ORCON. Originator Controlled Access Control. André dos Santos Cardoso. Universidade do Porto Faculdade de Engenharia da Universidade do Porto

Size: px
Start display at page:

Download "ORCON. Originator Controlled Access Control. André dos Santos Cardoso. Universidade do Porto Faculdade de Engenharia da Universidade do Porto"

Transcription

1 ORCON Originator Controlled Access Control André dos Santos Cardoso Universidade do Porto Faculdade de Engenharia da Universidade do Porto November 3, 2009 André dos Santos Cardoso (FEUP) ORCON November 3, / 19

2 Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

3 Overview Of MAC and DAC Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

4 Overview Of MAC and DAC How does MAC work? Controlled by an Administrator Defines levels of access Admin defines the types of access and who has access Owner can t change permissions/level of access of Objects André dos Santos Cardoso (FEUP) ORCON November 3, / 19

5 Overview Of MAC and DAC...and DAC!? Concept of Owner is important can set permissions for others at his own discretion copied objects become owned by the copier. Permissions are given based on Identity André dos Santos Cardoso (FEUP) ORCON November 3, / 19

6 What is ORCON after all...? Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

7 What is ORCON after all...? ORCON - Originator Controlled Access Control Objective Control the dissemination of Objects through several entities, in a decentralized manner. Keep unauthorized recipients from reading the object Prevent re-dissemination from authorized subjects to unauthorized entities or subjects Creator must always give permission Authorized subjects must be able to write to the object, but Not to change Original Permissions André dos Santos Cardoso (FEUP) ORCON November 3, / 19

8 What is ORCON after all...? Controlling Dissemination André dos Santos Cardoso (FEUP) ORCON November 3, / 19

9 Can ORCON be Implemented? Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

10 Can ORCON be Implemented? With DAC? Can DAC realize the requirements? Owner can change permissions! With DAC, the owner(=!creator) can change the permissions at will, without considering the creator (originator) original permissions. DAC fails! André dos Santos Cardoso (FEUP) ORCON November 3, / 19

11 Can ORCON be Implemented? With MAC? Can MAC realize the requirements? Theoretically possible but... a different category is needed for each combination between Object/Document, Owner, and Recipient Category Explosion Problem! it s a centralized solution impossible to implement in real world. MAC fails! André dos Santos Cardoso (FEUP) ORCON November 3, / 19

12 Can ORCON be Implemented? Mixing MAC and DAC? Hybrid Solution with MAC and DAC We can combine MAC and DAC 1 The owner of an object cannot change the access controls of the object 2 When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy At the resemblance of PACL! 3 The creator (originator) can alter the access control restrictions on a per-subject and per-object basis. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

13 OK, let s design a palpable solution! Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

14 OK, let s design a palpable solution! Threats and Countermeasures Threats and Countermeasures Easy! Use Encryption! Unauthorized access to document storage or document transmission Figure: Symmetric Encryption Key exists only in the ORCON device, and only accessible through hardware. Content can only be decrypted and opened in the device. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

15 OK, let s design a palpable solution! Threats and Countermeasures Threats and Countermeasures Incorporate a trusted software module into the device. Unauthorized access to document storage or document transmission Copying of the document Figure: Only trusted software module is able to decrypt/encrypt information André dos Santos Cardoso (FEUP) ORCON November 3, / 19

16 OK, let s design a palpable solution! Threats and Countermeasures Threats and Countermeasures Rules are also encrypted. Unauthorized access to document storage or document transmission Copying of the document Tempering of the document dissemination rules Figure: Policies can be encrypted along with the content. Trusted Software Module Enforces the application of the Policies. Software Module also ensures the policy upon copy (PACL!) André dos Santos Cardoso (FEUP) ORCON November 3, / 19

17 OK, let s design a palpable solution! Authorized User Authentication How do we authenticate users against the policy file? Let s make use of users public keys Figure: Software Module grants access based on policy file and public keys, with a protocol of Challenge-Response in which he encrypts a challenge with the user s public key. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

18 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file André dos Santos Cardoso (FEUP) ORCON November 3, / 19

19 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document André dos Santos Cardoso (FEUP) ORCON November 3, / 19

20 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document 3 Creator disseminates the encrypted document to ORCON enabled devices André dos Santos Cardoso (FEUP) ORCON November 3, / 19

21 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document 3 Creator disseminates the encrypted document to ORCON enabled devices 4 Receiver device checks policy Receiver device can decrypt document. Trusted hardware and software module enforces policies. Policies can t ever be touched by user. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

22 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document 3 Creator disseminates the encrypted document to ORCON enabled devices 4 Receiver device checks policy Receiver device can decrypt document. Trusted hardware and software module enforces policies. Policies can t ever be touched by user. 5 Receiver device authenticates users through the public key contained in the policy User can use his private key to respond to the system challenge, decrypting the challenge. User is authenticated if he owns a the correponding private key André dos Santos Cardoso (FEUP) ORCON November 3, / 19

23 OK, let s design a palpable solution! Attained Solution What did we just build? Policy Enforcement Policy is disseminated along users, and enforced even when re-dissemination occurs. Memory locations can remain encrypted thanks to software+hardware solution and no trust is given to the Operating System. Decentralized Solution No central administration, which guarantees that the design works even with a large and distributed number of users. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

24 Thanks Thank You! Thank You Any Questions? André dos Santos Cardoso (FEUP) ORCON November 3, / 19

25 References Consulted Material Computer Security, Art and Science - Matt Bishop Hardware-Assisted Application-Level Access Control - Yu-Yuan Chen and Ruby B. Lee Originator & Role-Based Policies, notes of Computer and Network Security from the University of North Carolina - Kevin Jeffay 6-Originator-RBAC-Policies.pdf André dos Santos Cardoso (FEUP) ORCON November 3, / 19

Access Control Intro, DAC and MAC. System Security

Access Control Intro, DAC and MAC. System Security Access Control Intro, DAC and MAC System Security System Security It is concerned with regulating how entities use resources in a system It consists of two main phases: Authentication: uniquely identifying

More information

BM482E Introduction to Computer Security

BM482E Introduction to Computer Security BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

RBAC and HIPAA Security

RBAC and HIPAA Security Chief Executive, HIPAA Academy RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Session Objective Challenges HIPAA Requirements Seven Steps to HIPAA Security Access Control RBAC Information Access

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Understanding the Impact of Encryption on Certified Wireless USB Testing. Introduction. Association vs. Security

Understanding the Impact of Encryption on Certified Wireless USB Testing. Introduction. Association vs. Security on Certified Wireless USB Testing Mike Micheletti Wireless USB Product Manager LeCroy Protocol Solutions Group Introduction Certified Wireless USB (WUSB) is a new shortrange, high-bandwidth wireless extension

More information

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Access Control and Authorization Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access recapitulated 1. Identification Which object O requests

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

Principle, utilization and limitations for secure electronic mail systems. Lindomar Bandeira Rocha

Principle, utilization and limitations for secure electronic mail systems. Lindomar Bandeira Rocha Principle, utilization and limitations for secure electronic Lindomar Bandeira Rocha FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos 2009/2010 Inline Encoding ( clearsigning

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen Mobile Security Wireless Mesh Network Security Sascha Alexander Jopen Overview Introduction Wireless Ad-hoc Networks Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless Mesh Networks

More information

Access Control of Cloud Service Based on UCON

Access Control of Cloud Service Based on UCON Access Control of Cloud Service Based on UCON Chen Danwei, Huang Xiuli, and Ren Xunyi Nanjing University of posts & Telecommunications, New Model Street No.66, 210003, Nanjing, China chendw@njupt.edu.cn,

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate

More information

EnCase Endpoint Investigator Fundamentals 5/25/2016

EnCase Endpoint Investigator Fundamentals 5/25/2016 EnCase Endpoint Investigator Fundamentals Guidance Software 1 About Us Tony Balzanto Tony Balzanto is an instructor in the Orlando, FL office of Guidance Software s Professional Development and Training

More information

Internet Programming. Security

Internet Programming. Security Internet Programming Security Introduction Security Issues in Internet Applications A distributed application can run inside a LAN Only a few users have access to the application Network infrastructures

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Originator Control in Usage Control *

Originator Control in Usage Control * Originator Control in Usage Control * Jaehong Park Laboratory for Information Security Technology ISE Department, MS4A4 George Mason University, Fairfax, VA 22030 jaehpark@ise.gmu.edu, www.list.gmu.edu/park

More information

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design. Privacy-Preserving Public Auditing For Secure Cloud Storage ABSTRACT: Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

Table: Security Services (X.800)

Table: Security Services (X.800) SECURIT SERVICES X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Also the

More information

Evaluate the Usability of Security Audits in Electronic Commerce

Evaluate the Usability of Security Audits in Electronic Commerce Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka

More information

Fundamentals of a Windows Server Infrastructure MOC 10967

Fundamentals of a Windows Server Infrastructure MOC 10967 Fundamentals of a Windows Server Infrastructure MOC 10967 Course Outline Module 1: Installing and Configuring Windows Server 2012 This module explains how the Windows Server 2012 editions, installation

More information

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals

More information

HIPAA. considerations with LogMeIn

HIPAA. considerations with LogMeIn HIPAA considerations with LogMeIn Introduction The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, requires all organizations that maintain or transmit electronic

More information

Interim Threat / Risk Assessment. Student E- Communications Outsourcing Project

Interim Threat / Risk Assessment. Student E- Communications Outsourcing Project Interim Threat / Risk Assessment Student E- Communications Outsourcing Project Martin Loeffler Information Security, I+TS Creation Date: Version 1.0 June 24, 2010 Last Updated: Version 2.0 July 6, 2010

More information

ECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013

ECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013 ECE 646, CRYPTOGRAPHY PROJECT SPECIFICATION GEORGE MASON UNIVERSITY FALL, 2013 v Team members: Kunal Pillai Asrat Dea Ravi Chandra Reddy Kambalapally v Cryptographic Security for Cloud Storage Cloud storage

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

LogMeIn HIPAA Considerations

LogMeIn HIPAA Considerations LogMeIn HIPAA Considerations Contents Introduction LogMeIn HIPAA Considerations...3 General HIPAA Information...4 Section A Background information on HIPAA Rules...4 Technical Safeguards Overview...5 Section

More information

SECURITY TRENDS-ATTACKS-SERVICES

SECURITY TRENDS-ATTACKS-SERVICES SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

More effective protection for your access control system with end-to-end security

More effective protection for your access control system with end-to-end security More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT

More information

HIPAA Email Compliance & Privacy. What You Need to Know Now

HIPAA Email Compliance & Privacy. What You Need to Know Now HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

LBSEC. http://www.liveboxcloud.com

LBSEC. http://www.liveboxcloud.com 2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee

More information

Applied Cryptology. Ed Crowley

Applied Cryptology. Ed Crowley Applied Cryptology Ed Crowley 1 Basics Topics Basic Services and Operations Symmetric Cryptography Encryption and Symmetric Algorithms Asymmetric Cryptography Authentication, Nonrepudiation, and Asymmetric

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu

Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5. www.kc-class.eu Cloud security and OpenStack Primož Cigoj Laboratorij za odprte sisteme in mreže IJS-E5 www.kc-class.eu 1 1 Outline Cloud computing General overview Deployment and service models Security issues Threats

More information

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E) SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E) 2 LECTURE OUTLINE Threats and countermeasures Access control mechanisms SQL s grant and revoke Role of views 3 THREATS What are the threats? Loss of integrity

More information

Introduction to Information Security

Introduction to Information Security Introduction to Information Security Chapter 1 Information Security Basics Winter 2015/2016 Stefan Mangard, www.iaik.tugraz.at What is Information Security? 2 Security vs. Safety The German word Sicherheit

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

Scientific Journal Impact Factor (SJIF): 1.711

Scientific Journal Impact Factor (SJIF): 1.711 Scientific Journal Impact Factor (SJIF): 1.711 e-issn: 2349-9745 p-issn: 2393-8161 International Journal of Modern Trends in Engineering and Research www.ijmter.com OneTK: Key Distribution Center at Cloud

More information

Security Policy for Oracle Advanced Security Option Cryptographic Module

Security Policy for Oracle Advanced Security Option Cryptographic Module Security Policy for Oracle Advanced Security Option Cryptographic Module Version 1.0 September 1999 Prepared by Oracle Corporation A. Scope of Document This document describes the security policy for the

More information

Information Security Office. Logging Standard

Information Security Office. Logging Standard Information Security Office Logging Standard Revision History Revision Revised By Summary of Revisions Section(s) / Date Page(s) Revised 6/01/2013 ISO Initial Release All Approvals Review Date Reviewed

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

More information

Securing Ship-to-Shore Data Flow

Securing Ship-to-Shore Data Flow Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their

More information

Oracle Database Security

Oracle Database Security breaking through barriers to progress By Raman Jathar an award winning '2004 Future 50 Company' 18650 W. Corporate Drive Suite 120 Brookfield, WI 53045 262.792.0200 Database Security Lately, database security

More information

SSL Overview for Resellers

SSL Overview for Resellers Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/ DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing

More information

How Managed File Transfer Addresses HIPAA Requirements for ephi

How Managed File Transfer Addresses HIPAA Requirements for ephi How Managed File Transfer Addresses HIPAA Requirements for ephi 1 A White Paper by Linoma Software INTRODUCTION As the healthcare industry transitions from primarily using paper documents and patient charts

More information

Secure USB Flash Drive. Biometric & Professional Drives

Secure USB Flash Drive. Biometric & Professional Drives Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE

More information

A centralized approach to computer network security*

A centralized approach to computer network security* A centralized approach to computer network security* by FRANK R. HEINRICH and DAVID J. KAUFMAN Sysiem Developmeni Corporaiion Santa Monica, California ABSTRACT This paper presents an approach to network

More information

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION United States Department of Agriculture Marketing and Regulatory Programs Grain Inspection, Packers and Stockyards Administration Directive GIPSA 3140.5 11/30/06 WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

More information

12 FAM 650 ACQUISITION SECURITY REQUIREMENTS FOR OPERATING SYSTEMS AND SUBSYSTEM COMPONENTS

12 FAM 650 ACQUISITION SECURITY REQUIREMENTS FOR OPERATING SYSTEMS AND SUBSYSTEM COMPONENTS 12 FAM 650 ACQUISITION SECURITY REQUIREMENTS FOR OPERATING SYSTEMS AND SUBSYSTEM COMPONENTS 12 FAM 651 GENERAL (CT:DS-180; 06-20-2012) (Office of Origin: DS/SI/CS) a. Acquisition authorities must follow

More information

Electronically Communicating in Compliance with HIPAA Privacy and Security Requirements. Adam H. Greene, JD, MPH Partner, Davis Wright Tremaine LLP

Electronically Communicating in Compliance with HIPAA Privacy and Security Requirements. Adam H. Greene, JD, MPH Partner, Davis Wright Tremaine LLP Electronically Communicating in Compliance with HIPAA Privacy and Security Requirements Adam H. Greene, JD, MPH Partner, Davis Wright Tremaine LLP Agenda Communicating with Patients Security Rule compliance

More information

PGP Universal Server 2.5 SmartLine DeviceLock 6.2

PGP Universal Server 2.5 SmartLine DeviceLock 6.2 PGP Integration Guide October 2007 PGP Universal Server 2.5 SmartLine DeviceLock 6.2 Version 1.0 2 Table of Contents INTRODUCTION...3 STRUCTURE...3 CAVEATS...4 POLICY OVERVIEW...4 SPAN OF CONTROL...4 COMPUTER

More information

NAESB RMQ Executive Committee. October 19, 2015

NAESB RMQ Executive Committee. October 19, 2015 NAESB RMQ Executive Committee October 19, 2015 Trade Secret This document and attachments contain confidential and proprietary information of Open Access Technology International, Inc. This information

More information

How to Build an Effective Mail Server Defense

How to Build an Effective Mail Server Defense How to Build an Effective Mail Server Defense A multi-stage approach to securing your email communication August, 21 2006 Author: Alin Dobre, Head of Customer Support, AXIGEN GECAD Technologies 10A Dimitrie

More information

Advanced Topics in Information Security MAP-I Curricular Unit 2009/2010

Advanced Topics in Information Security MAP-I Curricular Unit 2009/2010 Advanced Topics in Information Security MAP-I Curricular Unit 2009/2010 Summary This document describes a Ph.D. level course, corresponding to a Curriculum Unit credited with 5 ECTS. It is offered jointly

More information

Pexip Infinity platform management and security features

Pexip Infinity platform management and security features Pexip Infinity platform management and security features A white paper by Jordan Owens, VP of Architecture, Pexip. 10 June, 2014 Contact Pexip: w: www.pexip.com e: info@pexip.com t: @PexipInc 1 Platform

More information

The Health Insurance Portability and Accountability Act - HIPAA - Using BeAnywhere on a HIPAA context

The Health Insurance Portability and Accountability Act - HIPAA - Using BeAnywhere on a HIPAA context The Health Insurance Portability and Accountability Act - HIPAA - Using BeAnywhere on a HIPAA context About HIPAA The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in

More information

Excerpt of Cyber Security Policy/Standard S05-001. Information Security Standards

Excerpt of Cyber Security Policy/Standard S05-001. Information Security Standards Excerpt of Cyber Security Policy/Standard S05-001 Information Security Standards Issue Date: April 4, 2005 Publication Date: April 4, 2005 Revision Date: March 30, 2007 William F. Pelgrin Director New

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Learning Objectives. attacks. 2. Describe the common security practices of businesses of

Learning Objectives. attacks. 2. Describe the common security practices of businesses of E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements

More information

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based

More information

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack You Joung Ham Graduate School of Computer Engineering, Hanshin University, 411, Yangsan-dong, Osan, Gyeonggi, Rep. of Korea

More information

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems

More information

HIPAA: The Role of PatientTrak in Supporting Compliance

HIPAA: The Role of PatientTrak in Supporting Compliance HIPAA: The Role of PatientTrak in Supporting Compliance The purpose of this document is to describe the methods by which PatientTrak addresses the requirements of the HIPAA Security Rule, as pertaining

More information

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0 WHITE PAPER Support for the HIPAA Security Rule RadWhere 3.0 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of the RadWhere 3.0 system as part of

More information

Content of smart wireless sensor network security and its network security policy

Content of smart wireless sensor network security and its network security policy Abstract Content of smart wireless sensor network security and its network security policy Xiehua Yu Minnan Science and Technology Institute, Fujian Normal University, Fujian, 362332, China eceived 1 October

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control

More information

Application Based Access Control on Cloud Networks for Data Security

Application Based Access Control on Cloud Networks for Data Security Application Based Access Control on Cloud Networks for Data Security Ms. Smitha P M.Tech in DCN, Department of ECE GSSSIETW, Mysuru Karnataka, India Smitha.21sn @gmail.com Mrs. Manjula G Associate. Proffesor,

More information

Secure Hardware PV018 Masaryk University Faculty of Informatics

Secure Hardware PV018 Masaryk University Faculty of Informatics Secure Hardware PV018 Masaryk University Faculty of Informatics Jan Krhovják Vašek Matyáš Roadmap Introduction The need of secure HW Basic terminology Architecture Cryptographic coprocessors/accelerators

More information

Setting Up Scan to SMB on TaskALFA series MFP s.

Setting Up Scan to SMB on TaskALFA series MFP s. Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and

More information

Digital Documents, Compliance and the Cloud

Digital Documents, Compliance and the Cloud A Perspective on Navigating the Complexities Associated with Digital Document Transmission and Security for the Modern Enterprise. What are Digital (Electronic) Documents The Rise of the e-document Definition

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

ITM661 Database Systems. Database Security and Administration

ITM661 Database Systems. Database Security and Administration ITM661 Database Systems Database Security and Administration Outline Introduction to Database Security Issues Types of Security Threats to databases Database Security and DBA Access Protection, User Accounts,

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21 Security and Authorization Chapter 21 Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke 1 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review Privacy and Security Meaningful Use Requirement HIPAA Readiness Review REACH - Achieving - Achieving meaningful meaningful use of your use EHR of your EHR Patti Kritzberger, RHIT, CHPS ND e-health Summit

More information

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald 0043306

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald 0043306 Software Engineering 4C03 Research Project An Overview of Secure Transmission on the World Wide Web Sean MacDonald 0043306 Tuesday April 5, 2005 Introduction Software Engineering 4C03 Research Project

More information