Boundary Control Chapter 10 1

advertisement
Boundary Control
Chapter 10
1
Materi:
Boundary controls:














Cryptographic controls
Access controls
Personal identification numbers
Digital signatures
Plastic cards
Audit trail controls
Existence controls
2
Introduction

The boundary subsystem establishes the
interface between the would -be user of a
computer system and the computer system
itself
3
Controls in the boundary subsystem have three
purpose:
(a)To establish the identity and authenticity of would
be users
(b) To establish the identity and authenticity of
computer system resources that users wish to
employ
© To restrict the action undertaken by users who
obtain computer resources to an authorized set
4
Cryptographic controls

Cryptographic controls are used extensively
throughout the boundary subsystem.
Cryptographic controls the privacy of data
an d prevent unauthorized modification of
data . They achieve this goal by scrambling
data so it is not meaningful to anyone who
does not have the means to unscramble it
5
Cryptographic controls

There are three classes of techniques used to transform
cleartext data into ciphertext data: (a) transposition ciphers,
(b) substitution ciphers, and © product ciphers. Most
modern cryptographic systems use a product cipher
because it is the most difficult to break (it has the highest
work factor) The US National Bureau of Standards’ Data
Encryption Standard (DES) uses a product cipher
6
Cryptographic controls (Continued)

A major disadvantage of conventional parties who wish to
exchange information must share a private, secret key. To
overcome this disadvantage , public key cryptosystems
have been develop . Public key cryptosystems use two
different keys to encrypt data and to decrypt data. One key
can be made public, and the other key is kept private
7
Cryptographic controls (Continued)

From an audit perspective, the most important aspect of
cryptosystems is often the way in which cryptographic
keys are managed. Cryptographic key management must
address three functions (a) how key will be generated; (b)
how they will be distributed to users, and © how they will
be installed in cryptographic facilities
8
Access Controls

Access controls restrict use of computer system resources
to authorized users, limit the actios users can undertake
with respect to those resources , and ensure that users
obtainonly authentic computer resources. They perform
these functions in three steps: (a) they authenticate users
who identify themselvess to the system; (b) they
authenticate the resources requested by the user; and ©
they confine users’ action to those that have been
authorized
9
Access Controls (Continued)

Users can provide three classes of authentication
information to an access control mechanism: (a)
remembered information (e.g. passwords); (b) possessed
object (e.g. plastic card); and © personal characteristics
(e.g. fingerprints). Remembered information is the most
commonly used form of authentication Information. Its
major limitation is that it can be forgotten. As a result,
users employ strategies to help them remember the
compromised (e.g. they write down a password)
10
Access Controls (Continued)

Users employ four types of resources in a computer
system: hardware, software, commodities (e.g. processor
time), and data. The most complex actions they take (and
the most difficult to control) relate to data resources
11
Access Controls

An access control mechanism can be used to enforce two
types of access control policy. Under a discretionary access
control policy, users can specify to the access control
mechanism who can access their resources. Under a
mandatory access control policy, both users and resources
are assigned fixed security attributes. Mandatory access
control policies are easier to enforce but they are less
flexible
12
Access Controls (Continued)

Discretionary access control policies can be implemented
via a ticket oriented approach or a list oriented. With a
ticket oriented approach (or capability approach), the
access control mechanism store information about users
and the resources they are permitted to access. With a list
oriented approach, the access control mechanism store
information about each resources and the users who can
access each resources.
13
Access Controls (Continued)

Access control should enforce the principle of least
privilege; Users should be assigned only the minimum set
of resources and action privileges that they need to
accomplish their work
14
Personal Identification Numbers
(PINs)

Personal Identification Numbers (PINs) are a form of
remembered information used to authenticate user of
electronic funds transfer systems. Controls need to be in
place and working to reduce exposures to an acceptable
level at several phases in the life cycle of PINs: (a)
generation of the PIN; (b) issuance and delivery of the PIN
to users; © validation of the PIN upon entry at a terminal
device (e.g. an automatic teller machine); (d) tranmission
of the PIN across communication lines;
15
Personal Identification Numbers
Continued

(e) processing the PIN; (f) storage of the PIN; (g) change
of the PIN; (h) replacement of the PIN; and (I)termination
of the PIN
16
Digital Signature

A digital signature is a string of 0s and 1s used to
authenticate a user. It is the equivalent of the analog
signature that humans to sign documents. Unlike analog
signatures, however, digital signatures should be
impossible to forge
17
Digital Signature (Continued)

The most common way to implement digital signatures is
via public key cryptosystems. The sender of a message
signs the message with their private key, and receivers of
the message verify the signature by decrypting the message
ausing the sender’s public key
18
Digital Signature (Continued)

Sometimes arbitrators must be used with digital signature
systems to prevent the sender of a message reneging or
disavowing the message. The arbitrator acts as an
intermediary between the sender and the receiver. In
essence, the arbitrator is a witness to the contract between
the sender and the receiver
19
Plastic Card

Plastic Card are primarily a means of identifying
individuals who wish to use a computer system. Control
need to be in place and working to reduce exposures to an
acceptable level at a number of phases in the life cycle of
plastic cards: (a) application by the user for a card; (b)
preparation of the card; © issue of the card; (d) return of
the card; and (e) destruction of the card
20
Audit Trail Control








Accounting Audit Trail:
1. Identify of the would be user of the system
2. Authentication information supplied
3. Resources requested
4. Action privileges requested
5. Terminal identifier
6. Start and finish time
7. Number of sign –on attempts
21
Audit Trail Control (Continued)


8. Resources provided/denied; and
9. Action privileges allowed/denied

OperationAudit Trail
22
Existence Control

Existence controls in the boundary subsytems are usually
straightforward. If the subsystem fails, existence controls
usually do not attempt to restore the subsystem to the point
of failure. Instead, the user is simply asked to undertake
sign on procedure again
23
Tugas Mahasiswa
Tugas
 Mahasiswa mengumpulkan hasil diskusi
atas kasus yang diberikan dosen.

24
Download