chapter 1. introduction to information...
TRANSCRIPT
Seong-je Cho
Spring 2018
Computer Security & Operating Systems Lab, DKU
Introduction to Software Security
Chapter 1.
Introduction to Information Security
- 2 -
References
Textbook
N. Vlajic, CSE 3482: Introduction to Computer Security, Yorku
Please do not duplicate and distribute
Computer Security & OS Lab, DKU
- 3 -
Contents
The cast of characters
Alice’s online Bank
Type of Security Threats
C.I.A of Information Security
Confidentiality
Integrity
Availability
Extended CIA Framework
Main components of a security threat
About the textbook
Computer Security & OS Lab, DKU
- 4 -
The Cast of Characters
Computer Security & OS Lab, DKU
Alice and Bob are the good guys
Trudy is the bad guy
Trudy is our generic “intruder”
- 5 -
Alice’s Online Bank (AOB)
Alice opens Alice’s Online Bank (AOB)
What are Alice’s security concerns?
What type of security threats are there?
If Bob is a customer of AOB, what are his security concerns?
How are Alice and Bob concerns similar? How are they different?
How does Trudy view the situation?
Computer Security & OS Lab, DKU
- 6 -
Type of Threats (Security Attacks)
Trudy tries to know Bob’s account number/balance, PIN, …
Trudy tries to withdraw money from Bob’s account
Trudy tries to change Bob’s account balance
Trudy tries to improperly change his own account balance if he opens a savings account
There may be too many transactions to provide normal services
Computer Security & OS Lab, DKU
- 7 -
Type of Threats (Security Attacks)
Interruption: asset is lost or unavailable, DoS attacks
Interception: unauthorized access, wiretapping, illegal copying
Modification: changes/alteration into DB/program file
Fabrication: insert spurious transaction, illegally add entry to passwd file or DB
Computer Security & OS Lab, DKU
- 8 -
Key Security Properties : C.I.A.
Confidentiality
AOB must prevent Trudy from learning Bob’s account balance
Confidentiality: prevent unauthorized reading of information
Integrity
Trudy must not be able to change Bob’s account balance
Bob must not be able to improperly change his own account balance
Integrity: prevent unauthorized writing of information
Availability AOB’s information must be available when needed
Alice must be able to make transaction If not, Bob’ll take his business elsewhere
Availability: Data is available in a timely manner when needed
Availability is a “new” security concern In response to denial of service (DoS)
Computer Security & OS Lab, DKU
- 9 -
Key Security Properties (Security Goals)
C.I.A. Triangle – 3 key characteristics of information that must be protected by information security:
Confidentiality (Secrecy) - only authorized parties can view private information
Integrity - information is changed only in a specified and authorized manner (by authorized users)
Availability - information is accessible to authorized users whenever needed
Computer Security & OS Lab, DKU
An information systems is secure if it supports C.I.A.
- 10 -
Beyond CIA
CIA are only beginning of the Info Sec.
Case 1: when Bob logs on his computer
How does Bob’s computer know that “Bob” is really Bob and not Trudy?
Bob’s password must be verified
This requires some clever cryptography
What are security concerns of pwds?
Are there alternatives to passwords?
Case2: when Bob logs into AOB
how does AOB know that “Bob” is really Bob?
As before, Bob’s password is verified
Unlike standalone computer case, network security issues arise
What are network security concerns?
Protocols are critically important
Crypto also important in protocols
Computer Security & OS Lab, DKU
- 11 -
Beyond CIA
Once Bob is authenticated by AOB, then AOB must restrict actions of Bob
Bob can’t view Charlie’s account info
Bob can’t install new software, etc.
Enforcing these restrictions is known as authorization
Access control includes both authentication and authorization
Cryptography, protocols, and access control are implemented in software
What are security issues of software?
Most software is complex and buggy
Software flaws lead to security flaws
How to reduce flaws in software development?
Computer Security & OS Lab, DKU
- 12 -
Beyond CIA
Some software is intentionally evil
Malware: computer viruses, worms, etc.
How do the malwares work?
What can Alice and Bob do to protect themselves from malware?
What can Trudy do to make malware more “effective”?
Operating systems enforce security
For example, authorization
OS: large and complex software
Win XP has 40,000,000 lines of code!
Subject to bugs and flaws like any other software
Many security issues specific to OSs
Can you trust an OS?
Computer Security & OS Lab, DKU
- 13 -
Extended C.I.A. Triangle
some security experts feel that additional concept need to be added to the CIA triad:
Authentication - being able to verify that users are who they claim to be, and that each data input has come from a trusted source
User or data origin accurately identifiable
Accountability - being able to trace actions of an entity uniquely to that entity
Actions are traceable to those responsible
Computer Security & OS Lab, DKU
- 14 -
Extended CIA Framework
Computer Security & OS Lab, DKU
• The Pillars of Information Security
• Futuristic Approach to Ensuring Data Security in Clouds
- 16 -
Example: DATA CONFIDENTIALITY
Student grade – an information asset of high importance for student.
In US, release of such information is regulated by Family Educational Rights and Privacy Act(FERPA).
Grade information should only be available to students, their parents and employees that require this information to do their job.
In Canada, the same issue is regulated by Personal Information Protection and Electronic Documents Act (PIPEDA).
Computer Security & OS Lab, DKU
- 17 -
Example: How to ensure data confidentiality?
cryptography
strong access control
Never access, No read, No view
limiting number of places where data can appear
(e.g., cannot be stored on an USB)
Computer Security & OS Lab, DKU
- 18 -
Example: DATA Integrity
Patient information in a hospital – the doctor should be able to trust that the information is correct and current.
Inaccurate info could result in serious harm to the patient end expose the hospital to massive liability.
In US, Health Insurance Portability and Accountability Act (HIPAA) regulates the collection, storage, and transmission of sensitive personal health care information.
Hospital is responsible for safeguarding patient information against error, loss, defacing, tampering and unauthorized use.
(Ontario’s Personal Health Information Protection Act -PHIPA)
Computer Security & OS Lab, DKU
- 19 -
Example: How to ensure data integrity?
strong access control - prevents attacks on data integrity
Cryptographic hashing
Detects attacks
on data integrity
documenting system activity - who did what and when
detects attacks on data integrity
Computer Security & OS Lab, DKU
- 20 -
Example: DATA Availability
Accessible and properly functioning web site – a key asset for an e-commerce company.
E.g., a DDoS attack could make the site
unavailable and cause significant loss
in revenue and reputation.
In US, Computer Fraud and Abuse Act (CFAA) applies to DoS-related attacks.
In Canada, DoS activities are regulated under Criminal Code of Canada, Section 342: Unauthorized Use of Computer
Computer Security & OS Lab, DKU
- 21 -
Example: How to ensure data availability?
anti-DDoS system (in case of attack that attempt to prevent access by blocking the bandwidth/server):
e.g., content distribution networks, scrubbing centers
Computer Security & OS Lab, DKU
well established backup procedure (in case of attacks that attempt to prevent access by destroying data)
- 22 -
Example: CIA of different IT components
Computer Security & OS Lab, DKU
Computer and Network Assets, with Examples of Threats.
- 24 -
Microsoft STRIDE model
Computer Security & OS Lab, DKU
Threat Definition Example
Spoofing An attacker tries to be something or someone he/she isn’t
Phising attack to fool user into sending credentials to fake site
Tampering An attacker attempts to modify data that’s exchanged between your application and a legitimate user
Message integrity compromised to change parameters or values
Repudiation An attacker or actor can perform an action with your application that is not attributable
Illegitimately claiming a transaction was not completed
Information disclosure
An attacker can read the private data that your application is transmitting or storing
Unencrypted message sniffed off the network
Denial of Service
An attacker can prevent your legitimate users from accessing your application or service
System flooded by requests until web server fails
Elevation of Privilege
An attacker is able to gain elevated access rights through unauthorized means
Attacker changes group membership. Rooting
- 25 -
Security Threat
any action/inaction that could cause disclosure, alteration, loss, damage or unavailability of a company’s/individual’s assets
Three main components of a security threat:
Target [asset with vulnerability]: organization’s asset that might be attacked
information(its confidentiality, integrity, availability), software, hardware, network service,
system resource, etc.
Agent [may or may not be present]: people/organizations originating the threat –intentional or non-intentional
employees, ex-employees, hackers, commercial rivals, terrorists, …
Event: action that exploits target’s vulnerability
malicious/ accidental destruction or alteration of information, misuse of authorized
information, etc.
Computer Security & OS Lab, DKU
- 27 -
Examples of Threats
Threat without Agent
Asset with vulnerability: Data on a server, Not backuped!
Event: Flood or fire in the server room
Outsider vs. insider, deliberate vs. accidental
Asset with vulnerability
Agent: outsider or insider
Example of insider agent: SysAdmin has added a new software to the system and has
forgotten to change the password
Event: deliberate or accidental
Attack
Asset with vulnerability
Event: deliberate
Agent executed threat event deliberately Attack
Computer Security & OS Lab, DKU
- 29 -
Threat Events: Intentional Attacks
Passive Attack – attempts to learn or make use of info. from the system but does not affect system resources
compromises Confidentiality
generally hard to detect !!!
examples: release of message content and traffic sniffing
Active Attack – attempts to alter system resources or affect their operation
compromises Integrity or Availability
examples: masquerade, data modification and DoS
Computer Security & OS Lab, DKU
- 30 -
Threat Events: Software Attacks
Deliberate Software Attacks
a deliberate action aimed to violate / compromise a system’s security through the use of specialized software
types of attacks:
a) Use of Malware
b) Password Cracking
c) DoS and DDoS
d) Spoofing
e) Sniffing
f) Man-in-the-Middle
g) Phishing
h) Pharming
Computer Security & OS Lab, DKU
- 32 -
Security Life Cycle
first defining a security policy
then choosing some mechanism to enforce the policy
finally providing assurance that both the mechanism and the policy are sound
Spec/policy: What the sys supposed to do?
Impl/mechanism: How does it do it?
Correctness/assurance: Does it really work?
Human nature: Can the sys survive “clever” user?
The focus of the text book
Implementation/mechanism
Why?
Computer Security & OS Lab, DKU
- 33 -
10 Steps to Cyber Security
Computer Security & OS Lab, DKU
If 10 large steps are too complex for small organizations, …
- 34 -
Cyber Security Essentials
It requires …
Five Mandatory Controls:
Computer Security & OS Lab, DKU
The text consists of four major parts• Cryptography
• Access control
• Protocols
• Software
Computer Security & OS Lab, DKU
- 36 -
Cryptography & Access Control
Cryptography
Classic cryptography
Symmetric ciphers
Public key cryptography
Hash functions
Advanced cryptanalysis
Access Control
Authentication
Passwords
Biometrics and other
Authorization
Access Control Lists and Capabilities
Multilevel security (MLS), security modeling, covert channel, inference control
Firewalls and Intrusion Detection Systems
Computer Security & OS Lab, DKU
- 37 -
Protocols
Simple authentication protocols
“Butterfly effect” small change can have drastic effect on security
Cryptography used in protocols
Real-world security protocols
SSL
IPSec
Kerberos
GSM security
Computer Security & OS Lab, DKU
- 38 -
Software
Software security-critical flaws
Buffer overflow
Other common flaws
Incomplete Mediation
Race Conditions
Malware
Specific viruses and worms
Prevention and detection
The future of malware
Software reverse engineering (SRE) How hackers “dissect” software
Digital rights management (DRM) Shows difficulty of security in software
Also raises OS security issues
Limits of testing Open source vs closed source
Computer Security & OS Lab, DKU
- 39 -
Software
Operating systems Basic OS security issues
“Trusted” OS requirements
NGSCB(“n-scub): Microsoft’s trusted OS for PC Next Generation Secure Computing Base
Software is a big security topic Lots of material to cover
Lots of security problems to consider
Computer Security & OS Lab, DKU
- 40 -
Think Like Trudy
In the past, no respectable sources talked about “hacking” in detail
It was argued that such info would help hackers
Very recently, this has changed
Books on network hacking, how to write evil software, how to hack software, etc.
Good guys must think like bad guys!
A police detective
Must study and understand criminals
In information security
We want to understand Trudy’s motives
We must know Trudy’s methods
We’ll often pretend to be Trudy
Computer Security & OS Lab, DKU
- 41 -
Think Like Trudy
Is all of this security information a good idea?
“It’s about time somebody wrote a book to teach the good guys what the bad guys already know.” Bruce Schneier
We must try to think like Trudy
We must study Trudy’s methods
We can admire Trudy’s cleverness
Often, we can’t help but laugh at Alice and Bob’s stupidity
But, we cannot act like Trudy
Computer Security & OS Lab, DKU
- 42 -
In This Course…
Always think like the bad guy
Always look for weaknesses
Strive to find a weak link
It’s OK to break the rules
Think like Trudy!
But don’t do anything illegal…
Computer Security & OS Lab, DKU