![Page 1: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/1.jpg)
6.033 Spring 2018Lecture #20
• Introduction to security• Threat models, policy• Guard model
6.033 | spring 2018 | Katrina LaCurts 1
![Page 2: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/2.jpg)
© Condé Nast. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use.
2
![Page 3: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/3.jpg)
© Condé Nast. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use.
3
![Page 4: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/4.jpg)
© Condé Nast. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use.
4
![Page 5: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/5.jpg)
© Xudong Zheng. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use.
5
![Page 6: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/6.jpg)
© Condé Nast. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use.
6
![Page 7: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/7.jpg)
© Insider Inc. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use. 7
![Page 8: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/8.jpg)
© Condé Nast. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use.
8
![Page 9: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/9.jpg)
© Condé Nast. All rights reserved. This content is excluded from our Creative Commons license. For more information, see https://ocw.mit.edu/help/faq-fair-use.
9
![Page 10: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/10.jpg)
what makes computer securityspecial?
6.033 | spring 2018 | Katrina LaCurts 10
![Page 11: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/11.jpg)
why is security difficult?
6.033 | spring 2018 | Katrina LaCurts 11
![Page 12: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/12.jpg)
steps towards building amore secure system:
1. be clear about goals (policy)
2. be clear about assumptions(threat model)
6.033 | spring 2018 | Katrina LaCurts 12
![Page 13: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/13.jpg)
complete mediation: every request forresource goes through the guard
server
request guard resource principal
(identifies client on server)
authentication: is the principal who they claim to be?
authorization: does principal have access to perform request on resource?
6.033 | spring 2018 | Katrina LaCurts 13
![Page 14: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/14.jpg)
what can go wrong with the guardmodel?
6.033 | spring 2018 | Katrina LaCurts 14
![Page 15: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/15.jpg)
sql injection demo
username | email | public? karen | [email protected] | yes peter | [email protected] | yes katrina | no
SELECT username, email FROM users WHERE username='<username>' AND public='yes'
Let <username> = katrina' OR username='
6.033 | spring 2018 | Katrina LaCurts 15
![Page 16: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/16.jpg)
sql injection demo
username | email | public? karen | [email protected] | yes peter | [email protected] | yes katrina | no
SELECT username, email FROM users WHERE username='katrina' OR username='' AND
public='yes'
6.033 | spring 2018 | Katrina LaCurts 16
![Page 17: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/17.jpg)
> cd /mit/bob/project> cat ideas.txtHello world....> mail [email protected] < ideas.txt
6.033 | spring 2018 | Katrina LaCurts 17
![Page 18: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/18.jpg)
what can go wrong with the guardmodel?
6.033 | spring 2018 | Katrina LaCurts 18
![Page 19: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/19.jpg)
• Adversarial attacks are different from “normal” failures.They’re targeted, rarely random, and rarely independent.Just one successful attack can bring down a system.
• Securing a system starts by specifying our goals (policy)and assumptions (threat model).
• The guard model provides complete mediation. Eventhough things can still go wrong, systems that use thismodel avoid common pitfalls.
6.033 | spring 2018 | Katrina LaCurts 19
![Page 20: Computer System Engineering, Lecture 20 20: Introduction ... · 6.033 Spring 2018 Lecture #20 • Introduction to security • Threat models, policy • Guard model. 6.033 | spring](https://reader033.vdocuments.net/reader033/viewer/2022052015/602def098ad817765559b345/html5/thumbnails/20.jpg)
MIT OpenCourseWare https://ocw.mit.edu
6.033 Computer System EngineeringSpring 2018
For information about citing these materials or our Terms of Use, visit: https://ocw.mit.edu/terms.
20