Created by Julian Rottenberg
over 6 years ago
|
||
Question | Answer |
1. Process Model (Disadvantage) | - Slow (fork is expensive, context switching overhead) - Difficult to perform optimizations that rely on global information (e.g. cache URLs) |
1. Process Model (Bild) | |
2. Thread Model (Use threads instead of processes) (Motivation) | - Thread creation and destruction cheaper - Sharing data between threads easier than between processes, but synchronization required for shared data |
2. Thread Model (Use threads instead of processes) (Problem) | - OS support required (otherwise one blocked thread blocks whole address space) => Examples: JAWS, IIS, Apache (Windows) |
2. Thread Model (Advantages) | - Faster than processes - Sharing enabled by default |
2. Thread Model (Disadvantages) | - Requires OS support - Can exhaust per-process limits (e.g. max. number of open file descriptors) - Limited control over scheduling decisions |
3. In-kernel Model | |
3. In-kernel Model (One option) | - whole server in the kernel |
3. In-kernel Model (Most often) | - Only static files served from kernel, other requests go to regular user-space server (khttpd, AFPA) - Dedicated kernel thread of HTTP requests |
3. In-kernel Model (Advantages) | - Avoids copies to/from user space - Very fast, if tightly integrated with kernel (khttpd is not) |
3. In-kernel Model (Disadvantages) | - Bugs can crash whole machine - Harder to debug and extend - Inherently OS-specific |
3. In-kernel Model (Examples) | |
4. Event-driven Model (1) | |
4. Event-driven Model (2) | |
4. Event-driven Model (Advantages) | - Very fast, no context switches - Sharing inherent (only one process), no locks needed - Complete control over scheduling decisions - No complex OS support needed |
4. Event-driven Model (Disadvantages) | - Per-process resource limits - Not every OS has full asynchronous I/O, so can still block on read. Flash uses helper processes to avoid this. |
Performance Comparison | |
Web Server Cluster (Two ways of increasing capacity) | - Single larger machine - Cluster of cheap standard machines, e.g. PCs |
Web Server Clusters (Latter approach currently dominating) | - Scalability - High availability - Cost |
Web Server Clusters (Typical architecture) | |
Web Server Clusters | |
FTP: The File Transfer Protocol | |
FTP: Separate Control & Data Connections | |
FTP Commands, Responses (Sample commands) | |
FTP Commands, Responses (Sample return codes) | |
Electronic Mail (Three major components) | - User agents - Mail servers - Simple mail transfer protocol: SMTP |
Electronic Mail (User Agent) | - A.k.a. "mail reader" - Composing, editing, reading mail messages - E.g., Outlook, Mozilla Thunderbird, mail client on mobile phone etc. - Outgoing, incoming messages stores on server |
Electronic Mail (Bild) | |
Electronic Mail: Mail Servers (Mailservers) (Mailbox) | - Mailbox contains incoming messages for user |
Electronic Mail: Mail Servers (Mailservers) (Message queue) | - Message queue of outgoing (to be sent) mail messages |
Electronic Mail: Mail Servers (Mailservers) (SMTP protocol) | - SMTP protocol between mail servers to send email messages -> Client: sending mail server -> "server": receiving mail server |
Electronic Mail: Mail Servers (Bild) | |
Electronic Mail: SMTP [RFC 2821] | |
Scenario: Alice Sends Message to Bob | |
Sample SMTP interaction | |
Try SMTP Interaction for Yourself | |
SMTP: Final Words | |
Mail Message Format | |
Message Format: Multimedia Extensions | |
Mail Access Protocols (SMTP) | - Delivery/storage to receiver's server |
Mail Access Protocols (Mail access protocol) | - Retrieval from server -> POP: Post Office Protocol [RFC 1939] --> Authorization (agent <--> server) and download -> IMAP: Internet Mail Access Protocol [RFC 1730] --> More features (more complex) --> Manipulation of stored msgs on server -> HTTP: Hotmail, Yahoo! Mail, etc. |
Mail Access Protocol (Bild) | |
POP3 Protocol | |
POP3 and IMAP (More about POP3) | - Previous example uses "download and deletes" mode - Bob cannot re-read e-mail if he changes client - "Download-and-keep": enables copies of messages on different clients (requires to organize on each client) - POP3 is stateless across sessions |
POP3 and IMAP (IMAP | - Keep all messages in one place: the server - Allows user to organize messages in folders - IMAP keeps user state across sessions: -> names of folders and mapping between message IDs and folder name |
DNS: Domain Name System (People) | - many identifiers: -> SSN, name, passport # |
DNS: Domain Name System (Internet hosts, routers) | - IP address (32 bit) - used for addressing datagrams - "Name", e.g., www.yahoo.com - used by humans |
DNS: Domain Name System (Domain Name System) (Distributed database) | - implemented in hierarchy of many name servers |
DNS: Domain Name System (Domain Name System) (Application-layer protocol) | - Application-layer protocol for hosts, routers, name server to communicate to resolve names (address/name translation) -> Note: core Internet function, implemented as application-layer protocol -> Complexity at network's "edge" |
DNS (DNS services) | - Hostname to IP address translation - Host aliasing -> Canonical and alias names - Mail server aliasing - Load distribution -> Replicated Web servers: set of IP addresses for one canonical name |
DNS (Why not centralize DNS?) | - Single point failure - Traffic volume - Distant centralized database - One central authority for worldwide name resolution undesirable ("who owns the Internet?") - Maintenance => does not scale! |
Distributed, Hierarchical Database | |
DNS: Root Name Servers | - Contacted by local name server that cannot resolve name |
DNS: Root Name Servers (Root name server) | - Contacts authoritative name server if name mapping not known - Gets mapping - Returns mapping to local name server |
TLD, Authoritative and Local DNS Servers (Top-level domain (TLD) servers) | - responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp - Network solutions maintain servers for com TLD - Educause for edu TLD |
TLD, Authoritative and Local DNS Server (Authoritative DNS servers) | - organization's DNS servers, providing authoritative hostname to IP mappings for organization's servers (e.g., Web and mail) - Can be maintained by organization or server provider |
TLD, Authoritative and Local DNS Server (Local DNS servers) | - Does not strictly belong to hierarchy - Each ISP (residential ISP, company, university) has one -> Also called "default name server" - When a host makes a DNS query, query is sent to its local DNS server -> Acts as a proxy, forwards query into hierarchy |
Iterative Queries: Example (Bild) | |
Iterative Queries: Example (Iterated query) | - Contacted server replies with name of server to contact - "I don't know this name, but ask this server" |
Recursive Queries: Example (Bild) | |
Recursive Queries: Example (Recursive query) | - Puts burden of name resolution on contacted name server - Heavy load? => Not done by root or TLD name servers |
DNS: Caching and Updating Records | |
DNS Records | |
DNS Protocol, Messages (DNS protocol) | - query and reply messages, both with same message format |
DNS Protocol, Messages (Bild - 1) | |
DNS Protocol, Messages (Bild - 2) | |
Inserting Records Into DNS | |
P2P File Sharing | |
P2P: Centralized Directory | - Original "Napster" design -> 1) When peer connects, it informs central server: --> IP address --> Content -> 2) Alice queries for "Hey Jude" -> 3) Alice requests file from Bob |
P2P: Centralized Directory (Bild) | |
P2P: Problems With Centralized Directory | - Single point of failure - Performance bottleneck - Copyright infringement => File transfer is decentralized, but locating content is highly centralized |
Query Flooding: Gnutella (General Properties) | - Full distributed -> No central server - Public domain protocol - Many Gnutella clients implementing protocol |
Query Flooding: Gnutella (Overlay network: graph) | - Edge between peer X and Y if there's a TCP connection - All active peers and edges in overlay net - Edge is not a physical link - Given peer will typically be connected with < 10 overlay neighbours |
Gnutella: Protocol | |
Gnutella: Peer Joing | f |
Socket Programming (Goal) | - Learn how to build client/server application that communicates using sockets |
Socket Programming (Socket API) | - Introduced in BSD4.1 UNIX, 1981 - Sockets are explicitly created, used, released by applications - Client/Server paradigm - Two types of transport service via socket API: -> Unreliable datagram -> Reliable, byte stream-oriented |
Socket Programming (Socket) | - A host-local, application-created, OS-controlled interface (a "door") into which application process can both send and receive messages to/from another application process |
Socket-Programming Using TCP (Socket) | - a door between application process and end-end-transport protocol (UCP or TCP) |
Socket-Programming Using TCP (TCP service) | - reliable transfer of bytes from one process to another |
Socket-Programming Using TCP (Bild) | |
Socket Programming With TCP (Client must contact server) | - Server process must first be running - Server must have created socket (door) that welcomes client's contact |
Socket Programming With TCP (Client contacts server by) | - Creating client-local TCP socket - Specifying IP address, port number of server process - When client creates socket: -> Client TCP establishes connection to server TCP |
Socket Programming With TCP | - When contacted by client, server TCP creates new socket for server process to communicate with client -> Allows server to talk with multiple clients -> Source port numbers used to distinguish clients |
Socket Programming With TCP (application viewpoint) | - TCP provides reliable, in-order transfer of bytes ("pipe") between client and server |
Stream Jargon (Stream) | - A stream is a sequence of characters that flow into or out of a process |
Stream Jargon (Input Stream) | - An input stream is attached to some input source for the process, e.g., keyboard or socket |
Stream Jargon (Output Stream) | - An output stream is attached to an output source, e.g., monitor or socket |
Socket Programming With TCP (Example Client-Server application) | - 1) Client reads line from standard input (inFromUser stream), sends to server via socket (outToServer stream) - 2) Server reads line from socket - 3) Server converts line to uppercase, sends back to client - 4) Client reads, prints modified line from socket (inFromServer stream) |
Socket Programming With TCP (Bild) | |
Client/Server Socket Interaction: TCP | |
Example: Java Client (TCP) (1) | |
Example: Java Client (TCP) (2) | |
Example: Java Server (TCP) (1) | |
Example: Java Server (TCP) (2) | |
Socket Programming With UDP | - UDP: No "connection" between client and server - No handshaking - Sender explicitly attaches IP address and port of destination to each packet - Server must extract IP address, port of sender from received packet - UDP: Transmitted data may be received out of order, or lost |
Socket Programming With UDP (Application viewpoint) | - UDP provides unreliable transfer of groups of bytes ("datagrams") between client and server |
Client/Server Socket Interaction: UDP | |
Example: Java Client (UDP) | |
Example: Java Client (UDP) | |
Example: Java Client (UDP) | |
Example: Java Sender (UDP) (1) | |
Example: Java Server (UDP) (2) | |
Building a Simple Web Server | |
Chapter 1: Summary (1) | |
Chapter 1: Summary (2) | |
Appendix: Socket Programming with C | |
Example: C Client (TCP) (1) | |
Example: C Client (TCP) (2) | |
Example: C Client (TCP) (1) | |
Example: C Server (TCP) (2) | |
Example: C Client (UDP) (1) | |
Example: C Client (UDP) (2) | |
Example: C Server (UDP) (1) | |
Example: C Server (UDP) (2) | |
What is a Threat in a Communication Network (Abstract Definition) | - A threat in a communication network is any possible event or sequence of actions that might lead to a violation of one or more security goal - The actual realization of a threat is called an attack |
What is a Threat in a Communication Network? (Examples) | - A hacker breaking into a corporate computer - Disclosure of emails in transit - Someone changing financial accounting data - A hacker temporarily shutting down a website - Someone using services or ordering goods in the name of others |
What is a Threat in a Communication Network? (What are security goals) | - Security goals can be defined: -> Depending on the on the application environment, or -> in a more general, technical way |
Security goals depending on the application environment 1 (Banking) | - Protect against fraudulent or accidental modification of transactions - Identify retail transaction customers - Protect PINs from disclosure - Ensure customers privacy |
Security goals depending on the application environment 1 (Electronic trading) | - Assure source and integrity of transactions - Protect corporate privacy - Provide legally binding electronic signatures on transactions |
Security goals depending on the application environment 1 (Government) | - Protect against disclosure of sensitive information - Provide electronic signatures on government documents |
Security goals depending on the application environment 2 (Public Telecommunication Providers) | - Restrict access to administrative functions to authorized personnel - Protect against service interruptions - Protect subscribers privacy |
Security goals depending on the application environment 2 (Corporate / Private Networks) | - Protect corporate / individual privacy - Ensure message authenticity |
Security goals depending on the application environment 2 (All Networks) | - Prevent outside penetrations (who wants hackers?) |
Security goal depending on the application environment | => Sometimes security goals are also called security objectives |
Security Goals Technically Defined (Confidentiality) | - Data transmitted or stored should only be revealed to an intended audience - Confidentiality of entities is also referred to as anonymity |
Security Goals Technically Defined (Data Integrity) | - It should be possible to detect any modification of data - This requires to be able to identify the creator of some data |
Security Goals Technically Defined (Accountability) | - It should be possible to identify the entity responsible for any communication event |
Security Goals Technically Defined (Controlled Access) | - Only authorized entities should be able to access certain services or information |
Threats Technically Defined (Masquerade) | - An entity claims to be another entity |
Threats Technically Defined (Eavesdropping) | - An entity reads information it is not intended to read |
Threats Technically Defined (Authorization Violation) | - An entity uses a service or resources it is not intended to use |
Threats Technically Defined (Loss or Modification of (transmitted) Information) | - Data is being altered or destroyed |
Threats Technically Defined (Denial of Communication Acts (Repudiation)) | - An entity falsely denies its participation in a communication act |
Threats Technically Defined (Forgery of Information) | - An entity creates a new information in the name of another entity |
Threats Technically Defined (Sabotage) | - Any action that aims to reduce the availability and/or correct functioning of services or systems |
Threats and Technical Security Goals | |
Security Analysis of Layered Protocol Architectures 1 | |
Security Analysis of Layered Protocol Architectures 2 | |
Attacking Communications on the Message Level (Passive attacks) | - Eavesdropping |
Attacking Communications on the Message Level (Active attacks) | - Delay of PDUs (Protocol Data Units) - Replay of PDUs - Deletion of PDUs - Modification of PDUs - Insertion of PDUs |
Attacking Communications on the Message Level (Successful launch of one of the above attacks requires) | - There are no detectable side effects to other communications (connections/connectionless transmissions) - There are no side effects to other PDUs of the same connection/connectionless data transmission between the same entities |
Attacking Communications on the Message Level | - A security analysis of a protocol architecture has to analyse these attacks according to the architecture's layers |
Safeguards Against Information Security Threats 1 (Physical Security) | - Locks or other physical access control - Tamper-proofing of sensitive equipment - Environmental controls |
Safeguards Against Information Security Threats 1 (Personnel Security) | - Identification of position sensitivity - Employee screening processes - Security training and awareness |
Safeguards Against Information Security Threats 1 (Administrative Security) | - Controlling import of foreign software - Procedures for investigating security breaches - Reviewing audit trails - REviewing accountability controls |
Safeguards Against Information Security Threats 1 (Emanations Security) | - Radio Frequency and other electromagnetic emanations controls |
Safeguards Against Information Security Threats 2 (Media Security) | - Safeguarding storage of information - Controlling marking, reproduction and destruction of information - Ensuring that media containing information are destroyed securely - Scanning media for viruses |
Safeguards Against Information Security Threats 2 (Lifecycle Controls) | - Trusted system design, implementation, evaluation and endorsement - Programming standards and controls - Documentation controls |
Safeguards Against Information Security Threats 2 (Computer Security) | - Protection of information while stored/processed in a computer system - Protection of the computing devices itself |
Safeguards Against Information Security Threats 2 (Communications Security) | - Protection of information during transport from one system to another - Protection of the communication infrastructure itself |
Communications Security: Some Terminology (Security Service) | |
Communications Security: Some Terminology (Cryptographic Algorithm) | - A mathematical transformation of input data (e.g. data key) to output data - Cryptographic algorithms are used in cryptographic protocols |
Communications Security: Some Terminology (Cryptographic Protocol) | - A series of steps and message exchanges between multiple entities in order to achieve a specific security object |
Security Services - Overview (Authentication) | - The most fundamental security service which ensures, that an entity has in fact the identity it claims to have |
Security Services - Overview (Integrity) | - In some kind, the "small brother" of the authentication service, as it ensures, that data created by specific entities may not be modified without detection |
Security Services - Overview (Confidentiality) | - The most popular security service, ensuring secrecy of protected data |
Security Services - Overview (Access Control) | - Controls that each identity accesses only those services and information it is entitled to |
Security Services - Overview (Non-Repudiation) | - Protects against that entities participating in a communication exchange can later falsely deny that the exchange occurred |
Cryptology - Definition and Terminology (Cryptology) | - Science concerned with communications in secure and usually secret form - The term is derived from the Greek kryptos (hidden) and logos (word) |
Cryptology - Definition and Terminology (Cryptology) (Cryptology encompasses) (Cryptography (graphein = to write)) | - The study of the principles and techniques by which information can be concealed in ciphertext an later revealed by legitimate user employing a secret key |
Cryptology - Definition and Terminology (Cryptology) (Cryptology encompasses) (Cryptoanalysis (analyein = to loosen, to untie)) | - The science (and art) of recovering information from ciphers without knowledge of the key |
Cryptology - Definition and Terminology (Cipher) | - Method of transforming a message (plaintext) to conceal its meaning - Also used as synonym for the concealed ciphertext - Ciphers are one class of cryptographic algorithms - The transformation usually takes the message and a (secret) key as input |
Cryptographic Algorithms (Encryption of data) | - transforms plaintext data into ciphertext in order to conceal its' meaning |
Cryptographic Algorithms (Signing of data) | - computes a check value or digital signature to a given plain- or ciphertext, that can be verified by some or all entities being able to access the signed data |
Cryptographic Algorithms | - Some cryptographic algorithms can be used for both purposes, some are only secure and/or efficient for one of them |
Cryptographic Algorithms (Symmetric cryptography) | - Symmetric cryptography using 1 key for en-/decryption or signing/checking |
Cryptographic Algorithms (Asymmetric cryptography) | - Asymmetric cryptography using 2 different keys for en-/decryption or signing/checking |
Cryptographic Algorithms (Cryptographic hash functions) | - Cryptographic hash functions using 0 keys (the "key" is not a separate input but "appended" to or "mixed" with the data) |
Important Properties of Encryption Algorithms | |
Symmetric Encryption | |
Asymmetric Cryptography (General idea) | - |
Asymmetric Cryptography (Applications) (Encryption) | |
Asymmetric Cryptography (Applications) (Signing) | |
Asymmetric Cryptography (Applications) (Attention) | - It is crucial, that everyone can verify that he really knows A's public key and not the key of an adversary! |
Asymmetric Cryptography (Practical considerations) | - Asymmetric cryptographic operations are about magnitudes slower than symmetric ones - Therefore, they are often not used for encrypting/signing bulk data - Symmetric techniques are used to encrypt/compute a cryptographic hash value and asymmetric cryptography is just used to encrypt a key/hash value |
Detection of Message Modifications (Motivation) | - An error detection code over a message enables the receiver to check if a message was altered during transmission -> Examples: Parity, Bit-Interleaved Parity, Cyclic Redundancy Check (CRC) - This leads to the wish of having a similar value called modification check value that allows to check, if a message has been modified during transmission |
Detection of Message Modifications (Realization of modification check values) (Cryptographic Hash Functions) | - These are either combined with asymmetric cryptography to obtain a signed modification detection code (MDC) or already include a shared secret mixed with the message |
Detection of Message Modifications (Realization of modification check values) (Message Authentication Codes) | - Common message authentication codes (MAC) are constructed from a symmetric block cipher |
Cryptographic Protocols (Definition) | - A cryptographic protocol is defined as a series of steps and message exchanges between multiple entities in order to achieve a specific security objective |
Cryptographic Protocols (Applications of cryptographic protocols) | - Key exchange - Combined authentication and key exchange |
Cryptographic Protocols (Applications of cryptographic protocols) (Authentication) (Data origin authentication) | - The security service, that enables a receiver to verify by whom a message was created and that it has not been modified |
Cryptographic Protocols (Applications of cryptographic protocols) (Authentication) (Entity authentication) | - The security service, that enables communication partners to verify the identity of their peer entities |
Security in Networks: What to do where? | - Analogous to the methodology of security analysis, there are two dimensions guiding the integration of security services into communication architectures |
Security in Networks: What to do where? (Bild) | |
A Pragmatic Model for Secured & Networked Computing | |
A Pragmatic Model for Secured & Networked Computing (Application) | - A piece of software that accomplishes some specific task, e.g. electronic email, web service, word processing, data storage, etc. |
A Pragmatic Model for Secured & Networked Computing (End System) | - One piece of equipment, anywhere in the range from personal computer to server to mainframe computer - For security purposes one end system usually has one policy authority |
A Pragmatic Model for Secured & Networked Computing (Subnetwork) | - A collection of communication facilities being under the control of one administrative organization, e.g. a LAN, campus network, WAN, etc. - For security purposes one subnetwork usually has one policy authority |
A Pragmatic Model for Secured & Networked Computing (Inter-Network) | - A collection of inter-connected subnetworks - In general, the subnets connected in an inter-network have different policy authorities |
A Pragmatic Model for Secured & Networked Computing | - There are four levels at which distinct requirements for security protocol elements arise: -> Application level -> End system level -> Subnetwork level -> Link level |
A Pragmatic Model for Secured & Networked Computing (Application level) | - Security protocol elements that are application dependent |
A Pragmatic Model for Secured & Networked Computing (End system level) | - Provision of protection on an end system to end system basis |
A Pragmatic Model for Secured & Networked Computing (Subnetwork level) | - Provision of protection over a subnetwork on an inter-network which is considered less secure than other parts of the network environment |
A Pragmatic Model for Secured & Networked Computing (Link level) | - Provision of protection internal to a subnetwork, e.g. over a link which is considered less trusted than other parts of the subnetwork environment |
Relationships Between Layers & Requirements Levels | |
Relationships Between Layers & Requirements Levels (Bild) | |
Security Problems of the Internet Protocol (When an entity receives an IP packet, it has no assurance of) (Data origin authentication/data integrity) | - The packet has actually been send by the entity which is referenced by the source address of the packet - The packet contains the original content the sender placed into it, so that it has not been modified during transport - The receiving entity is in fact the entity to which the sender wanted to send the packet |
Security Problems of the Internet Protocol (When an entity receives an IP packet, it has no assurance of) (Confidentiality) | |
Security Objectives of IPSec (IPSec aims to ensure the following security objectives) (Data origin authentication/connectionless data integrity) | - It is not possible to send an IP datagram with neither a masqueraded IP source nor destination address without the receiver being able to detect this - It is not possible to modify an IP datagram in transit, without the receiver being able to detect the modification |
Want to create your own Flashcards for free with GoConqr? Learn more.