Protection of Components based on a Smart Card Enhanced Security Module
|
|
- Roland Watson
- 2 years ago
- Views:
Transcription
1 Protection of Components based on a Smart Card Enhanced Security Module J. García-Alfaro 1,2, S. Castillo 1, J. Castellà-Roca, 3 G. Navarro 1, and J. Borrell 1 1 Autonomous University of Barcelona, Department of Information and Communications Engineering, Bellaterra - Spain 2 Ecole Nationale Supérieure des Télécommunications de Bretagne, Multimedia Networks and Services Department, Cesson Sévigné - France 3 Rovira i Virgili University Department of Computer Engineering and Maths, Tarragona - Spain García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
2 Introduction: Starting Point Protection of Network Security Components: - J. García, S. Castillo, G. Navarro, and J. Borrell Mechanisms for Attack Protection on a Prevention Framework 39th Annual IEEE International Carnahan Conference on Security Technology Protection based on an AC integrated in the operating system s kernel Implemented as a Linux Security Module through the LSM framework Open architecture for the inclusion of security enhancements at operating system s kernel level García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
3 Introduction: Protection strategy García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
4 Introduction: Protection strategy García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
5 Intra-kernel Access Control Coexistence of the protection AC (more restrictive) with the native operating system AC (less restrictive) The protected system calls are intercepted and, according to a set of security rules, will be accepted or denied: [ P ID ] [ UID] [Device] [inode] [Syscall] [P arameters] {accept, deny} García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
6 Example: protection of processes KERNEL Space KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR 1000 USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
7 Example: protection of processes KERNEL Space PID = 1234 UID= admin Syscall = kill_process Parameter = KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
8 Example: protection of processes KERNEL Space KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
9 Native operating system s AC García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
10 Intra-kernel Access Control García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
11 Constraints of our approach It introduces some administration constraints Officers are not longer allowed to throw system calls which may suppose a threat to the protected component To solve these constraints, we propose the use of a two-factor authentication mechanism Based on a cryptographic protocol and a smart card token Holds to the officer the indispensable privileges to carry out management activities after ensuring the administrator s identity García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
12 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
13 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
14 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
15 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
16 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
17 Authentication Mechanism SMARTCOP NODE 1234 SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
18 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
19 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
20 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
21 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
22 Public key protocol SMARTCOP SERVER SMARTCOP NODE SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
23 Authentication Mechanism: security considerations The console s executable is compiled in a static manner The LSM module, moreover, protects: the AC itself the binary file of the console the normal execution flow of the console s process the communication channel between the LSM module, the smart-card, and the console process García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
24 Related Works - SELINUX: P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. 11th FREENIX Track: 2001 USENIX Annual Technical Conference, USA, RSBAC: A. Ott. The Role Compatibility Security Model. 7th Nordic Workshop on Secure IT Systems (Nordsec 2002), Karlstad University, Sweden, Reinforce traditional operating system security features Control of the outcoming system calls García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
25 Benefits of our intra-kernel AC approach Unified methodology Integrated in the system as a LSM module, without having to modifile and recompile the kernel Two-factor authentication mechanism Solves the administration and configuration constraints of such an enhanced reinforcement García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
26 Deployment and Evaluation (1) Written in C as a set of modules through the LSM (Linux Security Modules) framework Smart card authentication: LSM and smart card communication and cryptographic operations based on etoken PRO (Aladdin) cards Deployed over the components of our platform, implemented for GNU/Linux 2.6 systems García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
27 Deployment and Evaluation (2) Access control subsytem Authentication subsytem Application Admin. console Enhanced Access Control (LSM) USB etoken driver Auth. core RSA sign. verif. module Security componet OS Access Control Syscall Interface García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
28 Evaluation: processes tests stop process resume process finish process fork process fork + execve fork + /bin/sh Overhead (%) Number of rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
29 Evaluation: filesystem and communications chmod i-node rename i-node unlink i-node mmap read 10K file create 10K file delete Overhead (%) Number of rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
30 Conclusions and Future Work Conclusions: Protection of critical processes and resources based on an AC integrated into the operating system s kernel Smart card based authentication protocol for management and configuration activities Good degree of transparency and reasonable performance penalty Future Work: Improving the customizing of policies Possibility of reload of policies at runtime Improving the matching algorithm of security rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
31 Conclusions and Future Work Conclusions: Protection of critical processes and resources based on an AC integrated into the operating system s kernel Smart card based authentication protocol for management and configuration activities Good degree of transparency and reasonable performance penalty Future Work: Improving the customizing of policies Possibility of reload of policies at runtime Improving the matching algorithm of security rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
32 Thank you for your attention! Questions? García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22
ACAPS An Access Control Mechanism to Protect the Components of an Attack Prevention System
ACAPS An Access Control Mechanism to Protect the Components of an Attack Prevention System Joaquín García, Sergio Castillo, Guillermo Navarro, Joan Borrell {jgarcia,scastillo,gnavarro,jborrell}@deic.uab.es
SMARTCOP A Smart Card Based Access Control for the Protection of Network Security Components
SMARTCOP A Smart Card Based Access Control for the Protection of Network Security Components Joaquín García-Alfaro 1, Sergio Castillo 1, Jordi Castellà-Roca 2, Guillermo Navarro 1, and Joan Borrell 1 1
LSM-based Secure System Monitoring Using Kernel Protection Schemes
LSM-based Secure System Monitoring Using Kernel Protection Schemes Takamasa Isohara, Keisuke Takemori, Yutaka Miyake KDDI R&D Laboratories Saitama, Japan {ta-isohara, takemori, miyake}@kddilabs.jp Ning
Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
A Simple Implementation and Performance Evaluation Extended-Role Based Access Control
A Simple Implementation and Performance Evaluation Extended-Role Based Access Control Wook Shin and Hong Kook Kim Dept. of Information and Communications, Gwangju Institute of Science and Technology, 1
Linux OS-Level Security Nikitas Angelinas MSST 2015
Linux OS-Level Security Nikitas Angelinas MSST 2015 Agenda SELinux SELinux issues Audit subsystem Audit issues Further OS hardening 2 SELinux Security-Enhanced Linux Is NOT a Linux distribution A kernel
I. Configuring Digital signature certificate in Microsoft Outlook 2003:
I. Configuring Digital signature certificate in Microsoft Outlook 2003: In order to configure Outlook 2003 to use the new message security settings please follow these steps: 1. Open Outlook. 2. Go to
CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study
CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what
NSA Security-Enhanced Linux (SELinux)
NSA Security-Enhanced Linux (SELinux) http://www.nsa.gov/selinux Stephen Smalley sds@epoch.ncsc.mil Information Assurance Research Group National Security Agency Information Assurance Research Group 1
DESIGN AND IMPLEMENTATION OF A WEB SERVER FOR A HOSTING SERVICE
DESIGN AND IMPLEMENTATION OF A WEB SERVER FOR A HOSTING SERVICE Daisuke Hara, Ryota Ozaki, Kazuki Hyoudou, and Yasuichi Nakayama Department of Computer Science The University of Electro-Communications
Apache Server Implementation Guide
Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042
RE-TRUST Design Alternatives on JVM
RE-TRUST Design Alternatives on JVM ( - Italy) paolo.falcarin@polito.it http://softeng.polito.it/falcarin Trento, December, 19 th 2006 Tamper-Detection Tamper-detection goals Detect malicious modifications
Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm
Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P Abstract: Now a day s most of the people used in smart phones. Smartphone
VPN Solutions FAQ www.aladdin.com/contact North America International Germany Benelux France Spain Israel Asia Pacific Japan
A l a d d i n. c o m / e T o k e n VPN Solutions FAQ VPN authentication is a critical link in the chain of trust for remote access to your organization. Compromising that trust can expose your private
Laboratory Report. An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations
Laboratory Report An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations 1. Hardware Configuration We configured our testbed on
USB etoken and USB Flash Features Support
USB etoken and USB Flash Features Support USB etoken and USB Flash Features Support Cisco Integrated Services Routers provide secure, wire-speed delivery of concurrent data, voice, and video services (Figure
Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008
7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned
Cisco Storage Media Encryption for Disk and Tape
Data Sheet Cisco Storage Media Encryption for Disk and Tape Product Overview Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives, virtual tape libraries (VTLs), and
Performance Measuring in Smartphones Using MOSES Algorithm
Performance Measuring in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P ME- Communication Systems, Dept of ECE, Dhanalakshmi Srinivasan Engineering college, Perambalur, Tamilnadu, India,
Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16
Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization
A Secure Autonomous Document Architecture for Enterprise Digital Right Management
A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier LIUPPA Université de Pau et des Pays de l Adour Mont de Marsan, France manuel.munier@univ-pau.fr SITIS 2011
Complying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
TrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
YubiKey Integration for Full Disk Encryption
YubiKey Integration for Full Disk Encryption Pre-Boot Authentication Version 1.2 May 7, 2012 Introduction Disclaimer yubico Yubico is the leading provider of simple, open online identity protection. The
Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls
Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls Machon Gregory Peter Loscocco mbgrego@tycho.nsa.gov loscocco@tycho.nsa.gov National Security Agency Abstract Risk Adaptable
Introducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
Secure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
Plan 9 Authentication in Linux
Plan 9 Authentication in Linux Ashwin Ganti University of Illinois at Chicago aganti@cs.uic.edu ABSTRACT This paper talks about the implementation of the Plan 9 authentication mechanisms for Linux. As
PROXKey Tool User Manual
PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7
Safety measures in Linux
S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel
Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces
Software Engineering, Lecture 4 Decomposition into suitable parts Cross cutting concerns Design patterns I will also give an example scenario that you are supposed to analyse and make synthesis from The
Analysis of the Linux Audit System 1
Analysis of the Linux Audit System 1 Authors Bruno Morisson, MSc (Royal Holloway, 2014) Stephen Wolthusen, ISG, Royal Holloway Overview Audit mechanisms on an operating system (OS) record relevant system
SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A
SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A Copyright 2011, SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document
Enhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
Smartcard Logon Overview
etoken for Windows Smartcard Logon Lesson 9 April 2004 etoken Certification Course Smartcard Logon Overview Windows 2000/2003 Enterprise Server built-in feature Smartcard logon requires issuing a personal
Red Hat. www.redhat.com. By Karl Wirth
Red Hat Enterprise Linux 5 Security By Karl Wirth Abstract Red Hat Enterprise Linux has been designed by, and for, the most security-conscious organizations in the world. Accordingly, security has always
Global Journal of Computer Science and Technology
Global Journal of Computer Science and Technology Volume 12 Issue 10 Version 1.0 2012 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc. (USA) Online ISSN:
iphone in Business Security Overview
iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods
Shakambaree Technologies Pvt. Ltd.
Welcome to Support Express by Shakambaree Technologies Pvt. Ltd. Introduction: This document is our sincere effort to put in some regular issues faced by a Digital Signature and USB Token user doing on
COS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
File System Encryption with Integrated User Management
File System Encryption with Integrated User Management Stefan Ludwig Corporate Technology Siemens AG, Munich fsfs@stefan-ludwig.de Prof. Dr. Winfried Kalfa Operating Systems Group Chemnitz University of
Confining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced Linux Michelle J. Gosselin, Jennifer Schommer mgoss@mitre.org, jschommer@mitre.org Keywords: Operating System Security, Web Server Security, Access
Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006
Adjusting Prevention Policy Options Based on Prevention Events Version 1.0 July 2006 Table of Contents 1. WHO SHOULD READ THIS DOCUMENT... 4 2. WHERE TO GET MORE INFORMATION... 4 3. VERIFYING THE OPERATION
Building Blocks Towards a Trustworthy NFV Infrastructure
Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical
SGFS: Secure, Flexible, and Policy-based Global File Sharing
SGFS: Secure, Flexible, and Policy-based Global File Sharing Vishal Kher Eric Seppanen Cory Leach Yongdae Kim {vkher,seppanen,leach,kyd}@cs.umn.edu University of Minnesota Motivation for Network attached
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1
Compiled By: Chris Presland v1.0 Date 29 th September Revision History Phil Underwood v1.1 This document describes how to integrate Checkpoint VPN with SecurEnvoy twofactor Authentication solution called
2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company
RSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa
Global eid Developments Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Agenda Country View on eid initiatives Trustworthy Identity Scenarios Microsoft eid update Summary
Using etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
Stonesoft Corp. Stonegate Firewall and VPN
Stonesoft Corp. Stonegate Firewall and VPN RSA SecurID Ready Implementation Guide Last Modified: February 2, 2011 Partner Information Product Information Partner Name Stonesoft Corp. Web Site www.stonesoft.com
Mandatory Access Control in Linux
Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ In the early 2000s Root and administrator Many
CipherShare Features and Benefits
CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application
EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET
EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET Giuseppe Gippa Paternò gpaterno@gpaterno.com June 2008 WHO AM I Experienced architect Linux, Networking and Security Focused on Telcos
BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
Compliance and Security Challenges with Remote Administration
Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges
TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER Product Snow Inventory Version 5 Release date 2016-09-27 Document date 2016-09-27 CONTENTS INTRODUCTION... 3 WHAT S NEW?... 3 PLATFORM OVERVIEW... 4 ARCHITECTURE... 4 SNOW INTEGRATION
SwiftStack Filesystem Gateway Architecture
WHITEPAPER SwiftStack Filesystem Gateway Architecture March 2015 by Amanda Plimpton Executive Summary SwiftStack s Filesystem Gateway expands the functionality of an organization s SwiftStack deployment
RSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet
Ensuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris
The OpenEapSmartcard platform Pr Pascal Urien ENST Paris /20 Pascal URIEN, CARTES 2005, November 16 th 2005 Introduction 1/4: Network ages Analog networks (Tree age) 1876, Alexander Graham Bell invents
ITG Software Engineering
Basic Android Development Course ID: Page 1 Last Updated 12/15/2014 Basic Android Development ITG Software Engineering Course Overview: This 5 day course gives students the fundamental basics of Android
Yale Software Library
Yale Software Library http://www.yale.edu/its/software/ For assistance contact the ITS Help Desk 203-432-9000, helpdesk@yale.edu Two-factor authentication: Installation and configuration instructions for
Features. The Samhain HIDS. Overview of available features. Rainer Wichmann
Overview of available features November 1, 2011 POSIX (e.g. Linux, *BSD, Solaris 2.x, AIX 5.x, HP-UX 11, and Mac OS X. Windows 2000 / WindowsXP with POSIX emulation (e.g. Cygwin). Please note that this
Chapter 2 Addendum (More on Virtualization)
Chapter 2 Addendum (More on Virtualization) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ More on Systems Virtualization Type I (bare metal)
INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR
INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR MANISHANKAR.S Assistant Professor Amrita Vishwa Vidhyapeetham Mysore Email: manishankar1988@gmail.com Abstract: Security has remained
Using BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
SafeNet Authentication Client
SafeNet Authentication Client QUICK STRAT GUIDE Using Certificate-based Authentication with SafeNet Authentication Client for Citrix XenApp 6.5 Contents Description... 2 The Multi-Factor Authentication
Using Power to Improve C Programming Education
Using Power to Improve C Programming Education Jonas Skeppstedt Department of Computer Science Lund University Lund, Sweden jonas.skeppstedt@cs.lth.se jonasskeppstedt.net jonasskeppstedt.net jonas.skeppstedt@cs.lth.se
How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself
How do Users and Processes interact with the Operating System? Users interact indirectly through a collection of system programs that make up the operating system interface. The interface could be: A GUI,
RSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Partner Information Last Modified: September 30, 2005 Product Information Partner Name Juniper Networks Web Site www.juniper.net Product Name NetScreen SA Version
Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet. behrmann@cs.aau.dk
Vaccine til mobilen Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet behrmann@cs.aau.dk Motivations Security Threats over Internet Complexity of Internet, Protocols and Applications are all
Resilient Cloud Services
Resilient Cloud Services By Hemayamini Kurra, Glynis Dsouza, Youssif Al Nasshif, Salim Hariri University of Arizona First Franco-American Workshop on Cybersecurity 18 th October, 2013 Presentation Outline
Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM 3.8.4 and L4 Switch
Novell Border Manager Appnote Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM 3.8.4 and L4 Switch Bhavani ST and Gaurav Vaidya Software Consultant stbhavani@novell.com
How to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
SpiderCloud E-RAN Security Overview
SpiderCloud E-RAN Security Overview Excerpt for SpiderCloud Wireless, Inc. 408 East Plumeria Drive San Jose, CA 95134 USA -hereafter called SpiderCloud- Page 1 of 7 Table of Contents 1 Executive Summary...5
Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file
1 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 1: Introduction to Computer s Security Introduction to Computer s Security 4. security services and mechanisms 3 Approach 4 Introduction to Computer
Ultra-strong authentication to protect network access and assets
Ultra-strong authentication to protect network access and assets ESET Secure Authentication provides powerful authentication to make remote access to the company network and sensitive data safe, but hassle-free.
External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy
External Authentication with CiscoSecure ACS Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business
RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide
RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
RSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
Session ID: Session Classification:
Session ID: Session Classification: Protecting Data with Encryption Access Control Protect Sensitive Data Protect and Manage Threats Groundbreaking Malware Resistance Protects the client, data, and corporate
Cloud Web-Based Operating System (Cloud Web Os)
Cloud Web-Based Operating System (Cloud Web Os) Hesham Abusaimeh Department of Computer Science, Faculty of Information Technology, Applied Science University, Amman, 11931 Jordan. ABSTRACT The cloud computing
External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington
etoken PKI Client (Windows) User s Guide Version 5.1 Revision B
etoken PKI Client (Windows) User s Guide Version 5.1 Revision B All attempts have been made to make the information in this document complete and accurate. Aladdin is not responsible for any direct or
epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website: www.ftsafe.com
epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Revision History: Date Revision Description June 2013 V1.0 Release of the first version i Software Developer s Agreement All Products of Feitian
Trent Jaeger Systems and Internet Infrastructure Security Lab Pennsylvania State University
Reference Monitor Trent Jaeger Systems and Internet Infrastructure Security Lab Pennsylvania State University Related Concepts Access control Access control policy Security kernel Definition A reference
Lecture No 01 Novell Products Open Enterprise Server 2 Preview By Haim Malool. Main features Preview
Lecture No 01 Novell Products Open Enterprise Server 2 Preview By Haim Malool About Haim Malool Haim Malool is a Networking engineer and IT Consultant for more Than 15 years experience. He is a Ceritified
RSA Authentication Manager 8.1 Virtual Appliance Getting Started
RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides
AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts
AlienVault Unified Security Management (USM) 4.x-5.x Deploying HIDS Agents to Linux Hosts USM 4.x-5.x Deploying HIDS Agents to Linux Hosts, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. AlienVault,
HW (Fat001) TPM. Figure 1. Computing Node
1. Overview Two major components exist in our current prototype systems: the management node, including the Cloud Controller, Cluster Controller, Walrus and EBS, and the computing node, i.e. the Node Controller
RAINSTORM IAEA. Christoph Brunhuber, Keith Morgan, Jim Regula. Remote Monitoring Team Safeguards, IAEA 2014-09-08
RAINSTORM Christoph Brunhuber, Keith Morgan, Jim Regula Remote Monitoring Team Safeguards, 2014-09-08 Outline History / Motivation RAINSTORM Data Transfer: HTTP + REST Data Organization Details Data Security:
EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients
EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients A Detailed Review EMC Information Infrastructure Solutions Abstract This white
Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Check Point Security Gateway
SafeNet Authentication Service Integration Guide SAS Using RADIUS Protocol with Check Point Security Gateway 1 Document Information Document Part Number 007-012883-001, Rev. A Release Date January 2015
www.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009
SEE-GRID-SCI Virtualization and Grid Computing with XEN www.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009 Milan Potocnik University
Example of Standard API
16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface