Lecture 1 - USC`s Center for Computer Systems Security
Download
Report
Transcript Lecture 1 - USC`s Center for Computer Systems Security
USC CSCI430
Security Systems
Lecture notes – Spring 2017
Dr. Jelena Mirkovic
University of Southern California
Information Sciences Institute
Class Logistics
Class Web Page
• http://ccss.usc.edu/430
–
–
–
–
Syllabus
Assignments
News
Lecture notes
• Keep checking it!
• Discussion page on Piazza
Contact
• Instructor
– Dr. Jelena Mirkovic
– Office hours Tu/Th 3-4 or by appt in PHE 514/516
– Contact via email ([email protected])
Grading
• Grading:
–
–
–
–
–
CTF exercises: 20%
Homeworks: 20%
Participation: 10%
Midterm Exam: 20%
Final Exam: 30%
• Grades assigned using the curve below:
A
A-
B+
B
B-
C+
C
C-
D+
D
D
90
86
83
80
76
73
70
66
63
60
56
Background
• What you need for this class
– Some basic knowledge of OS and networking
(see network primer on class Web page)
– I will go over these basics and will remind you of relevant
parts when needed in class
– Good programming skills in any language
– Familiarity with Linux OS
Homeworks
• Done on DeterLab testbed
– I will open an account for each of you after the class
– You will get an automated email how to log on
– Your assignment for the next class – readings linked on the Web
page AND run a sample experiment to learn how to use DeterLab.
It could be the one from tutorial.
• We’ll have 4 homeworks, each carries 5% of your grade
• Ask for help early
• Do NOT email testbed ops when you have a problem:
– Email myself or TA
– We can either help with an issue, find out help from DeterLab
staff or extend a deadline
– We will take points off if you email testbed-ops!
Intro to DeterLab
SSH
B
SSH
users
A
C
D
Links
Network
black
grey
IPs
IP example
DNS name
DNS example
experimental any but
192.168.x.x
1.2.3.4
Short name,
no dots
A
control
192.168.1.2
Long name
node.exp.proj
A.test.USC430
192.168.x.x
Intro to DeterLab
SSH (long name)
SSH
users
B
/users/usc430aa
/proj/USC430
SSH, ping, etc
(short name)
100 Mbps
A
100 Mbps
C
1 Gbps
D
boss
Links
Network
black
grey
IPs
IP example
DNS name
DNS example
experimental any but
192.168.x.x
1.2.3.4
Short name,
no dots
A
control
192.168.1.2
Long name
node.exp.proj
A.test.USC430
192.168.x.x
Intro to DeterLab
SSH (long name)
B
SSH
SSH, ping, etc
(short name)
users
100 Mbps
Stay off control network
– it is shared with allA the users!
Mbps
• Make sure to use short names in your100
experiment
C
e.g. ping A and NOT ping A.test.USC430
1 Gbps
• Store large files locally
D
/tmp or /mnt/local (using mkextrafs)
boss
• Collect tcpdump locally
• Don’t create millions of files
Linksand
Network
IPs StudentIPguidelines
example
DNSto
name
DNS example
• This
more is in
Deterlab
black
experimental any but
192.168.x.x
1.2.3.4
Short name,
no dots
A
grey
control
192.168.1.2
Long name
node.exp.proj
A.test.USC430
192.168.x.x
Class Capture-the-Flag Exercises
• Done on DeterLab testbed
• Blue team develops some technology,
Red team attacks it
• Everyone will have a chance to be on both teams
• Each exercise will be performed in class, each carries 10%
of your grade
– I’m not looking for extraordinary solutions (although they are
welcome) but for good integration of what you learned in class
and what you managed to learn off the Internet
– Teamwork is important
– Schedule is paramount! You have to develop code early and test it
thoroughly:
• This cannot be done a day before the exercise
• I will set some milestones for you to ensure timely progress
Midterm and Final
• Open book, open notes
• Each last 1 h 20 min
• We will have reviews in class before each
Class Participation
• Class participation is important
– Ask and answer questions in class
– Ask, answer, participate on-line (Piazza)
– I will check the discussion boards once daily but if you want
a reliable response from me email me directly
• Class participation carries 10% of your grade
Academic Integrity
• What is and is not OK
– I encourage you to talk with others if you have questions
but everyone must DO their work ALONE
– Do not to turn in the work of others
– Do not give others your work to use as their own
– Do not plagiarize from others (published or not)
– Do not try to deceive the instructor
• See the Web site
– More guidelines on academic integrity
– Links to university resources
– If in doubt, ask
• You can always ask me or TA for help!
What Does Security Mean?
What Does Security Mean?
… In Real Life
•
No one should be able to:
–
–
–
–
–
–
–
–
–
Break into my house
Attack me
Steal my TV
Use my house to throw water balloons on people
Damage my furniture
Pretend to be my friend Bob and fool me
Waste my time with irrelevant things
Prevent me from going to my favorite restaurant
Destroy my road, bridge, city ..
What Does Security Mean?
… wrt Computers and Nets
•
No one should be able to:
–
–
–
–
–
–
–
•
Break into my computer
Attack my computer
Steal my information
Use my computer to attack others
Damage my computer or data
Use my resources without my permission
Mess with my physical world
I want to talk to Alice
–
–
Pretend to be Alice or myself or our computers
Prevent me from communicating with Alice
Computer vs. Network Security
•
An isolated computer has a security risk?
–
•
Computer security aims to protect a single, connected,
machine
Networking = communication at all times and in
all scenarios!!!
–
Network security aims to protect the communication
and all its participants
Computer security
•
Network security
Security = robustness or fault tolerance?
Security Properties
• Confidentiality (C)
– Keep data secret from non-participants
• Integrity (I)
– Aka “authenticity”
– Keep data from being modified
– Keep it functioning properly
• Availability (A)
– Keep the system running and reachable
Orthogonal Aspects
• Policy
– Deciding what confidentiality, integrity and availability
mean
• Mechanism
– Implementing the policy
Security Goals
• Attack prevention
– It is impossible for the attack to succeed
• Attack detection
– Low false positives, false negatives and detection delay
A false positive is when the system detects an attack, but the attack
did not occur.
A false negative is when the attack is missed by the system.
• Attack response
– Retaliation, observation, recovery
• Attack recovery
– Remedy the effects of the attack or sustain it
What Does Security Mean?
… wrt Computers and Nets
•
No one should be able to:
–
–
–
–
–
–
–
•
Break into my computer – A, C, I
Attack my computer – A, C, I
Steal my information - C
Use my computer to attack others – I?
Damage my computer or data - I
Use my resources without my permission – A
Mess with my physical world – I, A
I want to talk to Alice
–
–
Pretend to be Alice or myself or our computers – C, I
Prevent me from communicating with Alice - A
What Are the Threats?
(this list is not exhaustive)
•
Breaking into my computer
o
Hackers
• Break a password or sniff it off the network
• Exploit a vulnerability
A vulnerability is a weakness in the system (its design,
implementation or use procedures) that when exploited
makes it behave in a way that system’s creator did not expect.
An exploit is a set of steps that exercises the vulnerability
Use social engineering
• Impersonate someone I trust
Viruses and worms
•
o
What Are the Threats?
•
(this list is not exhaustive)
Attacking my computer
o
Denial-of-service attacks
A DOS attack aims to disrupt a service by either
exploiting a vulnerability or by sending a lot of
bogus messages to a computer offering a service
o
Viruses and some worms
A virus is a self-replicating program that requires
user action to activate such as clicking on E-mail,
downloading an infected file or inserting an infected
floppy, CD, etc ..
A worm is a self-replicating program that does not
require user action to activate. It propagates itself
over the network, infects any vulnerable machine it
finds and then spreads from it further.
What Are the Threats?
(this list is not exhaustive)
•
Stealing my information
o
o
o
From my computer or from communication
I will use cryptography!
• There are many ways to break ciphers
• There are many ways to divulge partial information
(e.g. who do you talk to)
I would also like to hide who I talk to and when
• I will use anonymization techniques
• Anonymization hinders other security approaches
that build models of normal traffic patterns
What Are the Threats?
(this list is not exhaustive)
•
Using my machine to attack others
o
o
o
o
E-mail viruses
Worms
Denial-of-service attacks (including reflector attacks)
Spam, phishing
What Are the Threats?
(this list is not exhaustive)
•
Damaging my computer or data
o
o
o
o
I have to prevent break-ins
I will also use cryptography to detect tampering
I must replicate data to recover from tampering
Denial-of-service attacks and worms can sometimes
damage computers
What Are the Threats?
(this list is not exhaustive)
•
Taking up my resources with irrelevant messages
o
o
o
Denial-of-service attacks
Spam mail (takes time to read and fills space)
Viruses and worms
What Are the Threats?
(this list is not exhaustive)
•
Interfering with my physical world
o
Cyber-physical attacks or collateral victims
o
o
o
o
Power systems, traffic control, utilities
Travel agencies
Medical devices
Smart vehicles
What Are the Threats?
(this list is not exhaustive)
•
Pretending to be Alice or myself or our computers
o
o
o
I want to be sure who I am talking to
(authentication and digital signatures)
It is hard to impersonate a computer in two-way
communication, such as TCP
• But it has been done
Plain IP spoofing seems an extremely hard problem to
solve
IP spoofing means putting a fake IP address in the
sender field of IP packets.
What Are the Threats?
•
(this list is not exhaustive)
Preventing me from communicating with Alice
o
o
o
Alice could be attacked
Routers could be overloaded or tampered with
DNS servers could be attacked
Some Security Mechanisms
(this list is not exhaustive)
•
•
•
•
•
•
•
Encryption
Checksums
Key management
Authentication
Authorization
Accounting
Firewalls
•
•
•
•
•
•
VPNs
Intrusion Detection
Intrusion Response
Virus scanners
Policy managers
Trusted hw
What Are the Challenges?
•
•
Your security frequently depends on others
– Tragedy of the Commons
A good solution must
– Handle the problem to a great extent
– Handle future variations of the problem, too
– Be inexpensive
– Have economic incentive
– Require a few deployment points
– Require non-specific deployment points
What Are the Challenges?
•
Fighting a live enemy
o
o
o
o
Security is an adversarial field
No problem is likely to be completely solved
New advances lead to improvement of attack
techniques
Researchers must play a double role
What Are the Challenges?
•
•
•
Attack patterns change
Often there is scarce attack data
Testing security systems requires reproducing or
simulating legitimate and attack traffic
o
•
•
•
No agreement about realistic traffic patterns
No agreement about metrics
There is no standardized evaluation procedure
Some security problems require a lot of resources
to be reproduced realistically
Practical Considerations
• Risk analysis and risk management
– How important it is to enforce a policy
– Which threats matter
– Legislation may play a role
• The role of trust
– Assumptions are necessary
• Human factors
– The weakest link
In The Shoes of an Attacker
• Who are the attackers
– Used to be teenage hackers (bragging rights)
– Now organized criminal (for profit)
– Political organizations
• Risk to the attacker
– Usually very small