Ch01_Introduction_2

Access Control

Question

  1. Which users can read/write which files?
  2. Are my files really safe?
  3. What does it mean to be root?
  4. What do we really want to control?

Elements

  1. Users and groups
  2. Authentication
  3. Passwords
  4. File protection
  5. Access control lists

Access Control Matrices

A table that defines permissions.

  1. row:a user, group, or system that can perform actions.
  2. column:a file, directory, document, device, resource, or any other entity for which we want to define access rights.
  3. cell:the access rights for the associated combination of subject and object.
    1. Access rights can include actions such as reading, writing, copying, executing, deleting, and annotating.
    2. An empty cell means that no access rights are granted.

Access Control Lists

Capabilities

Role-based Access Control

Define roles and then specify access control rights for these roles, rather than for subjects directly.

Encryption and Decryption

C = E(M)
M = D(C)

Cryptosystem

  1. The set of possible plaintexts
  2. The set of possible ciphertexts
  3. The set of encryption keys
  4. The set of decryption keys
  5. The correspondence between encryption keys and decryption keys
  6. The encryption algorithm to use
  7. The decryption algorithm to use

Caesar Cipher 移位密码

Symmetric Cryptosystems

secret key is used for both encryption and decryption.

Public-Key Cryptography

the sender uses the public key of the recipient to encrypt and the recipient uses its private key to decrypt.

application:Digital Envelope

application:Digital Signature

To sign a message, M, Alice just encrypts it with her private key, SA, creating C = ESA(M).

Anyone can decrypt this message using Alice’s public key, as M’ = DPA(C), and compare that to the message M.

Cryptographic Hash Functions

A checksum on a message, M, should be: One-way, Collision-resistant

Message Authentication Codes

Certificate authority

digitally signs a binding between an identity and the public key for that identity.

Password

What is a strong password

  1. UPPER/lower case characters
  2. Special characters
  3. Numbers

Odd character, Longer Password,

Password Validity: Brute Force Test

Social Engineering

  1. Pretexting 借口:creating a story that convinces an administrator or operator into revealing secret information.
  2. Baiting 诱饵:offering a kind of “gift” to get a user or agent to perform an insecure action.
  3. Quid pro quo 交换物: offering an action or service and then expecting something in return.