Notes for January 31, 1997
-
Hello
-
Should have homeworks back by Monday
-
Puzzle of the day
-
Key point: executing arbitrary programs on your system, appending
to/overwriting programs
- Ultimate in aging: One-Time Pads
-
Password is valid for only one use
-
May work from list, or new password may be generated from old by a
function
-
Example: S/Key
-
Challenge-response systems
-
Computer issues challenge, user presents response to verify secret
information known/item possessed
-
Example operations: f(x) = x+1, random, string (for users without
computers), time of day, computer sends E(x), you answer
E(D(E(x))+1)
-
Note: password never sent on wire or network
-
Attack: monkey-in-the-middle
-
Defense: mutual authentication (will discuss more sophisticated
network-based protocols later)
-
Biometrics
-
Depend on physical characteristics
-
Examples: pattern of typing (remarkably effective), retinal scans, etc.
-
Location
-
Bind user to some location detection device (human, GPS)
-
Authenticate by location of the device
-
Notion of "privilege"
-
Go through OS idea quickly
-
Protection rings in Multics
-
Nesting program units
-
Different forms of access control
-
UNIX method
-
ACLs: describe, revocation issue
-
MULTICS rings: (b1, b2) access bracket - can access freely; (b2, b3)
call bracket - can call segment through gate; so (4, 6, 9) as
example
-
Capabilities: file descriptors in UNIX
You can also see this document as a
Binhex Framemaker version 5 document,
Postscript document,
or a
plain ASCII text document.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/1/97