Notes for December 2, 1998
- Greetings and Felicitations!
- Practise: blocking writing to communicate information or do damage
- Limit writing (use of MAC if available; show how to arrange system
executables)
- Isolation
- Quarantine
- Practise: Trust
- Untrusted software: what is it, example (USENET)
- Check source, programs (what to look for); C examples
- Limit who has access to what
- Your environment (how do you know what you're executing); UNIX examples
- Least privilege; above with root
- Practise: detecting writing
- Integrity check files à la binaudit, tripwire; go through signature block
- LOCUS approach: encipher program, decipher as you execute.
- Co-processors: checksum each sequence of instructions, compute
checksum as you go; on difference, complain
- Network security
- Main point: just like a system
- Review of ISO model
- physical
- data link
- network
- transport
- session
- presentation
- application
- PEM, PGP
- Goals: confidentiality, authentication, integrity, non-repudiation (maybel)
- Design goals: drop in (not change), works with any RFC
821-conformant MTA and any UA, and exchange messages without prior
interaction
- Use of Data Exchange Key, Interchange Key
- Review of how to do confidentiality, authentication, integrity with
public key IKs
- Details: canonicalization, security services, printable encoding (PEM)
- Certificate-based key management
- PGP v. PEM
You can also see this document
in its native format,
in Postscript,
in PDF,
or
in ASCII text.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 12/2/98