Pertemuan 23 Sistem Keamanan - PowerPoint PPT Presentation

1 / 41
About This Presentation
Title:

Pertemuan 23 Sistem Keamanan

Description:

Title: Judul Author: Debby Tanamal Last modified by: user Created Date: 4/16/2005 3:08:17 AM Document presentation format: On-screen Show Company: Bina Nusantara – PowerPoint PPT presentation

Number of Views:215
Avg rating:3.0/5.0
Slides: 42
Provided by: DebbyT5
Category:

less

Transcript and Presenter's Notes

Title: Pertemuan 23 Sistem Keamanan


1
Pertemuan 23Sistem Keamanan
  • Matakuliah T0316/sistem Operasi
  • Tahun 2005
  • Versi/Revisi 5

2
Learning Outcomes
  • Pada akhir pertemuan ini, diharapkan mahasiswa
  • akan mampu
  • menunjukkan sistem keamanan pada sistem komputer
    (C3)

3
Outline Materi
  • Lingkup security
  • Dasar-dasar criptografi
  • Serangan dari dalam
  • Contoh masalah keamanan
  • Serangan dari luar
  • Mekanisme proteksi
  • Prinsip-prinsip perancangan securiti

4
Lingkup security
  • Threats
  • Intruder
  • Accident

5
The Security Environment
Threats
  • Security goals and threats

6
Intruders
  • Common Categories
  • Casual prying by nontechnical users
  • Snooping by insiders
  • Determined attempt to make money
  • Commercial or military espionage

7
Accidental Data Loss
  • Common Causes
  • Acts of God
  • fires, floods, wars
  • Hardware or software errors
  • CPU malfunction, bad disk, program bugs
  • Human errors
  • data entry, wrong tape mounted

8
Basics of Cryptography
  • Relationship between the plaintext and the
    ciphertext

9
Basics of Cryptography (2)
  • Secret Key
  • Public Key
  • Authentication
  • Password
  • Physical Object
  • Biometrics
  • Countermeasures

10
Secret-Key Cryptography
  • Monoalphabetic substitution
  • each letter replaced by different letter
  • Given the encryption key,
  • easy to find decryption key
  • Secret-key crypto called symmetric-key crypto

11
Public-Key Cryptography
  • All users pick a public key/private key pair
  • publish the public key
  • private key not published
  • Public key is the encryption key
  • private key is the decryption key

12
One-Way Functions
  • Function such that given formula for f(x)
  • easy to evaluate y f(x)
  • But given y
  • computationally infeasible to find x

13
Digital Signatures
  • Computing a signature block
  • What the receiver gets

14
User Authentication
  • Basic Principles. Authentication must identify
  • Something the user knows
  • Something the user has
  • Something the user is
  • This is done before user can use the system

15
Authentication Using Passwords
  • (a) A successful login
  • (b) Login rejected after name entered
  • (c) Login rejected after name and password typed

16
Authentication Using a Physical Object
  • Magnetic cards
  • magnetic stripe cards
  • chip cards stored value cards, smart cards

17
Authentication Using Biometrics
  • A device for measuring finger length.

18
Countermeasures
  • Limiting times when someone can log in
  • Automatic callback at number prespecified
  • Limited number of login tries
  • A database of all logins
  • Simple login name/password as a trap
  • security personnel notified when attacker bites

19
Serangan dari dalam
  • Trojan Horse
  • Login Spoofing
  • Bom Logik
  • Pintu jebakan
  • Buffer overflow

20
Trojan Horses
  • Free program made available to unsuspecting user
  • Actually contains code to do harm
  • Place altered version of utility program on
    victim's computer
  • trick user into running that program

21
Login Spoofing
  • (a) Correct login screen
  • (b) Phony login screen

22
Logic Bombs
  • Company programmer writes program
  • potential to do harm
  • OK as long as he/she enters password daily
  • if programmer fired, no password and bomb
    explodes

23
Trap Doors
  • (a) Normal code.
  • (b) Code with a trapdoor inserted

24
Buffer Overflow
  • (a) Situation when main program is running
  • (b) After program A called
  • (c) Buffer overflow shown in gray

25
Generic Security Attacks
  • Typical attacks
  • Request memory, disk space, tapes and just read
  • Try illegal system calls
  • Start a login and hit DEL, RUBOUT, or BREAK
  • Try modifying complex OS structures
  • Try to do specified DO NOTs
  • Convince a system programmer to add a trap door
  • Beg admin's secy to help a poor user who forgot
    password

26
Famous Security Flaws
  • The TENEX password problem

27
Serangan dari luar
  • Viruses
  • Internet worm
  • Mobile code

28
Virus Damage Scenarios
  • Blackmail
  • Denial of service as long as virus runs
  • Permanently damage hardware
  • Target a competitor's computer
  • do harm
  • espionage
  • Intra-corporate dirty tricks
  • sabotage another corporate officer's files

29
How Viruses Work (1)
  • Virus written in assembly language
  • Inserted into another program
  • use tool called a dropper
  • Virus dormant until program executed
  • then infects other programs
  • eventually executes its payload

30
How Viruses Spread
  • Virus placed where likely to be copied
  • When copied
  • infects programs on hard drive, floppy
  • may try to spread over LAN
  • Attach to innocent looking email
  • when it runs, use mailing list to replicate

31
The Internet Worm
  • Consisted of two programs
  • bootstrap to upload worm
  • the worm itself
  • Worm first hid its existence
  • Next replicated itself on new machines

32
Mobile Code (1) Sandboxing
  • Attempts to confine each applet to a limited
    range of virtual addresses enforced at run time
  • Guarantee that an applet cannot jump to code
    outside its code sandbox or reference data
    outside its data sandbox
  • Eg. Memory divided into 1-MB sandboxes

33
Mobile Code (2)
  • Applets can be interpreted by a Web browser

34
Mobile Code (3)
  • How code signing works

35
MEKANISME PROTEKSI
  • Protection doamain
  • Access control list
  • Capabilities list

36
Protection Domains (1)
  • Examples of three protection domains

37
Protection Domains (2)
  • A protection matrix

38
Protection Domains (3)
  • A protection matrix with domains as objects

39
Access Control Lists (1)
  • Use of access control lists of manage file access

40
Capabilities (1)
  • Each process has a capability list

41
Design Principles for Security
  • System design should be public
  • Default should be no access
  • Check for current authority
  • Give each process least privilege possible
  • Protection mechanism should be
  • simple
  • uniform
  • in lowest layers of system
  • Scheme should be psychologically acceptable

And keep it simple
Write a Comment
User Comments (0)
About PowerShow.com