Category: Security

localなどに置くのが普通とのことですが、

<Files ~ "hoge.php">
Order allow,deny
Deny from all
</Files>

confidentiality, integrity, availability

The security of a system, application, or protocol is always relative to:
– a set of desired properties
– an adversary with specific capabilities

Control systems
sensor, system, actuator, controller

Open – loop
Desired output response -> controller -> actuator -> process -> output

closed – loop
Desired output response -> error -> controller -> actuator -> process -> output

BAN, LAN, MAN and WAN

Ring Topology, star, extended star

OSI Model
Application, presentation, session, transport, network, datalink, physical

Application:to allow access to network resource, FTP, http
Presentation: to translate, encrypt, & compress data
Session: to establish, manage, and terminate sessions
Transport: reliable process-to-process msg delivery, tcp, udp
network: packet transport and internetworking
data link: bits -> frames, hop-to-hop delivery
physical: transmit bits over a medium

Each layer communicate logically with intermediate node.

RTT: Round Trip Time
WAN is much greater than that of LAN.
TCP flow control -> Three way handshake,

On demand self service
Broad or wide network access
Resource pooling or sharing
Measured service
Rapid elasticity

SaaS, PaaS, IaaS
Software as a servicd: use the provider’s applications running on a cloud infrastructure
Platform as a service: consumer-created applications using programming languages and tools supported by the provider
Infrastructure as a service: Capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources

Key Issues:
Trust, multi-tenancy, encryption, compliance
Clouds are massively complex systems
Simple primitives and common functional units

Cloud security challenges
– trusting vendor’s security model
– Customer inability to respond to audit findings
– Obtaining support for investigations
– Indirect administrator accountability
– Proprietary implementations can’t be examined
– Loss of physical control

Primary Technology
-Virtualization
-Grid technology
-Service Oriented Architectures
-Distributed Computing
-Broadband Networks

Hypervisor has higher privilege than guest kernel
Security VM is separated from User VM

User = application + data (encrypt)

Frequency Analysis Attack
connect data with public information
Optimization Attack

Machine Learning Review
y = f(x)
output, prediction function, training/testing example

test image -> image features -> learned model -> prediction
raw pixels, histograms, gist descriptors

Decision Tree: Determining which attribute is best
Entropy(E) is the minimum number of bits needed represent the examples according to their class labels

There is no perfect way of labelling data, therefore there is really no perfect IDS dataset.

(flag = S0, service = http),(flag = S0, service = http) -> (flag = S0, service = http)[0.6, 2s]

Info from the public blockchain + Owner’s secret signing key
So it’s all about key management!

Simplest approach: store key in a file, on your computer or pphone
device compromised -> key leaked -> coins stolen

Hot storage: online convenient but risky
Cold storage: offline archival but safer

Generate a big batch of addresses/keys, transfer to hot beforehand

generateKeyHier -> address gen info -> genAddr -> ith address
-> private key gen info -> genKey -> ith key

linked list with hash pointers = “block chain”

Cryptocurrencies
CreateCoin[ uniqueCoinID ]
signed by pk (scret signing key)
-> Goofy coin

A coin’s owner can spend it – using cryptographic operations

signed by pk
Pay to pkalice:()

signed by pk
CreateCoin[ uniqueCoinID ]

Scrooge coin
A designated entity publishes an append-only ledger containing the history of all the transactions that have happened.
All transactions be written to the ledger before they are accepted.

White: complete trust in this IP address
Black: No trust in this IP address
Grey: This IP address is not directly involved in spamming but is associated with spam-like behaviors
Yellow: This IP address is known to produce spam and non-spam email
NoBL: This IP address does not send spam, and should not be blacklisted. But it is not fully trustworthy.

SPAM ip address is black listed.
New IP addresses are trusted with the static blacklist model.
Static Blacklist Model: Innocent until proven guilty

Need a dynamic, comprehensive reputation system outputs reputation scores for domains
Extra temporal and statistical features from DNS traffic, compute/learn models

Kopis: Passive monitoring in the upper levels of the DNS hierarchy; internet-visibility

h(w) = (length of word w) mod 5
Given H(m), no easy way to find m
one-way function

Hash pointer contains:
-pointer to where some info is stored
-(cryptographic) hash of the info

Hash pointe
Hash of the data, Pointer to data

A Bot is often called a zombie because it is a compromised computer controlled by malware without the consent and knowledge of the user.

A Botnet is a network of bots controlled by a Bot Master

It is a key platform for fraud and other for-profit exploits.

Traditional Anti-Virus Tools, Traditional IDS/IPS, Honeypot

Bots are stealthy on the infected machines
Bot infection is usually a multi-faceted and multi-phased process
Bot are dynamically evolving
Botnets can have very flexible design of C&C channels

Recursive DNS Monitoring at ISP
Analyze DNS traffic from internal hosts to a recursive DNS server of the network

send password – encrypted- e.g. “Xu587Fyis)” -Encrypted – Receives password

-create a sesure channel over an insecure network
-is reasonable protection against man-in-the-middle attacks
-can still provide security even when only one side of the communiction is secure

Crypto slow down web server
some ad-networks do not support HTTPS
– reduced revenue for publishers

Request URL, Query parameters, Headers, Cookies

SSL/TLS
You need to buy an SSL certificate
Mixed modes issue-loading insecure content on a secure site
Proxy caching problems-public caching cannot occure

Upgrade from HTTP to HTTPS
forged certs

mobile device
– smart phone held by person, self driving car, robot