Website: http://www.richmond.edu/~dszajda/classes/cs334/ Fall_2008/main.html Fall 2008 Fall 2008 CS 334 Computer Security 1 Fall 2008 CS 334 Computer Security 2 Text: Security in Computing by Charles P. Thanks to Anthony Joseph, Doug and Shari Lawrence Pfleeger. Tygar, Umesh Vazirani, and David Wagner of the University of Two other good references: California, Berkeley, for their Computer Security: Art and Science generosity in allowing me to use by Matt Bishop some of their course material (slides and handouts) Security Engineering by Ross Anderson Fall 2008 CS 334 Computer Security 3 Fall 2008 CS 334 Computer Security 4 Why Is Security Such a Problem? Two Security Nightmares • Monoculture computing environment • The transparent society • Web, e-commerce, & collaborative applications • Internet spans national boundaries • Poor programming practices • “Electronic Pearl Harbor” • Inherently more difficult to defend vs disrupt Fall 2008 CS 334 Computer Security 5 Fall 2008 CS 334 Computer Security 6 1
Electronic Pearl Harbor • Is this just scare-mongering? • Slammer worm took down Bank of America’s ATM network, Seattle 911 service • Nachi worm invaded Diebold ATMs • Real worries about e-voting validity • Millions of CC #s, SS #s leaked • Case study: Attacks over the Taiwan straits Fall 2008 CS 334 Computer Security 8 Goals of this class • Solid foundation in understanding security Introduction • Key information a/b building secure systems • Introduce range of topics in security Attacks • Interest some of you in further study Security Goals Fall 2008 CS 334 Computer Security 9 Fall 2008 CS 334 Computer Security 10 Security Goals What is Computer Security? • Generally concerned with protection of • Confidentiality : concealment of information or resources. computer related assets – Sometimes called privacy • Risk analysis and management! – “Manage” could mean prevention of damage • Availability : preserve ability to use or detection of damage information or resource desired. – Knowledge of available countermeasures – An unavailable system is at least as bad as and controls no system at all! Fall 2008 CS 334 Computer Security 11 Fall 2008 CS 334 Computer Security 12 2
Security Goals (cont.) Confidentiality • Supported by access control methods • Integrity : trustworthiness of data or – Cryptography for example resources. – System-dependent mechanisms – Typically refers to preventing improper or • BUT: These leave data public when they fail or are unauthorized modification bypassed – Data integrity (content of information) • Also applies to existence of data – Origin integrity (origin of information). – Knowing data exists can often be as Typically referred to as authentication . valuable as the data itself Fall 2008 CS 334 Computer Security 13 Fall 2008 CS 334 Computer Security 14 Confidentiality Integrity • All confidentiality enforcement mechanisms require supporting services • Example: the correct quote credited to from system. the wrong source preserves data – Assumption is that security services can rely integrity but not origin integrity. on kernel and other agents, to supply correct data. Thus assumptions and trust underlie confidentiality mechanisms. • Confidentiality is not integrity : just because no one can read it, doesn’t mean they can’t change it! Fall 2008 CS 334 Computer Security 15 Fall 2008 CS 334 Computer Security 16 Integrity Integrity • Affected by • Two classes – Origin of data (how and from whom it was – Prevention mechanisms: maintain integrity obtained) by blocking unauthorized attempts to – How well data protected before arrival at change data or by blocking attempts to current machine change data in unauthorized ways. – How well data is protected on current – Detection mechanisms: report that data’s machine integrity is no longer trustworthy • Evaluating is difficult: relies on assumptions about source and about trust in that source Fall 2008 CS 334 Computer Security 17 Fall 2008 CS 334 Computer Security 18 3
Availability Availability • Relevant to security because someone • Attack on availability is called a denial may be attempting to affect data or of service attack service by making it unavailable – Difficult to detect: is it a deliberate phenomenon or just an unusual access – Ex. Some software (e.g. network code) pattern? Also, even if underlying statistical depends for correct operation on underlying model is accurate, atypical events do occur statistical information and assumptions. By that may appear to be malicious! changing, for example, service request patterns, an adversary can cause this code to fail. Fall 2008 CS 334 Computer Security 19 Fall 2008 CS 334 Computer Security 20 Threat Related Terminology Threat Related Terminology • Vulnerability: Weakness (in security • Attack: actions that could cause violation to occur system) that might be exploited to cause • Attacker: those who cause such actions to be loss or harm. executed • Threat: Set of circumstances that has • Passive attack: attacker merely observes (e.g., potential to cause loss or harm traffic analysis) • The difference? • Active attack: attacker actively modifies data or creates false data stream – Losing important file is a threat. The weakness in the system that allows this is the vulnerability Fall 2008 CS 334 Computer Security 21 Fall 2008 CS 334 Computer Security 22 Threat Classes (Shirey 1994) Examples and Terms • Disclosure: unauthorized access to info • Snooping: unauthorized interception of information (form of disclosure). • Deception: acceptance of false data Countered by confidentiality • Disruption: interruption or prevention of mechanisms correct operation – Ex. Wiretapping • Usurpation: unauthorized control of some part of a system Fall 2008 CS 334 Computer Security 23 Fall 2008 CS 334 Computer Security 24 4
Examples and Terms Examples and Terms • Modification or alteration: unauthorized • Masquerading or Spoofing: change of information (could be deception, disruption, or usurpation) impersonation of one identity by another. Most often deception, but may – Ex. Active wiretapping be used for usurpation. Integrity – Ex. Person-in-the-middle attack: attacker reads message from sender and forwards services (called authentication services (possibly modified) message to receiver. in this context) counter this threat. Countered by integrity mechanisms Fall 2008 CS 334 Computer Security 25 Fall 2008 CS 334 Computer Security 26 Examples and Terms Examples and Terms • Delegation (one entity authorizes a second • Repudiation of origin: false denial that entity to perform functions on its behalf) is a an entity sent or created something form of masquerading that may be allowed. • Denial of receipt: false denial that an This is not the same as traditional entity received some information or masquerading, since the person performing the action is not pretending to be someone message they are not. That is, all parties are aware of the delegation. Fall 2008 CS 334 Computer Security 27 Fall 2008 CS 334 Computer Security 28 Examples and Terms Policy and Mechanism • Delay: temporary inhibition of service. • Security Policy: a statement of what is, Typically a form of usurpation, but may and what is not, allowed also be used for deception. • Security Mechanism: a method, tool, or • Denial-of-service: seen this already: procedure for enforcing a security policy long term inhibition of service. A form of usurpation. – Mechanisms can be non-technical. Policies often require some procedural mechanisms that technology cannot enforce. Fall 2008 CS 334 Computer Security 29 Fall 2008 CS 334 Computer Security 30 5
Recommend
More recommend
