Wrapup CSE497b - Spring 2007 Introduction Computer and Network - - PowerPoint PPT Presentation

wrapup
SMART_READER_LITE
LIVE PREVIEW

Wrapup CSE497b - Spring 2007 Introduction Computer and Network - - PowerPoint PPT Presentation

Sep 11, 2023 416 likes •597 views

Wrapup CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Final The final is on

slide-1
SLIDE 1

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Wrapup

CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger

www.cse.psu.edu/~tjaeger/cse497b-s07/

slide-2
SLIDE 2

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Final

  • The final is on

– Tuesday, May 8, 8:00 in 160 Willard (here)

  • Be late at your own peril (We may lock the door at 8:10)
  • You will have the full time to take the test, but no more
  • Coverage:

– Anything we talked about in class … – or appeared in the readings – Mainly topics since mid-term

  • Types of questions

– Constructive (here is scenario, design X and explain it) – Philosophical (why does Z argue that …) – Explanatory (what is the key tradeoff between A and B …)

2

slide-3
SLIDE 3

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Prior Topics

  • Terminology

– Any term defined in the early lectures

  • Crypto Algorithms

– Diffie-Hellman and RSA – Keys

  • Crypto protocols

– Public key – Secret key – Integrity, Authenticity, Secrecy

3

slide-4
SLIDE 4

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Topics Since Midterm

  • Code Security
  • Access Control Principles
  • UNIX Security
  • Windows Security
  • Trusted Computing
  • Secrecy
  • Integrity
  • Intrusion Detection
  • MAC systems
  • Virtual machine systems

4

slide-5
SLIDE 5

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Code Security

  • Problems

– Buffer overflows, printf, integer overflows, names, characters

  • Considerations for writing and deploying secure code

– Validate input (prevent vulnerabilities) – Minimize attack surface (number of points of potential vulnerabilities) – Minimize permissions – Safe transition of privilege via invocation – Return little information

  • Type safety

– Implications to attacks above

5

slide-6
SLIDE 6

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Access Control Principles

  • Protection System

– Protection State – State Enforcer

  • Access Matrix

– Use it – Variants (RBAC) – Security guarantees from policies

  • Protection and Security

– Know the difference

  • Reference Monitor

– Know the guarantees – Know how to apply them to other systems

  • How does X satisfy RM guarantees?

6

slide-7
SLIDE 7

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

UNIX and Windows

  • Subjects

– UNIX: users; Windows: more complex

  • Objects

– UNIX: files; Windows: more complex

  • User Authentication
  • Access Enforcement

– Process – Implications for security

  • Transitions

– UNIX: Setuid; Windows: Windows Services

  • Constrained execution

– UNIX: chroot, nobody; Windows: Restricted contexts

  • General vulnerabilities

7

slide-8
SLIDE 8

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Trusted Computing

  • Palladium
  • TPM
  • Know the difference
  • Mechanisms

– Protected Storage – Attestation – How TPM supports

  • Boot guarantees

8

slide-9
SLIDE 9

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Secrecy and Integrity

  • Secrecy

– Secrecy and security – Multilevel security, Chinese Wall Security – Secrecy properties – Miscellaneous

  • Trojan horses, covert channels

– Program secrecy (Denning)

  • Integrity

– Integrity and security – Biba and LOMAC – Integrity realization – Privilege separation

9

slide-10
SLIDE 10

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Intrusion Detection

  • Anomaly and misuse detection
  • Relation to access control
  • Network and host IDS
  • Positives/Negatives
  • Bayes’ Rule Analysis

10

slide-11
SLIDE 11

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

MAC Systems and VM Systems

  • Relation to Reference Monitors
  • Mandatory Access Control
  • Multics
  • Transitions (all)
  • SELinux/LSM architecture
  • Virtual Machine architectures
  • VM principles
  • Xen enforcement
  • VM vs OS enforcement
  • Java enforcement

11

slide-12
SLIDE 12

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

The state of security …

  • … issues are in public consciousness

– Press coverage is increasing … – Losses mounting … (billions and billions) – Affect increasing …… (ATMs, commerce)

  • What are we doing?

“… sound and fury signifying nothing …”

  • W. Shakespeare

(well, its not quite that bad)

12

slide-13
SLIDE 13

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

The problems …

  • What is the root cause?

– Security is not a key goal … – … and it never has been … … so, we need to figure out how to change the way we do engineering (and science) … … to make computers secure.

  • Far too much misunderstanding about basic security

and the use of technology

  • This is also true physical security

13

slide-14
SLIDE 14

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

The current solutions …

  • Make better software

– “we mean it” - B. Gates (2002) – “no really …” - B. Gates (2003) – “Linux is bad too …” - B. Gates (2005) – “it’s in longhorn ...” - B. Gates (2006)

  • CERT/SANS-based problem/event tracking

– Experts tracking vulnerabilities – Patch system completely broken

  • Destructive research

– Back-pressure on product developers – Arms-race with bad guys

  • Problem: reactive, rather than proactive

14

slide-15
SLIDE 15

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

The real solutions …

  • Fix the economic incentive equation …

– Eventually, MS/Sun/Apple/*** will be in enough pain that they change the way they make software

  • Education

– Things will get better when people understand when how to use technology

  • Fix engineering practices

– Design for security

  • Apply technology

– What we have been talking about

15

slide-16
SLIDE 16

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

The bottom line

  • The Web/Internet and new technologies are being

limited by their ability to address security and privacy concerns …

  • … it is incumbent in us as scientists to meet these

challenges.

– Evangelize importance of security … – Provide sound technologies … – Define better practices …

16

slide-17
SLIDE 17

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Thank You!!!

17

tjaeger@cse.psu.edu