Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Basics CSCE 489/689 (Software Security) Fall 2018

Published byGunnar Ellingsen Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Basics CSCE 489/689 (Software Security) Fall 2018"— Presentation transcript:

1 Security Basics CSCE 489/689 (Software Security) Fall 2018
Philip Ritchey Department of Computer Science and Engineering

2 Klossner’s comics are quite good. You should check them out.
A 2014 study by IBM and Ponemon Institute identified three main causes of a data breach: malicious or criminal attack, system glitch (IT and business process failures), human error.

3 If you remember nothing else…
Remember these: There is No Security without Physical Security The Goals of Security: Confidentiality, Integrity, Availability “Threat” is what could happen. “Attack” is what does happen. Design Principles: Simplicity and Restriction

4 First: there is no security without physical security.
Physical security is necessary, but not sufficient. If an attacker has physical access, they have a HUGE advantage. Physical access can be onsite (break-in, insider) or offsite (theft). ATM machine security? It better be bolted to the wall/ground. If not, it’s easy to load it onto a truck and take it home to exploit with a sledgehammer and other tools. JerryRigEverything – Physical Defeat of Tapplock: defeated: 2:23-4:33 Pen Test Partners – Bluetooth Unlock:

5 The Basics: Fundamental Concepts
C: Confidentiality I: Integrity A: Availability Other ‘A’s: A: Authenticity A: Anonymity A: Assurance A: Authorization A: Accounting A: Auditing

6 The concealment of information or resources.
Confidentiality The concealment of information or resources. Applies to content and existence Supported by access control mechanisms Cryptography File permissions Whitelists / Blacklists Enforcement relies on system services (e.g. kernel) Assumptions and Trust Protect data at rest, in transit, and in use. Alice has a file. She doesn’t want anyone else to be able to read the file. Bob should not be able to read the file. Bob should not be able to open the file (Bob does not have read permission, OS will not allow Bob to open the file for reading) Bob should not be able to make sense of the data in the file (suppose Bob can read bits directly. The bits should be gibberish to Bob. i.e. the data is encrypted) Bob should not even know the file exists. even the bits on disk that indicate what other bits belong to a file should be obfuscated. or the file is hidden inside of another file, one that Bob may or may not be allowed to read, in such a way that only Alice can extract the bits that make up the secret file (stego “enstegged?”)

7 The trustworthiness of data or resources.
Integrity The trustworthiness of data or resources. Data integrity and origin integrity Origin  “authentication” Impacts credibility Prevention mechanisms and detection mechanisms Prevention: block unauthorized changes to the data (2 kinds) Detection: report loss of trustworthiness of data’s integrity Correctness and trustworthiness Origin, transmission, storage Unauthorized user attempts to make changes: outsider Authorized user attempts to make unauthorized changes: insider Prevention: access control: passwords, permissions Detection: MACs, document hashes Protect data at rest, in transit, and in use.

8 The ability to use the information or resource desired.
Availability The ability to use the information or resource desired. An unavailable system is at least as bad as no system at all Reliability Example: compromised secondary, unavailable primary Denial of Service (DoS, DDoS) Attempts to block availability Difficult to detect and distinguish The slashdot/digg/reddit effect “An unavailable system is at least as bad as no system at all” it hurts worse when things you rely on are not available. you own a car. It breaks down. You are late to work and have to pay for tow + repairs. you don’t own a car. You bike to work everyday. The reddit effect occurs when a popular website links to a smaller site, causing a massive increase in traffic. This overloads the smaller site, causing it to slow down or even temporarily become unavailable.

9 Examples Confidentiality — An employee should not come to know the salary of another employee Integrity — An employee should not be able to modify their own salary Availability — Paychecks should be printed and delivered on time

10 The Basics: Threats and Attacks
Threat: potential violation of security Attacks: actions that cause violations of security. Attackers: those who execute attacks. Assets: the objects of attack. 4 classes of threat: Disclosure: unauthorized access to information Deception: acceptance of false data Disruption: interruption or prevention of correct operation Usurpation: unauthorized control of some part of a system Threat: potential violation of security. The fact that the violation MIGHT occur means that those actions which could cause it to occur must be guarded against and prepared for. Threats include defects in design, implementation, and operation Attacks: actions that cause violations of security. Active vs. Passive Attackers: Actors who execute attacks. Asset: Objects of attack, e.g. computers and networks

11 Garden Variety Threats
Snooping Modification or Alteration Masquerading or Spoofing Repudiation of Origin Denial of Receipt Delay Denial of Service Cause and Result are important, Intention is not. Repudiation of origin: false denial that an entity sent or created something. DECEPTION. Countered by INTEGRITY. Denial of Receipt: false denial that an entity received some information. DECEPTION. Countered by INTEGRITY. Security violations can be unintentional (some of the worst have been). They can also be “carried out” by non-sentient processes. Mother Earth will sometimes rain on your parade but she’s not out to get you. You still have to protect against her actions.

12 Snooping Unauthorized access to information
Packet sniffers and wiretappers Illicit copying of files and programs A B Attacker Snooping: unauthorized interception of information. Passive wiretapping. A form of DISCLOSURE. Countered by CONFIDENTIALITY.

13 Modification Stop the flow of the message
Delay and optionally modify the message Release the message again A B Attacker Modification or alteration: unauthorized change made to data. Could be DECEPTION (some entity relies on the modified data to determine which action to take or incorrect information is accepted as correct and released) or DISRUPTION and USURPATION (the modified data controls the operation of the system). Active wiretapping, man-in-the-middle. Countered by INTEGRITY.

14 Spoofing Unauthorized assumption of other’s identity
Generate and distribute objects under this identity A B Attacker: from A Masquerading or spoofing: impersonation of one entity by another. DECEPTION and USURPATION. May be passive, usually active. Countered by INTEGRITY. Delegation is a form of masquerading which is not a violation of security. “I am Tom doing business on behalf on Susan” is OK as long as Susan delegated authority to act on her behalf to Tom. Tom saying “I am Susan” is not OK.

15 Delay and Denial of Service
Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource) A B Delay: a temporary inhibition of service. DISRUPTION and USURPATION. Countered by AVAILABILITY. Denial of Service: a long term inhibition of service. DISRUPTION and USURPATION. Infinite delay. Countered by AVAILABILITY.

16 Man-In-The-Middle X Passive tapping
Listen to communication without altering contents. Active wire tapping Modify data being transmitted Example: user attacker server logon! Intruder takes over identity of user (masquerading) X logoff! fine!

17 Impact of Attacks Theft of confidential information
Unauthorized use of Network bandwidth Computing resource Spread of false information Disruption of legitimate services All attacks can be related and are dangerous!

18 The Basics: Design Principles
Simplicity Less to go wrong Fewer possible inconsistencies Easy to understand Restriction Minimize access Inhibit communication The design principles are rooted in simplicity and restrictiveness. Simplicity lies on many levels. The basic idea is that simpler things have fewer components, so less can go wrong. Further, there are fewer interfaces, so there are fewer subjects communicating through the interfaces that can be inconsistent. Finally, they are easier to check, since the mechanism is not complex, and therefore easier to understand. There is also less to check. Restriction minimizes the number and types of interactions between the subject and other subjects. In some (MIL/GOV) circles, an example is the “need to know” principle: only give the subject access to the information it needs to complete its task. It also should only be able to release information when required to by its goals. Note that this includes integrity, because by altering other subjects, the writer can communicate information (e.g. covert channels).

19 The Basics: Design Principles
Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Fail-safe defaults: Base access decisions on permission rather than exclusion. Economy of mechanism: Keep the design as simple and small as possible. Complete mediation: Every access to every object must be checked for authority. Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. Saltzer and Schroeder's design principles are design principles enumerated by Jerome Saltzer and Michael Schroeder in their 1975 article The Protection of Information in Computer Systems, that from their experience are important for the design of secure software systems. Fun example of not fail-safe default: Christmas classic movie “Diehard”. Hans Gruber and the Vault. Last stage is EM lock. Power cut, vault unlocked. Bad design!

20 The Basics: Design Principles
Open design: The design should not be secret. Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users. Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker. Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss. Work factor = what is “enough” security? Threat model  risk analysis / management Compromise recording = auditing Security is risk management

21 Summary No Security without Physical Security
The Security Triad: Confidentiality, Integrity, Availability Also: Anonymity, Authenticity, Assurance, Authorization, Accounting, Auditing Threats, Attacks, Attackers, Assets Threat Classes: Disclosure, Deception, Disruption, Usurpation Common Threats: Snooping, Spoofing, Modification, Denial of Service, MitM Security Principles: Simplicity and Restriction Economy of Mechanism, Fail-safe Defaults, Complete Mediation, Open Design, Separation of Privilege, Least Privilege, Least Common Mechanism, Psychological Acceptability

22 Thanks and Gig ‘em! WHOOP!

Download ppt "Security Basics CSCE 489/689 (Software Security) Fall 2018"

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

Similar presentations

Ads by Google