Protection of Components based on a Smart Card Enhanced Security Module
Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Protection of Components based on a Smart Card Enhanced Security Module"

Transcription

1 Protection of Components based on a Smart Card Enhanced Security Module J. García-Alfaro 1,2, S. Castillo 1, J. Castellà-Roca, 3 G. Navarro 1, and J. Borrell 1 1 Autonomous University of Barcelona, Department of Information and Communications Engineering, Bellaterra - Spain 2 Ecole Nationale Supérieure des Télécommunications de Bretagne, Multimedia Networks and Services Department, Cesson Sévigné - France 3 Rovira i Virgili University Department of Computer Engineering and Maths, Tarragona - Spain García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

2 Introduction: Starting Point Protection of Network Security Components: - J. García, S. Castillo, G. Navarro, and J. Borrell Mechanisms for Attack Protection on a Prevention Framework 39th Annual IEEE International Carnahan Conference on Security Technology Protection based on an AC integrated in the operating system s kernel Implemented as a Linux Security Module through the LSM framework Open architecture for the inclusion of security enhancements at operating system s kernel level García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

3 Introduction: Protection strategy García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

4 Introduction: Protection strategy García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

5 Intra-kernel Access Control Coexistence of the protection AC (more restrictive) with the native operating system AC (less restrictive) The protected system calls are intercepted and, according to a set of security rules, will be accepted or denied: [ P ID ] [ UID] [Device] [inode] [Syscall] [P arameters] {accept, deny} García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

6 Example: protection of processes KERNEL Space KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR 1000 USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

7 Example: protection of processes KERNEL Space PID = 1234 UID= admin Syscall = kill_process Parameter = KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

8 Example: protection of processes KERNEL Space KERNEL AC PROTECTION AC kill_process(1000) PROCESS PROCESS SENSOR USER Space Administrator - Configuration Files - Binary File -... García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

9 Native operating system s AC García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

10 Intra-kernel Access Control García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

11 Constraints of our approach It introduces some administration constraints Officers are not longer allowed to throw system calls which may suppose a threat to the protected component To solve these constraints, we propose the use of a two-factor authentication mechanism Based on a cryptographic protocol and a smart card token Holds to the officer the indispensable privileges to carry out management activities after ensuring the administrator s identity García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

12 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

13 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

14 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

15 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

16 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

17 Authentication Mechanism SMARTCOP NODE 1234 SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

18 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

19 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

20 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

21 Authentication Mechanism SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

22 Public key protocol SMARTCOP SERVER SMARTCOP NODE SMARTCOP NODE SMARTCOP CARD García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

23 Authentication Mechanism: security considerations The console s executable is compiled in a static manner The LSM module, moreover, protects: the AC itself the binary file of the console the normal execution flow of the console s process the communication channel between the LSM module, the smart-card, and the console process García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

24 Related Works - SELINUX: P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. 11th FREENIX Track: 2001 USENIX Annual Technical Conference, USA, RSBAC: A. Ott. The Role Compatibility Security Model. 7th Nordic Workshop on Secure IT Systems (Nordsec 2002), Karlstad University, Sweden, Reinforce traditional operating system security features Control of the outcoming system calls García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

25 Benefits of our intra-kernel AC approach Unified methodology Integrated in the system as a LSM module, without having to modifile and recompile the kernel Two-factor authentication mechanism Solves the administration and configuration constraints of such an enhanced reinforcement García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

26 Deployment and Evaluation (1) Written in C as a set of modules through the LSM (Linux Security Modules) framework Smart card authentication: LSM and smart card communication and cryptographic operations based on etoken PRO (Aladdin) cards Deployed over the components of our platform, implemented for GNU/Linux 2.6 systems García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

27 Deployment and Evaluation (2) Access control subsytem Authentication subsytem Application Admin. console Enhanced Access Control (LSM) USB etoken driver Auth. core RSA sign. verif. module Security componet OS Access Control Syscall Interface García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

28 Evaluation: processes tests stop process resume process finish process fork process fork + execve fork + /bin/sh Overhead (%) Number of rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

29 Evaluation: filesystem and communications chmod i-node rename i-node unlink i-node mmap read 10K file create 10K file delete Overhead (%) Number of rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

30 Conclusions and Future Work Conclusions: Protection of critical processes and resources based on an AC integrated into the operating system s kernel Smart card based authentication protocol for management and configuration activities Good degree of transparency and reasonable performance penalty Future Work: Improving the customizing of policies Possibility of reload of policies at runtime Improving the matching algorithm of security rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

31 Conclusions and Future Work Conclusions: Protection of critical processes and resources based on an AC integrated into the operating system s kernel Smart card based authentication protocol for management and configuration activities Good degree of transparency and reasonable performance penalty Future Work: Improving the customizing of policies Possibility of reload of policies at runtime Improving the matching algorithm of security rules García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

32 Thank you for your attention! Questions? García, Castillo, Castella, Navarro, Borrell () Protection of Components CRITIS / 22

Similar documents

ACAPS An Access Control Mechanism to Protect the Components of an Attack Prevention System

ACAPS An Access Control Mechanism to Protect the Components of an Attack Prevention System ACAPS An Access Control Mechanism to Protect the Components of an Attack Prevention System Joaquín García, Sergio Castillo, Guillermo Navarro, Joan Borrell {jgarcia,scastillo,gnavarro,jborrell}@deic.uab.es

More information

SMARTCOP A Smart Card Based Access Control for the Protection of Network Security Components

SMARTCOP A Smart Card Based Access Control for the Protection of Network Security Components SMARTCOP A Smart Card Based Access Control for the Protection of Network Security Components Joaquín García-Alfaro 1, Sergio Castillo 1, Jordi Castellà-Roca 2, Guillermo Navarro 1, and Joan Borrell 1 1

More information

LSM-based Secure System Monitoring Using Kernel Protection Schemes

LSM-based Secure System Monitoring Using Kernel Protection Schemes LSM-based Secure System Monitoring Using Kernel Protection Schemes Takamasa Isohara, Keisuke Takemori, Yutaka Miyake KDDI R&D Laboratories Saitama, Japan {ta-isohara, takemori, miyake}@kddilabs.jp Ning

More information

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012 Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal

More information

A Simple Implementation and Performance Evaluation Extended-Role Based Access Control

A Simple Implementation and Performance Evaluation Extended-Role Based Access Control A Simple Implementation and Performance Evaluation Extended-Role Based Access Control Wook Shin and Hong Kook Kim Dept. of Information and Communications, Gwangju Institute of Science and Technology, 1

More information

Linux OS-Level Security Nikitas Angelinas MSST 2015

Linux OS-Level Security Nikitas Angelinas MSST 2015 Linux OS-Level Security Nikitas Angelinas MSST 2015 Agenda SELinux SELinux issues Audit subsystem Audit issues Further OS hardening 2 SELinux Security-Enhanced Linux Is NOT a Linux distribution A kernel

More information

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

I. Configuring Digital signature certificate in Microsoft Outlook 2003: I. Configuring Digital signature certificate in Microsoft Outlook 2003: In order to configure Outlook 2003 to use the new message security settings please follow these steps: 1. Open Outlook. 2. Go to

More information

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what

More information

NSA Security-Enhanced Linux (SELinux)

NSA Security-Enhanced Linux (SELinux) NSA Security-Enhanced Linux (SELinux) http://www.nsa.gov/selinux Stephen Smalley sds@epoch.ncsc.mil Information Assurance Research Group National Security Agency Information Assurance Research Group 1

More information

DESIGN AND IMPLEMENTATION OF A WEB SERVER FOR A HOSTING SERVICE

DESIGN AND IMPLEMENTATION OF A WEB SERVER FOR A HOSTING SERVICE DESIGN AND IMPLEMENTATION OF A WEB SERVER FOR A HOSTING SERVICE Daisuke Hara, Ryota Ozaki, Kazuki Hyoudou, and Yasuichi Nakayama Department of Computer Science The University of Electro-Communications

More information

Apache Server Implementation Guide

Apache Server Implementation Guide Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042

More information

RE-TRUST Design Alternatives on JVM

RE-TRUST Design Alternatives on JVM RE-TRUST Design Alternatives on JVM ( - Italy) paolo.falcarin@polito.it http://softeng.polito.it/falcarin Trento, December, 19 th 2006 Tamper-Detection Tamper-detection goals Detect malicious modifications

More information

Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm

Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P Abstract: Now a day s most of the people used in smart phones. Smartphone

More information

VPN Solutions FAQ www.aladdin.com/contact North America International Germany Benelux France Spain Israel Asia Pacific Japan

VPN Solutions FAQ www.aladdin.com/contact North America International Germany Benelux France Spain Israel Asia Pacific Japan A l a d d i n. c o m / e T o k e n VPN Solutions FAQ VPN authentication is a critical link in the chain of trust for remote access to your organization. Compromising that trust can expose your private

More information

Laboratory Report. An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations

Laboratory Report. An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations Laboratory Report An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations 1. Hardware Configuration We configured our testbed on

More information

USB etoken and USB Flash Features Support

USB etoken and USB Flash Features Support USB etoken and USB Flash Features Support USB etoken and USB Flash Features Support Cisco Integrated Services Routers provide secure, wire-speed delivery of concurrent data, voice, and video services (Figure

More information

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned

More information

Cisco Storage Media Encryption for Disk and Tape

Cisco Storage Media Encryption for Disk and Tape Data Sheet Cisco Storage Media Encryption for Disk and Tape Product Overview Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives, virtual tape libraries (VTLs), and

More information

Performance Measuring in Smartphones Using MOSES Algorithm

Performance Measuring in Smartphones Using MOSES Algorithm Performance Measuring in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P ME- Communication Systems, Dept of ECE, Dhanalakshmi Srinivasan Engineering college, Perambalur, Tamilnadu, India,

More information

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization

More information

A Secure Autonomous Document Architecture for Enterprise Digital Right Management

A Secure Autonomous Document Architecture for Enterprise Digital Right Management A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier LIUPPA Université de Pau et des Pays de l Adour Mont de Marsan, France manuel.munier@univ-pau.fr SITIS 2011

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric

More information

TrustKey Tool User Manual

TrustKey Tool User Manual TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

More information

YubiKey Integration for Full Disk Encryption

YubiKey Integration for Full Disk Encryption YubiKey Integration for Full Disk Encryption Pre-Boot Authentication Version 1.2 May 7, 2012 Introduction Disclaimer yubico Yubico is the leading provider of simple, open online identity protection. The

More information

Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls

Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls Using the Flask Security Architecture to Facilitate Risk Adaptable Access Controls Machon Gregory Peter Loscocco mbgrego@tycho.nsa.gov loscocco@tycho.nsa.gov National Security Agency Abstract Risk Adaptable

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

Secure web transactions system

Secure web transactions system Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends

More information

Plan 9 Authentication in Linux

Plan 9 Authentication in Linux Plan 9 Authentication in Linux Ashwin Ganti University of Illinois at Chicago aganti@cs.uic.edu ABSTRACT This paper talks about the implementation of the Plan 9 authentication mechanisms for Linux. As

More information

PROXKey Tool User Manual

PROXKey Tool User Manual PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7

More information

Safety measures in Linux

Safety measures in Linux S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel

More information

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces Software Engineering, Lecture 4 Decomposition into suitable parts Cross cutting concerns Design patterns I will also give an example scenario that you are supposed to analyse and make synthesis from The

More information

Analysis of the Linux Audit System 1

Analysis of the Linux Audit System 1 Analysis of the Linux Audit System 1 Authors Bruno Morisson, MSc (Royal Holloway, 2014) Stephen Wolthusen, ISG, Royal Holloway Overview Audit mechanisms on an operating system (OS) record relevant system

More information

SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A

SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A Copyright 2011, SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Smartcard Logon Overview

Smartcard Logon Overview etoken for Windows Smartcard Logon Lesson 9 April 2004 etoken Certification Course Smartcard Logon Overview Windows 2000/2003 Enterprise Server built-in feature Smartcard logon requires issuing a personal

More information

Red Hat. www.redhat.com. By Karl Wirth

Red Hat. www.redhat.com. By Karl Wirth Red Hat Enterprise Linux 5 Security By Karl Wirth Abstract Red Hat Enterprise Linux has been designed by, and for, the most security-conscious organizations in the world. Accordingly, security has always

More information

Global Journal of Computer Science and Technology

Global Journal of Computer Science and Technology Global Journal of Computer Science and Technology Volume 12 Issue 10 Version 1.0 2012 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc. (USA) Online ISSN:

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Shakambaree Technologies Pvt. Ltd.

Shakambaree Technologies Pvt. Ltd. Welcome to Support Express by Shakambaree Technologies Pvt. Ltd. Introduction: This document is our sincere effort to put in some regular issues faced by a Digital Signature and USB Token user doing on

More information

COS 318: Operating Systems. Virtual Machine Monitors

COS 318: Operating Systems. Virtual Machine Monitors COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have

More information

File System Encryption with Integrated User Management

File System Encryption with Integrated User Management File System Encryption with Integrated User Management Stefan Ludwig Corporate Technology Siemens AG, Munich fsfs@stefan-ludwig.de Prof. Dr. Winfried Kalfa Operating Systems Group Chemnitz University of

More information

Confining the Apache Web Server with Security-Enhanced Linux

Confining the Apache Web Server with Security-Enhanced Linux Confining the Apache Web Server with Security-Enhanced Linux Michelle J. Gosselin, Jennifer Schommer mgoss@mitre.org, jschommer@mitre.org Keywords: Operating System Security, Web Server Security, Access

More information

Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006

Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006 Adjusting Prevention Policy Options Based on Prevention Events Version 1.0 July 2006 Table of Contents 1. WHO SHOULD READ THIS DOCUMENT... 4 2. WHERE TO GET MORE INFORMATION... 4 3. VERIFYING THE OPERATION

More information

Building Blocks Towards a Trustworthy NFV Infrastructure

Building Blocks Towards a Trustworthy NFV Infrastructure Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical

More information

SGFS: Secure, Flexible, and Policy-based Global File Sharing

SGFS: Secure, Flexible, and Policy-based Global File Sharing SGFS: Secure, Flexible, and Policy-based Global File Sharing Vishal Kher Eric Seppanen Cory Leach Yongdae Kim {vkher,seppanen,leach,kyd}@cs.umn.edu University of Minnesota Motivation for Network attached

More information

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems

QUIRE: : Lightweight Provenance for Smart Phone Operating Systems QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome

More information

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1 Compiled By: Chris Presland v1.0 Date 29 th September Revision History Phil Underwood v1.1 This document describes how to integrate Checkpoint VPN with SecurEnvoy twofactor Authentication solution called

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Global eid Developments Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Agenda Country View on eid initiatives Trustworthy Identity Scenarios Microsoft eid update Summary

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced

More information

Stonesoft Corp. Stonegate Firewall and VPN

Stonesoft Corp. Stonegate Firewall and VPN Stonesoft Corp. Stonegate Firewall and VPN RSA SecurID Ready Implementation Guide Last Modified: February 2, 2011 Partner Information Product Information Partner Name Stonesoft Corp. Web Site www.stonesoft.com

More information

Mandatory Access Control in Linux

Mandatory Access Control in Linux Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ In the early 2000s Root and administrator Many

More information

CipherShare Features and Benefits

CipherShare Features and Benefits CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application

More information

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET Giuseppe Gippa Paternò gpaterno@gpaterno.com June 2008 WHO AM I Experienced architect Linux, Networking and Security Focused on Telcos

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Compliance and Security Challenges with Remote Administration

Compliance and Security Challenges with Remote Administration Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges

More information

TECHNICAL WHITE PAPER

TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER Product Snow Inventory Version 5 Release date 2016-09-27 Document date 2016-09-27 CONTENTS INTRODUCTION... 3 WHAT S NEW?... 3 PLATFORM OVERVIEW... 4 ARCHITECTURE... 4 SNOW INTEGRATION

More information

SwiftStack Filesystem Gateway Architecture

SwiftStack Filesystem Gateway Architecture WHITEPAPER SwiftStack Filesystem Gateway Architecture March 2015 by Amanda Plimpton Executive Summary SwiftStack s Filesystem Gateway expands the functionality of an organization s SwiftStack deployment

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris

The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris The OpenEapSmartcard platform Pr Pascal Urien ENST Paris /20 Pascal URIEN, CARTES 2005, November 16 th 2005 Introduction 1/4: Network ages Analog networks (Tree age) 1876, Alexander Graham Bell invents

More information

ITG Software Engineering

ITG Software Engineering Basic Android Development Course ID: Page 1 Last Updated 12/15/2014 Basic Android Development ITG Software Engineering Course Overview: This 5 day course gives students the fundamental basics of Android

More information

Yale Software Library

Yale Software Library Yale Software Library http://www.yale.edu/its/software/ For assistance contact the ITS Help Desk 203-432-9000, helpdesk@yale.edu Two-factor authentication: Installation and configuration instructions for

More information

Features. The Samhain HIDS. Overview of available features. Rainer Wichmann

Features. The Samhain HIDS. Overview of available features. Rainer Wichmann Overview of available features November 1, 2011 POSIX (e.g. Linux, *BSD, Solaris 2.x, AIX 5.x, HP-UX 11, and Mac OS X. Windows 2000 / WindowsXP with POSIX emulation (e.g. Cygwin). Please note that this

More information

Chapter 2 Addendum (More on Virtualization)

Chapter 2 Addendum (More on Virtualization) Chapter 2 Addendum (More on Virtualization) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ More on Systems Virtualization Type I (bare metal)

More information

INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR

INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR MANISHANKAR.S Assistant Professor Amrita Vishwa Vidhyapeetham Mysore Email: manishankar1988@gmail.com Abstract: Security has remained

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

SafeNet Authentication Client

SafeNet Authentication Client SafeNet Authentication Client QUICK STRAT GUIDE Using Certificate-based Authentication with SafeNet Authentication Client for Citrix XenApp 6.5 Contents Description... 2 The Multi-Factor Authentication

More information

Using Power to Improve C Programming Education

Using Power to Improve C Programming Education Using Power to Improve C Programming Education Jonas Skeppstedt Department of Computer Science Lund University Lund, Sweden jonas.skeppstedt@cs.lth.se jonasskeppstedt.net jonasskeppstedt.net jonas.skeppstedt@cs.lth.se

More information

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself How do Users and Processes interact with the Operating System? Users interact indirectly through a collection of system programs that make up the operating system interface. The interface could be: A GUI,

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: September 30, 2005 Product Information Partner Name Juniper Networks Web Site www.juniper.net Product Name NetScreen SA Version

More information

Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet. behrmann@cs.aau.dk

Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet. behrmann@cs.aau.dk Vaccine til mobilen Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet behrmann@cs.aau.dk Motivations Security Threats over Internet Complexity of Internet, Protocols and Applications are all

More information

Resilient Cloud Services

Resilient Cloud Services Resilient Cloud Services By Hemayamini Kurra, Glynis Dsouza, Youssif Al Nasshif, Salim Hariri University of Arizona First Franco-American Workshop on Cybersecurity 18 th October, 2013 Presentation Outline

More information

Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM 3.8.4 and L4 Switch

Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM 3.8.4 and L4 Switch Novell Border Manager Appnote Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM 3.8.4 and L4 Switch Bhavani ST and Gaurav Vaidya Software Consultant stbhavani@novell.com

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

SpiderCloud E-RAN Security Overview

SpiderCloud E-RAN Security Overview SpiderCloud E-RAN Security Overview Excerpt for SpiderCloud Wireless, Inc. 408 East Plumeria Drive San Jose, CA 95134 USA -hereafter called SpiderCloud- Page 1 of 7 Table of Contents 1 Executive Summary...5

More information

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file 1 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 1: Introduction to Computer s Security Introduction to Computer s Security 4. security services and mechanisms 3 Approach 4 Introduction to Computer

More information

Ultra-strong authentication to protect network access and assets

Ultra-strong authentication to protect network access and assets Ultra-strong authentication to protect network access and assets ESET Secure Authentication provides powerful authentication to make remote access to the company network and sensitive data safe, but hassle-free.

More information

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy External Authentication with CiscoSecure ACS Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business

More information

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

Session ID: Session Classification:

Session ID: Session Classification: Session ID: Session Classification: Protecting Data with Encryption Access Control Protect Sensitive Data Protect and Manage Threats Groundbreaking Malware Resistance Protects the client, data, and corporate

More information

Cloud Web-Based Operating System (Cloud Web Os)

Cloud Web-Based Operating System (Cloud Web Os) Cloud Web-Based Operating System (Cloud Web Os) Hesham Abusaimeh Department of Computer Science, Faculty of Information Technology, Applied Science University, Amman, 11931 Jordan. ABSTRACT The cloud computing

More information

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington

More information

etoken PKI Client (Windows) User s Guide Version 5.1 Revision B

etoken PKI Client (Windows) User s Guide Version 5.1 Revision B etoken PKI Client (Windows) User s Guide Version 5.1 Revision B All attempts have been made to make the information in this document complete and accurate. Aladdin is not responsible for any direct or

More information

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website: www.ftsafe.com

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website: www.ftsafe.com epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Revision History: Date Revision Description June 2013 V1.0 Release of the first version i Software Developer s Agreement All Products of Feitian

More information

Trent Jaeger Systems and Internet Infrastructure Security Lab Pennsylvania State University

Trent Jaeger Systems and Internet Infrastructure Security Lab Pennsylvania State University Reference Monitor Trent Jaeger Systems and Internet Infrastructure Security Lab Pennsylvania State University Related Concepts Access control Access control policy Security kernel Definition A reference

More information

Lecture No 01 Novell Products Open Enterprise Server 2 Preview By Haim Malool. Main features Preview

Lecture No 01 Novell Products Open Enterprise Server 2 Preview By Haim Malool. Main features Preview Lecture No 01 Novell Products Open Enterprise Server 2 Preview By Haim Malool About Haim Malool Haim Malool is a Networking engineer and IT Consultant for more Than 15 years experience. He is a Ceritified

More information

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

RSA Authentication Manager 8.1 Virtual Appliance Getting Started RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides

More information

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts AlienVault Unified Security Management (USM) 4.x-5.x Deploying HIDS Agents to Linux Hosts USM 4.x-5.x Deploying HIDS Agents to Linux Hosts, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. AlienVault,

More information

HW (Fat001) TPM. Figure 1. Computing Node

HW (Fat001) TPM. Figure 1. Computing Node 1. Overview Two major components exist in our current prototype systems: the management node, including the Cloud Controller, Cluster Controller, Walrus and EBS, and the computing node, i.e. the Node Controller

More information

RAINSTORM IAEA. Christoph Brunhuber, Keith Morgan, Jim Regula. Remote Monitoring Team Safeguards, IAEA 2014-09-08

RAINSTORM IAEA. Christoph Brunhuber, Keith Morgan, Jim Regula. Remote Monitoring Team Safeguards, IAEA 2014-09-08 RAINSTORM Christoph Brunhuber, Keith Morgan, Jim Regula Remote Monitoring Team Safeguards, 2014-09-08 Outline History / Motivation RAINSTORM Data Transfer: HTTP + REST Data Organization Details Data Security:

More information

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients A Detailed Review EMC Information Infrastructure Solutions Abstract This white

More information

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Check Point Security Gateway

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Check Point Security Gateway SafeNet Authentication Service Integration Guide SAS Using RADIUS Protocol with Check Point Security Gateway 1 Document Information Document Part Number 007-012883-001, Rev. A Release Date January 2015

More information

www.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009

www.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009 SEE-GRID-SCI Virtualization and Grid Computing with XEN www.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009 Milan Potocnik University

More information

Example of Standard API

Example of Standard API 16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

More information
2018 © DocPlayer.net Privacy Policy | Terms of Service | Feedback