Embed Size (px)
Citation preview
111
Trusted Systems and Trojan Horse
Done by : Hany Nasser
Supervised by : PhD Nabil Hamdy
22
Trusted Systems
Systems used to enhance the ability to defend against intruders and malicious programs.
based on levels of security .
33
Multilevel Security
When multiple categories or levels of data are defined, the requirement is referred to as multilevel security.
Typically use Mandatory Access Control.
Primary Security Goal: Confidentiality (ensuresthat information do not flow to those not cleared for that level).
4
Security Goal of MLS There are security classifications or security
levels Subjects have security clearances
Objects have security classifications
Example of security levels Top Secret
Secret
Confidential
Unclassified
In this case Top Secret > Secret > Confidential > Unclassified
555
Data Access Control
Through the user access control procedure (log on), a user can be identified to the system.
Associated with each user, there can be a profile that specifies permissible operations and file accesses.
The operating system can enforce rules based on the user profile.
666
Data Access Control
General models of access control:
Access matrix
Access control list
Capability list
777
Data Access Control
Access Matrix: Basic elements of the model
Subject
Object
Access right
888
Data Access Control
Access Matrix
999
Data Access Control
Access Control List: Decomposition of the matrix by columns
101010
Data Access Control
Access Control List For each object, An access control list lists
users and their permitted access right.
The list may contain a default or public entry.
111111
Data Access Control
Capability list: Decomposition of the matrix by rows
121212
Data Access Control
Capability list A capability ticket specifies authorized
objects and operations for a user.
Each user have a number of tickets.
Capabilities are not forgeable.
131313
The Concept ofTrusted Systems
Multilevel security
Definition of multiple categories or levels of data
A multilevel secure system must enforce:
No read up
No write down
141414
The Concept ofReference Monitor
151515
The Concept ofReference monitor
Reference Monitor Controlling element in the hardware and
operating system of a computer that regulates the access of subjects to objects on basis of security parameters
The monitor has access to a file (security kernel database)
The monitor enforces the security rules (no read up, no write down)
161616
The Concept ofReference Monitor
Properties of the Reference Monitor
Complete mediation
Isolation
Verifiability
1717
Trojan Horse
It is a type of malware (malicious software) designed to provide unauthorized, remote access to a user’s computer.
Trojan horses do not have the ability to replicate themselves like viruses.
With the help of Trojan, an user can get access to the Trojan horse infected computer and would be able to access the data.
1818
Types of Trojans
Command Shell Trojan
Email Trojan
Document Trojan
FTP Trojan
191919
Trojan Horse Defense
2020
Indications of Trojan Attack
Browser redirects to unknown pages.
Anti virus is disabled.
Strange pop ups or chat messages appear on the system.
The computer shuts down automatically.
Ctl+Alt+Del stops working.
Printer prints documents automatically.
2121
Examples of Trojan
Net bus
Sub seven
Y3K remote administration tool
Back Orifice
Beast
Zeus
The Black hole Exploit kit
Flashback Trojan
2222
How to avoid being infected ?
Do not surf or download anything from stranger website.
Do not open the unexpected attachments on emails.
We need an antivirus to protect our computer from being infected.
2323
References
Cryptography And Network Security, 4th
Edition by William Stallings.
Computer Security, 2nd edition by Dieter Gollman.
Specifications of multi-level security research by Daryl McCullough.
24
Thank you
