security analysis threat models
play

Security Analysis & Threat Models Dawn Song Logistics - PowerPoint PPT Presentation

Feb 26, 2023 •455 likes •957 views

Introduction Security Analysis & Threat Models Dawn Song Logistics Sessions You can go to any sessions Project groups You can switch groups for difgerent projects Wait List Dawn Song Evolving Threats Dawn Song

  1. Introduction Security Analysis & Threat Models Dawn Song

  2. Logistics • Sessions – You can go to any sessions • Project groups – You can switch groups for difgerent projects • Wait List Dawn Song

  3. Evolving Threats Dawn Song

  4. Exploration, Disruption, Personal Reputation • 1990s: – Phone phreaking, free calls • Early 2000s: – Email worms – CodeRed, MyDoom, Sobig Dawn Song

  5. Financially Motivated • Shift in late 2000s • Spam – Pharmaceuticals – Fake products • Carding/Fraud – Identify theft, credit fraud Dawn Song

  6. Politically Motivated • Advanced Persistent Threats (APT) • Stuxnet, Flame, Gauss – Iranian nuclear infrastructure – Lebanese banking information Dawn Song

  7. Politically Motivated Dawn Song

  8. Other Motives? Dawn Song

  9. Threats Statistics Dawn Song

  10. MITRE tracks vulnerability disclosures # of Vulnerabilities (CVE IDs) # of CVEs by T ype DoS Code Ex ecution Overfmow Memory Corruption Sql Injection XSS Directory T raversal Http R esponse Split- 7% 4% 1% 3% ting 4% 17% Bypass something Gain Information 0% 26% Gain Privileges CSRF 3% 3% 12% File Inclusion 11% 8% 2010 Data: http://www.cvedetails.com/browse-by-date.php Dawn Song

  11. Trends in client-side vulnerabilities Source: IBM X-Force, Mar 2013 Dawn Song

  12. ireEye Advanced Thread Report 2013 Dawn Song

  13. IBM X-Force 2013 Dawn Song

  14. Mobile Threats on the Rise Dawn Song

  15. Payloads---Why Attackers Compromise Machines and What Do They Do? Dawn Song

  16. I: IP address and bandwidth stealing Attacker’s goal: look like a random Internet user Use the infected machine’s IP address for: • Spam (e.g. the storm botnet) • Denial of Service: • Click fraud (e.g. Clickbot.a) Dawn Song

  17. II: Steal user credentials keylog for banking passwords, web passwords, gaming pwds. Example: SilentBanker (2007) User requests login page Malware Bank sends login injects page needed to Bank Javascript log in When user submits information, also sent to attacker Similar mechanism used by Zeus botnet Dawn Song

  18. III: Spread to isolated systems Example: Stuxtnet Windows infection ⇒ Siemens PCS 7 SCADA control software on Windows ⇒ Siemens device controller on isolated network More on this later in course Dawn Song

  19. Server-side attacks • Financial data theft: often credit card numbers – example: malicious software installed on servers of a single retailer stole 45M credit card (2007) • Political motivation: The Sony Hack (2014), Aurora, T unisia Facebook (Feb. 2011) • Infect visiting users Dawn Song

  20. Insider attacks: example Hidden trap door in Linux (nov 2003) – Allows attacker to take over a computer – Really subtle change (uncovered via CVS logs) Inserted a line in wait4() if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; See: http://lwn.net/Articles/57135/ Dawn Song

  21. Many more examples • Access to SIPRnet and a CD-RW: 260,000 cables ⇒ Wikileaks • SysAdmin for city of SF government. Changed passwords, locking out city from router access • Insider logic bomb took down 2000 UBS servers Dawn Song

  22. Monetization Dawn Song

  23. Marketplace for Vulnerabilities Option 1 : bug bounty programs • Google Vulnerability Reward Program: $100-20,000 • Mozilla Bug Bounty program: 3K$ • Pwn2Own competition: 15K $ • Github, HackerOne … Option 2 : • ZDI, iDefense: 2K – 25K $ Dawn Song

  24. Marketplace for Vulnerabilities Option 3 : black market urce: Charlie Miller (securityevaluators.com/fjles/papers/0daymarket.pdf) Dawn Song

  25. Marketplace for owned machines spa spa clients keylogge keylogge m m r r Pay-per-install (PPI) services bot bot PPI operation: PPI PPI service service 1. Own victim’s machine 2. Download and install client’s code 3. Charge client Victims ource: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf) Dawn Song

  26. Marketplace for owned machines spa spa clients keylogge keylogge m m r r bot bot Cost: US - 100-180$ / 1000 PPI PPI machines service service Asia - 7-8$ / 1000 machines Victims ource: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf) Dawn Song

  27. Why Is Security Hard? T wo factors: • Lots of buggy software (and gullible users) • Money can be made from fjnding and exploiting vulnerabilities 1. Marketplace for vulnerabilities and exploits 2. Marketplace for owned machines (PPI) 3. Many methods to profjt from owned client machines Dawn Song

  28. Formally Defjning Security Dawn Song

  29. What is Computer Security About? • General goals: – Allow intended use of computer systems – Prevent unintended use that may cause harm • More precisely… Dawn Song

  30. Basic Security Properties (I) • Confjdentiality: – Information is only disclosed to authorized people or systems – E.g., attackers cannot learn your banking info Dawn Song

  31. Basic Security Properties (II) • Integrity: – Information cannot be tampered with in an unauthorized way – E.g., attacker cannot change the balance of your bank account Dawn Song

  32. Basic Security Properties (III) • Availability: – Information and services are accessible in a timely fashion to authorized people or systems – E.g., you should be able to login and perform transactions on your online banking account when you want to Dawn Song

  33. Basic Security Properties: CIA • Confjdentiality • Integrity • Availability Dawn Song

  34. Security Analysis • Given a computer system, one may ask: Is the computer system secure? Dawn Song

  35. Is the House Secure? Dawn Song

  36. It Depends … • What are the assets? What are the goals? Dawn Song

  37. It Depends … • Threat model – In SafeLand, you don’t need to lock the door – Attackers who pick locks – Attackers who drive a bull-dozer – Attackers who have super advanced technology – Attackers who may know you well Dawn Song

  38. Is the House Secure? • Is the house’s protection mechanism strong enough to protect the assets from attackers in a certain threat model? Dawn Song

  39. Which Threat Model Should You Choose? ? Dawn Song

  40. Cost of Security • Should you always build & evaluate a system secure against the strongest attacker? – A student may simply not be able to afgord an alarm system • Not about perfect security Perfect Risk Security Analysis Dawn Song

  41. Is the Computer System Secure? • Is the system’s protection mechanism strong enough to protect the assets & achieve security goals against attackers in a certain threat model? Dawn Song

  42. Key Elements to Security Analysis Security propertie s ? Securit y Analysi s Threat Model Dawn Song

  43. Threat Model • Assumptions on attackers’ abilities and resources 0Day Network Eavesdropper DES DDoS Cracker MITM Dawn Song Attack

  44. Which Threat Models to Choose? • For the grade database system for your class? • For your phone? • For a major online banking site? • For the system to control nuclear weapon launch? Dawn Song

  45. Cost of Security • There’s no free lunch. • There’s no free security. • Cost of security – Expensive to develop – Performance overhead – Inconvenience to users Dawn Song

  46. Prioritize Your Security Solution according to Your Threat Model • No one wants to pay more for security than what they have to lose • Not about perfect security Perfect Risk – Risk analysis Security Analysis Dawn Song

  47. Changing Threat Model • Be careful when your threat model changes – E.g., online account Over time…. New account, nothing of Account accumulates value; value; More incentive for No incentive for attackers attackers Dawn Song

  48. Design Impacts Cost of Security • Good system design & architecture can reduce cost of security Dawn Song

  49. Design Impacts Cost of Security Known unpatched vulnerabilities Secunia SecurityFocus Extremely Moderately Browser Highly critical Less critical Not critical T otal critical critical (number / (number / (number / (number / (number / (number / oldest) oldest) oldest) oldest) oldest) oldest) 1 Google Chrome 0 0 0 0 0 13 December 16 2011 4 8 534 Internet 12 0 0 17 November 27 February 20 November Explorer 6 5 June 2003 2004 2004 2000 1 Internet 4 9 213 0 0 30 October Explorer 7 6 June 2006 5 June 2003 15 August 2006 2006 1 123 Internet 7 0 0 0 26 February 14 January Explorer 8 5 June 2003 2007 2009 1 Internet 26 0 0 0 0 6 December Explorer 9 5 March 2011 2011 1 Firefox 3.6 0 0 0 0 0 20 December "Vulnerabilities." SecurityFocus . Web. 18 Jan. 2012. 2011 <http://www.securityfocus.com/>. Dawn Song Firefox 9 0 0 0 0 0 0 "Advisories." Secunia . Web. 18 Jan. 2012.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security Requirements Vidya Narayanan (vidyan@qualcomm.com vidyan@qualcomm.com) ) Vidya Narayanan ( Lakshminath Dondeti (ldondeti@qualcomm.com

413 views • 37 slides
Com puter Security Part Tw o Previously Introduction Threat analysis Threats

Com puter Security Part Tw o Previously Introduction Threat analysis Threats

Com puter Security Part Tw o Previously Introduction Threat analysis Threats Policy Specification Design Implementation Operation and Maintenance Now Multilateral and Multilevel security Security policies

355 views • 24 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat Landscape Customers Biggest Security Challenges Changing Dynamic Complexity Business Models Threat Landscape and Fragmentation A

550 views • 13 slides
Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Introduction Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430) Inquisitive people, unintentional blunders Hackers driven by technical challenges Disgruntled employees or

357 views • 23 slides
Modeling and Analysis of Security for Human Centric Systems Florian Kammller Middlesex

Modeling and Analysis of Security for Human Centric Systems Florian Kammller Middlesex

Modeling and Analysis of Security for Human Centric Systems Florian Kammller Middlesex University London &amp; TU Berlin Assessment of ICT Security Risks in Socio-Technical Systems16, 16. November 2016 Formal Models for Insider Threat

97 views • 9 slides
CS161 Midterm 1 Review Midterm 1: March 4, 18:30- 20:00 Same room as lecture Security Analysis

CS161 Midterm 1 Review Midterm 1: March 4, 18:30- 20:00 Same room as lecture Security Analysis

CS161 Midterm 1 Review Midterm 1: March 4, 18:30- 20:00 Same room as lecture Security Analysis and Threat Model Basic security properties CIA Threat model A. We want perfect security B. Security is about risk analysis and

426 views • 29 slides
Threat analysis for routing-bridges marcelo bagnulo IETF62 Security goals minimum security

Threat analysis for routing-bridges marcelo bagnulo IETF62 Security goals minimum security

Threat analysis for routing-bridges marcelo bagnulo IETF62 Security goals minimum security expected from rbridges is to provide the same level of protection than regular bridges i.e. that the introduction of rbridges in a bridged

689 views • 41 slides
Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher

Behavioral Analysis Using Network traffic, DNS and logs JOSH PYORRE Security Researcher Previously: Threat Analyst at NASA Threat Analyst at Mandiant @joshpyorre rootaccesspodcast.com Behavioral Analysis VIDEO analyzing website visitors

1.45k views • 127 slides
Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go wrong on the web! Clients encounter malicious content Web servers are target of break-ins Fake content/servers trick users Data sent

446 views • 16 slides
CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020 Previous Class The CIA Triad as security objectives Threat: potential Attack: attempt Compromise: success Vulnerability: security

660 views • 29 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling,

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling,

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling, Security Mindset Review the security mindset, and practice threat modeling on a few example websites. Also, review the various types of attacker models

401 views • 3 slides
Adversarial Risk Analysis Models for Urban Security Resource Allocation Urban Security Resource

Adversarial Risk Analysis Models for Urban Security Resource Allocation Urban Security Resource

Adversarial Risk Analysis Models for Urban Security Resource Allocation Urban Security Resource Allocation David Ros Insua, Royal Academy Cesar Gil, U. Rey Juan Carlos Jess Ros, IBM Research YH COST Smart Cities Wshop Paris, September

507 views • 22 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response

The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response

The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response Michael Melore, CISSP IBM Cyber Security Advisor @MichaelMelore June 2018 May 2018 May 2018 Threat Hunting Workflow Cognitive Advanced Analytics

443 views • 15 slides
1 Fairness Evaluating Fairness First, need to define what is a fair allocation. Consider n

1 Fairness Evaluating Fairness First, need to define what is a fair allocation. Consider n

Administrivia P561: Network Systems Fishnet Assignment #3 Week 6: Transport #2 Due Friday, 11/14, 5pm Homework #3 (out soon) Tom Anderson Due week 9 (11/24), start of class Ratul Mahajan TA: Colin Dixon 2 Avoiding Small Packets

439 views • 15 slides
Nap : Network-Aware Data Partitions September 26, 2019 for Efficient Distributed Processing

Nap : Network-Aware Data Partitions September 26, 2019 for Efficient Distributed Processing

Nap 2019-09-25 Nap : Network-Aware Data Partitions for Efficient Distributed Processing Mr. Or Raz , Prof. Chen Avin, Prof. Stefan Schmid School of Electrical and Computer Engineering Faculty of Computer Science Ben-Gurion University of the

1.21k views • 75 slides
!&quot;#$% Pascal Felber, Raluca Halalai, Lorenzo Leonini, Etienne Rivire, Valerio Schiavoni,

!&quot;#$% Pascal Felber, Raluca Halalai, Lorenzo Leonini, Etienne Rivire, Valerio Schiavoni,

On The Integration Of !&quot;#$% Pascal Felber, Raluca Halalai, Lorenzo Leonini, Etienne Rivire, Valerio Schiavoni, Jos Valerio Universit de Neuchtel, Switzerland SimGrid User Days 2012 - Ecully, France !&quot;#$% 2 About Me

823 views • 32 slides
Application-Aware Self-Optimization of Wireless Mesh Networks with AquareYoum and DES-SERT

Application-Aware Self-Optimization of Wireless Mesh Networks with AquareYoum and DES-SERT

Application-Aware Self-Optimization of Wireless Mesh Networks with AquareYoum and DES-SERT Barbara Staehle, Florian Wamser, Oliver Hahm, Nicolai Schmittberger, Sebastian Deschner, Andreas Blenk, Mesut Gnes Dirk Staehle

564 views • 8 slides
Tutorial: Traffic of Online Games Jose Saldana &amp; Mirko Suznjevic IETF 87, Berlin, August 1 st

Tutorial: Traffic of Online Games Jose Saldana &amp; Mirko Suznjevic IETF 87, Berlin, August 1 st

Tutorial: Traffic of Online Games Jose Saldana &amp; Mirko Suznjevic IETF 87, Berlin, August 1 st , 2013 Transport Area Open Meeting 1.8.2013. 1 Goals of this presentation Information about current practices in online games industry

866 views • 31 slides
Circuit-Switched Coherence Natalie Enright Jerger* , Li-Shiuan Peh + , Mikko Lipasti* *

Circuit-Switched Coherence Natalie Enright Jerger* , Li-Shiuan Peh + , Mikko Lipasti* *

Circuit-Switched Coherence Natalie Enright Jerger* , Li-Shiuan Peh + , Mikko Lipasti* * University of Wisconsin - Madison + Princeton University 2 nd IEEE International Symposium on Networks-on-Chip Motivation Network on Chip for general

571 views • 31 slides
on Cyber Security Presentation by Control Risks James Owen Partner, Cyber, EMEA William Brown

on Cyber Security Presentation by Control Risks James Owen Partner, Cyber, EMEA William Brown

The impact of Covid-19 on Cyber Security Presentation by Control Risks James Owen Partner, Cyber, EMEA William Brown Director, Cyber, Middle East 1 Control Risks Cyber attacks exploiting the pandemic Share of attack vector of organized

447 views • 10 slides
6. E-Commerce 6.1 Business on the Internet 6.2 Business and Competition 6.3 Common Business

6. E-Commerce 6.1 Business on the Internet 6.2 Business and Competition 6.3 Common Business

6. E-Commerce 6.1 Business on the Internet 6.2 Business and Competition 6.3 Common Business Internet Transactions 6.4 Threats and Opportunities Online 6.5 The Likely Future of E-Commerce 6.1 Business on the Internet The Internet is a

576 views • 44 slides

More recommend