1. CS461/ECE422 — Computer Security I — Spring 2012

2.  Computing in the presence of an adversary  Adversary (threat agent) An entity that attacks, or is a threat to, a system.  Attack An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. [source: RFC 2828] 2012-01-17Nikita Borisov — UIUC2

3.  Security Services  Prevent “bad” things from happening  Mechanism  Security Policies  Define what is “bad” and what is “good”  Policy 2012-01-17Nikita Borisov — UIUC3

4. AreaUsual perspectiveSecurity perspective ReliabilityRandom failuresDeliberate failures UsabilityUser confusionUser deception Programming languages (memory safety) CrashesEntrance vector Software engineering (bugs) Software qualityAttack vectors 2012-01-17Nikita Borisov — UIUC4

5.  Security only as good as weakest link  Must understand all parts of the system  O/S  Networking  Devices  Physical security  People  We will cover some of these topics 2012-01-17Nikita Borisov — UIUC5

6.  Task: log into online bank account to transfer funds  What are the vulnerabilities? 2012-01-17Nikita Borisov — UIUC6

7.  Confidentiality  Keeping data and resources hidden  Privacy  Integrity  Data integrity (integrity)  Origin integrity (authentication)  Availability  Enabling access to data and resources 2012-01-17Nikita Borisov — UIUC Slide #1-7

8. Authenticity Property of being genuine. Can be verified and trusted Accountability Actions of an entity can be traced uniquely to that entity Nonrepudiation or “you can’t escape your past”. 2012-01-17Nikita Borisov — UIUC8

9.  Threat – Set of circumstances that has the potential to cause loss or harm. Or a potential violation of security.  Vulnerability – Weakness in the system that could be exploited to cause loss or harm  Attack – When an entity exploits a vulnerability on system  Control or Countermeasure – A means to prevent a vulnerability from being exploited Slide #1-92012-01-17Nikita Borisov — UIUC

10. Security entails:  Identifying assets  Identifying vulnerabilities  Designing countermeasures  Assessing risk [Figure 1.2 from Stallings & Brown] 2012-01-17Nikita Borisov — UIUC10

11. Slide #1-112012-01-17Nikita Borisov — UIUC

12.  Disclosure – Unauthorized access to information  Deception – Acceptance of false data  Disruption – Interruption or prevention of correct operation  Usurpation – Unauthorized control of some part of a system Slide #1-122012-01-17Nikita Borisov — UIUC

13.  Snooping or interception  Unauthorized interception of information  Falsification  Unauthorized change of information  Masquerading or spoofing  An impersonation of one entity by another  Repudiation  A false denial that an entity received some information. Slide #1-132012-01-17Nikita Borisov — UIUC

14.  Policy  A statement of what is and what is not allowed  Divides the world into secure and non-secure states  A secure system starts in a secure state. All transitions keep it in a secure state.  Mechanism or Implementation  A method, tool, or procedure for enforcing a security policy  Prevent, detect, response, or recovery Slide #1-142012-01-17Nikita Borisov — UIUC

15.  Web server accepts all connections  No authentication required  Self-registration  Connected to the Internet Slide #1-152012-01-17Nikita Borisov — UIUC

16.  Locks prevent unwanted physical access.  What are the assumptions this statement builds on? Slide #1-162012-01-17Nikita Borisov — UIUC

17.  Policy correctly divides world into secure and insecure states.  Mechanisms prevent transition from secure to insecure states. Slide #1-172012-01-17Nikita Borisov — UIUC

18.  Bank officers may move money between accounts.  Any flawed assumptions here? Slide #1-182012-01-17Nikita Borisov — UIUC

19.  Evidence of how much to trust a system  Evidence can include  System specifications  Design  Implementation Slide #1-192012-01-17Nikita Borisov — UIUC

20.  Why do you trust Aspirin from a major manufacturer?  FDA certifies the aspirin recipe  Factory follows manufacturing standards  Safety seals on bottles  Analogy to software assurance Slide #1-202012-01-17Nikita Borisov — UIUC

21.  Must look at the big picture when securing a system  Main components of security  Confidentiality  Integrity  Availability  Differentiating Threats, Vulnerabilities, Attacks and Controls  Policy vs mechanism  Assurance Slide #1-212012-01-17Nikita Borisov — UIUC

22.  Staff  Nikita Borisov, instructor  Qiyan Wang, TA  Communications  Class web page http://www.cs.illinois.edu/class/sp12/cs461 http://www.cs.illinois.edu/class/sp12/cs461  Newsgroup class.sp12.cs461  More to come next class Slide #1-222012-01-17Nikita Borisov — UIUC

23.  Two lectures / week  Each lecture:  Starts 8am sharp  i-Clicker review questions  5-minute break halfway through  Active learning exercises  ~1 per week  Help keep you awake!  Bring pen, paper 2012-01-17Nikita Borisov — UIUC23

24.  Midterm: 20%  Final: 40%  Homework: 15%  Every 1-2 weeks  Security analysis: 15%  See next slide  Participation: 10%  Extra project worth 20% for grad students taking for 4 credits Slide #1-242012-01-17Nikita Borisov — UIUC

25.  Last few days of Slashdot 2012-01-17Nikita Borisov — UIUC25

26.  Analyze a current event  Report what happened  Describe threats, vulnerabilities, assets, and risks involved  Identify lessons  Analyze an existing system  Perhaps one you encounter in daily life ▪ Pictures are great  Describe threats, vulnerabilities, assets, and risks involved 2012-01-17Nikita Borisov — UIUC26

27.  Total requirements: 3 in a semester  At least one current event and one existing system  Due Feb 14, Mar 13, Apr 17  May be done in groups  1-3 students per group  Posted in forum  TBA 2012-01-17Nikita Borisov — UIUC27

28.  i-Clicker participation  Comments / questions in class, on newsgroup  Discussion of security analyses  100% participation not required for 100% of grade 2012-01-17Nikita Borisov — UIUC28

29.  Review department and university cheating and honor codes:  https://agora.cs.illinois.edu/display/undergradPro g/Honor+Code https://agora.cs.illinois.edu/display/undergradPro g/Honor+Code  http://admin.illinois.edu/policy/code/article1_part 4_1-402.html http://admin.illinois.edu/policy/code/article1_part 4_1-402.html  This has been an issue in the past  Expectations for exams, homeworks, projects, and papers Slide #1-292012-01-17Nikita Borisov — UIUC

30.  Main text:  Computer Security: Principles and Practice by William Stallings and Lawrie Brown  Additional readings provided via compass or public links  Books on reserve at the library Slide #1-302012-01-17Nikita Borisov — UIUC

31.  Three introductory courses  Computer Security I (CS461/ECE422) ▪ Covers NSA 4011 security professional requirements ▪ Taught every semester (mostly)  Computer Security II (CS463/ECE424) ▪ Continues in greater depth on more advanced security topics ▪ Taught every 1-2 semesters  Applied Computer Security Lab (CS460/ECE419) ▪ With CS461 covers NSA 4013 system administrator requirements  Two of the three courses will satisfy the Security Specialization in the CS track for Computer Science majors. Slide #1-312012-01-17Nikita Borisov — UIUC

32.  Cryptography  Theoretical foundations (Prabhakaran)  Applied cryptography (Prabahkaran & Borisov)  Number theory (Blahut)  Security Reading Group CS591RHC  Advanced Computer Security CS563  Local talks  http://www.iti.illinois.edu/content/seminars-and- events http://www.iti.illinois.edu/content/seminars-and- events  ITI Security Roadmap  http://www.iti.illinois.edu/content/security http://www.iti.illinois.edu/content/security Slide #1-322012-01-17Nikita Borisov — UIUC