Lecture 2 - The University of Texas at Dallas
Download
Report
Transcript Lecture 2 - The University of Texas at Dallas
Introduction to Biometrics
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Lecture #2
Information Security
August 24, 2005
Outline
Operating Systems Security
Network Security
Designing and Evaluating Systems
Web Security
Other Security Technologies
Data and Applications Security
Operating System Security
Access Control
- Subjects are Processes and Objects are Files
- Subjects have Read/Write Access to Objects
- E.g., Process P1 has read acces to File F1 and write access to
File F2
Capabilities
- Processes must presses certain Capabilities / Certificates to
access certain files to execute certain programs
- E.g., Process P1 must have capability C to read file F
Mandatory Security
Bell and La Padula Security Policy
- Subjects have clearance levels, Objects have sensitivity levels;
clearance and sensitivity levels are also called security levels
- Unclassified < Confidential < Secret < TopSecret
- Compartments are also possible
- Compartments and Security levels form a partially ordered
lattice
Security Properties
- Simple Security Property: Subject has READ access to an object
of the subject’s security level dominates that of the objects
- Star (*) Property: Subject has WRITE access to an object if the
subject’s security level is dominated by that of the objects\
Covert Channel Example
Trojan horse at a higher level covertly passes data to a Trojan
horse at a lower level
Example:
- File Lock/Unlock problem
- Processes at Secret and Unclassified levels collude with
one another
- When the Secret process lock a file and the Unclassified
process finds the file locked, a 1 bit is passed covertly
- When the Secret process unlocks the file and the
Unclassified process finds it unlocked, a 1 bit is passed
covertly
- Over time the bits could contain sensitive data
Network Security
Security across all network layers
- E.g., Data Link, Transport, Session, Presentation,
Application
Network protocol security
Ver5ification and validation of network protocols
Intrusion detection and prevention
- Applying data mining techniques
Encryption and Cryptography
Access control and trust policies
Other Measures
- Prevention from denial of service, Secure routing, - - -
-
Steps to Designing a Secure System
Requirements, Informal Policy and model
Formal security policy and model
Security architecture
- Identify security critical components; these components must be
trusted
Design of the system
Verification and Validation
Product Evaluation
Orange Book
- Trusted Computer Systems Evaluation Criteria
Classes C1, C2, B1, B2, B3, A1 and beyond
- C1 is the lowest level and A1 the highest level of assurance
- Formal methods are needed for A1 systems
Interpretations of the Orange book for Networks (Trusted Network
Interpretation) and Databases (Trusted Database Interpretation)
Several companion documents
- Auditing, Inference and Aggregation, etc.
Many products are now evaluated using the federal Criteria
Security Threats to Web/E-commerce
Security
Threats and
Violations
Access
Control
Violations
Denial of
Service/
Infrastructure
Attacks
Integrity
Violations
Fraud
Sabotage
Confidentiality
Authentication
Nonrepudiation
Violations
Approaches and Solutions
End-to-end security
- Need to secure the clients, servers, networks, operating
systems, transactions, data, and programming languages
- The various systems when put together have to be secure
Composable properties for security
Access control rules, enforce security policies, auditing,
intrusion detection
Verification and validation
Security solutions proposed by W3C and OMG
Java Security
Firewalls
Digital signatures and Message Digests, Cryptography
E-Commerce Transactions
E-commerce functions are carried out as transactions
- Banking and trading on the internet
- Each data transaction could contain many tasks
Database transactions may be built on top of the data transaction
service
- Database transactions are needed for multiuser access to web
databases
- Need to enforce concurrency control and recovery techniques
Types of Transaction Systems
Stored Account Payment
- e.g., Credit and debit card transactions
- Electronic payment systems
- Examples: First Virtual, CyberCash, Secure Electronic Transaction
Stored Value Payment
- Uses bearer certificates
- Modeled after hard cash
Goal is to replace hard cash with e-cash
- Examples: E-cash, Cybercoin, Smart cards
What is E-Cash?
Electronic Cash is stored in a hardware token
Token may be loaded with money
- Digital cash from the bank
Buyer can make payments to seller’s token (offline)
Buyer can pay to seller’s bank (online)
Both cases agree upon protocols
Both parties may use some sort of cryptographic key mechanism to
improve security
Other Security Technologies
Data and Applications Security
Middleware Security
Insider Threat Analysis
Risk Management
Trust and Economics
Biometrics
Developments in Data and Applications
Security: 1975 - Present
Access Control for Systems R and Ingres (mid 1970s)
Multilevel secure database systems (1980 – present)
- Relational database systems: research prototypes and products;
Distributed database systems: research prototypes and some
operational systems; Object data systems; Inference problem
and deductive database system; Transactions
Recent developments in Secure Data Management (1996 – Present)
- Secure data warehousing, Role-based access control (RBAC); Ecommerce; XML security and Secure Semantic Web; Data
mining for intrusion detection and national security; Privacy;
Dependable data management; Secure knowledge management
and collaboration
Developments in Data and Applications
Security: Multilevel Secure Databases - I
Air Force Summer Study in 1982
Early systems based on Integrity Lock approach
Systems in the mid to late 1980s, early 90s
- E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and
ASD Views by TRW
- Prototypes and commercial products
- Trusted Database Interpretation and Evaluation of Commercial
Products
Secure Distributed Databases (late 80s to mid 90s)
- Architectures; Algorithms and Prototype for distributed query
processing; Simulation of distributed transaction management
and concurrency control algorithms; Secure federated data
management
Developments in Data and Applications
Security: Multilevel Secure Databases - II
Inference Problem (mid 80s to mid 90s)
- Unsolvability of the inference problem; Security constraint
processing during query, update and database design
operations; Semantic models and conceptual structures
Secure Object Databases and Systems (late 80s to mid 90s)
- Secure object models; Distributed object systems security;
Object modeling for designing secure applications; Secure
multimedia data management
Secure Transactions (1990s)
- Single Level/ Multilevel Transactions; Secure recovery and
commit protocols
Some Directions and Challenges for Data and
Applications Security - I
Secure semantic web
- Single/multiple security models?
- Different application domains
Secure Information Integration
- How do you securely integrate numerous and heterogeneous
data sources on the web and otherwise
Secure Sensor Information Management
- Fusing and managing data/information from distributed and
autonomous sensors
Secure Dependable Information Management
- Integrating Security, Real-time Processing and Fault Tolerance
Data Sharing vs. Privacy
- Federated database architectures?
Some Directions and Challenges for Data and
Applications Security - II
Data mining and knowledge discovery for intrusion detection
- Need realistic models; real-time data mining
Secure knowledge management
- Protect the assets and intellectual rights of an organization
Information assurance, Infrastructure protection, Access
Control
- Insider cyber-threat analysis, Protecting national databases,
Role-based access control for emerging applications
Security for emerging applications
- Geospatial, Biomedical, E-Commerce, etc.
Other Directions
- Trust and Economics, Trust Management/Negotiation, Secure
Peer-to-peer computing,
Layered Architecture for Dependable
Semantic Web
0Adapted from Tim Berners Lee’s description of the Semantic Web
S
E
C
U
R
I
T
Y
P
R
I
V
A
C
Y
Logic, Proof and Trust
Rules/Query
RDF, Ontologies
Other
Services
XML, XML Schemas
URI, UNICODE
0 Some Challenges: Security and Privacy cut across all layers;
Integration of Services; Composability
Secure Sensor Information Management:
Directions for Research
Individual sensors may be compromised and attacked; need
techniques for detecting, managing and recovering from such
attacks
Aggregated sensor data may be sensitive; need secure storage sites
for aggregated data; variation of the inference and aggregation
problem?
Security has to be incorporated into sensor database management
- Policies, models, architectures, queries, etc.
Evaluate costs for incorporating security especially when the sensor
data has to be fused, aggregated and perhaps mined in real-time
Need secure dependable information management for sensor data
Secure Dependable Information Management
Dependable information management includes
- secure information management
- fault tolerant information
- High integrity and high assurance computing
- Real-time computing
Conflicts between different features
- Security, Integrity, Fault Tolerance, Real-time Processing
- E.g., A process may miss real-time deadlines when access
control checks are made
- Trade-offs between real-time processing and security
- Need flexible security policies; real-time processing may be
critical during a mission while security may be critical during
non-operational times
Secure Dependable Information Management
Example: Next Generation AWACS
Navigation
Data Analysis Programming
Group (DAPG)
Data Links
Sensors
Sensor
Detections
Multi-Sensor
Tracks
Technology
Future
App
provided by
Future
App
the project
Data
Mgmt.
Data
Xchg.
MSI
App
Infrastructure Services
Real-time Operating System
Hardware
Future
App
Display
Processor
&
Refresh
Channels
Consoles
(14)
•Security being considered after
the system has been designed
and prototypes implemented
•Challenge: Integrating real-time
processing, security and
fault tolerance
Research Directions for Privacy
Why this interest now on privacy?
-
Data Mining for National Security
Data Mining is a threat to privacy
Balance between data sharing/mining and privacy
Privacy Preserving Data Mining
Inference Problem as a Privacy Problem
Data Sharing Across Coalitions
Data Mining to Handle Security Problems
Data mining tools could be used to examine audit data and flag
abnormal behavior
Much recent work in Intrusion detection
- e.g., Neural networks to detect abnormal patterns
Tools are being examined to determine abnormal patterns for
national security
- Classification techniques, Link analysis
Fraud detection
- Credit cards, calling cards, identity theft etc.
What can we do?:
Privacy Preserving Data Mining
Prevent useful results from mining
- limit data access to ensure low confidence and support
- Extra data (“cover stories”) to give “false” results with Providing
only samples of data can lower confidence in mining results;
Idea: If adversary is unable to learn a good classifier from the data,
then adversary will be unable to learn good
- rules, predictive functions
Approach: Only make a sample of data available
- Limits ability to learn good classifier
Several recent research efforts have been reported
Inference Problem as a Privacy Problem:
Privacy Constraint Processing
User Interface Manager
Privacy
Constraints
Constraint
Manager
Query Processor:
Constraints during
query and release
operations
DBMS
Database Design
Tool
Update
Processor:
Constraints during
database design
operation
Constraints
during update
operation
Database
Secure Data Sharing Across Coalitions
Data/Policy for Coalition
Export
Data/Policy
Export
Data/Policy
Export
Data/Policy
Component
Data/Policy for
Agency A
Component
Data/Policy for
Agency C
Component
Data/Policy for
Agency B