Trusted systems

21,801 views 24 slides Mar 01, 2015
Slide 1
Slide 1 of 24
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24

About This Presentation

network,security

Size: 697.28 KB
Language: en
Added: Mar 01, 2015
Slides: 24 pages

Slide Content

1 1 1 Trusted Systems and Trojan Horse Done by : Hany Nasser Supervised by : PhD Nabil Hamdy

2 2 Trusted Systems Systems used to enhance the ability to defend against intruders and malicious programs. based on levels of security .

3 3 Multilevel Security When multiple categories or levels of data are defined, the requirement is referred to as multilevel security . Typically use Mandatory Access Control. Primary Security Goal: Confidentiality (ensures that information do not flow to those not cleared for that level).

4 Security Goal of MLS There are security classifications or security levels Subjects have security clearances Objects have security classifications Example of security levels Top Secret Secret Confidential Unclassified In this case Top Secret > Secret > Confidential > Unclassified

5 5 5 Data Access Control Through the user access control procedure (log on), a user can be identified to the system. Associated with each user, there can be a profile that specifies permissible operations and file accesses. The operating system can enforce rules based on the user profile.

6 6 6 Data Access Control General models of access control: Access matrix Access control list Capability list

7 7 7 Data Access Control Access Matrix: Basic elements of the model Subject Object Access right

8 8 8 Data Access Control Access Matrix

9 9 9 Data Access Control Access Control List: Decomposition of the matrix by columns

10 10 10 Data Access Control Access Control List For each object, An access control list lists users and their permitted access right. The list may contain a default or public entry.

11 11 11 Data Access Control Capability list: Decomposition of the matrix by rows

12 12 12 Data Access Control Capability list A capability ticket specifies authorized objects and operations for a user. Each user have a number of tickets. Capabilities are not forgeable.

13 13 13 The Concept of Trusted Systems Multilevel security Definition of multiple categories or levels of data A multilevel secure system must enforce: No read up No write down

14 14 14 The Concept of Reference Monitor

15 15 15 The Concept of Reference monitor Reference Monitor Controlling element in the hardware and operating system of a computer that regulates the access of subjects to objects on basis of security parameters The monitor has access to a file (security kernel database) The monitor enforces the security rules (no read up, no write down)

16 16 16 The Concept of Reference Monitor Properties of the Reference Monitor Complete mediation Isolation Verifiability

17 17 Trojan Horse It is a type of malware (malicious software) designed to provide unauthorized, remote access to a user’s computer. Trojan horses do not have the ability to replicate themselves like viruses. With the help of Trojan, an user can get access to the Trojan horse infected computer and would be able to access the data.

18 18 Types of Trojans Command Shell Trojan Email Trojan Document Trojan FTP Trojan

19 19 19 Trojan Horse Defense

20 20 Indications of Trojan Attack Browser redirects to unknown pages. Anti virus is disabled. Strange pop ups or chat messages appear on the system. The computer shuts down automatically. Ctl+Alt+Del stops working. Printer prints documents automatically.

21 21 Examples of Trojan Net bus Sub seven Y3K remote administration tool Back Orifice Beast Zeus The Black hole Exploit kit Flashback Trojan

22 22 How to avoid being infected ? Do not surf or download anything from stranger website. Do not open the unexpected attachments on emails. We need an antivirus to protect our computer from being infected.

23 23 References Cryptography And Network Security, 4 th Edition by William Stallings. Computer Security, 2 nd edition by Dieter Gollman. Specifications of multi-level security research by Daryl McCullough.

24 Thank you
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 21,801
  • Slides 24
  • Favorites 16
  • Age 3928 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category