1

IS 2150 / TEL 2810Introduction to Security

Lecture 1

August 31, 2006

2

Contact Instructor: James B. D. Joshi

706A, IS Building Phone: 412-624-9982 E-mail: jjoshi@mail.sis.pitt.edu Web: http://www.sis.pitt.edu/~jjoshi/ Office Hours:

Tuesdays: 3.00 – 6.00 p.m. By appointments

GSA: Saubhagya R. Joshi Email: srjoshi@mail.sis.pitt.edu Office hours: Wednesday 2:00-4:00PM Place: GIS Lab, 4th Floor

3

IS 2150 / TEL 2810 The objective of the course is to cover the

fundamental issues of information system security and assurance. Develop broad understanding of diverse issues

Certified by NSA About 85% is based on the CNSS requirements

Core course for SAIS track Course webpage:

http://www.sis.pitt.edu/~jjoshi/courses/2007_1/IS2150SYL071.html

4

Course Outline Security Basics (1-8)

General overview and definitions

Security models and policy issues

Basic Cryptography and Network security (9-12, 26)

Crypto systems, digital signature, authentication, PKI

IPSec, VPN, Firewalls Systems Design Issues and

Information assurance (13-21, 24)

Design principles Security Mechanisms Auditing Systems Risk analysis System verification

Intrusion Detection and Response (23, 25, ..)

Attack Classification and Vulnerability Analysis

Detection, Containment and Response/Recovery

Legal, Ethical, Social Issues Evaluation, Certification

Standards Miscellaneous Issues (22, ..)

Malicious code, Mobile code Digital Rights Management,

Forensics Watermarking, E/M-commerce security,

Multidomain Security Identity/Trust Management

5

Course Material Textbook

Introduction to Computer Security, Matt Bishop, Errata URL: http://nob.cs.ucdavis.edu/~bishop/

Computer Security: Art and Science, Matt Bishop – is fine too

Other Recommended Security in Computing, Charles P. Pfleeger, Prentice Hall

Inside Java 2 Platform Security, 2nd Edition, L. Gong, G. Ellision, M. Dageforde

Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001

Supplemental readings will be provided

6

Prerequisites Assumes the following background

Programming skill Some assignments in Java

Working knowledge of Operating systems, algorithms and data

structures, database systems, and networks Basic Mathematics

Set, logic, induction techniques, data structure/algorithms

Not sure? SEE ME

7

Grading Lab + Homework/Quiz/Paper review

40% Exams 40% includes

Midterm 20% Final 20%

Paper/Project 20% List of suggested topics will be posted; Encouraged to think of a project/topic of

your interest Some other

Seminar and participation

8

Course Policies Your work MUST be your own

Zero tolerance for cheating/plagiarism You get an F for the course if you cheat in anything

however small – NO DISCUSSION Discussing the problem is encouraged

Homework Penalty for late assignments (15% each day) Ensure clarity in your answers – no credit will be

given for vague answers Sample solutions will be provided

Check webpage for everything! You are responsible for checking the webpage for

updates

9

Overview of Security Assured Information

SystemsTrack

10

LERSAIS Laboratory of Education and Research in

Security Assured Information Systems Established in 2003 National Center of Academic Excellence in Information

Assurance Education Program A US National Security Agency program initiated in 1998

through a presidential directive to SECURE the Cyberspace Partnered by Department of Homeland Security since

2003 There are 70+ such centers now Designation requires meeting a set of criteria

Basic IA curriculum Strong research activity

LERSAIS is Pitt’s representative center Website: http://www.sis.pitt.edu/~lersais/

11

IA Education @Pitt Pitt’s IA curriculum has been certified for

Committee on National Security Systems IA Standards

CNSS 4011: Information Security Professionals CNSS 4012: Designated Approving Authority CNSS 4013: System Administrator in Information Systems

Security CNSS 4014: Information Systems Security Officer CNSS 4015: System Certifiers

Pitt is one among 12 Institutions in the US and only one in the State of Pennsylvania to have all certifications

Website: http://www.sis.pitt.edu/~sais/

12

IA Education @Pitt: Grants NSF – Scholarship for Service Grant

First award ($286,710) For the development of the curriculum

Second award ($1,055,553) For establishing a scholarship program

Department of Defense Information Assurance Scholarship (DoD IASP)

Support for 4 National Defense University Students to pursue IA degree at Pitt

CISCO Critical Infrastructure Assurance Group Equipment grant winner of Year Spring-2005 Equipments worth $130,000

13

IA Education @Pitt: Tracks/Courses

Master of Science in Information SciencesMaster of Science in Telecommunications and Networking

Certificate of Advanced Studies(CNSS Certifications)

Courses:Introduction to Security Developing Secure Systems Cryptography Security in E-commerce Network Security Security Management Capstone course Information System and

Network Infrastructure Protection Information Ethics Legal Issues in Information Handling

14

NSF IA Scholarship @ Pitt New scholarship starting this Fall

Support include Stipend of $12,000/year Tuition and fees

Students should be In the track (MSIS/MST) Within last 2 years of completing the PhD studies

Support for up to 2 years Work in Gov for the equal amount of time Summer internship is required

Citizenship is required Need to obtain clearance for work in Gov

Website will be created shortly; for now check out : http://www.sfs.opm.gov/

Website will be created shortly; for now check out : http://www.sfs.opm.gov/

15

NSF IA Scholarship @ Pitt Less chance for the following

If you have less than one year of study

If you want to work fulltime and study under scholarship

Scholarship students will have to Involve in some activities of LERSAIS University activities of importance Mentor future scholarship students

16

MSISSecurity Assured Information Systems Track

MSISSecurity Assured Information Systems Track

Foundations(6 credits)

Foundations(6 credits)

CognitiveSystems

(6 credits)

CognitiveSystems

(6 credits)

Systems and Technology(9 credits SAIS Track + 9 S&T)

(18 credits)

Systems and Technology(9 credits SAIS Track + 9 S&T)

(18 credits)

Electives(3 Credits SAIS Track

+ 3 Credits S&T)

Electives(3 Credits SAIS Track

+ 3 Credits S&T)

IS-2000Intro to Info Sc

IS-2170Cryptography

IS-2000Intro to Info Sc

IS-2170Cryptography

IS-2300 Human

InformationProcessing

IS-2470 Interactive

System Design

OR

IS-2350 Human Factors

In Systems

IS-2300 Human

InformationProcessing

IS-2470 Interactive

System Design

OR

IS-2350 Human Factors

In Systems

IS-2550 Client-Sever

IS2710 DBMS

IS-2511 Adv. Anal. & Des.

ORIS-2540

Soft Engg.

IS-2550 Client-Sever

IS2710 DBMS

IS-2511 Adv. Anal. & Des.

ORIS-2540

Soft Engg.

IS2150 Intro to ComSec

TEL-2821 Net Sec

TEL 2830/IS-2190 Capstone Course

in Security

IS2150 Intro to ComSec

TEL-2821 Net Sec

TEL 2830/IS-2190 Capstone Course

in Security

IS-2570 Dev sec Systems

IS-2771 Sec in E-Comm

IS2810/TEL-2813 Sec Mgmt

LIS-2194 Info Ethics

LIS-2184 Legal issues in Handling Info

One S&T Electives(may include another of the SAIS course elective)

IS-2570 Dev sec Systems

IS-2771 Sec in E-Comm

IS2810/TEL-2813 Sec Mgmt

LIS-2194 Info Ethics

LIS-2184 Legal issues in Handling Info

One S&T Electives(may include another of the SAIS course elective)

17

MSTSecurity Assured Information Systems Track

MSTSecurity Assured Information Systems Track

Core Required(9 credits)

Core Required(9 credits)

Human CommMgmt/Policy(6 credits)

Human CommMgmt/Policy(6 credits)

Protocols and Design

(6 credits)

Protocols and Design

(6 credits)

SAIS TrackCore

(12 credits)

SAIS TrackCore

(12 credits)

SAIS TrackElectives

(3 credits)

SAIS TrackElectives

(3 credits)

TEL-2210 ElectronicComm II

TEL-2120 Network

Performance

TEL-2310 ComputerNetworks

TEL-2210 ElectronicComm II

TEL-2120 Network

Performance

TEL-2310 ComputerNetworks

IS-2300 Human InformationProcessing

TEL-2510 US TelecomPolicy OR

TEL-2511 Intl. Telecom

Policy OR

LIS-2194 Information

Ethics

IS-2300 Human InformationProcessing

TEL-2510 US TelecomPolicy OR

TEL-2511 Intl. Telecom

Policy OR

LIS-2194 Information

Ethics

TEL-2110 Network Design

TEL-2121 Network Mgt.

TEL-2320 LANs

TEL-2321 WANs

TEL-2720Cellular Radio and

PCS

TEL-2721Mobile Data

Networks

TEL-2110 Network Design

TEL-2121 Network Mgt.

TEL-2320 LANs

TEL-2321 WANs

TEL-2720Cellular Radio and

PCS

TEL-2721Mobile Data

Networks

IS2150/TEL-2810 Intro

To Security

IS2170/TEL-2820 Cryptography

TEL-2821 NetworkSecurity

IS2190/TEL-2830 Capstone Course

in Security

IS2150/TEL-2810 Intro

To Security

IS2170/TEL-2820 Cryptography

TEL-2821 NetworkSecurity

IS2190/TEL-2830 Capstone Course

in Security

TEL-2825 Infrs. Protection

IS-2771Security in E-Commerce

IS-2810/TEL-2813Security

Management

TEL-2829Adv. Cryptography

OR

Other Electives

TEL-2825 Infrs. Protection

IS-2771Security in E-Commerce

IS-2810/TEL-2813Security

Management

TEL-2829Adv. Cryptography

OR

Other Electives

18

Education @PittCertificate of Advanced Studies

Basic IA Studies Advanced IA Studies

Pre-requisite: MSIS, MST or MS in related areas

15 credits of coursework: • Three SAIS Core courses (9)• Systems & Technology course (3)• Capstone (3)

24 credits of coursework: • Three SAIS Core courses (9)• Security management (3) • One IA Elective (3)• 2 Systems-Tech electives (6)• Capstone (3)

Certificates: CNSS 4011, 4012, and 4013

Certificates: CNSS 4011, 4012, 4013, 4014A, and 4015

19

IS-2150TEL-2810

Intro to Security

IS-2150TEL-2810

Intro to Security

IS-2160TEL-2820

Cryptography

IS-2160TEL-2820

Cryptography

TEL-2821Network Security

TEL-2821Network Security

TEL-2825Infrs. Protection

TEL-2825Infrs. Protection

TEL-2829Adv. Cryptography

TEL-2829Adv. Cryptography

IS-2939TEL-2938

Advanced Topics

IS-2939TEL-2938

Advanced Topics

IS-2570Dev. Secure

Systems

IS-2570Dev. Secure

Systems

IS-2820/TEL-2813Security

Management

IS-2820/TEL-2813Security

Management

TEL-2830/IS2190Capstone

TEL-2830/IS2190Capstone

IS-2771E-commerce

Security

IS-2771E-commerce

Security

TEL-2000TEL-2120

TEL-2000TEL-2120

IS-2510IS-2511IS-2550IS-2710

IS-2510IS-2511IS-2550IS-2710

Expected Pre-requisite StructureExpected Pre-requisite Structure

Check SIS web Check SIS web pages for new pages for new

course numberscourse numbers

Check SIS web Check SIS web pages for new pages for new

course numberscourse numbers

20

SAMPLE

The Department of Information Science and Telecommunication’sLaboratory of Education and Research on Security Assured Information Systems

(LERSAIS),a National Center of Academic Excellence in Information Assurance Education (2004-

2007),hereby certifies that

Mr. John Smithhas successfully completed the requirements for the DIST’s IA certification in Fall 2004

The DIST’s IA certification requires a student to demonstrate competence in the following three IA courses

TELCOM 2810 Introduction to Computer Security;TELCOM 2820 Cryptography

TELCOM 2821 Network Security

These three courses have been certified by the National Security Agency (NSA) as meeting the following IA education standards set by the Committee on National Systems Security

(CNSS)NSTISSI No. 4011, Information Systems Security Professionals

NSTISSI No. 4012, Designated Approving Authority  NSTISSI No. 4013, System Administrators in Information Systems Security

Ronald Larsen(Dean, School of Information Sciences)

21

Introduction to Security

Overview of Computer Security

22

Information Systems Security Deals with

Security of (end) systems Examples: Operating system, files in a host,

records, databases, accounting information, logs, etc.

Security of information in transit over a network Examples: e-commerce transactions, online

banking, confidential e-mails, file transfers, record transfers, authorization messages, etc.

“Using encryption on the internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench” –

Gene Spafford

23

Basic Components of Security Confidentiality

Keeping data and resources secret or hidden Integrity

Ensuring authorized modifications; Includes correctness and trustworthiness May refer to

Data integrity Origin integrity

Availability Ensuring authorized access to data and resources

when desired

Trust Management(Emerging Challenge)

Trust Management(Emerging Challenge)

CIACIA

24

CIA-based Model

NSTISSC 4011 Security Model (CNSS 4011)

25

Basic Components of Security Additional from NIST (National Institute

of Standards and Technology Accountability

Ensuring that an entity’s action is traceable uniquely to that entity

[Security] assurance Assurance that all four objectives are met

Other Non-repudiation:

false denial of an act

26

Interdependencies

confidentialityconfidentiality

IntegrityIntegrity

integrityintegrity

confidentialityconfidentiality

availabilityavailability

IntegrityIntegrity confidentialityconfidentiality

accountabilityaccountability

IntegrityIntegrity confidentialityconfidentiality

27

Security - Years back

Physical security Information was primarily on paper Lock and key Safe transmission

Administrative security Control access to materials Personnel screening Auditing

28

Information security today Emergence of the Internet and distributed

systems Increasing system complexity Open environment with previously unknown

entities interacting Digital information needs to be kept

secure Competitive advantage Protection of assets Liability and responsibility

29

Information security today Financial losses

The FBI estimates that an insider attack results in an average loss of $2.8 million

There are reports that the annual financial loss due to information security breaches is between 5 and 45 billion dollars

National defense Protection of critical infrastructures:

Power Grid; Air transportation; SCADA Interlinked government agencies

Bad Grade for most of the agencies (GAO Reports) DHS gets a failing grade (2005) !!

30

Terminology

SecurityFeatures

orServices

SecurityFeatures

orServices

Attackers/Intruders/Malfeasors

Security Architecture

ResourcesAssetsInformation

RequirementsPolicies

RequirementsPolicies

RequirementsPolicies

RequirementsPolicies

SecurityModels/

Mechanisms

SecurityModels/

Mechanisms

31

Attack Vs Threat A threat is a “potential” violation of

security The violation need not actually occur The fact that the violation might occur

makes it a threat It is important to guard against threats and

be prepared for the actual violation The actual violation of security is called

an attack

32

Common security attacks Interruption, delay, denial of receipt or denial of service

System assets or information become unavailable or are rendered unavailable

Interception or snooping Unauthorized party gains access to information by

browsing through files or reading communications Modification or alteration

Unauthorized party changes information in transit or information stored for subsequent access

Fabrication, masquerade, or spoofing Spurious information is inserted into the system or

network by making it appear as if it is from a legitimate entity

Repudiation of origin False denial that an entity did (send/create) something

33

Classes of Threats (Shirley) Disclosure: unauthorized access to information

Snooping Deception: acceptance of false data

Modification, masquerading/spoofing, repudiation of origin, denial of receipt

Disruption: interruption/prevention of correct operation

Modification Usurpation: unauthorized control of a system

component Modification, masquerading/spoofing, delay, denial

of service

34

Policies and Mechanisms A security policy states what is, and is

not, allowed This defines “security” for the

site/system/etc. Policy definition: Informal? Formal?

Mechanisms enforce policies Composition of policies

If policies conflict, discrepancies may create security vulnerabilities

35

Goals of Security Prevention

To prevent someone from violating a security policy Detection

To detect activities in violation of a security policy Verify the efficacy of the prevention mechanism

Recovery Stop policy violations (attacks) Assess and repair damage Ensure availability in presence of an ongoing attack Fix vulnerabilities for preventing future attack Retaliation against the attacker

36

Assumptions and Trust Policies and mechanisms have implicit

assumptions Assumptions regarding policies

Unambiguously partition system states into “secure” and “nonsecure” states

Correctly capture security requirements Mechanisms

Assumed to enforce policy; i.e., ensure that the system does not enter “nonsecure” state

Support mechanisms work correctly

37

Types of Mechanisms Let P be the set of all the reachable states Let Q be a set of secure states identified

by a policy: Q P Let the set of states that an enforcement

mechanism restricts a system to be R The enforcement mechanism is

Secure if R Q Precise if R = Q Broad if there are some states in R that are

not in Q

38

Types of Mechanisms

secure precise

broad

set R set Q (secure states)

39

Information Assurance Information Assurance Advisory Council (IAAC):

“Operations undertaken to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation”

National Institute of Standards Technology“Assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes”

40

Assurance Assurance is to indicate “how much” to trust a system and is

achieved by ensuring that The required functionality is present and correctly implemented There is sufficient protection against unintentional errors There is sufficient resistance to intentional penetration or by-

pass Basis for determining this aspect of trust

Specification Requirements analysis Statement of desired functionality

Design Translate specification into components that satisfy the specification

Implementation Programs/systems that satisfy a design

41

Operational Issues Designing secure systems has operational

issues Cost-Benefit Analysis

Benefits vs. total cost Is it cheaper to prevent or recover?

Risk Analysis Should we protect something? How much should we protect this thing? Risk depends on environment and change with time

Laws and Customs Are desired security measures illegal? Will people do them? Affects availability and use of technology

42

Human Issues

Organizational Problems Power and responsibility Financial benefits

People problems Outsiders and insiders

Which do you think is the real threat? Social engineering

43

Tying all together: The Life Cycle

Operation & Maintenance

Implementation

Design

Specification

Policy

ThreatsHuman factor