Melissa virus: $1 billion in ... Macro Viruses e-mail Worms ...... Phone discovers door. To prove: Mike says to open D208. Open. D208. Lujo. Lujo's phone. Mike's.
Carnegie Mellon
Cybersecurity: Opportunities and Challenges
Pradeep K. Khosla Director, CyLab, and Dean, College of Engineering Carnegie Mellon University
Carnegie Mellon
Exponents Control our Life
Speed of Microprocessor chips doubles every 12-18 months Storage Density doubles every 12 months Bandwidth is doubling every 12 months Price keeps on dropping making the technology affordable and pervasive
Carnegie Mellon
The Old „Net
Carnegie Mellon
The New „Net
Carnegie Mellon
Current State of CyberSecurity
Security Through Patches Cause of major costs in complex Industrial IT environments Systems and Services “die” under an attack Service Disruption causes economic and productivity loss Disruption of Critical Infrastructure (Banks, Telephone, Power, etc)
Patched Approach to Security across the System Melissa virus: $1 billion in damages (Computer Economics)
1999
Lloyds of London put the estimate for Love Bug at $15 billion 3.9 million systems infected 30 days to clean up
2000
(Reuters) Code Red cost $1.2 billion in damages and $740 million to clean up from the 360,000 infected servers
2001
Slammer
$1 billion in damages
2003
Carnegie Mellon
Contagion Timeframe
IT Systems Threat Evolution in the Future
Seconds
Human response: impossible Automated response: Will need new paradigms Proactive blocking: possible
Minutes
Human response: difficult/impossible Automated response: possible
Hours
Human response: possible
“Flash” Threats
“Warhol” Threats
Blended Threats
e-mail Worms
Days
Macro Viruses Weeks or months
File Viruses
Early 1990s
Mid 1990s
Late 1990s
2000
2003
Time
Carnegie Mellon
Critical Infrastructure Is at Risk…..In the USA Agriculture and Food 1.9M farms 87,000 food processing plants Water 1,800 federal reservoirs 1,600 treatment plants Public Health 5,800 registered hospitals Chemical Industry 66,000 chemical plants
Telecomm 2B miles of cable Energy 2,800 power plants 300K production sites
Transportation 120,000 miles of railroad 590,000 highway bridges 2M miles of pipeline 300 ports
Banking and Finance 26,600 FDIC institutions
Postal and Shipping 137M delivery sites Key Assets 5,800 historic buildings 104 nuclear power plants 80K dams 3,000 government facilities 460 skyscrapers
IT infrastructure is the basis for most of the Critical Infrastructure for Homeland Security
Carnegie Mellon
Axioms and Assumptions
There is no notion of 100% Security – in fact, I believe it is unachievable The adversary is as smart and sophisticated as we are Attacks will happen!!
Cybersecurity is not about stopping attacks….. …It is about building Systems and Services that “Operate through an Attack” Need to invest consistently in R&D and education/training to keep one step ahead
Carnegie Mellon
CyLab Mission R&D thru Integrating Technology Policy Management
Education and Awareness at ALL levels
Strong Economic Development Linkages
Carnegie Mellon CyLab Meet Demand for Education
Act as A Global Hub Through Global Partnerships
Carnegie Mellon
International Presence of CyLab • CyLab Greece – MS Program and Research • CyLab Japan -- MS Program
• CyLab Korea – Research • CyLab Portugal (ICTI) -MS Programs and Research • iCAST -- Research
Carnegie Mellon
What is Needed to address next generation Cybersecurity
Next-generation prediction and response Resilient and selfhealing networks and computing Secure access to devices and spaces Software measurement and assurance Guarantee Security with Privacy
Technology
Deliver
Standards Adoption frameworks Informed legislation Awareness and education at all levels
Threat prediction modeling Business risk analysis Economic implications and ROI
Carnegie Mellon
Some questions that bother me
Why is the anti spam legislation ineffective? Why are more hackers not caught and prosecuted? How does legislation to disclose vulnerabilities (before the bugs are fixed) help in securing the computing and networking infrastructure? Does it really help the consumer? Is there a way to stop DDoS attacks? Why are we unable to build and deploy systems that “operate through attacks” Can any single company (by making their product secure) make the infrastructure/services secure? Are our kids/citizens “cyberaware”? Would it help if they were “cyberaware”? Can any single country make the Internet secure?
Carnegie Mellon
Packet Tracing and DDoS Attack Threats
DDoS attacks represent a significant threat Hackers commandeer large botnets and rent them out interested parties Spam email Racketeering/extortion Paralyze cyber infrastructure Many examples DDoS attacks against DNS, Akamai, Microsoft Extortion attacks against gambling web sites Spammers attack anti-spam web sites Music publishers DoS P2P networks
Carnegie Mellon
Technical Challenges to overcome DDoS
Challenge 1: Filter packets with spoofed IP source address Pi Project: first approach to identify IP-spoofing for every packet [Yaar, Perrig, Song @ IEEE Security & Privacy Symposium 2003] Challenge 2: Link flooding SIFF Project: stateless approach to enable routers drop attack packets in network [Yaar, Perrig, Song @ IEEE Security & Privacy Symposium 2004] Challenge 3: Attack traceback FIT Project: Fast Internet traceback [Yaar, Perrig, Song @ IEEE Infocom 2005]
Carnegie Mellon
Pi Basic Filter
Carnegie Mellon
Pi Performance: Legacy Routers
Pi is robust to the presence of legacy routers Benefits even when only 20% of routers implement Pi
Carnegie Mellon
Security, Trust, and Survivability are Critical Enabling Technologies for Mobile-X “Personal Trusted Devices”
Content Protection
Delegating Authority
Secure Transactions
CORPORATE PRODUCTIVITY
M-COMMERCE
Requirements:
Security Privacy Capture Resilient Devices
Secure Downloads
LOCATION SERVICES
ENTERTAINMENT
Carnegie Mellon
Software-based Attestation
Attestation: External verifier can check software integrity in embedded device
Existing techniques rely on secure HW
“External” - Verifier does not have physical access to the device memory TCG and NGSCB
Software-based: No secure HW
SWATT: SoftWare-based ATTestation (with Arvind Seshadri, Adrian Perrig, Leendert van Doorn,)
Runs on any current or legacy hardware
Carnegie Mellon
Overview of SWATT Embedded device
External Verifier Challenge
Checksum function Checksum of memory Device memory
Expected device memory contents
Desired Properties
• Detect malicious code • Detect checksum forgery
Resilient to all attacks, except HW changes No need to trust any software including verification function Provides equality check for memory contents Provides run-time attestation TCG and NGSCB only do load-time attestation
Carnegie Mellon
Grey: Some Challenges [Bauer, Garriss, McCune, Reiter, & Rouse]
A sufficiently flexible authorization infrastructure
Device theft
Must support usual modes of access and delegation for each protection mechanism it is to replace, and more Should ensure that stolen devices cannot be misused
Usability
Human-to-device authentication Device-to-device authentication Access-control policy creation
Carnegie Mellon
Deployment of Grey at Carnegie Mellon CyLab
Carnegie Mellon
Carnegie Mellon
Biometrics for Capture Resilient Devices
Most current methods rely on passwords, ID cards that can be easily forgotten or stolen Future: Identity Recognition for access to systems, spaces, and services based on Intelligent fusion multiple biometrics (face, voice, signature, iris, fingerprint…..) PCs and Cell phones with camera and fingerprint sensor (LG-LP3350 – Summer 2005) PKI
e-Bank
NO Biometrics
Finger + Face
PKI Token
Voice
Signature
Client Side
Internet
Authenticated - Secure Channel
On-line Shop
Friend Server Side
Carnegie Mellon
Examples of Different Biometrics
Face Fingerprint Voice Palmprint Hand Geometry Iris Retina Scan Voice DNA Signatures Gait Keystroke
Carnegie Mellon
Challenges in Biometrics (e.g. Face & Fingerprint) • Pose • Illumination • Expression
• Occlusion • Time lapse • Real Problem – Verification Accuracy and False Acceptance rate
Carnegie Mellon
Correlation Filters for Biometrics (Savvides, Kumar, Khosla) Test Image
FFT
IFFT
Analyze
Decision
Correlation output
Training
Correlation Filter
Recognition Training Images
Filter Design
Match
... No Match
Carnegie Mellon
Using same Filter trained before,
Perform cross-correlation on cropped-face shown on left
Carnegie Mellon
Carnegie Mellon
•Using SOMEONE ELSE’S Filter,…. Perform cross-correlation on cropped-face shown on left. •As expected very low PSR.
Carnegie Mellon
Recognition Accuracy using Frontal Lighting Training Images PIE dataset (face images captured with room lights off)
Frontal Lighting Training Images
IPCA # %Rec Errors Rate
3D Linear Subspace
Fisherfaces
MACE Filters (CyLab)
UMACE Filters (CyLab)
# Errors
%Rec Rate
# Errors
%Rec Rate
# Errors
% Rec Rate
# Errors
% Rec Rate
5,6,7,8,9,10 11,18,19,20
33
97.6%
31
97.3%
36
97.3%
0
100%
0
100%
5,6,7,8,9, 10
110
91.4%
40
97.1%
145
89.3%
1
99.9%
0
100%
5,7,9,10
337
72.4%
93
93.2%
390
71.4%
1
99.9%
3
99.7%
7,10,19
872
36.1%
670
50.9%
365
73.3%
10
99.1%
10
99.1%
8,9,10
300
78.0%
30
97.8%
244
82.1%
1
99.9%
1
99.9%
18,19,20
122
91.0%
22
98.4%
79
94.2%
2
99.9%
1
99.9%
Carnegie Mellon
Real-time Identification and Authentication
Carnegie Mellon
Low Complexity Algorithm for PDA
Carnegie Mellon
Carnegie Mellon
CyLab Education: Goals and Objectives 10 million “cyberaware” citizens worldwide starting with 20,000 households in the Pittsburgh area 1. Raise awareness of cybersecurity threats 2. Promote safe and responsible online behavior – adults and children 3. Build capacity for the protection of the global information infrastructure
Carnegie Mellon
Overview of CyLab Education
PhD programs in ECE, SCS, and Heinz School aimed at Security Professional graduate degree programs that integrate Policy, Management, Technlogy (EE,CE,CS) through the Information Networking Institute (INI) Master of Science in Information Networking (MSIN) Master of Science in Information Security Technology and Management (MSISTM) MSIN in Athens, Greece – in collaboration with Athens Information Technology (AIT) Master of Science in Information Technology - Information Security Track (MSIT-IS) in Kobe, Japan – (Fall 2005) Executive education for CSO, CISO Capacity building programs for faculty in minority serving colleges Outreach and awareness programs Future efforts: Law enforcement training, “Emerging Links, Learning Communities”
Carnegie Mellon
Enabling Other Institutions: IACBP
Intensive, month-long program to help develop Information Assurance education and research capacity at colleges and universities designated as minority-serving institutions – specifically: Historically Black colleges and universities Hispanic-serving institutions Funded by NSF Matching funds from Pittsburgh Digital Greenhouse (PDG) for minority-serving institutions K-12 schools, community colleges, and universities in the commonwealth of PA
Carnegie Mellon
Combining Computing, Entertainment, and Web Technologies to create
Cyber awareness for children and the masses -- games for children -- Portal for adults
Carnegie Mellon
Cyberspace is represented by a cybercity where children take on the role of cadets of the Cyber Defense Academy. Through fun “missions,” they learn how to protect themselves from: • spam • viruses • suspicious characters in chat rooms
They also learn how to recognize and avoid “cybervillains” like MC Spammer and Elvirus.
Carnegie Mellon
Email Game
Chatroom Game
The email game focuses on how to The chatroom game focuses on chat use judgment when sorting eroom behavior and emphasizes: mail messages: what sort of questions kids to evaluate and delete should be wary of to avoid suspicious email cyber predators; messages; that it is okay to just ignore how to handle spam; someone or leave a chat rather than give away any how to avoid viruses in private information that may attachments. put them in danger.
Carnegie Mellon
MySecureCyberspace: The Game
Partnership with i-SAFE America – game will be integrated into the Safe Schools Education Initiative and Outreach Campaign in thousands of schools in all fifty states by next fall: http://www.isafe.org/
“Emerging Links: Learning Communities” project (in collaboration with Harvard University) – game will be used as a training tool in Pittsburgh Public Schools
Available through the portal www.mysecurecyberspace.com
Carnegie Mellon
Some questions that still bother me
Why are more hackers not caught and prosecuted?
How does legislation to disclose vulnerabilities (before the bugs are fixed) help in securing the computing and networking infrastructure? Does it really help the consumer?
I don’t think this helps. Bad idea but somehow the lawmakers don’t get it Maybe – A federally funded assurance facility that allows for voluntary testing of software components is the answer
Is there a way to stop DDoS attacks?
Guaranteed Packet tracing + real-time biometrics on every computer Issues – Should there be legislation? Or will this be forced by vendors?
Pi+SIFF+FIT technologies Who will pay for infrastructure upgrade? Should the government mandate it?
Why are we unable to build and deploy systems that “operate through attacks”
Point solutions exist.
Carnegie Mellon
Some questions that still bother me
Why is the anti spam legislation ineffective?
Can any single company (by making their product secure) make the infrastructure/services secure?
Would not only require technologies but consistent international laws, their enforcement, and collaboration
Certainly not
Are our kids/citizens “cyberaware”? Do they need to be “cyberaware”?
Not yet but we need to keep on working. Cyberawareness will certainly contribute to reducing the velocity of propagation
CyberSecurity is complex because it is integration of several disparate technologies requires policies/processes, and technologists, policymakers, and lawmakers to work together
Carnegie Mellon
For More Information: Carnegie Mellon CyLab http://www.cylab.cmu.edu/ Information Networking Institute http://www.ini.cmu.edu/
Carnegie Mellon
Carnegie Mellon
Emerging Links Digital Divide Project
2-Way Educational Mortgage Commitment from parents, students, and teachers to receive technology and content resource in exchange for providing feedback to the Pittsburgh Public School (PPS) system on how the parental engagement can support the academic health of students PPS provides: Computers and broadband access Parents commit to: Engagement and support of their children in using online education resources
Carnegie Mellon
Random Convolution Kernel 1
Encrypted MACE Filter 1
Random Convolution Kernel 2
Encrypted MACE Filter 2
Carnegie Mellon
Capture-Resilient Cryptographic Devices [MacKenzie & Reiter]
A device that cannot be used by other than its rightful owner
Approach leverages networked nature of device
No amount of reverse engineering exposes its cryptographic secrets Does not rely on tamper-resistant hardware; a software-only solution
Most interesting uses of a key require network anyway
Idea: The environment confirms that the device remains in its owner‟s possession before permitting its key to be used
Component in environment is called a “capture-protection server”
Carnegie Mellon
Access Control Today
Physical
Computer
Physical keys Identification cards Access cards and tokens Username and password Biometrics Smart cards Kerberos, Passport, …
Weaknesses of current methods
Limited expressiveness Poor cross-domain interoperability
Carnegie Mellon
Make the case that security is more than just internet, computers, viruses etc
Make the case that building robust systems on their own is not good enough – need to build robust systems out of non-robust components
Talk about visual tracking using mobile s/w Talk about mobile code to capture learning Motivate and Connect this to s/w attestation
Show a vision where embedded devices are the future Talk about Grey, Sensor networks, S/W attestation Show a vision for catching hackers and making people responsible
Securing the computing and communications infrastructure Using the above to secure the physical infrastructure A convergence of technologies (IT, robotics, sensors, vision, AI, etc)
Talk about Biometrics authentication, Path tracing, bring out policy issues
Make the case for education and awareness
Carnegie Mellon
Usability: Seeing-is-Believing [McCune, Perrig & Reiter]
A location-limited channel for reliably getting importing info
Example: capturing public key of another
Also used in Grey for discovering Bluetooth addresses
Carnegie Mellon
Pi: Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
Basic Premise:
Path “fingerprints” Entire fingerprint in each packet Incrementally constructed by routers along path
Detect spoofing by observing discrepancy between IP address and path fingerprint
Carnegie Mellon
Pi: System Overview
Two phases
Pi marking Stack marking Write-ahead marking Pi filtering filtering Basic filter Threshold filtering
Carnegie Mellon
Pi Performance: Threshold Filters
Observations? Increased attack severity requires increased threshold. Optimal threshold value
topt
PU PA
PU
PU – Total user pkts PA – Total attack pkts
Carnegie Mellon
1.
Sender S sends best effort packet to receiver R, arriving packet accumulates SIFF Handshake
capability If R wants to allow S to send privileged traffic, R sends capability back to S S includes capability in packets to send at privileged level
2. 3.
P
Privileged
capability
P, capability
Carnegie Mellon
SIFF Marking: Unprivileged Packets
SIFF routers use modified Pi marking for unprivileged packets
Marking should be unpredictable
With all zero IP ID, router pushes extra 1 bit Use keyed hash, instead of MD5
Markings unique to Sender/Receiver pair
Add source IP and destination IP to hash (ie. HK( currIP | prevIP | senderIP | recIP )
SIFF Marking: Privileged Packets
SIFF routers verify marking in the header
Carnegie Mellon
Correct marking: Router pushes zeros into MSB Incorrect marking: Router drops packet
Without Receiver help, Sender does not learn Pi mark, can‟t send privileged traffic IP Spoofing
Receiver’s Capability does not reach attacker (Subnet spoofing) Different IP address alters capability, limit spoofing to single address
Carnegie Mellon
FIT Design Overview
Routers probabilistically mark packets
Peace-time
IP hash fragment / distance field encoded in IP identification field Upstream router maps generated from packet markings
Attack-time
Victim can match attack packet marks to routers on map
Carnegie Mellon
Contagion Timeframe
IT Systems Threat Evolution in the Future
Seconds
Human response: impossible Automated response: Will need new paradigms Proactive blocking: possible
Minutes
Human response: difficult/impossible Automated response: possible
Hours
Human response: possible
“Flash” Threats
“Warhol” Threats
Blended Threats
e-mail Worms
Days
Macro Viruses Weeks or months
File Viruses
Early 1990s
Mid 1990s
Late 1990s
2000
2003
Time
Carnegie Mellon
Cyber Security: Threats, Vulnerabilities and Risks Vulnerabilities
Threats Disgruntled Employees Organized Crime Hackers Cyber Terrorists Competitors Governments
OS Network Supply Chain Applications Databases PCs, PDA, Phones Middleware E-x Communities (egovernment, ecommerce, etc)
Risks Disclosure of Customer Records Sabotage of Operations/Service Theft of Trade Secrets EFT Fraud Loss of Client Confidence Legal Liability
Carnegie Mellon
CyLab Mission R&D thru Integrating Technology Policy Management
Education and Awareness at ALL levels
Strong Economic Development Linkages
Carnegie Mellon CyLab Meet Demand for Education
Act as A Global Hub Through Global Partnerships
Carnegie Mellon
What is Needed to address next generation Cybersecurity
Next-generation prediction and response Resilient and selfhealing networks and computing Secure access to devices and spaces Software measurement and assurance Guarantee Security with Privacy
Technology
Deliver
Standards Adoption frameworks Informed legislation Awareness and education at all levels
Threat prediction modeling Business risk analysis Economic implications and ROI
Carnegie Mellon
Changing Landscape of Computing and Communications 1990s Late 1980s • 5M computers in 1980 • Limited Connectivity
• Tech Savvy Users • Limited Security Threats (Floppy Disks)
• 105M PCs in 1990 • Growing Connectivity
• Mainstream Users and Economy depend on IT • Growing Threats (Viruses, Worms, Etc) • 25K reported incidents in decade
Source: CERT, Carnegie Mellon University, eTForecasts, Global Reach
2000s • Over 800 Million people online worldwide • Growing Number of Connected Apps, P2P, Web Services • Increasing reliance on Wireless, Handheld dev • CyberSecurity Threats Globalized – Growing in number and Complexity
Carnegie Mellon
SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks
Goal: enable receiver to control its traffic Key ideas Use Pi fingerprints as authorization to send traffic Pi fingerprint is used as a capability Only clients who know their Pi mark get authorization Authorized or “privileged” packets get priority over nonprivileged packets In bandwidth DoS, privileged packets are undisturbed by non-privileged packets
Carnegie Mellon
SIFF: Stateless Internet Flow Filter
P
Create two Internet packet classes Unprivileged (best-effort): Signaling and legacy traffic Privileged: Receiver controlled traffic flows Privileged packets given priority at routers Privileged packets never dropped by unprivileged packet flooding Privileged packet flooding is impossible (with high probability)
Privileged
capability
P, capability
Carnegie Mellon
Survivable Storage Systems (Ganger et al)
Perpetually Available Information should always be available even when some system components (computers) are down or unavailable Perpetually Secure and Self Healing Information integrity and confidentiality should always be enforced even when some system components are compromised Graceful in degradation Information access functionality and performance should degrade gracefully as system components fail Assumptions – Some components will fail, some components will be compromised, some components will be inconsistent, BUT...surviving components allow the information storage system to survive
Carnegie Mellon
Decimate and Disperse Information
Decimate Information and create a “1000 piece” puzzle Store this information on “1000 computers” Under an attack Adversary gains access to a few “puzzle pieces” and most likely no information Legitimate user cannot reconstruct the original information
Carnegie Mellon
Decimate, Replicate, and Disperse Information
Decimate Information and create multiple “1000 piece” puzzles Store this information on “1000 computers” Under an attack Adversary gains access to a few “puzzle pieces” and most likely no information Legitimate user can reconstruct the original information System can heal itself – identify corrupted information and repair it
Carnegie Mellon
Fingerprint results (Kumar and Venkatramani) Advanced Filter is used to evaluate performance at different resolutions
0.6%
512x512
256x256
128x128
64x64 32x32
K. Venkataramani, B.V.K. Vijaya Kumar, CMU, “Fingerprint verification using correlation filters”, Audio- and Video- based Biometric Person Authentication (AVBPA), UK, 2003 .
Carnegie Mellon
S/W Assurance
Secure and near defect free programming awareness Tools Testbed Real-world engagements – scalable, adoptable, sustainable Process/tool integration – automated metric gathering, chain together developer, work item, code, defect, etc. Process Business issues ROI, risk, etc. Acquisition issues – Adding product evaluation to Common Criteria and other acquisition resources
Carnegie Mellon
S/W Assurance Testbed
Tool Evaluation/Evolution (commercial and research, initial focus-Java) Run real-world code against tools – scalable, adoptable, sustainable Recent successful engagement (Fluid Tool – Scherlis / Maccherone): Reviewed tier 1 J2EE Application Server – 350,000 +/- lines of code Focused on concurrency – very hard to inspect/test Assured thousands of correct locks Made roughly 60 changes to code while on site Re-factored key clustering code for increased scalability, performance, and reliability and proposed other re-factorings – surprise outcome Reverse engineered design intent of purchased and/or “mangled” code – #1 priority for engagement Strong desire for tools to become a part of regular development process What‟s next More engagements C/C++
Carnegie Mellon
What is Needed?
Better Software Improved SW Engineering and development processes New diagnostic tools and metrics Vulnerability discovery/elimination tools Malware detection/elimination tools Perpetually Available Systems Self-aware, self-securing computing and network infrastructure Secure wireless networks, Sensor Networks, RFID Systems Better Identification/Authentication, Access Control mechanisms Multi-biometric technologies for Capture-resilient portable devices (phones, PDAs, laptops, etc.)
Carnegie Mellon
What Is Needed - Cont‟d
Better Risk Management to enable informed decisions about SW enterprises currently use, are considering buying, or are developing Objective measurements of SW artifacts (code, designs, etc.) plus environment information as input to a robust risk model Balance of privacy and security Better government Policy and Informed Legislation Education, Training, and Awareness at all levels PhD researchers, professional degrees, executive education End-user awareness training Integration into school curricula at all levels International collaboration
Carnegie Mellon
CyLab – A University-wide Multi-disciplinary Research and Education Program
CyLab research program is focused on the CyberSecurity, dependability and privacy through integrating Technology, Business, and Policy. The CyLab is a Carnegie Mellon wide initiative building on: More than 50 faculty and 100 graduate students involved from Electrical and Computer Eng, Information Networking Institute, Heinz School of Public Policy, Tepper School of Business, School of Computer Science, and Statistics More than 150 security professionals involved in research, development, and incident response at US-CERT More than 50 existing Industrial Affiliate Member Companies
Carnegie Mellon
Project Grey Approach: A General Framework
Access control decision procedure can be modeled in a general framework Can capture many concepts
Users, objects Roles Delegation Statements Authority
Lujo, Mike, Room D208 Jon as a Student Device on behalf of Jon
Jon says to open D208 Jon speaks for Mike’s Students, Lujo says Mike can perform any CMU goal for him
Carnegie Mellon
Lujo’s phone
First Access Lujo Lujo can prove that if he gets permissions 1) Of a student of Mike’s 2) Of Mike’s admin 3) Of Mike’s list of colleagues 4) To open the door directly
Mike
Mike’s phone
Please help
Open D208
D208 Phone discovers door
To prove: Mike says to open D208 Hmm, I can’t prove that. I’ll ask Mike’s phone for help.
Lujo is my colleague Proof of: If Lujo says to open D208, then Mike says to open D208 Proof of: Mike says to open D208
