CS111 6/5/2012 Lecture18 – Kwok Wai Woo
Confidentiality, authorization, and protocols


Authentication encryption

Kerckhoffs’ design principle for Cryptosystem
-Minimize what needs to be kept secret

Example. Big System

SSH (Secure Shell)
- a network protocol for secure data communication

Client
~/.ssh/id_rsapub (your public key)
~/.ssh/id_rsa (your private key(RSA))
Secret part: private key

Server:
~ /.ssh/ authorized_keys(list of public key)
(It is not a good idea to do $cat .ssh : show private key on the screen)

Properties
1.SSH transport layer
Initial key exchange typically RSA
(public key- extends a private key)
(includes user authentication)

2. User authentication layer
Use public key (pass phrase and need id_rsa (private key) (RSA) must be secret)
OR ask the user to type password (problem: guessing/ video source)

Problems:ssh as a protocol/ software system

Usage
eg. SSH tunnel (port forwarding)
Client ------------Server
listen on Port 3128(squid)

eg. RUN NFSVS in server room (NFS sever)
Let trusted client connect

Access control (Authorization)
Goals
-Privacy
-Integrity
-trust (program and data)

Basic questions
What is your security model? (Object, principal, rights)
What are the threats? (mostly insiders)

Big machine
Many resources
Many users (not all trusted)
Many operations
Question

Can user eggert write to file /etc/shadder? Yes or no?
3D bool array (User * Files * Application)

Eg. Facebook
900,000,000 users
4,00,000,000 files
10 ops
We should use common patterns in the 3D model

Eg. Unix model
You have yourself owner, group , others
Owner
File: rwx
You can read, write and execute
Directory:
You can read or write (exe? NO, you can only search directory)

Problem:
-It does not scale work only in a small group (Unix group)
-NOT used in large organization

Improvement: ACL MODEL
-List on each file associated each file id an ACL controlling access
-Owner can manipulate ACL
-ACL is file metadata
-Systemcall to change it

Eg. Allow access to Kobe
cd/u/class/sprinng12/cs111
Setfac –r –m user:kobe rwx

Advantages(+)
ACL: more flexible
Easy to administer
Some overload

Disadvantages(-)
Users get too many rights
(big rights users become target)

PROBLEM: if you are eggert you can do too much Programs that run as eggert should be more limited

NOT ACL: Role-Based Access Control (RBAC)
-(Active Dir, FreeBSD, Solaris, SELinux,…)
-User can assume roles
-Professor, sysadmin, student (rights are associated roles not directly with users)
-You can assume a role: you may lose rights
-Multiple sessions may have different roles
-ACLs guardians of data that reside next to data
-Capabilities handle that gives you the right to acces an object

Example
ACL passwd, O_RDONLY
Eg. Fd = open(“/etc/passwd”, O_RDONLY);
Read(fd, buf, sizeofbuf);
Fd = open(“/tmp/f”, OCREAT, @@@@);
Ls –l
Write(fd, buf,sizeof buf))