Advanced Operating Systems, CSci555

Advanced Operating Systems, CSci555

USC CSci530 Computer Security Systems Lecture notes Fall 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Announcements Mid-term exam Friday October 12th 9AM-10:40AM, location TBD

Open Book, Open Note, No Electronics Lecture from 11-11:50. Dr. Neumans Office hours October 12 no office hours October 10 instead, 1PM to 2PM Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Lecture 6 5 October 2007

Authorization and Policy Dr. Clifford Neuman University of Southern California Information Sciences Institute Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Delegated Authentication Usually an authorization problem How to allow an intermediary to perform operations on your behalf. Pass credentials needed to

authenticate yourself Apply restrictions on what they may be used for. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Proxies A proxy allows a second principal to operate with the rights and privileges of the principal that issued the proxy Existing authentication credentials Too much privilege and too easily propagated Restricted Proxies By placing conditions on the use of

proxies, they form the basis of a flexible authorization mechanism Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Restricted Proxies PROXY CERTIFICATE Conditions: Proxy Grantor Use between 9AM and 5PM Grantee is user X, Netmask is 128.9.x.x, must be able to read this fine print, can you

+ Proxy Two Kinds of proxies Proxy key needed to exercise bearer proxy Restrictions limit use of a delegate proxy Restrictions limit authorized operations Individual objects Additional conditions Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE FROM PREVIOUS LECTURE

Authenticating Hardware and Software DSSA Delegation is the important issue Workstation can act as user Software can act as workstation if given key Software can act as developer if checksum validated Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE FROM PREVIOUS LECTURE Next Generation Secure Computing Base (Longhorn)

Secure booting provides known hardware and OS software base. Security Kernel in OS provides assurance about the application. Security Kernel in application manages credentials granted to application. Security servers enforce rules on what software they will interact with. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Authorization: Two Meanings Determining permission

Is principal P permitted to perform action A on object U? Adding permission P is now permitted to perform action A on object U In this course, we use the first sense Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Access Control Who is permitted to perform which actions on what objects? Access Control Matrix (ACM) Columns indexed by principal Rows indexed by objects

Elements are arrays of permissions indexed by action In practice, ACMs are abstract objects Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Instantiations of ACMs Access Control Lists (ACLs) For each object, list principals and actions permitted on that object Corresponds to rows of ACM Example: Kerberos admin system Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Instantiations of ACMs Capabilities For each principal, list objects and actions permitted for that principal Corresponds to columns of ACM Example: Kerberos restricted proxies The Unix file system is an example of? Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problems Permissions may need to be

determined dynamically Time System load Relationship with other objects Security status of host Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problems Distributed nature of systems may aggravate this ACLs need to be replicated or centralized Capabilities dont, but theyre

harder to revoke Approaches GAA Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Authorization Final goal of security Determine whether to allow an operation. Depends upon Policy Possibly authentication Other characteristics

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE The role of policy in security architecture Policy Defines what is allowed and how the system and security mechanisms should act. Enforced By Mechanism Provides protection interprets/evaluates (firewalls, ID, access control, confidentiality, integrity) Implemented as: Software: which must be implemented correctly and according to sound software engineering principles. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

2 Policy: Review The Access Matrix Policy represented by an Access Matrix Also called Access Control Matrix One row per object One column per subject Tabulates permissions But implemented by: Row Access Control List Column Capability List Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Policy models: Bell-LaPadula Discretionary Policy Based on Access Matrix Mandatory Policy Top Secret, Secret, Confidential, Unclassified * Property: S can write O if and only if Level S <= Level O Write UP, Read DOWN Categories treated as levels Form a matrix (more models later in the course) Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Other Policy Models Mandatory Acces Control Bell-Lepadula is an example Discretionary Access Control Many examples Role Based Access Control Integrity Policies Biba Model Like BellLepadula but inverted Clark Wilson Constrained Data, IVP and TPs Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Security is more than mix of point solutions Todays security tools work with no coordinated policy Firewalls and Virtual Private Networks Authentication and Public Key Infrastructure Intrusion Detection and limited response We need better coordination Intrusion response affected at firewalls, VPNs and Applications Not just who can access what, but policy says what kind of encryption to use, when to notify ID systems. Tools should implement coordinated policies Policies originate from multiple sources Policies should adapt to dynamic threat conditions Policies should adapt to dynamic policy changes triggered by activities like September 11th response.

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 4 GAA-API: Integration through Authorization Focus integration efforts on authorization and the management of policies used in the authorization decision. Not really new - this is a reference monitor. Applications shouldnt care about authentication or identity. Separate policy from mechanism Authorization may be easier to integrate with applications.

Hide the calls to individual security services E.g. key management, authentication, encryption, audit Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 6 Authorization and Integrated Security Services INTRUSION DETECTION UNDER ATTACK

Firewalls Web Servers EACL GAA API ... Databases IPSec Authentication

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE SECURITY AUDIT RECORDS 7 Generic Authorization and Access-control API Allows applications to use the security infrastructure to implement security policies. gaa_get_object_policy_info function called before other GAA API routines which require a handle to object EACL to identify EACLs on which to operate. Can interpret existing policy databases.

gaa_check_authorization function tells application whether requested operation is authorized, or if additional application specific checks are required SC,obj_id,op input GAA API gaa_get_ object_eacl Application gaa_check_

authorization output Yes,no,maybe Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 9 Three Phases of Condition Evaluation GAA-API EACL a.isi.edu, connect, Tom

gaa_get_object_policy_info() gaa_check_authorization() T/F/U gaa_execution_control() T/F/U gaa_post_execution_actions() T/F/U System State

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 10 GAA-API Policies originate from multiple sources Discretionary policies associated with objects Read from existing applications or EACLs Local system policies merged with object policies Broadening or narrowing allowed access Policies imported from policy/state issuers ID system issues state credentials, These credentials may embed policy as well. Policies embedded in credentials These policies attach to user/process credentials and

apply to access by only specific processes. Policies evaluated remotely Credential issuers (e.g. authentication and authorization servers) evaluate policies to decide which credentials to issue. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 8 Communicating threat conditions Threat Conditions and New Policies carried in signed certificates Added info in authentication credentials Threat condition credential signed

by ID system Base conditions require presentation or availability of credential Matching the condition brings in additional policy elements. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 11 Integrating security services The API calls must be made by applications. This is a major undertaking, but one which must be done no matter how one chooses to do

authorization. These calls are at the control points in the app They occur at auditable events, and this is where records should be generated for ID systems They occur at the places where one needs to consider dynamic network threat conditions. Adaptive policies use such information from ID systems. They occur at the right point for billable events. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 12 Advances Needed in Policy

Ability to merge & apply policies from many sources Legislated policies Organizational policies Agreed upon constraints Integration of Policy Evaluation with Applications So that policies can be uniformly enforced Support for Adaptive Policies is Critical Allows response to attack or suspicion Policies must manage use of security services What to encrypt, when to sign, what to audit. Hide these details from the application developer. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE GAA - Applications and other integration

Web servers - apache Grid services - globus Network control IPsec and firewalls Remote login applications ssh Trust management Can call BYU code to negotiate credentials Will eventually guide the negotiation steps Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES

INSTITUTE 13 What dynamic policies enable Dynamic policy evaluation enables response to attacks: Lockdown system if attack is detected Establish quarantines by changing policy to establish isolated virtual networks dynamically. Allow increased access between coalition members as new coalitions are formed or membership changes to respond to unexpected events.

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 14 Demo Scenario - LockDown You have an isolated local area network with mixed access to web services (some clients authenticated, some not). Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

15a Demo Scenario - LockDown You have an isolated local area network with mixed access to web services (some clients authenticated, some not). You need to allow incoming authenticated SSH or IPSec connections. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

15b Demo Scenario - LockDown You have an isolated local area network with mixed access to web services (some clients authenticated, some not). You need to allow incoming authenticated SSH or IPSec connections. When such connections are active, you want to

lock down your servers and require stronger authentication and confidentiality protection on all accesses within the network. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 15c Policies

HIPAA, other legislation Privacy statements Discretionary policies Mandatory policies (e.g. classification) Business policies Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 16

Mechanisms Access Matrix Access Control List Capability list Unix file system Andrew file system SSH authorized key files Restricted proxies, extended certificates Group membership Payment Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 16

Summary Policies naturally originate in multiple places. Deployment of secure systems requires coordination of policy across countermeasures. Effective response requires support for dynamic policy evaluation. Such policies can coordinated the collection of data used as input for subsequent attack analysis. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE 16 Review for Mid-term

Cryptography Basic building blocks Conventional DES, AES, others Public key RSA Hash Functions Modes of operation Stream vs. Block Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Review for Mid-term Key Management Pairwise key management

Key storage Key generation Group key management Public key management Certification Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Review for Mid-term Authentication: Know, Have, About you Unix passwords Kerberos and NS Public Key Single Sign On

Applications and how they do it Weaknesses Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Review for Mid-term Authorization and Policy: Access Matrix ACL Capability Bell Lapadula Dynamic Policy Management Delegation Importance of getting policy right

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Current Event Cracked Linux Boxes used to Wield Windows Botnets - SlashDot, Friday October 5 m-stone writes "Online auction house eBay recently did a threat assessment to better understand the forces ranging against them. The company is keeping the fine details under wraps, but the biggest source of danger for the company is apparently botnets. You're never going to guess who was running them. '[Dave Cullinane, eBay's chief information and security officer] noticed an unusual trend when taking down phishing sites. 'The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes,' he said. Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to

Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected. Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake websites, hoping to lure victims into disclosing their passwords." Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Security Systems Lecture 8, October 19 2007 Introduction to Malicious Code

ADVANCE SLIDES Dr. Clifford Neuman University of Southern California Information Sciences Institute Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Classes of Malicious Code How propagated Trojan Horses Embedded in useful program that others will want to run. Covert secondary effect. Viruses

When program started will try to propagate itself. Worms Exploits bugs to infect running programs. Infection is immediate. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Classes of Malicious Code The perceived effect Viruses Propagation and payload Worms Propagation and payload

Spyware Reports back to others Zombies Controllable from elsewhere Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Activities of Malicious Code Modification of data Propagation and payload Spying Propagation and payload Advertising Reports back to others or uses locally Propagation

Controllable from elsewhere Self Preservation Covering their tracks Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Defenses to Malicious Code Detection Virus scanning Intrusion Detection Least Privilege Dont run as root Separate users IDs Sandboxing Limit what the program can do

Backup Keep something stable to recover Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Trojan Horses A desirable documented effect Is why people run a program A malicious payload An undocumented activity that might be counter to the interests of the user. Examples: Some viruses, much spyware. Issues: how to get user to run program. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES

INSTITUTE Trojan Horses Software that doesnt come from a reputable source may embed trojans. Program with same name as one commonly used inserted in search path. Depending on settings, visiting a web site or reading email may cause program to execute. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Viruses

Resides within another program Propagates itself to infect new programs (or new instances) May be an instance of Trojan Horse Email requiring manual execution Infected program becomes trojan Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Viruses Early viruses used boot sector Instruction for booting system Modified to start virus then system.

Virus writes itself to boot sector of all media. Propagates by shared disks. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Viruses Some viruses infect program Same concept, on start program jumps to code for the virus. Virus may propagate to other programs then jump back to host. Virus may deliver payload. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES

INSTITUTE Recent Viruses Spread by Email Self propagating programs Use mailbox and address book for likely targets. Mail program to targeted addresses. Forge sender to trick recipient to open program. Exploit bugs to cause auto execution on remote site. Trick users into opening attachments. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Viruses Phases Insertion Phase How the virus propagates Execution phase Virus performs other malicious action Virus returns to host program Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Analogy to Real Viruses Self propagating Requires a host program to replicate. Similar strategies

If deadly to start wont spread very far it kills the host. If infects and propagates before causing damage, can go unnoticed until it is too late to react. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE How Viruses Hide Encrypted in random key to hide signature. Polymorphic viruses changes the code on each infection. Some viruses cloak themselves by trapping system calls.

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Macro Viruses Code is interpreted by common application such as word, excel, postscript interpreter, etc. May be virulent across architectures. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Worms Propagate across systems by exploiting

vulnerabilities in programs already running. Buffer overruns on network ports Does not require user to run the worm, instead it seeks out vulnerable machines. Often propagates server to server. Can have very fast spread times. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Delayed Effect Malicious code may go undetected if effect is delayed until some external event.

A particular time Some occurrence An unlikely event used to trigger the logic. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Zombies/Bots Machines controlled remotely Infected by virus, worm, or trojan Can be contacted by master May make calls out so control is possible even through firewall. Often uses IRC for control.

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Spyware Infected machine collect data Keystroke monitoring Screen scraping History of URLs visited Scans disk for credit cards and password. Allows remote access to data. Sends data to third party. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Some Spyware Local Might not ship data, but just uses it To pop up targeted ads Spyware writer gets revenue for referring victim to merchant. Might rewrite URLs to steal commissions. Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Theory Can not detect a virus by determining whether a program

performs a particular activity. Reduction from the Halting Problem But can apply heuristics Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Defenses to Malicious Code Detection Signature based Activity based Prevention Prevent most instances of memory used as both data and code

Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Defenses to Malicious Code Sandbox Limits access of running program So doesnt have full access or even users access. Detection of modification Signed executables Tripwire or similar Statistical detection Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Root Kits Hide traces of infection or control Intercept systems calls Return false information that hides the malicious code. Returns fall information to hide effect of malicious code. Some root kits have countermeasures to attempts to detect the root kits. Blue pill makes itself hyper-root Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Best Detection is from the Outside

Platform that is not infected Look at network packets using external device. Mount disks on safe machine and run detection on the safe machine. Trusted computing can help, but still requires outside perspective Copyright 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE

Recently Viewed Presentations

  • Cost Benefit Analysis of the Three Gorges Dam

    Cost Benefit Analysis of the Three Gorges Dam

    An Economic Cost-Benefit Analysis of GM Crop Cultivation: An Irish Case Study Marie-Louise Flannery, Fiona S. Thorne, B Paul W. Kelly and Ewen Mullins GM Crops in Ireland At the time of study, no GM crop cultivation in Ireland (EU...
  • Latin and Greek Root Words

    Latin and Greek Root Words

    Arial Calibri Arial Black Default Design Latin and Greek Root Words PowerPoint Presentation PowerPoint Presentation PowerPoint Presentation PowerPoint Presentation Greek letters are still used in math and science today. th, ph, ch, and ps stand for Greek letters not in...
  • Workshop 2 - cae-club.ru

    Workshop 2 - cae-club.ru

    This is needed for the turbulence model being used, since it ensures the first grid point is in the viscous sublayer. Solver. Select the steady-state implicit density-based solver. From 'General' in the tree check Type: Density-Based.
  • Measuring tools  Modern engines use thinner casting and

    Measuring tools Modern engines use thinner casting and

    All parts are measured and marked according to size. ... Screw pitch of 1/40" or .025" for inch micrometer. One inch of travel. Screw pitch of .50 mm for metric micrometers. ... PowerPoint Presentation Last modified by: cmille13 ...
  • The Cell

    The Cell

    Cell. Tissue. Organ. System. Organism. Cell. The first level of organization. The basic unit of structure and function of living things. Tissue. Second level of organization. Groups of similar cells that perform a specific function. Muscle tissue. Lung tissue.
  • UNIVERSITY OF WISCONSINMADISON UNIZIN UPDATE for Teaching and

    UNIVERSITY OF WISCONSINMADISON UNIZIN UPDATE for Teaching and

    Communicate Progress to UW-Madison IT Governance, SCIDD Instructional Technologists and Campus Learning Technology Decision Makers
  • Department of Veterans Affairs Office of Financial Systems (047E)

    Department of Veterans Affairs Office of Financial Systems (047E)

    FIXED ASSETS A/O OCT 2008 INSTRUCTOR: CLASS SCHEDULE: Class begins at 8:30 am Class ends at 4:00 p.m. OBJECTIVE: The objective of this course is to provide an overview of the Financial Management System (FMS) Fixed Asset Subsystem (FAP) including...
  • Session: Enforcement Actions - ICIS Customer Support

    Session: Enforcement Actions - ICIS Customer Support

    Lesson 1: Enforcement Actions Overview. Session: Enforcement Actions. Office of Enforcement and Compliance Assurance . ǀ . ICIS records and tracks actions taken to address noncompliance with environmental laws by a regulated entity. ... XX-0000-AAAA. Positions 1-2 (X): HQ or...