Information Systems Security Dr. Bhavani Thuraisingham Introduction to Information Systems Security Lecture #1 June 1, 2012 Dr. Bhavani Thuraisingham

Outline What is Cyber Security? What is C. I. A.? Ten Major Modules of Cyber Security Some Topics in Cyber Security

Cyber Security Security traditionally has been about CIA (Confidentiality, Integrity, Availability) Security now also includes areas like Trustworthiness, Quality, Privacy Dependability includes Security, Reliability and Fault Tolerance Initially the term used was Computer Security (Compusec); it then evolved into Infosec – Information security – to include data and networks – now with web its called Cyber Security

C. I.A. Confidentiality: Preventing from unauthorized disclosure Integrity: Preventing from unauthorized modification Availability: Preventing denial of service

Ten Major Modules of Cyber Security Information Security and Risk Management Access Control Security Architecture and Design Physical and Environmental Security Telecommunications Security Cryptography Business Continuity Planning Legal Regulations, Compliance and Investigations Applications Security Operations Security

Information Security and Risk Management Security Management Security Administration Organizational Security Model Information Risk Management Risk Analysis Policies, Standards, Guidelines, Procedures Information Classification Layers of Responsibility Security Awareness Training

Access Control Security Principles Identification, Authentication, Authorization, Accountability Access Control Models Access Control techniques Access Control Administration Access Control Methods Access Control Types Accountability Access Control practices Access Control Monitoring Threats to Access Control

Security Architecture and Design Computer Architecture Systems Architecture Security Models Security Modes of Operation Systems Evaluation Methods Open vs. Closed Systems Enterprise Architecture Security Threats

Physical and Environmental Security What is Physical Security Planning Process Protecting assets Internal Support Systems Perimeter Security Other aspects

Telecommunications and Network Security Open Systems Interconnection Reference Model TCP/IP Types of Transmission LAN Networking Routing Protocols Networking Devices Networking services and protocols Intranets and Extranets Metropolitan Area networks Remote access Wireless technologies Rootkits

Cryptography History, Definitions and Concepts Types of Ciphers Methods of Encryption Type of Asymmetric Systems Message Integrity PKI Key Management Link / End-to-end Encryption Email standards Internet security Attacks

Legal Regulation and Compliance Investigation Cyber law and Cyber crime Intellectual property law Privacy Liability and Ramifications Digital Forensics and Investigations Ethics

Applications Security Software and applications security issues Database Security Secu4e systems development Application development and security Object-oriented systems and security Distributed computing and security Expert systems and security Web security Mobile code Patch management

Operations Security Role of the Operations Department Administrative Management Assurance Levels Configuration management Media Controls Data Leakage Network and Resource Availability Mainframes Email Security Vulnerability testing

Introduction to Cyber Security Operating Systems Security Network Security Designing and Evaluating Systems Web Security Data Mining for Malware Detection Other Security Technologies

Operating System Security Access Control Subjects are Processes and Objects are Files Subjects have Read/Write Access to Objects E.g., Process P1 has read acces to File F1 and write access to File F2 Capabilities Processes must presses certain Capabilities / Certificates to access certain files to execute certain programs E.g., Process P1 must have capability C to read file F

Mandatory Security Bell and La Padula Security Policy Subjects have clearance levels, Objects have sensitivity levels; clearance and sensitivity levels are also called security levels Unclassified < Confidential < Secret < TopSecret Compartments are also possible Compartments and Security levels form a partially ordered lattice Security Properties Simple Security Property: Subject has READ access to an object of the subject’s security level dominates that of the objects Star (*) Property: Subject has WRITE access to an object if the subject’s security level is dominated by that of the objects\

Covert Channel Example Trojan horse at a higher level covertly passes data to a Trojan horse at a lower level Example: File Lock/Unlock problem Processes at Secret and Unclassified levels collude with one another When the Secret process lock a file and the Unclassified process finds the file locked, a 1 bit is passed covertly When the Secret process unlocks the file and the Unclassified process finds it unlocked, a 1 bit is passed covertly Over time the bits could contain sensitive data

Steps to Designing a Secure System Requirements, Informal Policy and model Formal security policy and model Security architecture Identify security critical components; these components must be trusted Design of the system Verification and Validation End to End Security? Building a Secure System with Untrusted Components

Product Evaluation Orange Book Trusted Computer Systems Evaluation Criteria Classes C1, C2, B1, B2, B3, A1 and beyond C1 is the lowest level and A1 the highest level of assurance Formal methods are needed for A1 systems Interpretations of the Orange book for Networks (Trusted Network Interpretation) and Databases (Trusted Database Interpretation) Several companion documents Auditing, Inference and Aggregation, etc. Many products are now evaluated using the federal Criteria

Network Security Security across all network layers E.g., Data Link, Transport, Session, Presentation, Application Network protocol security Ver5ification and validation of network protocols Intrusion detection and prevention Applying data mining techniques Encryption and Cryptography Access control and trust policies Other Measures Prevention from denial of service, Secure routing, - - -

Data Security: Access Control Access Control policies were developed initially for file systems E.g., Read/write policies for files Access control in databases started with the work in System R and Ingres Projects Access Control rules were defined for databases, relations, tuples, attributes and elements SQL and QUEL languages were extended GRANT and REVOKE Statements Read access on EMP to User group A Where EMP.Salary < 30K and EMP.Dept <> Security Query Modification: Modify the query according to the access control rules Retrieve all employee information where salary < 30K and Dept is not Security

Multilevel Secure Data Management What is MLS/DBMS ? Users are cleared at different security levels Data in the database is assigned different sensitivity levels--multilevel database Users share the multilevel database MLS/DBMS is the software that ensures that users only obtain information at or below their level In general, a user reads at or below his level and writes at his level Need for MLS/DBMS Operating systems control access to files; coarser grain of granularity Database stores relationships between data Content, Context, and Dynamic access control Traditional operating systems access control to files is not sufficient Need multilevel access control for DBMSs

Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are Unclassified

Security Threats to Web/E-commerce

Intrusion Detection / Malware Detection An intrusion can be defined as “any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource”. Attacks are: Host-based attacks; Network-based attacks Intrusion detection systems are split into two groups: Anomaly detection systems; Misuse detection systems Use audit logs: Capture all activities in network and hosts. Mine the Audit Logs Malware: Virus, Worms, Trojan Horses, - - - Malware changes patterns; need data mining techniques to detect novel classes

Some Security Technologies Digital Identity Management Digital Forensics Digital Watermarking Risk/Cost Analysis Biometrics Other Applications

Digital Identity Management Digital identity is the identity that a user has to access an electronic resource A person could have multiple identities A physician could have an identity to access medical resources and another to access his bank accounts Digital identity management is about managing the multiple identities Manage databases that store and retrieve identities Resolve conflicts and heterogeneity Make associations Provide security Ontology management for identity management is an emerging research area

Digital Identity Management - II Federated Identity Management Corporations work with each other across organizational boundaries with the concept of federated identity Each corporation has its own identity and may belong to multiple federations Individual identity management within an organization and federated identity management across organizations Technologies for identity management Database management, data mining, ontology management, federated computing

Digital Forensics “Digital forensics, also known as computer forensics, involved the preservation, identification, extraction, and documentation of computer evidence stored as data or magnetically encoded information”, by John Vacca Digital evidence may be used to analyze cyber crime (e.g. Worms and virus), physical crime (e.g., homicide) or crime committed through the use of computers (e.g., child pornography) Objective of Computer Forensics: To recover, analyze and present computer based material in such a way that it is usable as evidence in a court of law

Steganography and Digital Watermarking Steganography is about hiding information within other information E.g., hidden information is the message that terrorist may be sending to their pees in different parts of the worlds Information may be hidden in valid texts, images, films etc. Difficult to be detected by the unsuspecting human Steganalysis is about developing techniques that can analyze text, images, video and detect hidden messages May use data mining techniques to detect hidden patters Steganograophy makes the task of the Cyber crime expert difficult as he/she ahs to analyze for hidden information Communication protocols are being developed

Steganography and Digital Watermarking - II Digital water marking is about inserting information without being detected for valid purposes It has applications in copyright protection A manufacturer may use digital watermarking to copyright a particular music or video without being noticed When music is copies and copyright is violated, one can detect two the real owner is by examining the copyright embedded in the music or video

Risk/Cost Analysis Analyzing risks Before installing a secure system or a network one needs to conduct a risk analysis study What are the threats? What are the risks? Quantitative approach: Events are ranked in the order of risks and decisions are made based on then risks Qualitative approach: estimates are used for risks Security vs Cost If risks are high and damage is significant then it may be worth the cost of incorporating security; If risks and damage are not high, then security may be an additional cost burden Develop cost models Cost vs. Risk/Threat study

Biometrics: Overview Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic Features measured: Face, Fingerprints, Hand geometry, handwriting, Iris, Retinal, Vein and Voice Identification and personal certification solutions for highly secure applications Biometrics replaces Traditional Authentication Methods Provides better security; More convenient; Better accountability Applications : Fraud detection and Fraud deterrence Dual purpose: Cyber Security and National Security Numerous applications: medical, financial, child care, computer access etc.

Biometrics: Process Three-steps: Capture-Process-Verification Capture: A raw biometric is captured by a sensing device such as fingerprint scanner or video camera Process: The distinguishing characteristics are extracted from the raw biometrics sample and converted into a processed biometric identifier record Called biometric sample or template Verification and Identification Matching the enrolled biometric sample against a single record; is the person really what he claims to be? Matching a biometric sample against a database of identifiers Study the attacks of biometrics systems Modifying fingerprints; Modifying facial features