Transcript CSC 482/582: Computer Security

Fundamentals
CSC 482/582: Computer Security
Slide #1
Topics
A first look at four important questions:
 What is security?
 How do we evaluate risks of various threats?
 How does security mitigate these risks?
 How do we balance the costs and trade-offs of our
security solutions?
CSC 482/582: Computer Security
Slide #2
9/11
Most devastating terrorist attack in history.
 Low-tech.
 Innovative.


Completely different than earlier hijackings.
We thought we had solved airplane bombings by ensuring
passengers were on same flight as baggage.
 What were the security responses?


How effective were the responses?
What were the costs?
CSC 482/582: Computer Security
Slide #3
What is Security?
Security is the prevention of certain types of
intentional actions from occurring in a system.
 These potential actions are threats.
 Threats that are carried out are attacks.
 Intentional attacks are carried out by an attacker.
 Objects of attacks are assets.
CSC 482/582: Computer Security
Slide #4
Safety vs. Security
Adversary: An intelligent attacker who intentionally
causes the system to fail.
Safety
• Home: fire alarm.
• Car: crumple zones.
• Computer: UPS.
Security
• Home: door lock.
• Car: alarm.
• Computer: Login
password.
Safety and security can interact: Who is watching
your computer room after the fire alarm was pulled?
CSC 482/582: Computer Security
Slide #5
Goals of Security
Prevention
 Prevent attackers from violating security policy
Detection
 Detect attackers’ violation of security policy
Recovery
 Stop attack, assess and repair damage
Survivability
 Continue to function correctly even if attack succeeds
CSC 482/582: Computer Security
Slide #6
NSTISSC Security Model
CSC 482/582: Computer Security
Slide #7
Components of Security
Confidentiality
 Keeping data and resources hidden. Privacy.
Integrity
 Preventing unauthorized changes to data or resources.
Availability
 Enabling access to data and resources
CSC 482/582: Computer Security
Slide #8
Confidentiality
Authentication
Passwords, mother’s maiden name
Corporations
Trade secrets, e.g., the formula for Coca Cola.
Databases
SSN, Driver’s license
Governments
National security
Embarrassing information: www.thememoryhole.org
CSC 482/582: Computer Security
Slide #9
Integrity
Data Integrity
 content of the information.
 ex: 2005 Walmart $1.5 million bar code scam.
Origin Integrity (authentication)
 source of the information.
 ex: 1997 Kurt Vonnegut MIT commencement address
email. Vonnegut was not the 1997 speaker and the
content wasn’t his.
Prevention vs. Detection
CSC 482/582: Computer Security
Slide #10
Availability
Prevent loss of system access.
Denial of service attacks common.
 Easy to launch, difficult to track down.
 Can be just part of another attack
CSC 482/582: Computer Security
Slide #11
States of Information
Storage
Information not currently being accessed.
Processing
Information currently being used by processor.
Transmission
Information in transit btw one node and another.
CSC 482/582: Computer Security
Slide #12
Security Measures
Technology.
 Hardware/software used to ensure confidentiality,
integrity, or availability.
Policy and practice.
 Security requirements and activities.
Education, training, and awareness.
 Understanding of threats and vulnerabilities and how to
protect against them.
CSC 482/582: Computer Security
Slide #13
How to evaluate security solutions?
1.
2.
3.
4.
5.
What assets are you trying to protect?
What are the risks to those assets?
How well does the security solution mitigate those
risks?
What other risks does the security solution cause?
What costs and trade-offs does the security solution
impose?
CSC 482/582: Computer Security
Slide #14
Aspects of Risks
To evaluate a risk, we need to evaluate both:
 Probability of risk occurring.
 Cost incurred by risk if it occurs.
Minimize product of probability and cost.
Risks are impacted by environment.
 Building a house in a flood plain incurs additional risks
beyond that of house itself.
 Similarly, installation and configuration options impact
risk of software systems.
CSC 482/582: Computer Security
Slide #15
Security is a matter of Trade-offs
Security is only one of many system goals:
• Functionality
• Ease of Use
• Efficiency
• Time to market
• Cost
• Security
CSC 482/582: Computer Security
Slide #16
Cost-Benefit Analysis
Is it cheaper to prevent violation or recover?
 Cost of good network security:


Money, time, reduced functionality, annoyed users.
Large and ongoing.
 Risks of bad network security:


Angry customers, bad press, network downtime.
Small and temporary.
CSC 482/582: Computer Security
Slide #17
Airport Security
Let’s consider the issue of airport security again from
the standpoint of what we’ve learned. Develop a
solution, keeping the 5 questions in mind:
1. What assets are you trying to protect?
2. What are the risks to those assets?
3. How well does the security solution mitigate those
risks?
4. What other risks does the security solution cause?
5. What costs and trade-offs does the security
solution impose?
CSC 482/582: Computer Security
Slide #18
Human Issues: People Problems
Social engineering
 Kevin Mitnick testified before Congress “I was so
successful in that line of attack that I rarely had to resort
to a technical attack.”
Circumvention
 Users write down passwords, leave screens unlocked.
Insider attacks
CSC 482/582: Computer Security
Slide #19
Human Issues: Organizations
Low priority
 Security costs, but doesn’t produce income.
 Lack of liability reduces costs of bad security.
Variable impact
 Cost of security violation highly variable.
 Insurance converts variable risk to fixed cost, but risk
too variable for much involvement so far.
Power and responsibility
 Personnel responsible for security often don’t have
power to enforce security.
CSC 482/582: Computer Security
Slide #20
Security: Laws and Customs
Are desired security measures illegal?
 cryptography export before 2000
 is it legal to monitor security breakins?
 international commerce
Will users circumvent them?
 writing down passwords
 removing file ACLs
CSC 482/582: Computer Security
Slide #21
Security Liability
Product liability:
 Tires: Continental recalled Ford SUV tires in 2002 due to
wire and vibration problems.
 Software: Manufacturer not liable for security flaws.
Since Microsoft isn’t liable for Windows security failures,
why would they want to sacrifice money, time,
functionality, and ease of use for security?
CSC 482/582: Computer Security
Slide #22
Assumptions
 Security rests on assumptions specific to type of
security required and environment.
 Examples:
 TCP/IP designed for pre-commercial Internet.



Assumed only legitimate admins had root access.
Trusted IP addresses, since only root can set IP address.
What happens to network when Windows 95 systems added
to network, where desktop user has all privileges?
 Windows designed as single-user system w/o network

Many programs expect or need administrator access to work.
CSC 482/582: Computer Security
Slide #23
Assurance
How much can you trust a system?
Example:
 Purchasing aspirin from a drugstore.
 Bases for trust:



Certification of drug by FDA.
Reputation of manufacturer.
Safety seal on bottle.
CSC 482/582: Computer Security
Slide #24
How much do you trust?
Ken Thompson’s compiler hack from “Reflections on
Trusting Trust.”
 Modified C compiler does two things:
 If compiling a compiler, inserts the self-replicating code
into the executable of the new compiler.
 If compiling login, inserts code to allow a backdoor
password.
 After recompiling and installing old C compiler:
 Source code for Trojan horse does not appear anywhere in
login or C compiler.
 Only method of finding Trojan is analyzing binary.
CSC 482/582: Computer Security
Slide #25
Key Points
 Components of security
 Confidentiality
 Integrity
 Availability
 States of information
 Storage, Processing, Transmission
 Evaluating risk and security solutions.
 Security is a matter of trade-offs.
 Security is a human problem.
CSC 482/582: Computer Security
Slide #26
References
1.
2.
3.
4.
5.
Ross Anderson, Security Engineering, Wiley,
2001.
Matt Bishop, Introduction to Computer
Security, Addison-Wesley, 2005.
Peter Neumann, (moderator), Risks Digest,
http://catless.ncl.ac.uk/Risks/
Bruce Schneier, Beyond Fear, Copernicus
Books, 2003.
Ken Thompson, “Reflections on Trusting
Trust”, Communication of the ACM, Vol. 27,
No. 8, August 1984, pp. 761-763
(http://www.acm.org/classics/sep95/)
CSC 482/582: Computer Security
Slide #27