transport layer • Application proxy application layer • Other terms often used • E.g., “deep packet inspection” 15 Packet Filter • Operates at network layer • Can filters based on… application • Source IP address • Destination IP address transport • Source Port • Destination Port network • Flag bits (SYN, ACK, etc.) • Egress or ingress link physical 16 Packet Filter • Advantages? • Speed • Disadvantages? application transport • No concept of state • Cannot see TCP connections • Blind to application data network link physical 17 Packet Filter • Configured via Access Control Lists (ACLs) • Different meaning than at start of Chapter 8 Action Source IP Dest IP Source Port Dest Port Protocol Flag Bits Allow Inside Outside Any 80 HTTP Any Allow Outside Inside 80 > 1023 HTTP ACK Deny All All All All All All  Q: Intention?  A: Restrict traffic to Web browsing 18 Stateful Packet Filter • Adds state to packet filter application • Operates at transport layer • Remembers TCP connections, flag bits, etc. • Can even remember UDP packets (e.g., DNS requests) transport network link physical 19 Stateful Packet Filter • Advantages? • Can do everything a packet filter can do plus... • Keep track of ongoing connections (so prevents TCP ACK scan) • Disadvantages? • Cannot see application data application transport network link physical • Slower than packet filtering 20 Application Proxy • A proxy is something that acts on your behalf application • Application proxy looks at incoming application data transport • Verifies that data is safe before letting it in network link physical 21 Application Proxy • Advantages? • Complete view of connections and applications data • Filter bad data at application layer (viruses, Word macros) • Disadvantages? • application transport network Speed link physical 22 Application Proxy • Creates a new packet before sending it thru to internal network • Attacker must talk to proxy and convince it to forward message • Proxy has complete view of connection • Prevents some scans stateful packet filter cannot  next slides 23

Document Details

Related

Full Transcript