-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
70004: Added content from first lecture
- Loading branch information
1 parent
9b7faab
commit 767a57f
Showing
7 changed files
with
69 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| ## Definition | ||
| A list of permissions associated with a resource. | ||
|
|
||
|
|
||
| ```python | ||
| [ | ||
| (Alice, "/home/Alice/*", {Read, Write, Execute}), | ||
| (Alice, "/var/*", {Read, Write}), | ||
| (Bob, "/home/Bob/*", {Read, Write}), | ||
| ] | ||
| ``` | ||
| - Used in operating systems to associate permissions with files, (unix represents many resources as special files to use the same system) | ||
| - Can assign based on roles (e.g. Admin) | ||
|
|
||
| Can be modelled as: | ||
|
|
||
| | Model | Description | | ||
| | ---- | ---- | | ||
| | Mandatory | System decides exactly which users have permissions for resources | | ||
| | Discretionary | (Unix) Users authorised to determine who else can access files they have permissions for. | | ||
| | Role Based | (Non-Discretionary) Role determines permissions. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| ## Definition | ||
| > *How can Bob be sure he is communicating with Alice?* | ||
| | Auth | Description | | ||
| | ---- | ---- | | ||
| | Client | Server verifies client's ID | | ||
| | Server | Client verifies server's ID | | ||
| | Mutual | Client & Server Authentication | | ||
| The authenticated user is the **principal**. | ||
|
|
||
| Can combine the following methods (e.g. chip&pin cards). | ||
| ### By Knowledge | ||
| Users presents some secret information verified by the authenticator. | ||
| - Passwords are simple to implement & understand, but can be vulnerable to cracking if small, theft if stored insecurely, or vulnerable if the same password is used for another compromised authentication. | ||
| - [[One Time Passcode]] | ||
|
|
||
| ### By Possessions | ||
| - [[One Time Passcode]] cards (generates a new code for each login - example HSBC) | ||
| - Smart Card that stores a secret, used in a card reader | ||
| - [[Yubikey]] | ||
| - [[Browser Cookies]] can contain authentication information. | ||
| Relies on the difficulty of forging the device/token/key. | ||
| ### By Identity | ||
| Similar to possession, e.g. [[Biometrics]] | ||
| - [[Biometrics]] can be inaccurate (false positive rate vs false negative rate). | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| ## Definition | ||
| > *Does Bob have permission do X?* | ||
| Checking if a user (who passed [[Authentication]]) has permission for an action. | ||
| $$\text{Subject} \overset{permission}\longrightarrow \text{object}$$ | ||
| [[Access Control List]] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| ## Definition | ||
| Keeping communicated or stored data secret. | ||
| [[TODO]] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| ## Definition | ||
| > *How can Alice and Bob ensure Malory cannot tamper with their messages* | ||
| Data and message integrity, detecting and repairing errors. | ||
| - Techniques include using Hashing & Checksums, or message authentication codes. | ||
| - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| ## Definition | ||
| *Also called a dynamic password*, a password that is only valid for one login. | ||
| ## Example | ||
| Platforms can provide a fixed number of rescue passcodes for account access if the account is compromised. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| > The **YubiKey** is a hardware [authentication device](https://en.wikipedia.org/wiki/Security_token "Security token") manufactured by **Yubico** to protect access to computers, networks, and online services that supports [one-time passwords](https://en.wikipedia.org/wiki/One-time_password "One-time password") (OTP), [public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography "Public-key cryptography"), and authentication, and the [Universal 2nd Factor](https://en.wikipedia.org/wiki/Universal_2nd_Factor "Universal 2nd Factor") (U2F) and [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project "FIDO2 Project") protocols developed by the [FIDO Alliance](https://en.wikipedia.org/wiki/FIDO_Alliance "FIDO Alliance"). It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing [static passwords](https://en.wikipedia.org/wiki/Static_password "Static password") for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. | ||
| > - [YubiKey - Wikipedia](https://en.wikipedia.org/wiki/YubiKey#:~:text=The%20YubiKey%20is%20a%20hardware%20authentication%20device%20manufactured,and%20FIDO2%20protocols%20developed%20by%20the%20FIDO%20Alliance.) | ||