02 introduction to security
play

02 - Introduction to Security With material from Dave Levin, Mike - PowerPoint PPT Presentation

Feb 17, 2023 •378 likes •907 views

02 - Introduction to Security With material from Dave Levin, Mike Hicks Ad: Joe Bonneau tomorrow Comments on the reading Defining security properties Threat modeling Defensive strategies Intro to encryption Defining

  1. 02 - Introduction to Security With material from Dave Levin, Mike Hicks

  2. • Ad: Joe Bonneau tomorrow • Comments on the reading • Defining security properties • Threat modeling • Defensive strategies • Intro to encryption

  3. Defining security • Requirements • Confidentiality (and Privacy and Anonymity) • Integrity • Availability • Supporting mechanisms • Authentication • Authorization • Auditability

  4. Privacy and Confidentiality • Definition : Sensitive information not leaked unauthorized • Called privacy for individuals, confidentiality for data • Example policy : Bank account status (including balance) known only to the account owner • Leaking directly or via side channels • Example : Manipulating the system to directly display Bob’s bank balance to Alice • Example : Determining Bob has an account at Bank A based on shorter delay on login failure Secrecy vs. Privacy ? https://www.youtube.com/watch?v=Nlf7YM71k5U

  5. Anonymity • A specific kind of privacy • Attacker cannot determine who is communicating • Sender, receiver or both • Example : Non-account holders should be able to browse the bank site without being tracked • Here the adversary is the bank • The previous examples considered other account holders as possible adversaries

  6. Integrity • Definition : Sensitive information not changed by unauthorized parties or computations • Example : Only the account owner can authorize withdrawals from her account • Violations of integrity can also be direct or indirect • Example : Withdraw from the account yourself vs. confusing the system into doing it

  7. Availability • Definition : A system is responsive to requests • Example : A user may always access her account for balance queries or withdrawals • Denial of Service (DoS) attacks attempt to compromise availability • By busying a system with useless work • Or cutting off network access

  8. Supporting mechanisms • Leslie Lamport’s Gold Standard defines mechanisms provided by a system to enforce its requirements • Au thentication • Au thorization • Au dit • The gold standard is both requirement and design • The sorts of policies that are authorized determine the authorization mechanism • The sorts of users a system has determine how they should be authenticated

  9. Authentication • Who/what is the subject of security policies? • Need notion of identity and a way to connect action with identity • a.k.a. a principal • How can system tell a user is who she says she is? • What (only) she knows (e.g., password) • What she is (e.g., biometric) • What she has (e.g., smartphone, RSA token) • Authentication mechanisms that employ more than one of these factors are called multi-factor authentication • E.g., passwords and text a special code to user’s smart phone

  10. Authorization • Defines when a principal may perform an action • Example : Bob is authorized to access his own account, but not Alice’s account • Access-control policies define what actions might be authorized • May be role-based, user-based, etc.

  11. Audit • Retain enough information to determine the circumstances of a breach or misbehavior (or establish one did not occur ) • Often stored in log files • Must be protected from tampering , • Disallow access that might violate other policies • Example : Every account-related action is logged locally and mirrored at a separate site • Only authorized bank employees can view log

  12. Threat Modeling (Risk Analysis)

  13. Threat Model • Make adversary’s assumed powers explicit • Must match reality, otherwise risk analysis of the system will be wrong • The threat model is critically important • If you don’t know what the attacker can (and can’t) do, how can you know whether your design will repel that attacker? • This is part of risk analysis

  14. Example: Network User • Can connect to a service via the network • May be anonymous • Can: • Measure size, timing of requests, responses • Run parallel sessions • Provide malformed inputs or messages • Drop or send extra messages • Example attacks : SQL injection, XSS, CSRF, buffer overrun

  15. Example: Snooping User • Attacker on same network as other users • e.g., Unencrypted Wi-Fi at coffee shop • Can also • Read/measure others’ messages • Intercept, duplicate, and modify • Example attacks : Session hijacking, other data theft, side-channel attack, denial of service

  16. Example: Co-located User • Attacker on same machine as other users • E.g., malware installed on a user’s laptop • Thus, can additionally • Read/write user’s files (e.g., cookies) and memory • Snoop keypresses and other events • Read/write the user’s display (e.g., to spoof ) • Example attacks : Password theft (and other credentials/secrets)

  17. Threat-driven Design • Different threat models will elicit different responses • Network-only attackers implies message traffic is safe • No need to encrypt communications • This is what telnet remote login software assumed • Snooping attackers means message traffic is visible • So use encrypted wifi (link layer), encrypted network layer (IPsec), or encrypted application layer (SSL) • Which is most appropriate for your system? • Co-located attacker can access local files, memory • Cannot store unencrypted secrets, like passwords • Worry about keyloggers as well (2nd factor?)

  18. Bad Model = Bad Security • Assumptions you make are potential holes the attacker can exploit • E.g.: Assuming no snooping users no longer valid • Prevalence of wi-fi networks in most deployments • Other mistaken assumptions • Assumption : Encrypted traffic carries no information • Not true! By analyzing the size and distribution of messages, you can infer application state • Assumption : Timing channels carry little information • Not true! Timing measurements of previous RSA implementations could eventually reveal an SSL secret key

  19. Finding a good model • Compare against similar systems • What attacks does their design contend with? • Understand past attacks and attack patterns • How do they apply to your system? • Challenge assumptions in your design • What happens if assumption is false? • What would a breach potentially cost you? • How hard would it be to get rid of an assumption, allowing for a stronger adversary? • What would that development cost?

  20. Exercise: Threat modeling • Think about security of a home • Come up with at least 2 different threat models • That lead to very different security decisions • Explain your threat model and suggest defenses

  21. Defense: Allocating resources • It’s impossible to stop everything • Defender must be correct 100% of the time, attacker only once • Time, cost, people • Better uses of resources • Think through likelihoods, priorities • Effectiveness vs. cost of defense

  22. Defensive strategies • Prevention: Eliminate software defects entirely • Example : Heartbleed bug would have been prevented by using a type-safe language, like Java • Mitigation: Reduce harm from exploitation of unknown defects • Example : Run each browser tab in a separate process, so exploiting one tab does not give access to data in another • Detection/Recovery: Identify, understand attack; undo damage • Examples : Monitoring, snapshotting • Incentives: Legal/criminal threats, economic incentives • Examples : Credit card vs. small business banking

  23. Some Principles • Favor simplicity • Use fail-safe defaults • Do not expect expert users • Trust with reluctance • Minimize trusted computing base • Grant the least privilege possible; compartmentalize • Defend in Depth • If one fails, maybe the next will succeed • Use community resources to stack defenses • Monitor and trace

  24. Intro to Crypto https://en.wikipedia.org/wiki/File:Bletchley_Park_Bombe4.jpg

  25. Crypto is everywhere • Secure comms: • Web traffic (HTTPS) • Wireless traffic (802.11, WPA2, GSM, Bluetooth) • Files on disk: Bitlocker, FileVault • User authentication: Kerberos • … and much more

  26. Overall goal: Protect communication message m: “curiouser and curiouser!” Public channel Alice Bob Powerful adversary: say, any polynomial-time algorithm Eve

  27. Security goals • Privacy • Integrity • Authentication

  28. Goal: Privacy Eve should not be able to learn m. Not even one bit! message m: “curiouser and curiouser!” Public channel E D Alice Bob ??? Eve

  29. Goal: Integrity Eve should not be able to alter m without detection. message m: “curiouser ERROR! and curiouser!” Public channel E D Alice Bob message m’: “curious and curious?” Eve Works regardless of whether Eve knows the contents of m!

  30. Goal: Authenticity Eve should not be able to forge messages as Alice ERROR! Public channel E D Alice Bob “Why is a raven like a writing desk?” signed, Alice Eve

  31. Symmetric crypto m (or error) m Public channel E D c k e k d Alice Bob • k = k e = k d • Everyone who knows k knows the whole secret

  32. • How did Alice and Bob both get the secret key? • That is a different problem • Not solved by symmetric crypto. Assumed.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security Landscape Meraki Security Demo Security Landscape The Growing Importance of Security MALWARE HAS RISEN BY MORE THAN 10X IN THE LAST YEAR 70% M ALW AR E

604 views • 35 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

A RIZONA S TATE U NIVERSITY Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE U NIVERSITY Common Types of Attacks Phishing Malware SQLi XSS MITM DoS Brute-force &

858 views • 55 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
Cybersecurity Training for Nonprofit Organizations Todays threat environment Gordon Walton,

Cybersecurity Training for Nonprofit Organizations Todays threat environment Gordon Walton,

Cybersecurity Training for Nonprofit Organizations Todays threat environment Gordon Walton, President Matthew Horton, Director of Technology Alan Schwartz, Senior Systems Engineer OneWhoServes, Inc. Business Technology Services Who are

541 views • 37 slides
L OW -R ATE , F LOW -L EVEL P ERIODICITY D ETECTION Genevieve Bartlett 1 , John Heidemann 1 ,

L OW -R ATE , F LOW -L EVEL P ERIODICITY D ETECTION Genevieve Bartlett 1 , John Heidemann 1 ,

University of Southern California: ISI L OW -R ATE , F LOW -L EVEL P ERIODICITY D ETECTION Genevieve Bartlett 1 , John Heidemann 1 , Christos Papapdopoulos 2 1 USC/Information Sciences Institute Marina del Rey, CA 2 Colorado State University, Ft.

538 views • 37 slides
Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project: Use symantec as provider Infra-root as Enterprise Service Provider PMC as Software Publishers Provide signing for microsoft jani

359 views • 8 slides
Kharon dataset: Android malware under a microscope Nicolas Kiss Jean-Franois Lalande Mourad

Kharon dataset: Android malware under a microscope Nicolas Kiss Jean-Franois Lalande Mourad

Kharon dataset: Android malware under a microscope Nicolas Kiss Jean-Franois Lalande Mourad Leslous Valrie Viet Triem Tong The LASER Workshop 2016 Learning from Authoritative Security Experiment Results May 26th 2016 N. Kiss & J.-F.

367 views • 18 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides

More recommend