Chapter 9-10

Descripción

Fichas sobre Chapter 9-10, creado por Julian Rottenberg el 24/06/2018.
Julian Rottenberg
Fichas por Julian Rottenberg, actualizado hace más de 1 año
Julian Rottenberg
Creado por Julian Rottenberg hace más de 6 años
2
0

Resumen del Recurso

Pregunta Respuesta
1. Process Model (Disadvantage) - Slow (fork is expensive, context switching overhead) - Difficult to perform optimizations that rely on global information (e.g. cache URLs)
1. Process Model (Bild)
2. Thread Model (Use threads instead of processes) (Motivation) - Thread creation and destruction cheaper - Sharing data between threads easier than between processes, but synchronization required for shared data
2. Thread Model (Use threads instead of processes) (Problem) - OS support required (otherwise one blocked thread blocks whole address space) => Examples: JAWS, IIS, Apache (Windows)
2. Thread Model (Advantages) - Faster than processes - Sharing enabled by default
2. Thread Model (Disadvantages) - Requires OS support - Can exhaust per-process limits (e.g. max. number of open file descriptors) - Limited control over scheduling decisions
3. In-kernel Model
3. In-kernel Model (One option) - whole server in the kernel
3. In-kernel Model (Most often) - Only static files served from kernel, other requests go to regular user-space server (khttpd, AFPA) - Dedicated kernel thread of HTTP requests
3. In-kernel Model (Advantages) - Avoids copies to/from user space - Very fast, if tightly integrated with kernel (khttpd is not)
3. In-kernel Model (Disadvantages) - Bugs can crash whole machine - Harder to debug and extend - Inherently OS-specific
3. In-kernel Model (Examples)
4. Event-driven Model (1)
4. Event-driven Model (2)
4. Event-driven Model (Advantages) - Very fast, no context switches - Sharing inherent (only one process), no locks needed - Complete control over scheduling decisions - No complex OS support needed
4. Event-driven Model (Disadvantages) - Per-process resource limits - Not every OS has full asynchronous I/O, so can still block on read. Flash uses helper processes to avoid this.
Performance Comparison
Web Server Cluster (Two ways of increasing capacity) - Single larger machine - Cluster of cheap standard machines, e.g. PCs
Web Server Clusters (Latter approach currently dominating) - Scalability - High availability - Cost
Web Server Clusters (Typical architecture)
Web Server Clusters
FTP: The File Transfer Protocol
FTP: Separate Control & Data Connections
FTP Commands, Responses (Sample commands)
FTP Commands, Responses (Sample return codes)
Electronic Mail (Three major components) - User agents - Mail servers - Simple mail transfer protocol: SMTP
Electronic Mail (User Agent) - A.k.a. "mail reader" - Composing, editing, reading mail messages - E.g., Outlook, Mozilla Thunderbird, mail client on mobile phone etc. - Outgoing, incoming messages stores on server
Electronic Mail (Bild)
Electronic Mail: Mail Servers (Mailservers) (Mailbox) - Mailbox contains incoming messages for user
Electronic Mail: Mail Servers (Mailservers) (Message queue) - Message queue of outgoing (to be sent) mail messages
Electronic Mail: Mail Servers (Mailservers) (SMTP protocol) - SMTP protocol between mail servers to send email messages -> Client: sending mail server -> "server": receiving mail server
Electronic Mail: Mail Servers (Bild)
Electronic Mail: SMTP [RFC 2821]
Scenario: Alice Sends Message to Bob
Sample SMTP interaction
Try SMTP Interaction for Yourself
SMTP: Final Words
Mail Message Format
Message Format: Multimedia Extensions
Mail Access Protocols (SMTP) - Delivery/storage to receiver's server
Mail Access Protocols (Mail access protocol) - Retrieval from server -> POP: Post Office Protocol [RFC 1939] --> Authorization (agent <--> server) and download -> IMAP: Internet Mail Access Protocol [RFC 1730] --> More features (more complex) --> Manipulation of stored msgs on server -> HTTP: Hotmail, Yahoo! Mail, etc.
Mail Access Protocol (Bild)
POP3 Protocol
POP3 and IMAP (More about POP3) - Previous example uses "download and deletes" mode - Bob cannot re-read e-mail if he changes client - "Download-and-keep": enables copies of messages on different clients (requires to organize on each client) - POP3 is stateless across sessions
POP3 and IMAP (IMAP - Keep all messages in one place: the server - Allows user to organize messages in folders - IMAP keeps user state across sessions: -> names of folders and mapping between message IDs and folder name
DNS: Domain Name System (People) - many identifiers: -> SSN, name, passport #
DNS: Domain Name System (Internet hosts, routers) - IP address (32 bit) - used for addressing datagrams - "Name", e.g., www.yahoo.com - used by humans
DNS: Domain Name System (Domain Name System) (Distributed database) - implemented in hierarchy of many name servers
DNS: Domain Name System (Domain Name System) (Application-layer protocol) - Application-layer protocol for hosts, routers, name server to communicate to resolve names (address/name translation) -> Note: core Internet function, implemented as application-layer protocol -> Complexity at network's "edge"
DNS (DNS services) - Hostname to IP address translation - Host aliasing -> Canonical and alias names - Mail server aliasing - Load distribution -> Replicated Web servers: set of IP addresses for one canonical name
DNS (Why not centralize DNS?) - Single point failure - Traffic volume - Distant centralized database - One central authority for worldwide name resolution undesirable ("who owns the Internet?") - Maintenance => does not scale!
Distributed, Hierarchical Database
DNS: Root Name Servers - Contacted by local name server that cannot resolve name
DNS: Root Name Servers (Root name server) - Contacts authoritative name server if name mapping not known - Gets mapping - Returns mapping to local name server
TLD, Authoritative and Local DNS Servers (Top-level domain (TLD) servers) - responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp - Network solutions maintain servers for com TLD - Educause for edu TLD
TLD, Authoritative and Local DNS Server (Authoritative DNS servers) - organization's DNS servers, providing authoritative hostname to IP mappings for organization's servers (e.g., Web and mail) - Can be maintained by organization or server provider
TLD, Authoritative and Local DNS Server (Local DNS servers) - Does not strictly belong to hierarchy - Each ISP (residential ISP, company, university) has one -> Also called "default name server" - When a host makes a DNS query, query is sent to its local DNS server -> Acts as a proxy, forwards query into hierarchy
Iterative Queries: Example (Bild)
Iterative Queries: Example (Iterated query) - Contacted server replies with name of server to contact - "I don't know this name, but ask this server"
Recursive Queries: Example (Bild)
Recursive Queries: Example (Recursive query) - Puts burden of name resolution on contacted name server - Heavy load? => Not done by root or TLD name servers
DNS: Caching and Updating Records
DNS Records
DNS Protocol, Messages (DNS protocol) - query and reply messages, both with same message format
DNS Protocol, Messages (Bild - 1)
DNS Protocol, Messages (Bild - 2)
Inserting Records Into DNS
P2P File Sharing
P2P: Centralized Directory - Original "Napster" design -> 1) When peer connects, it informs central server: --> IP address --> Content -> 2) Alice queries for "Hey Jude" -> 3) Alice requests file from Bob
P2P: Centralized Directory (Bild)
P2P: Problems With Centralized Directory - Single point of failure - Performance bottleneck - Copyright infringement => File transfer is decentralized, but locating content is highly centralized
Query Flooding: Gnutella (General Properties) - Full distributed -> No central server - Public domain protocol - Many Gnutella clients implementing protocol
Query Flooding: Gnutella (Overlay network: graph) - Edge between peer X and Y if there's a TCP connection - All active peers and edges in overlay net - Edge is not a physical link - Given peer will typically be connected with < 10 overlay neighbours
Gnutella: Protocol
Gnutella: Peer Joing f
Socket Programming (Goal) - Learn how to build client/server application that communicates using sockets
Socket Programming (Socket API) - Introduced in BSD4.1 UNIX, 1981 - Sockets are explicitly created, used, released by applications - Client/Server paradigm - Two types of transport service via socket API: -> Unreliable datagram -> Reliable, byte stream-oriented
Socket Programming (Socket) - A host-local, application-created, OS-controlled interface (a "door") into which application process can both send and receive messages to/from another application process
Socket-Programming Using TCP (Socket) - a door between application process and end-end-transport protocol (UCP or TCP)
Socket-Programming Using TCP (TCP service) - reliable transfer of bytes from one process to another
Socket-Programming Using TCP (Bild)
Socket Programming With TCP (Client must contact server) - Server process must first be running - Server must have created socket (door) that welcomes client's contact
Socket Programming With TCP (Client contacts server by) - Creating client-local TCP socket - Specifying IP address, port number of server process - When client creates socket: -> Client TCP establishes connection to server TCP
Socket Programming With TCP - When contacted by client, server TCP creates new socket for server process to communicate with client -> Allows server to talk with multiple clients -> Source port numbers used to distinguish clients
Socket Programming With TCP (application viewpoint) - TCP provides reliable, in-order transfer of bytes ("pipe") between client and server
Stream Jargon (Stream) - A stream is a sequence of characters that flow into or out of a process
Stream Jargon (Input Stream) - An input stream is attached to some input source for the process, e.g., keyboard or socket
Stream Jargon (Output Stream) - An output stream is attached to an output source, e.g., monitor or socket
Socket Programming With TCP (Example Client-Server application) - 1) Client reads line from standard input (inFromUser stream), sends to server via socket (outToServer stream) - 2) Server reads line from socket - 3) Server converts line to uppercase, sends back to client - 4) Client reads, prints modified line from socket (inFromServer stream)
Socket Programming With TCP (Bild)
Client/Server Socket Interaction: TCP
Example: Java Client (TCP) (1)
Example: Java Client (TCP) (2)
Example: Java Server (TCP) (1)
Example: Java Server (TCP) (2)
Socket Programming With UDP - UDP: No "connection" between client and server - No handshaking - Sender explicitly attaches IP address and port of destination to each packet - Server must extract IP address, port of sender from received packet - UDP: Transmitted data may be received out of order, or lost
Socket Programming With UDP (Application viewpoint) - UDP provides unreliable transfer of groups of bytes ("datagrams") between client and server
Client/Server Socket Interaction: UDP
Example: Java Client (UDP)
Example: Java Client (UDP)
Example: Java Client (UDP)
Example: Java Sender (UDP) (1)
Example: Java Server (UDP) (2)
Building a Simple Web Server
Chapter 1: Summary (1)
Chapter 1: Summary (2)
Appendix: Socket Programming with C
Example: C Client (TCP) (1)
Example: C Client (TCP) (2)
Example: C Client (TCP) (1)
Example: C Server (TCP) (2)
Example: C Client (UDP) (1)
Example: C Client (UDP) (2)
Example: C Server (UDP) (1)
Example: C Server (UDP) (2)
What is a Threat in a Communication Network (Abstract Definition) - A threat in a communication network is any possible event or sequence of actions that might lead to a violation of one or more security goal - The actual realization of a threat is called an attack
What is a Threat in a Communication Network? (Examples) - A hacker breaking into a corporate computer - Disclosure of emails in transit - Someone changing financial accounting data - A hacker temporarily shutting down a website - Someone using services or ordering goods in the name of others
What is a Threat in a Communication Network? (What are security goals) - Security goals can be defined: -> Depending on the on the application environment, or -> in a more general, technical way
Security goals depending on the application environment 1 (Banking) - Protect against fraudulent or accidental modification of transactions - Identify retail transaction customers - Protect PINs from disclosure - Ensure customers privacy
Security goals depending on the application environment 1 (Electronic trading) - Assure source and integrity of transactions - Protect corporate privacy - Provide legally binding electronic signatures on transactions
Security goals depending on the application environment 1 (Government) - Protect against disclosure of sensitive information - Provide electronic signatures on government documents
Security goals depending on the application environment 2 (Public Telecommunication Providers) - Restrict access to administrative functions to authorized personnel - Protect against service interruptions - Protect subscribers privacy
Security goals depending on the application environment 2 (Corporate / Private Networks) - Protect corporate / individual privacy - Ensure message authenticity
Security goals depending on the application environment 2 (All Networks) - Prevent outside penetrations (who wants hackers?)
Security goal depending on the application environment => Sometimes security goals are also called security objectives
Security Goals Technically Defined (Confidentiality) - Data transmitted or stored should only be revealed to an intended audience - Confidentiality of entities is also referred to as anonymity
Security Goals Technically Defined (Data Integrity) - It should be possible to detect any modification of data - This requires to be able to identify the creator of some data
Security Goals Technically Defined (Accountability) - It should be possible to identify the entity responsible for any communication event
Security Goals Technically Defined (Controlled Access) - Only authorized entities should be able to access certain services or information
Threats Technically Defined (Masquerade) - An entity claims to be another entity
Threats Technically Defined (Eavesdropping) - An entity reads information it is not intended to read
Threats Technically Defined (Authorization Violation) - An entity uses a service or resources it is not intended to use
Threats Technically Defined (Loss or Modification of (transmitted) Information) - Data is being altered or destroyed
Threats Technically Defined (Denial of Communication Acts (Repudiation)) - An entity falsely denies its participation in a communication act
Threats Technically Defined (Forgery of Information) - An entity creates a new information in the name of another entity
Threats Technically Defined (Sabotage) - Any action that aims to reduce the availability and/or correct functioning of services or systems
Threats and Technical Security Goals
Security Analysis of Layered Protocol Architectures 1
Security Analysis of Layered Protocol Architectures 2
Attacking Communications on the Message Level (Passive attacks) - Eavesdropping
Attacking Communications on the Message Level (Active attacks) - Delay of PDUs (Protocol Data Units) - Replay of PDUs - Deletion of PDUs - Modification of PDUs - Insertion of PDUs
Attacking Communications on the Message Level (Successful launch of one of the above attacks requires) - There are no detectable side effects to other communications (connections/connectionless transmissions) - There are no side effects to other PDUs of the same connection/connectionless data transmission between the same entities
Attacking Communications on the Message Level - A security analysis of a protocol architecture has to analyse these attacks according to the architecture's layers
Safeguards Against Information Security Threats 1 (Physical Security) - Locks or other physical access control - Tamper-proofing of sensitive equipment - Environmental controls
Safeguards Against Information Security Threats 1 (Personnel Security) - Identification of position sensitivity - Employee screening processes - Security training and awareness
Safeguards Against Information Security Threats 1 (Administrative Security) - Controlling import of foreign software - Procedures for investigating security breaches - Reviewing audit trails - REviewing accountability controls
Safeguards Against Information Security Threats 1 (Emanations Security) - Radio Frequency and other electromagnetic emanations controls
Safeguards Against Information Security Threats 2 (Media Security) - Safeguarding storage of information - Controlling marking, reproduction and destruction of information - Ensuring that media containing information are destroyed securely - Scanning media for viruses
Safeguards Against Information Security Threats 2 (Lifecycle Controls) - Trusted system design, implementation, evaluation and endorsement - Programming standards and controls - Documentation controls
Safeguards Against Information Security Threats 2 (Computer Security) - Protection of information while stored/processed in a computer system - Protection of the computing devices itself
Safeguards Against Information Security Threats 2 (Communications Security) - Protection of information during transport from one system to another - Protection of the communication infrastructure itself
Communications Security: Some Terminology (Security Service)
Communications Security: Some Terminology (Cryptographic Algorithm) - A mathematical transformation of input data (e.g. data key) to output data - Cryptographic algorithms are used in cryptographic protocols
Communications Security: Some Terminology (Cryptographic Protocol) - A series of steps and message exchanges between multiple entities in order to achieve a specific security object
Security Services - Overview (Authentication) - The most fundamental security service which ensures, that an entity has in fact the identity it claims to have
Security Services - Overview (Integrity) - In some kind, the "small brother" of the authentication service, as it ensures, that data created by specific entities may not be modified without detection
Security Services - Overview (Confidentiality) - The most popular security service, ensuring secrecy of protected data
Security Services - Overview (Access Control) - Controls that each identity accesses only those services and information it is entitled to
Security Services - Overview (Non-Repudiation) - Protects against that entities participating in a communication exchange can later falsely deny that the exchange occurred
Cryptology - Definition and Terminology (Cryptology) - Science concerned with communications in secure and usually secret form - The term is derived from the Greek kryptos (hidden) and logos (word)
Cryptology - Definition and Terminology (Cryptology) (Cryptology encompasses) (Cryptography (graphein = to write)) - The study of the principles and techniques by which information can be concealed in ciphertext an later revealed by legitimate user employing a secret key
Cryptology - Definition and Terminology (Cryptology) (Cryptology encompasses) (Cryptoanalysis (analyein = to loosen, to untie)) - The science (and art) of recovering information from ciphers without knowledge of the key
Cryptology - Definition and Terminology (Cipher) - Method of transforming a message (plaintext) to conceal its meaning - Also used as synonym for the concealed ciphertext - Ciphers are one class of cryptographic algorithms - The transformation usually takes the message and a (secret) key as input
Cryptographic Algorithms (Encryption of data) - transforms plaintext data into ciphertext in order to conceal its' meaning
Cryptographic Algorithms (Signing of data) - computes a check value or digital signature to a given plain- or ciphertext, that can be verified by some or all entities being able to access the signed data
Cryptographic Algorithms - Some cryptographic algorithms can be used for both purposes, some are only secure and/or efficient for one of them
Cryptographic Algorithms (Symmetric cryptography) - Symmetric cryptography using 1 key for en-/decryption or signing/checking
Cryptographic Algorithms (Asymmetric cryptography) - Asymmetric cryptography using 2 different keys for en-/decryption or signing/checking
Cryptographic Algorithms (Cryptographic hash functions) - Cryptographic hash functions using 0 keys (the "key" is not a separate input but "appended" to or "mixed" with the data)
Important Properties of Encryption Algorithms
Symmetric Encryption
Asymmetric Cryptography (General idea) -
Asymmetric Cryptography (Applications) (Encryption)
Asymmetric Cryptography (Applications) (Signing)
Asymmetric Cryptography (Applications) (Attention) - It is crucial, that everyone can verify that he really knows A's public key and not the key of an adversary!
Asymmetric Cryptography (Practical considerations) - Asymmetric cryptographic operations are about magnitudes slower than symmetric ones - Therefore, they are often not used for encrypting/signing bulk data - Symmetric techniques are used to encrypt/compute a cryptographic hash value and asymmetric cryptography is just used to encrypt a key/hash value
Detection of Message Modifications (Motivation) - An error detection code over a message enables the receiver to check if a message was altered during transmission -> Examples: Parity, Bit-Interleaved Parity, Cyclic Redundancy Check (CRC) - This leads to the wish of having a similar value called modification check value that allows to check, if a message has been modified during transmission
Detection of Message Modifications (Realization of modification check values) (Cryptographic Hash Functions) - These are either combined with asymmetric cryptography to obtain a signed modification detection code (MDC) or already include a shared secret mixed with the message
Detection of Message Modifications (Realization of modification check values) (Message Authentication Codes) - Common message authentication codes (MAC) are constructed from a symmetric block cipher
Cryptographic Protocols (Definition) - A cryptographic protocol is defined as a series of steps and message exchanges between multiple entities in order to achieve a specific security objective
Cryptographic Protocols (Applications of cryptographic protocols) - Key exchange - Combined authentication and key exchange
Cryptographic Protocols (Applications of cryptographic protocols) (Authentication) (Data origin authentication) - The security service, that enables a receiver to verify by whom a message was created and that it has not been modified
Cryptographic Protocols (Applications of cryptographic protocols) (Authentication) (Entity authentication) - The security service, that enables communication partners to verify the identity of their peer entities
Security in Networks: What to do where? - Analogous to the methodology of security analysis, there are two dimensions guiding the integration of security services into communication architectures
Security in Networks: What to do where? (Bild)
A Pragmatic Model for Secured & Networked Computing
A Pragmatic Model for Secured & Networked Computing (Application) - A piece of software that accomplishes some specific task, e.g. electronic email, web service, word processing, data storage, etc.
A Pragmatic Model for Secured & Networked Computing (End System) - One piece of equipment, anywhere in the range from personal computer to server to mainframe computer - For security purposes one end system usually has one policy authority
A Pragmatic Model for Secured & Networked Computing (Subnetwork) - A collection of communication facilities being under the control of one administrative organization, e.g. a LAN, campus network, WAN, etc. - For security purposes one subnetwork usually has one policy authority
A Pragmatic Model for Secured & Networked Computing (Inter-Network) - A collection of inter-connected subnetworks - In general, the subnets connected in an inter-network have different policy authorities
A Pragmatic Model for Secured & Networked Computing - There are four levels at which distinct requirements for security protocol elements arise: -> Application level -> End system level -> Subnetwork level -> Link level
A Pragmatic Model for Secured & Networked Computing (Application level) - Security protocol elements that are application dependent
A Pragmatic Model for Secured & Networked Computing (End system level) - Provision of protection on an end system to end system basis
A Pragmatic Model for Secured & Networked Computing (Subnetwork level) - Provision of protection over a subnetwork on an inter-network which is considered less secure than other parts of the network environment
A Pragmatic Model for Secured & Networked Computing (Link level) - Provision of protection internal to a subnetwork, e.g. over a link which is considered less trusted than other parts of the subnetwork environment
Relationships Between Layers & Requirements Levels
Relationships Between Layers & Requirements Levels (Bild)
Security Problems of the Internet Protocol (When an entity receives an IP packet, it has no assurance of) (Data origin authentication/data integrity) - The packet has actually been send by the entity which is referenced by the source address of the packet - The packet contains the original content the sender placed into it, so that it has not been modified during transport - The receiving entity is in fact the entity to which the sender wanted to send the packet
Security Problems of the Internet Protocol (When an entity receives an IP packet, it has no assurance of) (Confidentiality)
Security Objectives of IPSec (IPSec aims to ensure the following security objectives) (Data origin authentication/connectionless data integrity) - It is not possible to send an IP datagram with neither a masqueraded IP source nor destination address without the receiver being able to detect this - It is not possible to modify an IP datagram in transit, without the receiver being able to detect the modification
Mostrar resumen completo Ocultar resumen completo

Similar

ein kleines Informatik Quiz
AntonS
Informatik
Tom Kühling
Telematik Chapter 1-3
Julian Rottenberg
Telematik Chapter 4 + 10
Julian Rottenberg
Chapter 8-9
Julian Rottenberg
Telematik Chapter 7
Julian Rottenberg
Telematik Chapter 7 - 8
Julian Rottenberg
PHP Grundlagen
chrisi.0605
Wirtschaftsinformatik Teil 2
Sabrina Heckler
Informatik 1 - Einführung
Svenja
Codierung
Tom Kühling