DOCSLIB.ORG

Copyright by Martin Hristov Georgiev 2015

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Copyright by Martin Hristov Georgiev 2015 The Dissertation Committee for Martin Hristov Georgiev certifies that this is the approved version of the following dissertation: On the (In)security of Service APIs Committee: Vitaly Shmatikov, Supervisor Brent Waters Emmett Witchel Lili Qiu XiaoFeng Wang On the (In)security of Service APIs by Martin Hristov Georgiev, B.S., M.S.C.S. DISSERTATION Presented to the Faculty of the Graduate School of The University of Texas at Austin in Partial Fulfillment of the Requirements for the Degree of DOCTOR OF PHILOSOPHY THE UNIVERSITY OF TEXAS AT AUSTIN August 2015 Dedicated to my parents. Acknowledgments I would like to thank my family for their continuous support and encourage- ment throughout the years. My father taught me how to identify good opportunities in life and how to evaluate and prioritize my goals. My mother instilled persever- ance in me and taught me to always strive for the best. My brother taught me time management and organizational skills. I am also forever indebted to my adviser, Vitaly Shmatikov, for his invalu- able help and guidance throughout my PhD. He taught me how to identify important research problems and design novel solutions for them. He also taught me the art of presenting my work to both experts in my field of research and a general audience. Outside of research and academia, I have also learned numerous life skills from him. Thus, I consider myself very fortunate to have him as my PhD adviser. I very much appreciate my dissertation committee members for taking the time to evaluate my research and provide me with comprehensive feedback. Thanks to their thoughtful comments, I greatly improved the quality of my dissertation. Special thanks go to Brent Waters for bringing up the inherent insecurities in short URLs. This idea was one of the prerequisites that empowered the research described in the last chapter of my dissertation. v I want to thank Nona Sirakova for being my emotional support in the tough- est times of my PhD. In addition to being an excellent inspirational character for me, she also taught me mindfulness. I thank Suman Jana for introducing me into computer security research in my first semester of graduate school. I am also grateful to my fellows at The Univer- sity of Texas at Austin: Hongkun Yang, Chad Brubaker, Amir Houmansadr, Reza Shokri, Yuanzhong Xu, Tyler Hunt and Jianyong Meng for our discussions about research, the life of a PhD student, etc. I would like to thank Sanford Miller, Bogdan Petrenko and Sandeep Mitra for guiding my interests in Mathematics and Computer Science throughout my college years. The trio also inspired me to pursue a PhD degree. Finally, I want to say big thank you to my Mathematics teachers: Daniela Zhekova and Stefka Stoilkova for spending countless hours teaching me problem solving skills. I owe it to them that I managed to get the maximum score on many university entrance exams and thus have the opportunity to choose the direction of my personal and professional development. vi On the (In)security of Service APIs Martin Hristov Georgiev, Ph.D. The University of Texas at Austin, 2015 Supervisor: Vitaly Shmatikov Today’s systems abstract the implementation details of common services such as secure client-server communication, access to native device resources (e.g. camera), access to cloud-stored files and folders, etc. by exposing a set of applica- tion programming interfaces (service APIs) to applications and software packages. In this dissertation, we analyze service APIs exposed by modern systems across all layers of the software stack and demonstrate that they are too complex for developers to understand and use correctly. Instead of providing high-level ab- stractions such as authorization and authentication, they provide low-level details such as callbacks, options and flags. As a result, service APIs used in security- critical software often end up being misconfigured and exposing sensitive users’ data to botnet, Web and network attackers. To demonstrate the pervasiveness of the problem, we perform the first sys- tematic analysis of insecure usage of service APIs in modern software developed and maintained by both individual developers and large software companies. vii First, we analyze the perils and pitfalls of low-level service APIs for estab- lishing secure network channels. SSL/TLS (Secure Sockets Layer/Transport Layer Security) is currently the de facto standard for secure Internet communication; its security against active network attackers depends on properly validating server certificates at connection establishment. Unfortunately, our analysis shows that SSL/TLS APIs are often poorly understood and used. As a consequence, server certificate validation is completely broken in many security-critical applications and libraries, and thus exposes users’ data to network attackers. Second, we study the software stack employed by modern hybrid applica- tions. Hybrid apps combine the features of Web apps and “native” apps. Like Web apps, they are implemented in platform-independent languages such as HTML5 and JavaScript. Like native apps, they have direct access to local device resources such as file system and camera. We demonstrate that the frameworks on top of which hybrid apps are developed do not properly compose the access-control poli- cies governing the Web half and the local half of the app. The Web half runs in a browser instance, created by the framework at application initialization time, and is confined by the browser’s same origin policy. The local half is governed by the access-control policy of the operating system. Unfortunately, improper composi- tion of the two types of access-control policies at the framework layer effectively subjects the applications to “fracking” attacks—foreign-origin Web content (e.g., ads) included into hybrid apps can drill through the layers of the software stack and steal user’s contacts list, text messages, photos, etc. viii Third, we analyze service APIs exposed by today’s Web-based application platforms. This new class of platforms provide browser-like runtime environments to support Web-based applications. Such apps run outside the traditional Web browser and enjoy direct access to native objects such as files and GPS. However, unlike the service APIs exposed by hybrid frameworks, this category of service APIs is exposed by the platforms themselves, effectively eroding the distinction be- tween desktop, mobile, and Web-based software. Unfortunately, we demonstrate that the access-control models used by Web-based application platforms are inade- quate. As a result, when applications request access to sensitive resources for their own code, they unintentionally enable it for untrusted third-party code, too. Fourth, we study server-side service APIs exposed by some of today’s cloud services and demonstrate that many of them are vulnerable to scanning and thus leak users’ data. For example, we show that cloud storage providers that allow users to share files and folders via short URLs and support APIs for easy account traversal end up exposing their users to large-scale privacy and security breaches. To address the vulnerabilities plaguing today’s service APIs, we suggest that new principled service APIs be designed, implemented and deployed at all levels of the software stack. Unlike the old APIs, the new service APIs must provide sim- ple interfaces through which developers can easily specify their high-level security objectives such as confidentiality and authentication. In this dissertation, we implement two new principled mechanisms for en- forcing security in service APIs used by Web code of modern hybrid and Web-based ix apps. We also provide recommendations for improving the security of SSL/TLS APIs and APIs for managing cloud-stored files. Our first prototype system is called NOFRAK. It introduces a new technique for protecting native-access APIs in hybrid apps from “fracking” attacks. NOFRAK is platform-independent and requires no changes to the code of existing apps. Our second system is POWERGATE. In its core, POWERGATE is a new access-control mechanism for protecting APIs to native objects in Web-based ap- plications from unauthorized access. POWERGATE enables application developers to write well-defined access-control policies with explicit principals such as “appli- cation’s own local code” and “third-party Web code”. x Table of Contents Acknowledgments v Abstract vii List of Tables xvi List of Figures xvii List of Snippets xix List of Algorithms xxi Chapter 1. Introduction 1 1.1 Threat Model . .3 1.2 Architecture of modern software applications . .6 1.2.1 Client-side service APIs . .7 1.2.1.1 Low-level service APIs . .8 1.2.1.2 Service APIs in the middleware . 10 1.2.1.3 Service APIs in the application layer . 12 1.2.2 Server-side service APIs . 15 1.3 Towards principled service APIs . 18 1.3.1 Design . 19 1.3.2 Implementation . 20 1.3.3 Testing . 21 1.3.4 Backward compatibility . 22 1.4 Contributions and impact . 23 xi Chapter 2. Validating SSL Certificates in Non-Browser Software 27 2.1 Introduction . 27 2.2 Overview of our results . 30 2.3 Overview of SSL . 34 2.3.1 Threat model . 34 2.3.2 SSL certificate validation . 34 2.4 SSL abstractions . 37 2.4.1 SSL libraries . 38 2.4.2 Data-transport libraries . 44 2.5 SSL in non-browser software . 47 2.6 Experimental testbed . 51 2.7 Misunderstanding the SSL API . 53 2.7.1 Amazon Flexible Payments Service (PHP) . 53 2.7.2 PayPal Payments Standard and PayPal Invoicing (PHP) . 54 2.7.3 PayPal IPN in Zen Cart . 55 2.7.4 Lynx . 56 2.7.5 Apache HttpClient . 57 2.7.6 Trillian . 59 2.7.7 Rackspace . 60 2.7.8 TextSecure .
Recommended publications
  • Rootkit- Rootkits.For.Dummies 2007.Pdf

    Rootkit- Rootkits.For.Dummies 2007.Pdf

    01_917106 ffirs.qxp 12/21/06 12:04 AM Page i Rootkits FOR DUMmIES‰ 01_917106 ffirs.qxp 12/21/06 12:04 AM Page ii 01_917106 ffirs.qxp 12/21/06 12:04 AM Page iii Rootkits FOR DUMmIES‰ by Larry Stevenson and Nancy Altholz 01_917106 ffirs.qxp 12/21/06 12:04 AM Page iv Rootkits For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission.
  • Vmware Vrealize Configuration Manager Installation Guide Vrealize Configuration Manager 5.8

    Vmware Vrealize Configuration Manager Installation Guide Vrealize Configuration Manager 5.8

    VMware vRealize Configuration Manager Installation Guide vRealize Configuration Manager 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-001815-00 vRealize Configuration Manager Installation Guide You can find the most up-to-date technical documentation on the VMware Web site at: Copyright http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: [email protected] © 2006–2015 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc. Contents About This Book 5 Preparing to Install VCM 7 Typical or Advanced Installation 7 VCM Installation Configurations 8 Create VCM Domain Accounts 8 VCM Account Configuration 9 VCM Administrator Account 10 VCM User Accounts 10 Service Accounts 10 Network Authority Account 11 ECMSRSUser Account 12 SQL Server Permissions and Constructs 12 Gather Supporting Software
  • Curriculum Vitae Di Tommaso Cucinotta

    Curriculum Vitae Di Tommaso Cucinotta

    Curriculum Vitae: Prof. Tommaso Cucinotta Personal data Birth date and place: April 1974, Potenza (Italy) Phone: +39 (0)50 882 028 Skype Id: t.cucinotta E-mail: Home page: http:// retis . santannapisa .it/~tommaso Current status Dec 2015 to date: Associate Professor at the Real-Time Systems Laboratory (ReTiS) of Scuola Superiore Sant'Anna RESEARCH TOPICS & COMPETENCIES ❑ Real-time and reliable NoSQL Database systems for cloud services ❑ Adaptive resource management and scheduling in Cloud Computing & Network Function Virtualization infrastructures ❑ Artificial Intelligence and Machine Learning to support Data Center Operations in Cloud & NFV infrastructures ❑ Platforms for real-time data streaming and analytics ❑ Quality of service control for adaptive soft real-time applications, including multimedia and IMS systems ❑ Operating Systems for real-time and embedded applications and many-core and massively distributed systems ❑ Trusted computing and confidentiality in cloud computing ❑ Smart-cards: interoperability, protocols and architectures ❑ Digital signatures, biometrics identification, multicast security Experience highlights (details below) ❑ 7 Granted and 25 Filed EU and US Patents in the areas of security, resource management and scheduling ❑ 25 International Journal Publications, including IEEE Transaction on Computers, IEEE Transaction on Industrial Informatics and ACM Transactions on Embedded and Computing Systems ❑ 65 International Conference and Workshop Peer-reviewed Publications and 13 Book Chapters ❑ 3 EU Projects scientific
  • Microsoft Windows Server 2008 PKI and Deploying the Ncipher Hardware Security Module

    Microsoft Windows Server 2008 PKI and Deploying the Ncipher Hardware Security Module

    This is a joint nCipher and IdentIT authored whitepaper Microsoft Windows Server 2008 PKI and Deploying the nCipher Hardware Security Module Abstract This paper discusses the benefits that are unique to deploying the integrated solution of the Windows Server 2008 PKI and the nCipher nShield and netHSM hardware security modules (HSM). This includes the essential concepts and technologies used to deploy a PKI and the best practice security and life cycle key management features provided by nCipher HSMs.. MicrosofT WIndoWs server 2008 PKI and dePloyIng The nCipher hardWare seCurity Module Introduction...............................................................................................................................................................................................3 PKI – A Crucial Component to Securing e-commerce ......................................................................................................................4 Microsoft Windows Server 2008 ...............................................................................................................................................................4 nCipher Hardware Security Modules ......................................................................................................................................................4 Best.Practice.Security.–.nCipher.HSMs.with.Windows.Server.2008.PKI................................................................................5 Overview...............................................................................................................................................................................................................5
  • Invisimole: the Hidden Part of the Story Unearthing Invisimole’S Espionage Toolset and Strategic Cooperations

    Invisimole: the Hidden Part of the Story Unearthing Invisimole’S Espionage Toolset and Strategic Cooperations

    ESET Research white papers TLP: WHITE INVISIMOLE: THE HIDDEN PART OF THE STORY UNEARTHING INVISIMOLE’S ESPIONAGE TOOLSET AND STRATEGIC COOPERATIONS Authors: Zuzana Hromcová Anton Cherepanov TLP: WHITE 2 InvisiMole: The hidden part of the story CONTENTS 1 EXECUTIVE SUMMARY � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 4 2 ATTACKS AND INVESTIGATION � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 4 2.1 InvisiMole’s toolset ������������������������������������������������������������������������������������������������������������������������ 5 2.2 Cooperation between InvisiMole and Gamaredon . 5 3 BUILDING BLOCKS � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � 6 3.1 Structure ������������������������������������������������������������������������������������������������������������������������������������������6 3.1.1 InvisiMole blobs . 6 3.1.2 Execution guardrails with DPAPI ���������������������������������������������������������������������������������7 3.2 Payload ��������������������������������������������������������������������������������������������������������������������������������������������8 3.2.1 TCP downloader ��������������������������������������������������������������������������������������������������������������9 3.2.2 DNS downloader . 9 3.2.3 RC2CL backdoor �������������������������������������������������������������������������������������������������������������13
  • Game Programming Gems 7

    Game Programming Gems 7

    Game Programming Gems 7 Edited by Scott Jacobs Charles River Media A part of Course Technology, Cengage Learning Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Publisher and General Manager, © 2008 Course Technology, a part of Cengage Learning. Course Technology PTR: Stacy L. Hiquet Associate Director of Marketing: ALL RIGHTS RESERVED. No part of this work covered by the copyright Sarah Panella herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to Heather Manager of Editorial Services: photocopying, recording, scanning, digitizing, taping, Web distribution, Talbot information networks, or information storage and retrieval systems, except Marketing Manager: Jordan Casey as permitted under Section 107 or 108 of the 1976 United States Copyright Senior Acquisitions Editor: Emi Smith Act, without the prior written permission of the publisher. Project/Copy Editor: Kezia Endsley CRM Editorial Services Coordinator: Jen Blaney For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 Interior Layout Tech: Judith Littlefield Cover Designer: Tyler Creative Services For permission to use material from this text or product, CD-ROM Producer: Brandon Penticuff submit all requests online at cengage.com/permissions Further permissions questions can be emailed to Valerie Haynes Perry Indexer: [email protected] Proofreader: Sue Boshers Library of Congress Control Number: 2007939358 ISBN-13: 978-1-58450-527-3 ISBN-10: 1-58450-527-3 eISBN-10: 1-30527-676-0 Course Technology 25 Thomson Place Boston, MA 02210 USA Cengage Learning is a leading provider of customized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan.
  • Mastering Windows XP Registry

    Mastering Windows XP Registry

    Mastering Windows XP Registry Peter Hipson Associate Publisher: Joel Fugazzotto Acquisitions and Developmental Editor: Ellen L. Dendy Editor: Anamary Ehlen Production Editor: Elizabeth Campbell Technical Editor: Donald Fuller Electronic Publishing Specialist: Maureen Forys, Happenstance Type-O-Rama Proofreaders: Nanette Duffy, Emily Hsuan, Laurie O'Connell, Yariv Rabinovitch, Nancy Riddiough Book Designer: Maureen Forys, Happenstance Type-O-Rama Indexer: Ted Laux Cover Designer: Design Site Cover Illustrator: Sergie Loobkoff Copyright © 2002 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. The author(s) created reusable code in this publication expressly for reuse by readers. Sybex grants readers limited permission to reuse the code found in this publication or its accompanying CD-ROM so long as the author is attributed in any application containing the reusable code and the code itself is never distributed, posted online by electronic transmission, sold, or commercially exploited as a stand-alone product. Aside from this specific exception concerning reusable code, no part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. First edition copyright © 2000 SYBEX Inc. Library of Congress Card Number: 2002100057 ISBN: 0-7821-2987-0 SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries. Mastering is a trademark of SYBEX Inc. Screen reproductions produced with FullShot 99. FullShot 99 © 1991-1999 Inbit Incorporated. All rights reserved.FullShot is a trademark of Inbit Incorporated.
  • Table of Contents

    Table of Contents

    A Comprehensive Introduction to Vista Operating System Table of Contents Chapter 1 - Windows Vista Chapter 2 - Development of Windows Vista Chapter 3 - Features New to Windows Vista Chapter 4 - Technical Features New to Windows Vista Chapter 5 - Security and Safety Features New to Windows Vista Chapter 6 - Windows Vista Editions Chapter 7 - Criticism of Windows Vista Chapter 8 - Windows Vista Networking Technologies Chapter 9 -WT Vista Transformation Pack _____________________ WORLD TECHNOLOGIES _____________________ Abstraction and Closure in Computer Science Table of Contents Chapter 1 - Abstraction (Computer Science) Chapter 2 - Closure (Computer Science) Chapter 3 - Control Flow and Structured Programming Chapter 4 - Abstract Data Type and Object (Computer Science) Chapter 5 - Levels of Abstraction Chapter 6 - Anonymous Function WT _____________________ WORLD TECHNOLOGIES _____________________ Advanced Linux Operating Systems Table of Contents Chapter 1 - Introduction to Linux Chapter 2 - Linux Kernel Chapter 3 - History of Linux Chapter 4 - Linux Adoption Chapter 5 - Linux Distribution Chapter 6 - SCO-Linux Controversies Chapter 7 - GNU/Linux Naming Controversy Chapter 8 -WT Criticism of Desktop Linux _____________________ WORLD TECHNOLOGIES _____________________ Advanced Software Testing Table of Contents Chapter 1 - Software Testing Chapter 2 - Application Programming Interface and Code Coverage Chapter 3 - Fault Injection and Mutation Testing Chapter 4 - Exploratory Testing, Fuzz Testing and Equivalence Partitioning Chapter 5
  • Red Hat Enterprise Linux 7 7.9 Release Notes

    Red Hat Enterprise Linux 7 7.9 Release Notes

    Red Hat Enterprise Linux 7 7.9 Release Notes Release Notes for Red Hat Enterprise Linux 7.9 Last Updated: 2021-08-17 Red Hat Enterprise Linux 7 7.9 Release Notes Release Notes for Red Hat Enterprise Linux 7.9 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
  • Technical Specification of Cryptomate64 USB Cryptographic

    Technical Specification of Cryptomate64 USB Cryptographic

    CryptoMate64 USB Cryptographic Token Technical Specifications V1.06 Subject to change without prior notice [email protected] www.acs.com.hk Table of Contents 1.0. Introduction ............................................................................................................. 3 2.0. Features ................................................................................................................... 4 2.1. Cryptographic Smart Card and Crypto-processor Features .................................................. 4 2.2. Token Features ...................................................................................................................... 4 3.0. Typical Applications ................................................................................................ 5 4.0. Middleware ............................................................................................................... 6 5.0. Technical Specifications ......................................................................................... 7 List of Figures Figure 1 : CryptoMate64 System Block Diagram ................................................................................... 3 Figure 2 : Middleware Diagram .............................................................................................................. 6 Page 2 of 8 CryptoMate64 – Technical Specifications [email protected] Version 1.06 www.acs.com.hk 1.0. Introduction CryptoMate64 is a lightweight USB token that provides users with strong authentication solutions and the CCID-compliant
  • Security Policy for FIPS 140-2 Validation

    Security Policy for FIPS 140-2 Validation

    Enhanced Cryptographic Provider Security Policy for FIPS 140‐2 Validation Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows RT Microsoft Surface Windows RT Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 Microsoft Windows Storage Server 2012 Enhanced Cryptographic Provider (RSAENH.DLL) DOCUMENT INFORMATION Version Number 1.2 Updated On December 17, 2014 © 2014 Microsoft. All Rights Reserved Page 1 of 25 This Security Policy is non‐proprietary and may be reproduced only in its original entirety (without revision). Enhanced Cryptographic Provider The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
  • Administrator's Guide

    Administrator's Guide

    OVERLAPS 3.0.11.0 Administrator’s Guide 1 Copyright ©2018-2020 Int64 Software Ltd. | Last Updated 22nd October 2020 OVERLAPS 3.0.11.0 1 System Requirements ........................................................................................................... 5 2 Installation .............................................................................................................................. 6 2.1 Running the Installer .................................................................................................................. 6 2.2 Installing your Licence File......................................................................................................... 8 3 First Configuration ................................................................................................................. 9 3.1 Configuration Tools .................................................................................................................... 9 3.1.1 olconfig.exe Command Line Interface ................................................................................................. 9 3.1.2 OVERLAPS Configuration Utility (GUI) ................................................................................................ 10 3.2 Configuring Kerberos ............................................................................................................... 15 3.2.1 Configuring Kerberos using the Configuration Utility ..................................................................... 16 3.2.2 Configuring Kerberos using