it security: general trends and research directions

Download IT Security: General Trends and Research Directions

Post on 14-Jan-2016

37 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

IT Security: General Trends and Research Directions. Sherif El-Kassas Department of Computer Science The American University in Cairo. Outline. Practical considerations Academic and research perspective National perspective. Practical considerations. - PowerPoint PPT Presentation

TRANSCRIPT

  • IT Security: General Trends and Research DirectionsSherif El-KassasDepartment of Computer ScienceThe American University in Cairo

  • Outline

    Practical considerations

    Academic and research perspective

    National perspective

  • Practical considerationsTypes of attacks on the IT infrastructure

    TechnicalPhysicalSocial

  • Technical Attacks~ 80% Considered the easiest to defend against (easiest doesn't mean easy)The remaining ~ 20% are difficult!Examples include forms of technical hacking, automated attacks, Malicious software, etc.

  • Typical attackIncident and Vulnerability Trends,http://www.cert.org/present/cert-overview-trends/

  • Automated attacks viaWorms, Trojans, & Viruses

  • The Slammer worm!The fastest mass attack in historyIt doubled in size each 8.5 secondsIt infected 90% of vulnerable systems in 10 minutes!

  • Slammer after a few minutesD. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003

  • Geographic DistributionD. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003

  • Flash Worms[] infecting 95% of hosts in 510ms, and 99% in 1.2s.Staniford and others, The Top Speed of Flash Worms, www.caida.org/outreach/papers/2004/topspeedworms/

  • Google wormsinurl:id= filetype:asp site:gov 572,000 resultsThe Hacking Evolution: New Trends in Exploits and Vulnerabilities, www.sans.org

  • Physical AttacksCombine physical and technical intrusionsHigh risk for attacker, but may provide quicker access to sensitive resourcesExamples include: trashing, hardware loggers, etc.

  • http://keystroke-loggers.staticusers.net/http://www.keyghost.com/http://www.amecisco.com/hkstandalone.htmhttp://www.littlepc.com/products_wireless.htm

  • Social & Semantic AttacksRely on attacking the users of the systems, using social engineering, and possibly assisted with technical toolsReported to be the most effective and low risk (from the attackers point of view)Examples include fake web sites, phishing, ..etc.

  • Phishing & Semantic Attacks

  • Please update your billing information by clicking []:

    https://billing.ebay.com/

  • http://avirubin.com/passport.html

  • TechnologiesandTools

  • What are we doing about the threat!Perspective to security:

    Prevention

  • What are we doing about the threat!Perspective to security:

    Security = Prevention + Detection + Response

  • What are we doing about the threat!Layered view of information security

    NetworkSystemApplicationsData & Information

  • Products are Necessary, but not Sufficient!

  • Security is a Process

  • A Security Process

  • Security Quality Standards

  • ISO17799 / BS 7799Business Continuity PlanningSystem Access ControlSystem Development and MaintenancePhysical and Environmental SecurityCompliancePersonnel SecuritySecurity OrganizationComputer & Network ManagementAsset Classification and ControlSecurity Policy

  • Common Criteria for Information Technology Security EvaluationRooted in the Orange book or the DoD Trusted Computer System Evaluation CriteriaISO 15408http://csrc.nist.gov/cc/

  • Academic & research perspective:

    Future Directions and Issues

  • www.cra.org/Activities/grand.challenges/security/home.html

  • www.cra.org/Activities/grand.challenges/security/home.html

  • National Perspective

  • T R U S T

  • Ken Thompson: on Trusting TrustThe moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) []A well installed microcode bug will be almost impossible to detect.www.acm.org/classics/sep95/

  • http://www.iwm.org.uk/online/enigma/eni-intro.htm

  • Research and Development

  • CryptologyCryptographyTheoretical research: number theory, algebraic geometry, complexity theory, graph theory, etc.Research for the development of new (or bespoke) cryptographic algorithms and protocolsCryptanalysistools research (e.g., grid computing)

  • Security Policy ModelsFundamentals of security models (e.g., Multi level vs. multi lateral security)National (possibly government) security policy modelsEvaluating and auditing methodologies for national and established models (e.g., ISO 17799, and CC / ISO 15408)

  • Computing modelsFailure resistant systemsDigital immune systems (and anti virus systems)http://www.research.ibm.com/antivirus/http://www.ibm.com/autonomicAI and NN applications

  • Security management and system development issuesIncremental and Agile development methods (Iterative, XP)Threat modeling and risk analysis (threat trees, ..etc.)Good opportunity for interdisciplinary research with economicsApplications and use of formal methods in security (BAN logic, B, Z, ..etc.)

  • Hardware and physical security related issuesEngineering embedded hardware security devices (e.g., ARM processor core like systems)Tamper resistant/evident systemsEmission and tempest securityResisting High-power microwave

  • Firewalls and network isolationDistributed firewall systemsThe use of agent technologiesApplication level firewalls for Web services and similar technologiesFirewalls to face challenges paused by new technologies: IP telephony, wireless networks, etc.

  • Intrusion Detection and PreventionHigh performance IDS systemsApplications of NNs, GAs, and other AI techniquesApplications of data miningStatistical modeling and correlation

  • Authentication and access controlBiometrics

    Smartcards

    Other systems (secure hardware!)

  • Application securityEducationIDS/IPS for applicationsLibraries and design patternsMore..

  • Research aimed at better understanding attack technologies and trends National Honynet like projectLarge scale data collection and statistical trend analysis researchVulnerability research

  • Other issuesComputer ForensicsTelecommunications securitySystems, Metering, Signaling, SwitchingMobile phone security (cloning, GSM security, etc.)Secure hardwarePKI & PMILegal issues

  • ConclusionsSecurity is a wide and challenging fieldDevelopers:Look for shiftsThe phone is the computerThe application is the security problemWeb services and virtual computingThink servicesResearches:Risk modelingFundamental issuesDont be swayed by fadsGovernment:Adopt standards and security processDiversifyThink in terms of threat pyramidsManage trustEncourage R&D

  • Questions?Links:sherif@aucegypt.eduwww.cs.aucegypt.edu/~skassas/ict-asrt/www.cert.orgwww.sans.org

    IEEE16th IEEE Computer Security Foundations Workshop (CSFW'03)19th Annual Computer Security Applications ConferenceFoundations of Intrusion Tolerant Systems (OASIS'03)2003 IEEE Symposium on Security and Privacyhttp://csdl.computer.org/

    ACMConference on Computer and Communications SecurityNew Security Paradigms WorkshopWireless SecurityWorkshop On Xml Securityhttp://portal.acm.org/

    Recent Advances in Intrusion Detectionhttp://www.raid-symposium.org/

Recommended

View more >