Computer Security CSE 543
Popular in Course
Popular in Computer Science and Engineering
This 0 page Class Notes was uploaded by Libby Kuhlman on Sunday November 1, 2015. The Class Notes belongs to CSE 543 at Pennsylvania State University taught by Staff in Fall. Since its upload, it has received 14 views. For similar materials see /class/233115/cse-543-pennsylvania-state-university in Computer Science and Engineering at Pennsylvania State University.
Reviews for Computer Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/01/15
Lecture 14 Review CSE543 Fall 2006 Computer and Network Security Professor Jaeger October 24 2006 CSE543 Computer and Network Security Fall 2006 Professor Jaeger PENNSTATE Security Terminology Adversary Risks Vulnerability Threats Compromise Trust Trust Model Threat Model Cryptography PM Encryption Decryption Symmetric Key Systems DES Onetime pads Public Key Systems RSA DiffieHellman Hash Functions Uses Properties Combinations of these into protocols Threats to crypto systems use I l What is a key PENN A key is an input to a cryptographic algorithm used to obtain confidentiality integrity authenticity or other property over some data The security of the cryptosystem often depends on keeping the key secret to some set of parties The keyspace is the set of all possible keys Entropy is a measure of the variance in keys typically measure in bits Keys are often stored in some secure place passwords on disk keyrings TPM secure coprocessor smartcards and sometimes not eg certificates I l PENNSTATE Authentication Key distribution NeedhamSchroeder Secret and public key Kerberos Protocol Basics Extensions to NH Kerberos Flaws Public Key Infrastructure Use Limitations Protocol Analysis What can we do What can t we do I l Trusted Computing WEE Hardware for Security Protected Storage Hash Extends Sealed Storage Model What can really be done Issues Lots Systems Security Access Control Fundamentals Protection State Protection System Reference Monitor Access Matrix Policies Goals How represented how achieved ACLs and Capabilities Functions and issues System Architectures Impact on access control enforcement I l