What is Computer Security? CSM27 Computer Security Dr Hans Georg - - PowerPoint PPT Presentation

What is Computer Security?

CSM27 Computer Security Dr Hans Georg Schaathun

University of Surrey

Autumn 2009 – Week 1

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 1 / 38

The module

Security in our Department

Introduction to Multimedia Security Watermarking Cryptography Network Security Computer Security Web Security Many modules ⇒ Very specialised

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 2 / 38

The module

Module Objectives

understand and be able to use formal models for computer security be able to avoid the many security pitfalls in computer system and software development

apply defences against obvious and less obvious threats

be able critically to evaluate security at each stage of the development process

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 3 / 38

The module

This module

We will not deal with network security cryptography Our focus will tend towards The general and high-level The theoretical and formal Unfortunately, this means relatively few hands-on activities

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 4 / 38

The module

This module

We will not deal with network security cryptography Our focus will tend towards The general and high-level The theoretical and formal Unfortunately, this means relatively few hands-on activities

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 4 / 38

The module

This module

We will not deal with network security cryptography Our focus will tend towards The general and high-level The theoretical and formal Unfortunately, this means relatively few hands-on activities

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 4 / 38

The session

Session objectives

Establish a common terminology to discuss (computer) security Be able to distinguish between vulnerabilities, threats, and attacks Get a glimpse of the wide range of threats

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 5 / 38

The problem

Yellow Stickers Exercise

Sit in groups of 3-5. Write down all computer security problems that you can think of. One problem per yellow sticker.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 6 / 38

The problem Three faces of security

Outline

1

The module

2

The session

3

The problem Three faces of security Two companions of security

4

Risk analysis Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security

5

Exercise

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 7 / 38

The problem Three faces of security

Confidentiality

Talking of security, we often mean confidentiality. Unauthorised entities cannot get information.

Is it sufficient that they cannot get all the information? Are we allowed to leak a single bit?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 8 / 38

The problem Three faces of security

Confidentiality

Talking of security, we often mean confidentiality. Unauthorised entities cannot get information.

Is it sufficient that they cannot get all the information? Are we allowed to leak a single bit?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 8 / 38

The problem Three faces of security

Complete confidentiality

Put the computer in a locked steel box,

set it in concrete, and sink it in the ocean.

Data

• Is this good enough?

The information is no good to anyone.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

The problem Three faces of security

Complete confidentiality

Put the computer in a locked steel box,

set it in concrete, and sink it in the ocean.

Data

• Is this good enough?

The information is no good to anyone.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

The problem Three faces of security

Complete confidentiality

Put the computer in a locked steel box,

set it in concrete, and sink it in the ocean.

Data

• Is this good enough?

The information is no good to anyone.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

The problem Three faces of security

Complete confidentiality

Put the computer in a locked steel box,

set it in concrete, and sink it in the ocean.

Data

• Is this good enough?

The information is no good to anyone.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

The problem Three faces of security

Availability

Definition (Availability) The system is accessible and useable upon demand by an authorised entity. Can we maintain availability and confidentiality at the same time? Denial of Service (DoS) attacks violate availability.

E.g. a horde of computers send dummy request to a web server, causing a congestion which prevents legitimate users from using the web services in a timely fasion.

Potentially costly damage.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 10 / 38

The problem Three faces of security

Availability

Definition (Availability) The system is accessible and useable upon demand by an authorised entity. Can we maintain availability and confidentiality at the same time? Denial of Service (DoS) attacks violate availability.

E.g. a horde of computers send dummy request to a web server, causing a congestion which prevents legitimate users from using the web services in a timely fasion.

Potentially costly damage.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 10 / 38

The problem Three faces of security

Availability

Definition (Availability) The system is accessible and useable upon demand by an authorised entity. Can we maintain availability and confidentiality at the same time? Denial of Service (DoS) attacks violate availability.

E.g. a horde of computers send dummy request to a web server, causing a congestion which prevents legitimate users from using the web services in a timely fasion.

Potentially costly damage.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 10 / 38

The problem Three faces of security

Integrity

Definition (Integrity) The state of the system or data can only be changed by an authorised entity. If integrity is not ensured.

I could change your bank account to send money to my Swiss bank account. We could forge a file to incriminate the PM. You cannot trust your computer.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 11 / 38

The problem Three faces of security

Integrity

Definition (Integrity) The state of the system or data can only be changed by an authorised entity. If integrity is not ensured.

I could change your bank account to send money to my Swiss bank account. We could forge a file to incriminate the PM. You cannot trust your computer.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 11 / 38

The problem Three faces of security

The three faces of security

Security Confidentiality Integrity Availability

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 12 / 38

The problem Three faces of security

Exercise

Return to your groups. Take a handful of yellow stickers (not necessarily your own) For each one decide what kind of security problem it is,

Integrity, Confidentiality, Availability? Two or three of the above?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 13 / 38

The problem Two companions of security

Outline

1

The module

2

The session

3

The problem Three faces of security Two companions of security

4

Risk analysis Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security

5

Exercise

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 14 / 38

The problem Two companions of security

Security threats

Security is concerned with

Intentional attacks

Security is not (usually) concerned with

Accidental mistakes (human error) Random, accidental events

Yet, the three kinds of events are similar

Similar protection

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 15 / 38

The problem Two companions of security

Reliability

Reliability is concerned with

damage or loss due to accidental and random events

Reliability and security issues may overlap

Fire can be accidental (reliability);

• r it can be arson (security)

Reliability and security issues can enforce eachother

A laptop with confidential data is lost on the train; the finder happens to have criminal intent

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 16 / 38

The problem Two companions of security

Reliability

Reliability is concerned with

damage or loss due to accidental and random events

Reliability and security issues may overlap

Fire can be accidental (reliability);

• r it can be arson (security)

Reliability and security issues can enforce eachother

A laptop with confidential data is lost on the train; the finder happens to have criminal intent

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 16 / 38

The problem Two companions of security

Reliability

Reliability is concerned with

damage or loss due to accidental and random events

Reliability and security issues may overlap

Fire can be accidental (reliability);

• r it can be arson (security)

Reliability and security issues can enforce eachother

A laptop with confidential data is lost on the train; the finder happens to have criminal intent

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 16 / 38

The problem Two companions of security

Useability

Usability is concerned with Human error

A user disables security software

did not understand what it does misclick

A user sends a confidential message to the wrong person by mistake

Security depends on correct use

poor user interface leads to incorrect use

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 17 / 38

Risk analysis Risk analysis

Outline

1

The module

2

The session

3

The problem Three faces of security Two companions of security

4

Risk analysis Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security

5

Exercise

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 18 / 38

Risk analysis Risk analysis

The elements of risk analysis

Assets The values at stake. What is the consequence (or cost) of an event or accident? Threats What can go wrong? What threatens your assets? Probability of accident How likely is a costly event? Vulnerabilities Weaknesses in your system, increasing the probability

• f loss.

Control The countermeasures you take against the threats. Risk Product of consequence and probability. Say expected (average) damage.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 19 / 38

Risk analysis Risk analysis

The elements of risk analysis

Assets The values at stake. What is the consequence (or cost) of an event or accident? Threats What can go wrong? What threatens your assets? Probability of accident How likely is a costly event? Vulnerabilities Weaknesses in your system, increasing the probability

• f loss.

Control The countermeasures you take against the threats. Risk Product of consequence and probability. Say expected (average) damage.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 19 / 38

Risk analysis Risk analysis

Risk assessment

Consequence and Probability

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 20 / 38

Risk analysis Risk analysis

Assessing risk

Risk is the product of two factors. Severity (Cost) of accident. Probability of accident. Unlikely events may be acceptable, even if serious and costly. Very probable events may be acceptable, if they don’t cost too much. Controls can reduce either

Probability Consequence

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 21 / 38

Risk analysis Threats and Vulnerabilities

Outline

1

The module

2

The session

3

The problem Three faces of security Two companions of security

4

Risk analysis Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security

5

Exercise

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 22 / 38

Risk analysis Threats and Vulnerabilities

A threat scenario

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 23 / 38

Risk analysis Attacks

Outline

1

The module

2

The session

3

The problem Three faces of security Two companions of security

4

Risk analysis Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security

5

Exercise

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 24 / 38

Risk analysis Attacks

Attack types

Modification Interception Interruption Fabrication

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 25 / 38

Risk analysis Solutions

Outline

1

The module

2

The session

3

The problem Three faces of security Two companions of security

4

Risk analysis Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security

5

Exercise

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 26 / 38

Risk analysis Solutions

Reducing risk (controls)

Two ways to reduce risk

Reduce probability of damage Reduce cost of damage

Prevention reduces the probability of damage

A threat is blocked by control of a vulnerability Maintain a secure state at all times Data never leaks, unauthorised modification impossible, etc.

How can we reduce the consequences?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 27 / 38

Risk analysis Solutions

Prevention versus Detection

Perfect prevention is utopia

Always a non-zero probability of damage

Second-line defence

Detection: identify attacker and/or damage Reaction

Recovery from the damage prosecution of the attacker Compensation for loss Penalties to deter potential attackers

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 28 / 38

Risk analysis Solutions

Elements of Detection

Accountability:

Every user is responsible for his actions Audit trails are used to trace users accountable

Nonrepudiation:

A user cannot deny previous actions

A payment issued cannot be revoked An authorisation signed cannot be revoked

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 29 / 38

Risk analysis Solutions

How do you secure this?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 30 / 38

Risk analysis Defining Computer Security

Outline

1

The module

2

The session

3

The problem Three faces of security Two companions of security

4

Risk analysis Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security

5

Exercise

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 31 / 38

Risk analysis Defining Computer Security

Definitions

Definition (Gollmann) Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system. Definition (Gollmann (explaining causes)) Computer Security concerns the measures we can take to deal with intentional actions by parties behaving in some unwelcome fashion.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 32 / 38

Risk analysis Defining Computer Security

Definitions

Definition (Gollmann) Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system. Definition (Gollmann (explaining causes)) Computer Security concerns the measures we can take to deal with intentional actions by parties behaving in some unwelcome fashion.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 32 / 38

Risk analysis Defining Computer Security

Using the word Security

Definitions vary When you write, define it When you read, read the definition

Don’t use your intuition

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 33 / 38

Risk analysis Defining Computer Security

Presenting secure solutions

Never say this product is secure

... it is secure against something what scenario is it intended for? which threats have been addressed? which potential threats have not been controlled? for which applications is it unsuitable?

Never say this feature increases security

which threat does it control? which vulnerability is reduced?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 34 / 38

Risk analysis Defining Computer Security

Presenting secure solutions

Never say this product is secure

... it is secure against something what scenario is it intended for? which threats have been addressed? which potential threats have not been controlled? for which applications is it unsuitable?

Never say this feature increases security

which threat does it control? which vulnerability is reduced?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 34 / 38

Risk analysis Defining Computer Security

Presenting secure solutions

Never say this product is secure

... it is secure against something what scenario is it intended for? which threats have been addressed? which potential threats have not been controlled? for which applications is it unsuitable?

Never say this feature increases security

which threat does it control? which vulnerability is reduced?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 34 / 38

Risk analysis Defining Computer Security

Presenting secure solutions

Never say this product is secure

... it is secure against something what scenario is it intended for? which threats have been addressed? which potential threats have not been controlled? for which applications is it unsuitable?

Never say this feature increases security

which threat does it control? which vulnerability is reduced?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 34 / 38

Risk analysis Defining Computer Security

Presenting secure solutions

Never say this product is secure

... it is secure against something what scenario is it intended for? which threats have been addressed? which potential threats have not been controlled? for which applications is it unsuitable?

Never say this feature increases security

which threat does it control? which vulnerability is reduced?

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 34 / 38

Exercise

The weekly exercises

One exercise sheet is given every week. To be solved individually and submitted in the following session. Papers distributed in class for peer-assessment, and returned.

No mark. Constructive criticism.

Discussion about the solutions if necessary.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 35 / 38

Exercise

Weekly expectation

The exercises cover the core of the syllabus

Do your best; it will help your exams

Some weeks your best will be better than others

Whatever you have written, bring it, and learn from the discussion

I imagine that a normal, good solution will be around two pages

but I am not sure

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 36 / 38

Exercise

End-of-term assessment

Portfolio

A portfolio is assessed for 40% of the mark Include three of the weekly papers

Two will be announced when teaching is complete One is your choice

You may revise the papers using all you have learnt. You will not have time to solve the exercises from scratch at the end of term.

i.e. do exercises every week.

The portfolio will also include a short, concluding essay A 2h written, unseen examination for 60% of the mark.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 37 / 38

Exercise

End-of-term assessment

Portfolio

A portfolio is assessed for 40% of the mark Include three of the weekly papers

Two will be announced when teaching is complete One is your choice

You may revise the papers using all you have learnt. You will not have time to solve the exercises from scratch at the end of term.

i.e. do exercises every week.

The portfolio will also include a short, concluding essay A 2h written, unseen examination for 60% of the mark.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 37 / 38

Exercise

End-of-term assessment

Portfolio

A portfolio is assessed for 40% of the mark Include three of the weekly papers

Two will be announced when teaching is complete One is your choice

You may revise the papers using all you have learnt. You will not have time to solve the exercises from scratch at the end of term.

i.e. do exercises every week.

The portfolio will also include a short, concluding essay A 2h written, unseen examination for 60% of the mark.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 37 / 38

Exercise

End-of-term assessment

Portfolio

A portfolio is assessed for 40% of the mark Include three of the weekly papers

Two will be announced when teaching is complete One is your choice

You may revise the papers using all you have learnt. You will not have time to solve the exercises from scratch at the end of term.

i.e. do exercises every week.

The portfolio will also include a short, concluding essay A 2h written, unseen examination for 60% of the mark.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 37 / 38

Exercise

Exercise Week 1

Find 3-5 news articles (printed press or WWW) about security issues/problems/incidents. From the articles, select one or two separate incidents/issues to analyse. For each incident/issue

1

classify the problem (confidentiality, integrity, availability)

2

identify the threat and the vulnerability.

3

identify any useability or reliability issues.

Remember that each instance may represent more than one class, threat, and vulnerability. Give reasons for your answers Expected length 11

2-2 pages. A deep analysis of one incident is

better than a shallower analysis of two separate incidents.

Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 38 / 38