Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 10: Security Design Principles

Published byBrent Pierce Clark Modified over 6 years ago

Similar presentations

Presentation on theme: "Lecture 10: Security Design Principles"— Presentation transcript:

1 Lecture 10: Security Design Principles
CS 436/636/736 Spring 2013 Nitesh Saxena

2 Course Admin HW3 being graded (solution set provided)
HW4 will be posted today Includes programming part related to Buffer Overflow The conceptual part will be due within 14 days Programming part needs demo – we can do so after the exam – precisely on May 8, 9 (Wed, Thu) Demo slot sign-up – a bit later You are allowed to work on the programming part in teams of two each Please form your own team

3 Today’s Info/fun bit: RFID Relay Attack To Enter UAB Classroom
response query query query response response

4 Lecture 9: Security Design Principles
An Exercise Spot an attack on this protocol meant for mutual authentication between A and B, assuming the two share a symmetric key A  B: rA B  A: Enck(rA, rB) A  B: rB 5/6/2018 Lecture 9: Security Design Principles

5 Design Principles for Secure Systems
Two basic themes: Simplicity – KISS Makes design and interactions easy Easy to prove its safety Restriction Minimize the power of entities 5/6/2018 Lecture 9: Security Design Principles

6 Lecture 9: Security Design Principles
Principles of design Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability 5/6/2018 Lecture 9: Security Design Principles

7 Principle of least privilege
Entity should be given only those privilege needed to finish a task Temporary elevation of privilege should be relinquished immediately Granularity of privileges Append permission only for logging process. 5/6/2018 Lecture 9: Security Design Principles

8 Principle of fail-safe defaults
Unless a subject is given explicit access to an object, it should be denied access to the object. Default access to an object is none Access Control Lists (ACLs), firewall examples. Restricting privileges at the time of creation 5/6/2018 Lecture 9: Security Design Principles

9 Principle of economy of mechanism
Security mechanism should be as simple as possible. Fewer errors Testing and verification is easy Assumptions are less Interface to other modules Implicit assumptions of modules Finger example 5/6/2018 Lecture 9: Security Design Principles

10 Principle of complete mediation
All accesses to objects should be checked to ensure they are allowed. UNIX file descriptor DNS cache poisoning. Restrict caching policies Security vs. performance issues 5/6/2018 Lecture 9: Security Design Principles

11 Principle of open design
Security of a mechanism should not depend upon secrecy of its design or implementation (why not?) Secrecy != security Complexity != security “Security through obscurity” Cryptography and openness 5/6/2018 Lecture 9: Security Design Principles

12 Principle of separation of privilege
System should not grant permission based on single condition Company checks over $75,000 to be signed by two officers. Example: “su” on BSD requires User be in group “wheel” User knows root password Restrictive because it limits access 5/6/2018 Lecture 9: Security Design Principles

13 Principle of least common mechanism
Isolation Mechanisms used to access resources should not be shared Restrictive because it limits sharing Amazon website – Denial of service attacks!! 5/6/2018 Lecture 9: Security Design Principles

14 Principle of psychological acceptability
Security mechanism should not make the resource difficult to access Recognizes the most important element in computer security? The human! 5/6/2018 Lecture 9: Security Design Principles

15 Lecture 9: Security Design Principles
Example 1 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability Viruses cause havoc because, any program or script that is downloaded or received as attachment, runs with the privileges of the user that runs them. Or worse the privileges of the application. What is the problem? What design principles are being exploited? 5/6/2018 Lecture 9: Security Design Principles

16 Lecture 9: Security Design Principles
Example 2 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability Unix password authentication Which design principle is being adhered to mainly? 5/6/2018 Lecture 9: Security Design Principles

17 Lecture 9: Security Design Principles
Example 3 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability “wifi-free” is the wireless LAN to be used by a University faculty, students and staff. However, even a guy at a nearby cafe could use it!!!!!! What design principles are being violated? 5/6/2018 Lecture 9: Security Design Principles

18 Lecture 9: Security Design Principles
Example 4 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability A bluetooth Device A wants to establish a key with another bluetooth device B Mechanism 1: they agree upon a common trusted CA, get certificates from this CA and for example, use STS protocol to establish a key Mechanism 2: they use a physical channel (e.g., an audio channel) to establish a key Which mechanism better adheres to the principle of economy of mechanism? 5/6/2018 Lecture 9: Security Design Principles

19 Lecture 9: Security Design Principles
Example 5 TLS defines a mandatory server side certificate and an optional client side certificate. Though highest level of security is achieved using client and server side certificates, client side keys did not become very popular because of administrative overhead (Installation, expiration of client side certificates). What design principle is being violated? 5/6/2018 Lecture 9: Security Design Principles

20 SSL Handshaking Messages
*=optional

21 Lecture 9: Security Design Principles
Example 5 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability TLS defines a mandatory server side certificate and an optional client side certificate. Though highest level of security is achieved using client and server side certificates, client side keys did not become very popular because of administrative overhead (Installation, expiration of client side certificates). What design principle is being violated? 5/6/2018 Lecture 9: Security Design Principles

22 Lecture 9: Security Design Principles
Example 6 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability COCA (Cornell Online Certification Authority) distributes the operation of issuing certificates among multiple servers What is the main principle COCA is trying to adhere to? 5/6/2018 Lecture 9: Security Design Principles

23 Lecture 9: Security Design Principles
Example 7 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability Polynomial secret sharing What principle is being adhered to? 5/6/2018 Lecture 9: Security Design Principles

24 Lecture 9: Security Design Principles
Example 8 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability Various cipher machines were developed and used during the two World Wars. For example, Enigma, Schlusselzusatz, Purple, etc. It was believed that keeping secret the design of the machines will help boost the security. Which principle is being violated? 5/6/2018 Lecture 9: Security Design Principles

25 Lecture 9: Security Design Principles
Example 9 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability Every time A receives a certificate from B, she should verify if B’s certificate is not revoked. We studied the mechanism of CRLs to achieve this. Which principle is being violated by CRLs? What would be a better solution? Online Certificate Status Protocol (OCSP) 5/6/2018 Lecture 9: Security Design Principles

26 Lecture 9: Security Design Principles
Example 10 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability Policy on password selection to access machines at a University: Use both uppercase and lowercase letters if the computer system considers an uppercase letter to be different from a lowercase letter when the password is entered. Include digits and punctuation characters as well as letters. Choose something easily remembered so it doesn't have to be written down. Use at least 8 characters. Password security is improved slightly by having long passwords. A password should be easy to type quickly so someone cannot follow what was typed by watching the keyboard. Use two or more short words and combine them with a special character or a number, like ROBOT4ME or EYE-CON. Put together an acronym that has special meaning to you, like NOTFSW (None Of This Fancy Stuff Works) or AVPEGCAN (All VAX Programmers Eat Green Cheese At Night). Which principle is being violated? 5/6/2018 Lecture 9: Security Design Principles

27 Lecture 9: Security Design Principles
Example 11 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability Keyboard acoustic emanations Which principle is being exploited? 5/6/2018 Lecture 9: Security Design Principles

28 Lecture 9: Security Design Principles
Example 12 Principle of least privilege Principle of fail-safe defaults Principle of economy of mechanism Principle of complete mediation Principle of open design Principle of separation of privilege Principle of least common mechanism Principle of psychological acceptability RFID (Radio Frequency Identification cards) Which principle(s) do they violate? 5/6/2018 Lecture 9: Security Design Principles

Download ppt "Lecture 10: Security Design Principles"

Similar presentations

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Access Control Methodologies

Access Control Methodologies
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.

1 cs691 chow C. Edward Chow Design Principles for Secure Mechanisms CS591 – Chapter 5.4 Trusted OS Design CS691 – Chapter 13 of Matt Bishop.
Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 10: Security Design Principles CS 436/636/736 Spring 2012 Nitesh Saxena.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Similar presentations

Ads by Google