Provisions Relating to IETF Documents

Additional Kerberos Naming Constraints This document defines new naming constraints for well-known Kerberos principal names and well-known Kerberos realm names

Authentication for mobile computing

Host mobility is becoming an increasingly important feature with the recent arrival of laptop and palmtop computers, the development of wireless network interfaces and the implementation of global networks. Unfortunately, this mobile environment is also much more vulnerable to penetration by intruders. A possible means of protection can be authentication. This guarantees the identity of a communication peer. This thesis studies the constraints imposed on the mobile environment with respect to authentication. It compares the two prevailing authentication mechanisms, Kerberos and SPX, and tries to make suggestions of how a mechanism can be adapted to the mobile environment

Soft Constraint Programming to Analysing Security Protocols

Security protocols stipulate how the remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms, each of different strength. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham-Schroeder protocol, we have recently discovered a new attack on that protocol as a form of retaliation by principals who have been attacked previously. Having commented on that attack, we then demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos.Comment: 29 pages, To appear in Theory and Practice of Logic Programming (TPLP) Paper for Special Issue (Verification and Computational Logic

Distributed Virtual System (DIVIRS) Project

As outlined in our continuation proposal 92-ISI-50R (revised) on contract NCC 2-539, we are (1) developing software, including a system manager and a job manager, that will manage available resources and that will enable programmers to program parallel applications in terms of a virtual configuration of processors, hiding the mapping to physical nodes; (2) developing communications routines that support the abstractions implemented in item one; (3) continuing the development of file and information systems based on the virtual system model; and (4) incorporating appropriate security measures to allow the mechanisms developed in items 1 through 3 to be used on an open network. The goal throughout our work is to provide a uniform model that can be applied to both parallel and distributed systems. We believe that multiprocessor systems should exist in the context of distributed systems, allowing them to be more easily shared by those that need them. Our work provides the mechanisms through which nodes on multiprocessors are allocated to jobs running within the distributed system and the mechanisms through which files needed by those jobs can be located and accessed

An Investigation of the Security Designs of a Structured Query Language (Sql) Database and its Middleware Application and their Secure Implementation Within Thinclient Environments

The Information Portability and Accountability Act (HIPAA) and The SarbanesOxley (SOX) regulations greatly influenced the health care industry regarding the means of securing financial and private data within information and technology. With the introduction of thinclient technologies into medical information systems (IS), data security and regulation compliancy becomes more problematic due to the exposure to the World Wide Web (WWW) and malicious activity. This author explores the best practices of the medical industry and information technology industry for securing electronic data within the thinclient environment at the three levels of architecture: the SQL database, its middleware application, and Web interface. Designing security within the SQL database is not good enough as breaches can occur through unintended consequences during data access within the middleware application design and data exchange design over computer networks. For example, a hospital\u27s medical records, which are routinely exchanged over computer networks, are subject to the audit control an encryption requirements mandated for data security. (Department of, 2008). While there is an overlapping of security techniques within each of the three layers of architectural security design, the use of 18 methodologies greatly enhances the ability to protect electronic information. Due to the variety of IS used within a medical facility, security conscientiousness, consistency of security design, excellent communication between designers, developers and system engineers, and the use of standardized security techniques within each of the three layers of architecture are required

The Anatomy of the Grid - Enabling Scalable Virtual Organizations

"Grid" computing has emerged as an important new field, distinguished from conventional distributed computing by its focus on large-scale resource sharing, innovative applications, and, in some cases, high-performance orientation. In this article, we define this new field. First, we review the "Grid problem," which we define as flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions, and resources-what we refer to as virtual organizations. In such settings, we encounter unique authentication, authorization, resource access, resource discovery, and other challenges. It is this class of problem that is addressed by Grid technologies. Next, we present an extensible and open Grid architecture, in which protocols, services, application programming interfaces, and software development kits are categorized according to their roles in enabling resource sharing. We describe requirements that we believe any such mechanisms must satisfy, and we discuss the central role played by the intergrid protocols that enable interoperability among different Grid systems. Finally, we discuss how Grid technologies relate to other contemporary technologies, including enterprise integration, application service provider, storage service provider, and peer-to-peer computing. We maintain that Grid concepts and technologies complement and have much to contribute to these other approaches.Comment: 24 pages, 5 figure

Detection of Active Directory attacks

Organizace, které využívají Active Directory pro správu identit, musí chránit svá data před protivníky a bezpečnostními hrozbami. Tato práce analyzuje známé útoky na Active Directory a možnosti jejich detekce založené na Windows Security auditu. Implementační část je zaměřená na návrh detekčních pravidel pro analyzované scenáře útoků. Pravidla byla navrhnuta a implementována v technologii Splunk, následně otestována a vyhodnocena vykonáním útoků ve virtuálním prostředí. Navrhnutá pravidla, případně detekční principy v nich použité, mohou sloužit jako základ implementace bezpečnostního monitorování Active Directory prostředí v organizacích, a to nezávisle na vybrané technologii. Příloha práce obsahuje navrhnutá pravidla ve formě Analytic Stories, která rozširují obsah existující aplikace Splunk ES Content Update. Analytic Stories jsou navíc doplněna o relevantní vyhledávání, která poskytují kontext využitelný pro investigaci.Organizations that use Active Directory for managing identities have to protect their data from adversaries and security threats. This thesis analyses known attacks targeting Active Directory and the possibilities of detection based on Windows Security auditing. The implementation part focuses on designing detection rules covering the analyzed attack scenarios. The rules were designed and implemented in Splunk; tested and evaluated by performing the attacks in a virtual environment. The rules, or the detection principles used in them, can serve as a baseline for implementation of Active Directory security monitoring in organizations, regardless of the chosen technology. The appendix contains the designed rules set in the form of Analytic Stories, extending the content of an existing application Splunk ES Content Update. The Stories are supplemented by related searches providing context useful for investigation

Support of Multiple Replica Types in FreeIPA

Velmi rozšířeným prostředkem pro správu uživatelských účtů a řízení přístupu k výpočetní infrastruktuře a službám je kombinace protokolů LDAP a Kerberos. Instalace jakož i samotná správa sítě postavené nad těmito technologiemi však skýtá mnoho překážek. Jedním z řešení je použití open-sourcové aplikace FreeIPA, která patří mezi takzvané řešení pro správu identit a bezpečnostních politik. FreeIPA výrazně usnadňuje práci s těmito protokoly od samotného nasazení až po správu celého systému. Cílem této práce je rozšíření aplikace FreeIPA o možnost použití read-only replik, které přispěje k snadnější a účinnější škálovatelnosti.LDAP and Kerberos together are widely used for management of user accounts and authorization. The installation and administration of a system based on these protocols might be difficult and full of obstacles. An open source solution exists that is capable of handling the entire life cycle of such system. It is the FreeIPA identity management system. FreeIPA significantly simplify the usage of LDAP and Kerberos from the administrator's point of view. This thesis focuses on extending the replication capabilities of FreeIPA by adding a support for read-only replicas. The read-only replicas should improve scalability features of FreeIPA controlled systems.

Alternative Java Security Policy Model

Récemment, les systèmes distribués sont devenus une catégorie fondamentale de systèmes informatiques. Par conséquent, leur sécurité est devenue essentielle. La recherche décrite dans ce document vise à apporter un éclaircissement sur leurs vulnérabilités quant à la sécurité. Pour ce faire, on a examiné les propriétés de sécurité qu'un système distribué considéré sécuritaire doit supporter. En cherchant un système avec lequel travailler, on a étudié des failles de sécurité des systèmes distribués existants. On a étudié la sécurité de Java et des outils utilisés pour sécuriser ces systèmes. Suite à ces recherches, un nouveau modèle de sécurité Java imposant de nouvelles propriétés de sécurité a été développé. Ce document commence par les résultats de notre recherche sur les systèmes distribués, les outils de sécurité, et la sécurité de Java. Ensuite, on décrit les détails du nouveau système pour finalement faire la démonstration des améliorations qu'apporte ce système avec un exemple.Recently, distributed systems have become a fundamental type of computer system. Because of this, their security is essential. The research described in this document aimed to find their weaknesses and to find the means to improve them with regards to their security. To do that, we examined the security properties that a system considered secure must support. While looking for a system with which we could work, we studied security problems in existing distributed systems. We studied the security of Java and some tools used to secure these systems. Following our research, we developed a new Java security model, which imposed new security properties. This document begins with the results of our research in distributed systems, security tools, and Java security. Next, we go into detail about our new system to finally demonstrate the security enhancements of our system using an example

Soft Constraint Programming to Analysing Security Protocols

Security protocols stipulate how remote principals of a computer network should interact in order to obtain specific security goals. The crucial goals of confidentiality and authentication may be achieved in various forms. Using soft (rather than crisp) constraints, we develop a uniform formal notion for the two goals. They are no longer formalised as mere yes/no properties as in the existing literature, but gain an extra parameter, the security level. For example, different messages can enjoy different levels of confidentiality, or a principal can achieve different levels of authentication with different principals. The goals are formalised within a general framework for protocol analysis that is amenable to mechanisation by model checking. Following the application of the framework to analysing the asymmetric Needham- Schroeder protocol, we have recently discovered a new attack on that protocol. We briefly describe that attack, and demonstrate the framework on a bigger, largely deployed protocol consisting of three phases, Kerberos