it security: general trends and research directions
Post on 14-Jan-2016
Embed Size (px)
DESCRIPTIONIT Security: General Trends and Research Directions. Sherif El-Kassas Department of Computer Science The American University in Cairo. Outline. Practical considerations Academic and research perspective National perspective. Practical considerations. - PowerPoint PPT Presentation
IT Security: General Trends and Research DirectionsSherif El-KassasDepartment of Computer ScienceThe American University in Cairo
Academic and research perspective
Practical considerationsTypes of attacks on the IT infrastructure
Technical Attacks~ 80% Considered the easiest to defend against (easiest doesn't mean easy)The remaining ~ 20% are difficult!Examples include forms of technical hacking, automated attacks, Malicious software, etc.
Typical attackIncident and Vulnerability Trends,http://www.cert.org/present/cert-overview-trends/
Automated attacks viaWorms, Trojans, & Viruses
The Slammer worm!The fastest mass attack in historyIt doubled in size each 8.5 secondsIt infected 90% of vulnerable systems in 10 minutes!
Slammer after a few minutesD. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
Geographic DistributionD. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
Flash Worms infecting 95% of hosts in 510ms, and 99% in 1.2s.Staniford and others, The Top Speed of Flash Worms, www.caida.org/outreach/papers/2004/topspeedworms/
Google wormsinurl:id= filetype:asp site:gov 572,000 resultsThe Hacking Evolution: New Trends in Exploits and Vulnerabilities, www.sans.org
Physical AttacksCombine physical and technical intrusionsHigh risk for attacker, but may provide quicker access to sensitive resourcesExamples include: trashing, hardware loggers, etc.
Social & Semantic AttacksRely on attacking the users of the systems, using social engineering, and possibly assisted with technical toolsReported to be the most effective and low risk (from the attackers point of view)Examples include fake web sites, phishing, ..etc.
Phishing & Semantic Attacks
Please update your billing information by clicking :
What are we doing about the threat!Perspective to security:
What are we doing about the threat!Perspective to security:
Security = Prevention + Detection + Response
What are we doing about the threat!Layered view of information security
NetworkSystemApplicationsData & Information
Products are Necessary, but not Sufficient!
Security is a Process
A Security Process
Security Quality Standards
ISO17799 / BS 7799Business Continuity PlanningSystem Access ControlSystem Development and MaintenancePhysical and Environmental SecurityCompliancePersonnel SecuritySecurity OrganizationComputer & Network ManagementAsset Classification and ControlSecurity Policy
Common Criteria for Information Technology Security EvaluationRooted in the Orange book or the DoD Trusted Computer System Evaluation CriteriaISO 15408http://csrc.nist.gov/cc/
Academic & research perspective:
Future Directions and Issues
T R U S T
Ken Thompson: on Trusting TrustThe moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) A well installed microcode bug will be almost impossible to detect.www.acm.org/classics/sep95/
Research and Development
CryptologyCryptographyTheoretical research: number theory, algebraic geometry, complexity theory, graph theory, etc.Research for the development of new (or bespoke) cryptographic algorithms and protocolsCryptanalysistools research (e.g., grid computing)
Security Policy ModelsFundamentals of security models (e.g., Multi level vs. multi lateral security)National (possibly government) security policy modelsEvaluating and auditing methodologies for national and established models (e.g., ISO 17799, and CC / ISO 15408)
Computing modelsFailure resistant systemsDigital immune systems (and anti virus systems)http://www.research.ibm.com/antivirus/http://www.ibm.com/autonomicAI and NN applications
Security management and system development issuesIncremental and Agile development methods (Iterative, XP)Threat modeling and risk analysis (threat trees, ..etc.)Good opportunity for interdisciplinary research with economicsApplications and use of formal methods in security (BAN logic, B, Z, ..etc.)
Hardware and physical security related issuesEngineering embedded hardware security devices (e.g., ARM processor core like systems)Tamper resistant/evident systemsEmission and tempest securityResisting High-power microwave
Firewalls and network isolationDistributed firewall systemsThe use of agent technologiesApplication level firewalls for Web services and similar technologiesFirewalls to face challenges paused by new technologies: IP telephony, wireless networks, etc.
Intrusion Detection and PreventionHigh performance IDS systemsApplications of NNs, GAs, and other AI techniquesApplications of data miningStatistical modeling and correlation
Authentication and access controlBiometrics
Other systems (secure hardware!)
Application securityEducationIDS/IPS for applicationsLibraries and design patternsMore..
Research aimed at better understanding attack technologies and trends National Honynet like projectLarge scale data collection and statistical trend analysis researchVulnerability research
Other issuesComputer ForensicsTelecommunications securitySystems, Metering, Signaling, SwitchingMobile phone security (cloning, GSM security, etc.)Secure hardwarePKI & PMILegal issues
ConclusionsSecurity is a wide and challenging fieldDevelopers:Look for shiftsThe phone is the computerThe application is the security problemWeb services and virtual computingThink servicesResearches:Risk modelingFundamental issuesDont be swayed by fadsGovernment:Adopt standards and security processDiversifyThink in terms of threat pyramidsManage trustEncourage R&D
IEEE16th IEEE Computer Security Foundations Workshop (CSFW'03)19th Annual Computer Security Applications ConferenceFoundations of Intrusion Tolerant Systems (OASIS'03)2003 IEEE Symposium on Security and Privacyhttp://csdl.computer.org/
ACMConference on Computer and Communications SecurityNew Security Paradigms WorkshopWireless SecurityWorkshop On Xml Securityhttp://portal.acm.org/
Recent Advances in Intrusion Detectionhttp://www.raid-symposium.org/