密码学与信息安全
-
Upload
colby-palmer -
Category
Documents
-
view
60 -
download
6
description
Transcript of 密码学与信息安全
-
[email protected](100%)http://cs.tju.edu.cn/faculty/sundazhi/Class-CIS-CSE13.htm
-
[1] Charles P. Pfleeger, Shari Lawrence Pfleeger, Security in Computing, Fourth Edition, Prentice-Hall, 2006 [2] William Stallings, Cryptography and Network Security, Fourth Edition, Prentice-Hall, 2005 [3] Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997
-
2013-10-26
-
1.1 1.1.1 1.1
-
1.1.1 () (computing system) #
-
1.1.1 ()() (principle of easiest penetration) #
-
1.1.2 (hardware)(software)(data) (vulnerability) (threat) (attack) (control)
-
1.1.2 ()() 1.1
-
4 (interception) (interruption) (modification) (fabrication)1.1.2 ()()
-
1.2 1.1.2 ()()
-
1.1.2 ()
-
1.1.3 (confidentiality) (integrity) (availability)
-
1.1.3 ()() 1.3 #
-
1.1.3 ()()
-
1.1.3 ()()
-
1.1.3 ()
-
1.1.3 ()() (principle of adequate protection) #
-
1.1.3 ()() 1.4
-
1.1.4 (computer crime)
-
1.1.4 ()
-
1.1.4 () (cracker) (hacker)
-
1.1.4 ()
-
1.1.4 ()
-
1.1.5 (risk) ()
-
1.1.5 () 1.5
-
1.1.5 ()()
-
1.1.5 ()()
-
1.1.5 ()()
-
1.1.5 () (principle of effectiveness)() #
-
1.1.5 ()()
-
1.1.5 ()() (principle of weakest link)
-
1.2 (program)
-
1.2.1
-
(penetrate and patch)1.2.1 ()
-
() 1) 2) 3) 4) 1.2.1 ()
-
1.2.1 ()
-
() 1) 1.2.1 ()
-
() 2) # 1.2.1 ()
-
1.2.2 1
-
1.2.2 ()()Cchar sample[10];sample[10]=B;sample[i]=B; //i
- 1.2.2 ()()for(i=0;i
-
1.2.2 ()()
-
1.2.2 ()() WebURL http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212&parm2=2009Jan17 (808)555-12122009Jan175001000
-
1.2.2 ()()
-
1.2.2 () http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212 &parm2=2009Jan17parm21800Jan011800Feb302048Min321Aardvark2Many
-
1.2.2 ()() URL
-
1.2.2 ()() Things20555A10200http://www.things.com/order.asp?custID=101&part=555A&qy=20&price=10&ship=boat&shipcost=5&total=205 http://www.things.com/order.asp?custID=101&part=555A&qy=20&price=1&ship=boat&shipcost=5&total=25
-
1.2.2 () (time-of-check to time-of-use, TOCTTOU)(serialization)(synchronization)
-
1.2.2 ()() 1.7 1.8 #
-
1.2.2 ()() 1) 2)
-
1.2.2 ()
-
1.2.3
-
1.2.3 () INSTALLSETUPJava appletActive X
-
1.2.3 ()()
-
1.2.3 ()() 1970WareAnderson
-
1.2.3 () (malicious code)(rogue program)(agent)
-
1.2.3 ()() (virus) (transient virus) (resident virus)
-
1.2.3 ()() (Trojan horse) (logic bomb) (time bomb)
-
1.2.3 ()() (trapdoor)(backdoor) (worm)() (rabbit)
-
1.2.3 ()() 1.2 #
-
1.2.3 () CD-ROMCD-ROM
-
1.2.3 ()()
-
1.2.3 ()() 1.9 ()
-
1.2.3 ()() 1.10
-
1.2.3 ()() 1.11
-
1.2.3 () (document virus)
-
1.2.3 () T(T)T 1.12
-
1.2.3 () 1) 2) 3) 4) 5) 6)
-
1.2.3 ()() (bootstrap)(boot)
-
1.2.3 ()() (boot sector)() PC512(chaining)
-
1.2.3 ()() 1.13 #
-
1.2.3 ()() (Terminate and stay resident ,TSR) windows
-
1.2.3 ()()
-
1.2.3 () (signature)(virus scanner)
-
1.2.3 ()() /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN %u9090%u6858%ucbd3 %u7801%u9090%u6858%ucdb3%u7801%u9090%u6858 %ucbd3%u7801%u9090 %u9090%u8190%u00c3%u0003%ub00%u531b%u53ff %u0078%u0000%u00=a HTTP/1.0
-
1.2.3 ()() ()
-
1.2.3 ()() 1.14 ()
-
1.2.3 ()() 1.3
-
1.2.3 () ()
-
1.2.3 ()() (polymorphic virus)0()(no-ops)
-
1.2.3 () docppt
-
1.2.3 () ()
-
1.2.3 () ()1) 2) 3) 4) 5) 6)
-
1.2.3 () 1) Windows() 2) () 3) Word()
-
1.2.3 ()() 4) () 5) () 6) () 7)
-
1.2.3 ()bug bug bug(pixel tag)(clear gif)(one-by-one gif)(invisible gif)(beacon gif)HTMLHTMLbugWeb
-
1.2.3 ()bug() bug Commercial.comMarket.com bugbugcookiecookie
-
1.2.3 ()bug() bug Commercial.com IPcookieWebbugWebIP
-
1.2.3 ()bug() bug bug(Privacy Foundation)Bugnosisbug cookiecookiecookie
-
1.2.4 (trapdoor)(hook)
-
1.2.4 ()() 1.15 #
-
1.2.4 ()() () (undefined opcode)
-
1.2.4 ()() 1) 2) 3) 4)
-
1.2.4 ()salami salami salami 6.5%102.8731 31/365*0.065*102.87 = 0.549 5726 0.54950.540.55
-
1.2.4 ()salami() salami() salami20155
-
1.2.4 ()salami() salami salami
-
1.2.4 () (covert channel) 1.16
-
1.2.4 ()()
-
1.2.4 ()() (storage channel)(file lock channel)
-
1.2.4 ()()()
1.17 #
-
1.2.4 ()()() 1.18 100#
-
1.2.4 ()() 1.4 # RM
-
1.2.4 ()() () 1.5
R, MR, MRR
-
1.2.4 ()() ()
-
1.2.4 ()() () 1.6
-
1.2.4 ()()
-
1.2.4 () RootkitXCP
-
1.2.5 (software development)
-
1.2.5 ()
-
1.2.5 () ()1) 2) 3) 4) 5)
-
1.2.5 ()
-
1.2.5 ()
-
1.2.5 () () (independent testing) (penetration testing)
-
1.2.5 ()
-
1.2.5 () (program verification) 1) 2) 3)
-
1.2.5 () CMM(Capability Maturity Model )ISOISO 9001CMM(process model)
-
1.2.5 ()
-
1.3 1.3.1 (1) (2) (3) (4)
-
1.3.1.1 (1) (2) I/O (3) I/O (4) (5) (6)
-
1.3.1.1 () (separation)4 (1) (2) (3) (4)
-
1.3.1.1 () (granularity)
-
1.3.1.2 (1) (2) (3) / (4) (5) (6) (7)
-
1.3.1.3
-
1.3.1.3 () (1) (2) (3)
-
1.3.1.3 ()
-
() 1.19 1.3.1.3 ()
-
() (1) 1.3.1.3 ()
-
() (2) (revocation of access)ABFFBABABFAFBFAF1.3.1.3 ()
-
() (3) ABFSSA:F(B:F)SFAFSQQAFAFASSF1.3.1.3 ()
-
() 1.20 1.3.1.3 ()
-
(access control list)1.3.1.3 ()
-
() 1.21 1.3.1.3 ()
-
(procedure-oriented)() 1.3.1.3 ()
-
() 1.3.1.3 ()
-
()()(role-based access control)1.3.1.3 ()
-
1.3.1.4
-
1.3.1.4 () (1) PIN (2) (3) (biometrics) #
-
1.3.1.4 () Prabhakar (1) (2) (3)
-
(password) 1.3.1.4 ()
-
() 1.3.1.4 ()
-
Adams8:005:00 (1) Adams (2) Adams 1.3.1.4 ()
-
() (multifactor authentication)(two-factor authentication) 1.3.1.4 ()
-
(1) (2) (3) (4) (5) # 1.3.1.4 ()
-
() WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams INVALID USER NAMEUNKNOWN USER ENTER USER NAME:1.3.1.4 ()
-
() WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME:1.3.1.4 ()
-
() ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME: adams ENTER PASSWORD: johnq WELCOME TO THE XYZ COMPUTING SYSTEMS 1.3.1.4 ()
-
() n+1n11.3.1.4 ()
-
() 1.3.1.4 ()
-
() 1.3.1.4 ()
-
(1) AZ (2) (3) 1.3.1.4 ()
-
() (4) 2Brn2Bto be or not to beI10veu (5) (6) 1.3.1.4 ()
-
(Biometrics) ()()1.3.1.4 ()
-
() 1.3.1.4 ()
-
(phishing)1.3.1.4 ()
-
1.3.2
-
1.3.2 () 4
-
1.3.2 () ()() ()() #
-
1.3.2.1
-
1.3.2.1 () 1.7
-
1.3.2.1 () (trusted process) (trusted product) (trusted software)
-
1.3.2.1 () (trusted computing base) (trusted system) #
-
1.3.2.2 (military security policy)rankOO
-
() 1.22 1.3.2.2 ()
-
() (need-to-know)(compartments)1.3.2.2 ()
-
() 1.23 # 1.3.2.2 ()
-
()1 .24 1.3.2.2 ()
-
() (class)(classification)(clearance)1.3.2.2 ()
-
() (dominance)os
(1) (2) 1.3.2.2 ()
-
() (hierarchical)(nonhierarchical)1.3.2.2 ()
-
1.3.2.2 ()
-
() (1) (2) 1.3.2.2 ()
-
1.3.2.3 Mclean (1) (2) (3) (4)
-
(lattice model) 1.3.2.3 ()
-
() (relational operator)(partial ordering)a bc abbcac abbaa=b abuaubu1.3.2.3 ()
-
()60 1.25 1.3.2.3 ()
-
() ()() 1.3.2.3 ()
-
() 1.3.2.3 ()
-
() Bell-La Padula Bell-La Padula1.3.2.3 ()
-
() SOSsOoC(s)C(o) C(o)C(s) so *-()oC(o)C(p)p 1.3.2.3 ()
-
() (1) () (2) *- *- (write-down)1.3.2.3 ()
-
() 1.26 # 1.3.2.3 ()
-
()1.3.2.3 ()
-
() - -(take-grant system)4SO()()R 1.27 1.3.2.3 ()
-
() 1.28 1.3.2.3 ()
-
() - (1) 1.3.2.3 ()
-
() (2) # --1.3.2.3 ()
-
1.3.2.4
-
SaltzerSaltzerSchroeder (1) (2) (3) (4) 1.3.2.4 ()
-
() (5) (6) (7) (8) # 1.3.2.4 ()
-
1.29 1.3.2.4 ()
-
() (1) (2) (3) /1.3.2.4 ()
-
() (4) (5) (6) CPU (7) (8) 1.3.2.4 ()
-
(feature)(assurance) 1.3.2.4 ()
-
() 1.30 1.3.2.4 ()
-
(kernel)(nucleus)(core) (security kernel)1.3.2.4 ()
-
() (1) (2) (3) 1.3.2.4 ()
-
() (4) (5) (6) # 1.3.2.4 ()
-
() (reference monitor) (1) (2) (3) 1.3.2.4 ()
-
() 1.31 # 1.3.2.4 ()
-
() (TCBtrusted computing base)TCB TCB1.3.2.4 ()
-
() TCB (1) I/O (2) (3) / (4) (5) TCB # TCB1.3.2.4 ()
-
() 1.32 TCBTCB1.3.2.4 ()
-
() TCB4 (1) (2) (3) TCB (4) /(I/O)I/O1.3.2.4 ()
-
() TCBTCBTCBTCBTCBTCBTCBTCBTCB1.3.2.4 ()
-
() TCB 1.3.2.4 ()
-
() 1.33 /1.3.2.4 ()
-
() 1.3.2.4 ()
-
() 1.34 1.3.2.4 ()
-
1.3.2.5
-
()1.3.2.5 ()
-
() (Trusted Computer System Evaluation CriteriaTCSEC)(Orange Book)(National Computer Security CenterNCSC) ABCDADC1C2B1B2B3A11.3.2.5 ()
-
() (1) D (2) C1/C2/B1 (3) B2(trusted computing base) (4) B3/A11.3.2.5 ()
-
() D C1 C2 B1 B2 B3 A11.3.2.5 ()
-
() ITSEC1.3.2.5 ()
-
() (1) (2) (3) (4) (5) (6) (7) (8) ?1.3.2.5 ()
-
() 1.35 1.3.2.5 ()
-
() ()1.3.2.5 ()
-
1.4 (DBMS, database management system)
-
1.4.1 #
-
1.4.2 (1) (2) (3) (4) (5) (6) (7)
-
1.4.3 (1) (2) (3) # DBMS
-
Lampson SturgisDBMS 1.4.3 ()
-
() (intent)DBMS(committing)(commit flag)DBMS1.4.3 ()
-
() 1.4.3 ()
-
/ DBMS1.4.3 ()
-
/() AMock5D11D14DB8A-B-C11D-E-FA11DB11D-E-F1.4.3 ()
-
/() DBMS//11D ABADBMS1.4.3 ()
-
1.4.4 (sensitive data)
-
1.8 1.4.4 ()#
-
1.4.4 () (1) (2) (3) (4) (5)
-
1.4.4 ()
-
() How many people have 1600 Pennsylvania Avenue as their official residence? (Response: 4) How many people have 1600 Pennsylvania Avenue as their official residence and have YES as the value of TORY? (Response: 1) 25% 1.4.4 ()
-
(precision)1.4.4 ()
-
() 1.36 1.4.4 ()
-
1.4.5 (inference)1.8AIDFINESDRUGS
-
List NAME where SEX=MDRUGS=1 List NAME where (SEX=M DRUGS=1)(SEXMSEX F) (DORM=AYRES) # nk%nk% 1.4.5 ()
-
1.9 1.4.5 ()
-
() 1.4.5 ()
-
() nk% 1.10 () # 1.4.5 ()
-
() 1.12 1.11 1.4.5 ()
-
() 0~19992000~39994000100~56~1516~25 1.4.5 ()
-
() 1.4.5 ()
-
() xi iixi1.4.5 ()
-
() (1) 1.4.5 ()
-
() (2) (3) # 1.4.5 ()
-
1.4.6 1.13 ()
-
1.14 ()1.4.6 ()
-
() (1) (2) (3) 1.4.6 ()
-
(polyinstantiation)() 1.4.6 ()
-
() 1.15 # 1.4.6 ()
-
1.4.7
-
() 1.4.7 ()
-
() 1.37 1.38 1.4.7 ()
-
() (sensitivity lock)() 1.39 1.4.7 ()
-
1.40 1.4.7 ()
-
() (1) (2) (3) /1.4.7 ()
-
()1.4.7 ()
-
1.5
-
1.5.1 (single point of failure)(resilience)(fault tolerance)
-
(server)/(client) 1.41 1.5.1 ()
-
() (1) (2) (3) (4) 1.5.1 ()
-
() (node)()(host)(link)(workstation) 1.42 1.5.1 ()
-
() (1) (2) (3) (4) (5) 1.5.1 ()
-
() (topology) (1) (2) (3) 1.5.1 ()
-
(protocol)(protocol stack) (TCP/IP)(OSI)1.5.1 ()
-
() 1.42 ISO OSIISO OSI (peers)1.5.1 ()
-
() TCP/IP OSI TCP/IPTCP/IP4()IPTCP(User Datagram Protocol, UDP)1.5.1 ()
-
() (packet)(datagram)() 1.16 1.5.1 ()
-
() TCP TCP(port)80HTTP()23Telnet()25SMTP()161SNMP() UDPTCP 1.5.1 ()
-
() 1.17 1.5.1 ()
-
() IP()()1.5.1 ()
-
1.5.2 (1) (2) (3)
-
() (4) / (5) 1.5.2 ()
-
() 1.43 1.5.2 ()
-
() (6) 1.44 1.5.2 ()
-
41.5.2 ()
-
(1) (2) (3) (4) (5) (6) 1.5.2 ()
-
() 1.5.2 ()
-
(eavesdrop)(wiretap)(passive wiretapping)(active wiretapping)1.5.2 ()
-
() 1.45 1.5.2 ()
-
Internet (Request for Comment, RFC)()1.5.2 ()
-
(1) (2) / (3) / 1.5.2 ()
-
1.5.2 ()
-
(1) (2) (3) (4) (5) (6) 1.5.2 ()
-
1.5.2 ()
-
../1.5.2 ()
-
DOS (Internet Control Message Protocol, ICMP)ping1.5.2 ()
-
() (syn flood)TCP(Telnet)(session) 1.46 1.5.2 ()
-
() SYN_RECVSYNACK SYN_RECVSYNSYN1.5.2 ()
-
(distributed denial-of-service, DDoS) zombiezombie DDoSTFN (Tribal Flood Network) Trin00TFN2K (Tribal Flood Network, year 2000 edition)1.5.2 ()
-
() 1.47 1.5.2 ()
-
(active code)(mobile code) cookie cookiecookiecookiecookiecookie cookie1.5.2 ()
- () escape(escape-character)(Common Gateway Interface, CGI) CGI
-
() (Bot) (Bot)botnetbotnet1.5.2 ()
-
1.5.2 ()
-
1.18 1.5.2 ()
-
()1.18 ()1.5.2 ()
-
(1) HTTP (2) (3) (4) 1.5.3
-
() 1.48 1.5.3 ()
-
() (failover mode) (single points of failure)1.5.3 ()
-
() SchneiderZhou1.5.3 ()
-
()1.5.3 ()
-
() (),() OSI1()2() 1.5.3 ()
-
() 1.49 1.5.3 ()
-
() 1.50 1.5.3 ()
-
() OSI(76) 1.5.3 ()
-
() 1.51 1.5.3 ()
-
() 1.52 1.5.3 ()
-
() AB(CG) 1.53 1.5.3 ()
-
() 1.5.3 ()
-
() 1.5.3 ()
-
() 1.20 1.5.3 ()
-
() IPSec IPv6(IP6)(Internet Engineering Task Force, IETF )IETF IP(IP Security Protocol Suite, IPSec) IPSecIPTCPUDPIPSecIPSec(security association) 1.5.3 ()
-
() (1) (CBCDES) (2) (3) (4) (5) (6) (7) () 1.5.3 ()
-
() (Security Parameter Index, SPI) IPSec(Authentication Header, AH)(Encapsulated Security Payload, ESP)ESP()TCP 1.54 (a)(b) IPSec1.5.3 ()
-
() ESPSPI1 1.55 1.5.3 ()
-
() IPSec(Internet Security Association Key Management Protocol, ISAKMP)ISAKMPIPSecISAKMP(IKE, ISAKMP Key Exchange)IKE IKEDiffie-Hellman1.5.3 ()
-
() (signed code)1.5.3 ()
-
() E-mail S/MIMEPGP1.5.3 ()
-
(cryptographic checksum)[(message digest)]()()1.5.3 ()
-
1.5.3 ()
-
ACL IPMAC ()(Access Control List, ACL) 1.5.3 ()
-
() (1) ACLACL (2) ACLACL1.5.3 ()
-
() (3) ACLACL # ACL1.5.3 ()
-
() 1.5.3 ()
-
WPAWPA2WEPWPA4()()1.5.3 ()
-
(intrusion detection system) 1.56 1.5.3 ()
-
(honeypot) (1) () (2) (3) 1.5.3 ()
-
(onion routing)1.5.3 ()
-
() () 1.57 (AB)1.5.3 ()
-
1.5.3 ()
-
1.6
-
ACL