Web应用的安全模式

单击此处编辑母版标题样式,单击此处编辑母版文本样式,第二级,第三级,第四级,第五级,*,Web应用的“外患”与“内忧”,Based on,Security models for Web-based application,by James B.D.Joshi,Walid G.Aref,Arif Ghafoor,February 2001/Vol.44.No.2 p38-44 Communication of ACM,1,本讲内容,介绍基本的安全概念和基本的安全机制,Web,环境下的安全机制,防火墙的工作原理,常用的安全措施,2,Web应用安全,“外患”,“内忧”,3,“外患”, Aspects of Security, Authentication and Encryption, Internet Firewalls and Packet Filtering, Virtual Private Networks, Secure HTTP (SHTTP) and Secure Socket Layer (SSL), Securing your Site,4,Main risks:,信息被非法窃听：未经认可的用户对数据的非法访问,假冒他人发送信息,信息被非法修改,拒绝服务,病毒,。,5,解决,Data Integrity,: refers to protection from change: Is the data received exactly the same as the data that was sent?,Data Availability,: refers to protection against disruption of service: Does the data remain available for legitimate use?,Data Confidentiality,: refers to protection against unauthorized data access: Is data protected against unauthorized access?,Privacy,: refers to the ability of the sender to remain anonymous: Is the senders identity revealed?,6,7,完整性机制,防止偶然或故意破坏数据完整性的常用方法：,奇偶校验 （ parity bits),校验和(checksum ),循环冗余校验( cyclic redundancy checks ,CRC).,发送者以包的数据为函数计算出一个整数值。,接收者从接收到的数据中重新计算出这个整数，并比较二者的结果。,However, a attacker can create a valid checksum or CRC from the altered data.,8,完整性机制,Several mechanisms against malicious（恶意） intentional change of intercepted data exist：,用MAC (Message Authentication Code)来编码要发送的数据。,MAC基于无法破译或仿造的密码机制工作。,采用只有收发双方知道的secret key。,发送者用the secret key 来 scramble the data and the checksum or CRC,9,访问控制和口令,在传统的计算机系统中，简单的口令即足以保护对系统的访问。,Simple password mechanisms are vulnerable（易受攻击） on networks because they are susceptible to eavesdropping（偷听）.,Wiretapping（搭线窃听） is easy especially that passwords on telnet, HTTP are,clear text,.,10,“外患”, Aspects of Security, Authentication and Encryption, Internet Firewalls and Packet Filtering, Virtual Private Networks, Secure HTTP (SHTTP) and Secure Socket Layer (SSL), Securing your Site,11,你是谁？,How do you know the customer is the customer he/she pretends to be?,How do you know the server is the server it purports to be?,Is it really the the web page I want to connect to?,Is it really the company I want to make a transaction with?,Is it really the customer I think I am dealing with?,12,认证,The process of making sure the server and the client are indeed the server and client they purport to be is called,authentication,.,用户认证是计算机安全中最为困难的部分之一。,Authentication is based on digital signatures,To sign a message, the sender encrypts the message using a key known only to the sender,13,加密,目的：即使消息被窃听（ wiretapping）也仍可保持其,confidentiality.,方法：Sender Scrambles the bits of the message in a way that only the intended receiver can unscramble the message. Based on keys.,结果： Intercepting a messages is useless since no information extraction.,14,对等加密,The receiver and the sender share the same secret key,The sender encrypts the message with a key K and the receiver decodes the encrypted message with the same key K.,Example: DES,E=,encrypt,(Key,M),M=,decrypt,(Key,E),Mathematically,decrypt,is inverse of,encrypt,decrypt,=,encrypt,-1,15,对称加密,缺陷,需要进行私钥交换,规模复杂,未知实体间通信困难,16,公钥密码机制,由Deffie 和 Hellman发明:,“New Directions in Cryptography”,1976,原理,Publicly revealing an encryption key does not thereby reveal the correspongding decryption decryption.,17,重要结论,No need to transmit keys.,only,the intended recipient can decipher the message.,A message can be “signed” by a privately held decryption key.,Signatures cannot be forged.,A signer cannot later deny the validaity of his signature.,下面我们来看如何用这种机制来实现：,机密性和隐私性：,privacy and confidentiality,数字签名:signature,实体鉴别:authentication,18,Privacy and confidenciality,Bob向Alice发一个private message的过程:,Get the public key Ea from the public file,Send her Ea(M),Alice decpher it :Da(Ea(M)=M,特点,No need to establish private transactions（保证了私密性）,An intruder listening in on the channel cannot decipher any messages. Since derive decryption keys from encryption keys is impossible.（保证了机密性）,19,数字签名,Signatures,Alice首先用自己的私钥对要发给Bob的消息签名:s=Da(M),然后用Bob的公钥加密:Eb(S).并把结果发出.,Bob先用自己的私钥解密得到S,然后用Alice的公钥解密得到M.,20,数字签名,Signatures,完整性:Bob或其他人不可修改M,对输入数据的任何修改都会引起输出的变化。,不可否认性:Alice不可否认发给Bob消息,因为除了他没人能得到他的签名s=Da(M)。,机密性：因为只有Bob,才有他自己的私钥，别人无法获得。,21,Authentication,简单的的缺陷:,Replay:重放攻击,例子:“阿里巴巴与四十大盗”,基于公钥技术,采用“挑战-响应”协议和信息签名解决实体鉴别问题.,Alice challenge to Bob: a number 100,Bob sign the number with his private key.,Alice get the signed number and decpher it with Bobs public key,compare the result.,Alice的challenge每次都不一样,因此不可能重放攻击.,22,Certificates,上面的讨论基于：,Alice,认为他获得的Bob的公钥是“真的”。,攻击者常会假冒,因此需要一个方法来保证这一点，保证你得到的证书是可以信赖的。,这个方法就是：证书机制，所有的证书都经过颁发者的私钥签名，因此是可以信赖的。,发放证书的机构就是：PKI-公开密钥基础设施,23,Certificates,证书是一种验证服务器身份的电子手段。,客户端可以通过检查证书确认自己连接到了正确的服务器上。,证书被预先存放在客户端数据库或一个证书权威（ certificate authority）处，通过比较可以验证一个收到的证书是否正确。证书一般由第三方颁布。,证书有期限。,你可以颁布自己的证书并分发给允许访问你站点的用户。,24,PKI:公开密钥基础设施,证书管理,认证,完整性,机密性,25,“外患”, Aspects of Security, Authentication and Encryption, Internet Firewalls and Packet Filtering, Virtual Private Networks, Secure HTTP (SHTTP) and Secure Socket Layer (SSL), Securing your Site,26,Internet firewall,加密技术并不能解决所有的安全问题，还需要其他技术的配合.,对内网的每台计算机都施加保护代价太大。 Better create a protective wall,防火墙技术帮助保护内网不被unwanted Internet traffic所骚扰.,防火墙通常放在内网与Internet之间，防止问题从Internet扩散到内部。,27,防火墙的要点,所有进入内网的流量必须经过防火墙,所有离开内网的流量必须经过防火墙,防火墙拒绝任何违反内网安全规则的流量,防火墙本身对安全攻击有免疫力。,If an organization has multiple Internetconnections, a firewall should be placed on each,28,包过滤,Packet filtering是防火墙采用的主要机制,防火墙检查所有进出的IP包，从而控制内网与外界的联系，同时也控制外网与内网的通信。,基于IP包中的源/目的地址来决定是否丢弃某个包。,29,过滤服务,filtering service,除了低级的IP地址包过滤，还可检查包的协议或其他高层服务,即实施基于服务的过滤,Example： allow HTTP and SMTP and,实现的方法：Can use a boolean combination of destination, source and services.,30,Firewall with Packet Filtering,31,“外患”, Aspects of Security, Authentication and Encryption, Internet Firewalls and Packet Filtering, Virtual Private Networks, Secure HTTP (SHTTP) and Secure Socket Layer (SSL), Securing your Site,32,Private Networks,33,Plus & Minus of Private Networks,专线连接站点：完全的安全性。 (completely private),Nobody else has access or can read passing data,租用专线=昂贵代价,Internet无法保证confidentiality，但很便宜： just get ISP on both ends.,能否同时兼得二者的好处？,34,Virtual Private Network (VPN),VPN is implemented in software,Each router runs a VPN software,VPN software acts as a packet filter,VPN software encrypts packets, all communication remains confidential,35,Tunneling技术,将整个报文都加密传送？,如果报头加密， routers wouldnt know who is the receiver,如果报头不加密，信息可能泄露 (who is sending and who is receiving may be observed),VPN使用一种称为IP-in-IP tunneling的技术来完全隐藏信息。,36,IP-in-IP Tunneling,37,“外患”, Aspects of Security, Authentication and Encryption, Internet Firewalls and Packet Filtering, Virtual Private Networks, Secure HTTP (SHTTP) and Secure Socket Layer (SSL), Securing your Site,38,Secure HTTP,S-HTTP request header, Secure * secure-HTTP/1.1, Content-Privacy-Domain,PEM or PKS-7, Content-Type: application/http, Security-Scheme, Certificate-Info, Key-Assign,S-HTTP response header, Secure-HTTP/1.1 200 OK,两个特点：协商、脆弱,39,Negotiation,S-HTTP允许交互双方就安全参数进行协商,S-HTTP allows both parties to negotiate their needs and preferences regarding security parameters (algorithm, key length,etc.),40,Vulnerability,S-HTTP 容易受低层攻击，因为它是一个应用层的协议。,S-HTTP is vulnerable since it is susceptible to low level attacks at the TCP or IP level. It is secure at the application level only.,41,Secure Socket Layer (SSL),为了解决这个问题，SSL在OSI模型的更低层实现。,因此，它不仅可用于HTTP，也可用于其他协议，如 FTP, telnet, NNTP, etc.,SSL 建立并维护一个用于通信的安全通道（secure channel）,Unlike HTTP, SSL is stateful.,42,Secure Channel Properties,Channel is authenticated,: 服务器必须对客户端进行认证而客户端也可对服务器进行认证。认证的方法是采用 public/private key进行加密。,Channel is private,: 先进行握手定义一个密钥，此后所有的消息传递都用它进行加密。加密方法是对等加密法。,Channel is reliable,: Each message includes a message integrity check using a MAC,43,SSL Handshake, During an SSL session, some variables need to be defined. The server needs to determine:, Version of SSL supported（版本）, Encryption algorithm to be used（加密算法）, Session ID (each SSL session has a unique ID)（会话号）, Compression algorithm to be used (if needed)（压缩算法）, 2 random numbers,以上参数在协商过程中确定下来。协商过程又称为 handshake (SSL 握手协议),Authentication also occurs at the handshake,44,Handshake Protocol,45,Handshake Protocol,1. 浏览器发一个,client hello,消息,2. 服务器返回一个,server hello消息,3. 如果客户端需要对服务器进行认证，服务器将自己的证书（certificate）发给对方。 同时可按彼此同意的加密算法发一个,server key exchange消息。,4. 服务器向客户端请求证书（certificate）,5. 服务器发,server hello done消息,6. 如果客户端发会证书或发回,no certificate alert消息，,还将发送一个,client key exchange,消息,46,Handshake Protocol,7. 如果一切正常，,客户端发送一个,change cipher spec,消息，同时附带同意的参数。,8.,客户端,发,finished,消息,9. 服务器发自己的,change cipher spec,消息,10. 服务器发,finished,消息,47,“内忧”,对内部后台信息系统的保护,更难防备,主要安全原则,Least priviledge principles,Separation of Duty,Data abstraction,完成机制: 访问控制(Access Control),48,安全策略,最早使用访问控制方法的两种:,军用：MAC(Mandatory Access Controls),军方应用的安全目标：,preventing the unauthorized observation of classified information.,民用：DAC(Discretinary Access Controls),Integrity deals with broader issues of secrity than confidentiality,特别是：,funds transfer,clinical medicine,environmental research,air traffic control等行业,每个企业都有自己唯一的安全需求，传统的DAC和MAC难以满足要求。,49,安全策略,DAC的定义：,a means of restricting access to objects based on the identity of subjects and/or groups to which they belong.,The controls are discretinary in the sense that a subject with a certain access permission is capable of passing that permission(perhanps indirectly) on to any other subject(unless restrained by mandatory access control),一言蔽之，DAC的特点是：用户可不经批准的把自己拥有的权限批准给其他人使用。,50,安全策略,MAC的定义：,a means of restricting access to objects based on the sensitivity(as represented by a label)of the information contained in the objects and the formal authorization(I.e clearance) of subjects to access inforamtion of such sensitivity.,强调的是：严格限制什么级别的人访问什么级别的信息。,51,RBAC,Permissons are associated with roles and users are mad members of appropriate rols.,更自然,符合组织管理方式.greatly simplifies management of permissions.,与DAC的主要不同:The user cannot pass access permissions on to other users at their discretion.,更像MAC,MAC关心的是who can read what information.信息绝对不可从高级流向低级权限.,RBAC更关心保护信息的Integrity,也就是“Who can perform what acts on what information”,符合安全三原则,52,Securing your site:Basic Steps,Make sure CGI scripts execute under ownership of fake user (nobody or www) which has very little privileges,All documents and programs should be writable only by owner,Logs should not be writable or readable by the world, Support usernames and passwords whenever needed., Always create,index.html,in all directories,53,Consider Problems with CGI,Be careful what sort of scripts can be uploaded on the server,Validate input of Forms and be strict, Ex: “/usr/lib/sendmail,user,”,and,user,is,“john.; rm index.html”,In Perl or other languages, this could be,executed by the system after sending the e-mail,54,summary,PKI技术可以有效防止用户的非法访问和修改数据等问题.但在浏览器客户端实施尚不完善,要保护内部后台数据库的安全,可以实施RBAC的策略,如果要进一步提供基于工作流的访问控制,也可在RBAC的基础上完成.,55,