SD security

computer systems6.033 system design

We will look security problem from one single machine, network, server, multi-server.

steps towards building a more secure system

  1. be clear about goals (policy)
  2. be clear about assumptions (threat model)

L20:authentication

Concept

hash function: 一对一,从输出反推输入很难

policy: provide authentication for users

1
2
3
check_password(username, inputted_password): 
    stored_password = accounts_table[username] 
    return stored_password == inputted_password

threat model: adversary has access to the entire stored table

Problem 1: the adversary (with access to the stored table) can just read the passwords directly.

Attempt 0: store plaintext passwords on server

Attempt 1: use hash function -> store hashes of passwords on the server.

Problem 1.1 adversary can still have access to password by using the same hash function providing stored table

Attempt 2: add a random string -> salt the hashes

L21