CSCE 548 Introduction Basic Security Concepts

APOGEE Students Download recorded lectures Contact instructor if needed via – Phone: during office hours – any time – Arrange meetings as needed Attend exams as scheduled Attend class presentation CSCE Farkas2

Instructor:Csilla Farkas Office:Swearingen 3A43 Office Hours:Mondays, Wednesdays 3:30 – 5:00 pm or electronically any time or by appointment Telephone: Class homepage: /csce548.htmhttp:// 2012/csce548.htm CSCE Farkas3

Text Books Software Security: Building Security In by Gary McGraw, Publisher: Addison-Wesley Professional, February 2, 2006, ISBN-10: ISBN-13: Deadly Sins of Software Security by Michael Howard, David LeBlanc, John Viega, Publisher: McGraw-Hill Osborne Media, ISBN CSCE Farkas4

Assignments Research project: There will be one research project related to software security. Final project reports must be submitted at the end of the semester. Further project requirements will be distributed at a later time. Homework: There will be 4-5 homework assignments during the semester. There will be a late submission penalty of 4%/day after the due date. (You can always turn it in early.) Class Presentation: Each group will cover a particular code-level security vulnerability (topics to be distributed later) Exams: two closed book in-class exams CSCE Farkas5

Grading Test 1: 15%, Test 2: 30%, Homework: 15%, Presentation: 10%, Research project: 30% Total score that can be achieved: 100 Final grade: 90 < A ; 87<B+<= 90 ; 80<B<=87 ; 76<C+<=80 ; 66<C<=76 ; 61<D+<=66 ; 50 <D<= 61 CSCE Farkas6

Course Policies All students are responsible for reading and following the official Academic Responsibility of the University of South Carolina, as well as the policies of the university and department regarding usage of the computing resourcesAcademic Responsibility university department CSCE Farkas7

Tentative Schedule Week 1 Software Engineering and Security Week 2Risk Management Week 3 Use Cases and Misuse Cases Week 4 Software Reliability Week 5Seven Touchpoints for Software Security Week 6 Code Review; Architectural Risk Analysis TEST 1 Week 7Penetration Testing, Risk-Based Security Testing Week 8Abuse Cases; Security Requirements Week 9Security Analysis; Taxonomy of Coding Errors Week Programming Flaws; Language-Based Vulnerabilities April 25, 5:30-7:30 pm FINAL EXAM CSCE Farkas8

Questions? 9

Basic Security Concepts ce /csce522.htm Basic Security Concepts CSCE 522 Information Security Principles Fall ce /csce522.htm

CSCE Farkas11 Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper modification of information Availability: prevent/detect/deter improper denial of access to services

CSCE Farkas12 Fourth Objective Securing computing resources: prevent/detect/deter improper use of computing resources – Hardware – Software – Data – Network

CSCE Farkas13 Information Assurance Prevention Detection Tolerance/response

CSCE Farkas14 Achieving Security Policy – What to protect? Mechanism – How to protect? Assurance – How good is the protection?

CSCE Farkas15 Security Policy Organizational Policy Computerized Information System Policy

CSCE Farkas16 Security Tradeoffs COST Security Functionality Ease of Use

CSCE Farkas17 Threat, Vulnerability, Risk  Threat: potential occurrence that can have an undesired effect on the system  Vulnerability: characteristics of the system that makes is possible for a threat to potentially occur  Attack: action of malicious intruder that exploits vulnerabilities of the system to cause a threat to occur  Risk: measure of the possibility of security breaches and severity of the damage

CSCE Farkas18 Types of Threats  Errors of users  Natural/man-made/machine disasters  Dishonest insider  Disgruntled insider  Outsiders

CSCE Farkas19 Types of Attack  Interruption – an asset is destroyed, unavailable or unusable (availability)  Interception – unauthorized party gains access to an asset (confidentiality)  Modification – unauthorized party tampers with asset (integrity)  Fabrication – unauthorized party inserts counterfeit object into the system (authenticity)  Denial – person denies taking an action (authenticity)

CSCE Farkas20 Computer Criminals Amateurs: regular users, who exploit the vulnerabilities of the computer system – Motivation: easy access to vulnerable resources Crackers: attempt to access computing facilities for which they do not have the authorization – Motivation: enjoy challenge, curiosity Career criminals: professionals who understand the computer system and its vulnerabilities – Motivation: personal gain (e.g., financial)

CSCE Farkas21 Methods of Defense Prevent: block attack Deter: make the attack harder Deflect: make other targets more attractive Detect: identify misuse Tolerate: function under attack Recover: restore to correct state Documentation and reporting

CSCE Farkas22 Information Security Planning Organization Analysis Risk management Mitigation approaches and their costs Security policy and procedures Implementation and testing Security training and awareness

CSCE Farkas23 Prevention

CSCE Farkas24 Identification Authentication

CSCE Farkas25 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose identity is verified reveals knowledge of some secret S to the verifier Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier

CSCE Farkas26 Access Control

CSCE Farkas27 Access Control Protection objects: system resources for which protection is desirable – Memory, file, directory, hardware resource, software resources, etc. Subjects: active entities requesting accesses to resources – User, owner, program, etc. Access mode: type of access – Read, write, execute

CSCE Farkas28 Indirect Information Flow Channels Covert channels Inference channels

CSCE Farkas29 Firewall Objectives Keep intruders, malicious code and unwanted traffic or information out Keep proprietary and sensitive information in Private Network External Network Proprietary data External attacks

CSCE Farkas30 Cryptography Confidentiality - Secret-Key Encryption - Public-Key Encryption

CSCE Farkas31 Insecure communications Sender Snooper Recipient Insecure channel Confidential Plus: -Authentication (digital signatures) -Integrity verification (hash functions)

CSCE Farkas32 Encryption and Decryption EncryptionDecryption PlaintextCiphertextPlaintext

CSCE Farkas33 Hash Functions Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression) Given h and x, h(x) is easy to compute (ease of computation)

CSCE Farkas34 Digital Signatures in RSA A B Insecure channel Plaintext Signed plaintext Encryption Alg. Decryption Alg. A’s public keyA’s private key (need reliable channel) SignVerify

CSCE Farkas35 Signature and Encryption D EDE A B Plaintext Signed Plaintext Signed Plaintext Encrypted Signed Plaintext A’s private key B’s public key B’s private key A’s public key

CSCE Farkas36 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it  Only the recipient should get it  Proof of the sender’s identity  Message shouldn’t be corrupted in transit  Message should be sent/received once only

CSCE Farkas37 Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system

CSCE Farkas38 Security Flaws by Genesis Genesis – Intentional Malicious: Trojan Horse, Trapdoor, Logic Bomb, covert channels Non-malicious – Inadvertent Validation error Domain error Serialization error Identification/authentication error Other error

CSCE Farkas39 Next Class: Secure software development G. McGraw: Chapter 1