Lecture 2 - Security Overview CSE497b - Spring 2007 Introduction - - PowerPoint PPT Presentation

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Lecture 2 - Security Overview

CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger

www.cse.psu.edu/~tjaeger/cse497b-s07

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Readings

• Books

– Perlman et al – Gollmann – Both are listed on calendar

• Readings

– Please check the calendar for the class readings – Today

• Gollmann Chs. 1 and 2
• Next, Perlman Ch. 10, Gollmann Ch. 3

2

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

What is security?

• “the property that a system behaves as expected”

– G. Spafford and many others ....

• Note that this does not say what a system should or

should not do.

– Implication -- there is no universal definition or test for security (why?) – Apply this definition to the ATM

• How do you think an ATM should behave?
• What should it do?
• What should it not do?
• We talk about expectations often in terms of

confidentiality, integrity, and availability.

3

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Risk

• At-risk valued resources that can be misused

– Monetary – Data (loss or integrity) – Time – Confidence – Trust

• What does being misused mean?

– Confidentiality (privacy or communication) – Integrity (personal or communication) – Availability (existential or fidelity)

• Q: What is at stake in your life?

4

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Adversary

• An adversary is any entity trying to

circumvent the security infrastructure

– The curious and otherwise generally clueless (e.g., script- kiddies) – Casual attackers seeking to understand systems – Venal people with an ax to grind – Malicious groups of largely sophisticated users (e.g, chaos clubs) – Competitors (industrial espionage) – Governments (seeking to monitor activities)

5

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Threats

• A threat is a specific means by which a risk can be

realized by an adversary

– Context specific (a fact of the environment) – An attack vector is a specific threat (e.g., key logger)

• A threat model is a collection of threats that deemed

important for a particular environment

– E.g., should be addressed – A set of “security requirements” for a system

• Q: What were (unaddressed) risks/threats in the

introductory examples?

– SQL Slammer – Yale/Princeton

6

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Vulnerabilities (attack vectors)

• A vulnerability is a systematic artifact that exposes

the user, data, or system to a threat

– E.g., buffer-overflow, WEP key leakage

• What is the source of a vulnerability?

– Bad software (or hardware) – Bad design, requirements – Bad policy/configuration – System Misuse

• unintended purpose or environment
• E.g., student IDs for liquor store

7

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Are users adversaries?

• Have you ever tried to circumvent the security of a

system you were authorized to access?

• Have you ever violated a security policy (knowingly
• r through carelessness)?

8

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Attacks

• An attack occurs when someone attempts to exploit

a vulnerability

• Kinds of attacks

– Passive (e.g., eavesdropping) – Active (e.g., password guessing) – Denial of Service (DOS)

• Distributed DOS – using many endpoints
• A compromise occurs when an attack is successful

– Typically associated with taking over/altering resources

9

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Participants

• Participants are expected system entities

– Computers, agents, people, enterprises, … – Depending on context referred to as: servers, clients, users, entities, hosts, routers, … – Security is defined with respect to these entitles

• Implication: every party may have unique view
• A trusted trusted third party

– Trusted by all parties for some set of actions – Often used as introducer or arbiter

10

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Trust

• Trust refers to the degree to

which an entity is expected to behave

– What the entity not expected to do?

• E.g., not expose password

– What the entity is expected to do (obligations)?

• E.g., obtain permission, refresh
• A trust model describes, for a particular

environment, who is trusted to do what?

• Note: you make trust decisions every day

– Q: What are they? – Q: Whom do you trust?

11

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Related Terminology

• Reliability - property of a system that indicates it will

continue to function for long periods of time under varying circumstances

• Survivability - ability of a system to maintain function

during abnormal or environmentally troubling events

• Privacy - the ability to stop information from

becoming known to people other than those they choose to give the information

• Assurance - confidence that system meets its

security requirements

• as typically evidenced by some evaluation methodology

(FIPs 192, Common Criteria)

12

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Security Model

• A security model is the combination of a trust and threat

models that address the set of perceived risks

– The “security requirements” used to develop some cogent and comprehensive design – Every design must have security model

• LAN network or global information system
• Java applet or operating system

– The single biggest mistake seen in use of security is the lack of a coherent security model – It is very hard to retrofit security (design time)

• This class is going to talk a lot about security models

– What are the security concerns (risks)? – What are the threats? – Who are our adversaries? – Who do we trust and to do what?

• Systems must be explicit about these things to be secure.

13

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Review

• An adversary is a subject who tries to gain unauthorized

access

• A threat is a mechanism that the adversary is capable of

employing to gain unauthorized access

• A risk is a loss due to an adversary gaining unauthorized

access

• A vulnerability is a flaw in a that enables a threat to allow

the adversary unauthorized access

• A threat model describes all the mechanisms available to

the adversaries

• A trust model describes all the subjects that are trusted not

to have vulnerabilities that can be abused or be adversaries

• A security model consists of a threat model and a trust

model (functional and security goals as well)

14

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Security Overview

• Security can be separated into many ways, e.g.,

threats, sensitivity levels, domains

• This class will focus on three interrelated domains of

security that encompass nearly all security issues

• 1. Network Security
• 2. Systems Security
• 3. Program Security
• There are other areas, e.g., physical security, privacy,
• etc. that will not directly be covered.

15

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Common problems in network security

• Network security attempts to protect communication

between hosts carried by the (often untrusted) network.

– Eavesdropping communication (confidentiality) – Modifying communication (integrity) – Preventing communication (availability)

• Example: securing application traffic (Web)

– Protecting on network (HTTP requests/responses) – As passing through intermediaries (proxies) – In server (from malicious requests) – Protecting the client (from malicious content)

16

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Common problems in systems security

• Systems security attempts to protect data held on

hosts and sometimes (sometimes untrusted) storage.

– Prevention of sensitive data leakage (confidentiality)

• Also known as information flow governance

– Prevention of data corruption (integrity) – Controlling data response (availability)

• Systems Security: Controlling Data Leakage
• on disk (key in clear -- encrypt with pass phrase)
• provide pass-phrase (window manager)
• memory of program
• swap memory to swap space

17

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Common problems in program security

• Program security attempts to protect data received,

held, and output on a (sometimes untrusted) host.

– Prevention of sensitive data leakage (confidentiality)

• Also known as information flow governance

– Prevention of data corruption (integrity) – Controlling data access (availability)

• Example: Handling A Remote Request
• process user request (authenticate, authorize)
• data-driven attack from request
• buffer overflows

18

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

The remainder ....

• The remaining weeks will explore the design and use
• f these approaches

– Always ask yourself what tools are appropriate for a particular environment. – For example, which of then proceeding is appropriate for SPAM mitigation

• Authentication
• Access Control
• Transport/Data Security
• Audit/Detection

– What about protecting the confidentiality of your email?

• Next week: Passwords and Authentication

19