Computer Security Techniques Patricia Roy Manatee Community College Venice FL 2008 Prentice Hall Operating Systems Internals and Design Principles 6E William Stallings Authentication Basis for most type of access control and accountability ID: 330327
Download Presentation The PPT/PDF document "Chapter 15" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Chapter 15
Computer Security Techniques
Patricia Roy
Manatee Community College, Venice, FLĀ©2008, Prentice Hall
Operating Systems:
Internals and Design Principles, 6/E
William StallingsSlide2
Authentication
Basis for most type of access control and accountabilityIdentification stepVerificatin stepSlide3
Password-Based Authentication
IDDetermines if use authorized to access systemDetermines privileges for user
Discretionary access controlSlide4
UNIX Password SchemeSlide5
UNIX Password SchemeSlide6
Token-Based Authentication
User posses objectMemory cardsSmart cardsSlide7
Biometric Authentication
Facial characteristicsFingerprintsHand geometryRetinal patternSlide8
Biometric Authentication
IrisSignatureVoiceSlide9
Cost versus AccuracySlide10
Access Control
Discretionary access controlBased on identity of requestorMandatory access controlBased on comparing security labels with security clearances
Role-based access controlBased on roles user has in systemSlide11
Extended Access Control MatrixSlide12
Organization of the Access Control FunctionSlide13
Users, Roles, and ResourcesSlide14
Access Control Matrix Representation of RBACSlide15
Access Control Matrix Representation of RBACSlide16
Intrusion Detection
Host-basedNetwork-basedSlide17
Intrusion Detection
SensorsCollect dataAnalyzersUser interfaceSlide18
Profiles of Behavior of Intruders and Authorized UsersSlide19
Host-Based IDSs
Anomaly detectionCollection of data relating to behavior of legitimated users over timeSignature detectionDefine set of rules or attack pattersSlide20
Audit Records
Native audit recordsOperating system accounting softwareDetection-specific audit recordsGenerate audit records required by the IDSSlide21
Antivirus Approaches
DetectionIdentificationRemovalSlide22
Generic Decryption
CPU emulatorVirus signature scannerEmulation control moduleSlide23
Digital Immune SystemSlide24
Behavior-Blocking Software OperationSlide25
Worm Countermeasures
Signature-based worm scan filtersFilter-based worm containmentPayload-classification-based worm containmentSlide26
Worm Countermeasures
Threshold random walk scan detectionRate limitingRate haltingSlide27
Buffer Overflow
Compile-time defensesStack protection mechanismsSlide28
Buffer Overflow
Run-time defensesExecutable address space protectionAddress space randomizationGuard pagesSlide29
Windows Vista Security
Access control scheme Access tokenIndicates privilegesSlide30
Windows Security StructuresSlide31
Access Mask