Seonglae Cho1시간 13~16 problems
Computer Security
- Security Policy
- Security Mechanism
- Security State R implementation Q target
Access Control
- Access Control Model Discretionary Access Control (DAC) Owner of the object controls who can access the object
- ACL is better for access review and revocation on an object basis, while CAP is better for access review and revocation on a subject basis.
- Capability Lists stored with the subject
- Access Control Lists stored with the object
- UNIX ACL
- Linux ACL**
- setuid/setgid bits for executables*
- Other file permission bits*
- Linux Capabilities
- Resource Designation
- Ambient Authority*
- Capabilities-as-rows vs. Capabilities-as-keys (No-ambient authority like key chain)
- Confused Deputy Problem*
- Mandatory Access Control A system mechanism controls access to an object
- Review HW2* read-down, write-up
Authentication & Password
- Authorization What can you do
- Authentication Who are you
- Authentication System ACFLS block C access / delay L or F
- Dictionary Attack Countering Password Guessing
- Rainbow Table* hash chain, reduction function, tradeoff computing and storage
- Database leaks*
Crypto
Classical Crypto
- Cryptosystem MKCED
Symmetric Encryption
- Cryptographic Diffusion Plaintext ↔ Ciphertext
- Cryptographic Confusion Key ↔ Ciphertext
- DES*
- Feistel cipher*
- ** Confusion/Diffusion
- * can be malleable
Asymmetric Encryption
- **
- Man-in-the-middle attacker for shared secret exchange*
- ** encryption decryption N으로 modulo하는 건 같고
Cryptographic Hash
- Properties & attacks*
- Applications*
Ransomware + and
If ransomware uses only a symmetric key the key can be reverse engineered from the binary
- WannaCrypt only stores the server public key, generates a client specific private/public key pair.
- Encrypt this client-specific private key with the server public key, and dump the client-specific private key away
- Generate a symmetric key for every single file to infect.
- Encrypt this symmetric key using client-specific public key, and dump the symmetric key away.
Authenticated Key Exchange
