Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene...
-
Upload
chester-maxwell -
Category
Documents
-
view
212 -
download
0
Transcript of Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene...
Class 1Background, Tools, and Trust
CIS 755: Advanced Computer SecuritySpring 2015
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S15/
This class
http://www.cis.ksu.edu/~eyv/CIS755_S15/
•Will discuss historical and modern work in security focusing on advanced concepts
Coursework consists of:1.Reading from “Cryptography Engineering,” “Security Engineering,” and papers2.Class discussions3.Quizzes, mid-terms, and a final exam
Administrative stuff
• Me: eyv@ksu–Office: 316A Nichols
• Readings, quizzes, etc. on schedule page• Watch for quiz announcements• Periodically check main page for news and
schedule page for changes and slideshttp://www.cis.ksu.edu/~eyv/CIS755_S15/
Administrative stuff II
• Office hours: –Monday 3 – 4:30 PM– Thursday 2:30 – 4 PM –Or by appointment– In 316A Nichols or by teleconference
• Be sure to do the reading!!• How was the reading?
Things to remember
• I can be wrong; papers can be wrong; anyone can be wrong!
• This class is experimental – if the workload is too heavy, if you’re not learning, if you are bored, let me know!
• Please contact me for any reason – email, stop by my office, or make an appointment
• If you don’t understand something, ask!
More things to remember
• Secure hardware: FAIL!• Mobile software agents: FAIL!• Loss of security is a one-way trip*
* Some exceptions apply
–e.g. confidentiality, integrity (sometimes)
• Attacks only get better• Security should be considered in design• There is such a thing as too much security
Reading papers
• Read critically–Pretend you know it’s broken and let the writer
convince you otherwise (or not!)
• Think like an adversary• Are there implicit assumptions?• Are the explicit assumptions reasonable?• Some resources are online–(website external resources )
Me being selfish
Any questions about my research?(Just what is it that I do around here? :)
Security basics
• “What is being secured?”–And security goal/property
• “Secure against what?”– Threat/attacker model, players and resources
• Kerckhoffs’ principle–Roughly, the only thing secret about a security
system should be the secret key• Shannon’s maxim– “The enemy knows the system”
Safety vs. security
• Think like an adversary!• Random → malicious faults• Engineering for security:
“What’s the worst that can happen?”Assume it will…
• Always, always, ALWAYS state your assumptions!
Security: fundamental differences
• Real world: physical, intuitive–Risk assessment• People are not even good at this in the real world!
– Trusted vs. trustworthy– Forensics, physical evidence• Forgery
– Fail “evident,” e.g. theft– Scale of failures
Building secure systems
• Players– Incentives and resources
• Adversary model– Logical or illogical: cost vs. payoff
• Levels of assurance• Proactive vs. reactive enforcement– Fail-closed/secure or fail-open/insecure?–Method of returning to secure states
What does “secure” mean?
• Secrecy/Confidentiality• Authenticity• Integrity• Privacy/Anonymity–Pseudonymity–Unlinkability–Deniability
• Accountability
Always state your
assumptions!
More basics
• Trusted vs. trustworthy– e.g. the recent SSL Certificate Authority fiasco
• Risk, hazard, vulnerability–Adversary, ROI, scale
• Assurance levels– “Rainbow” book series, Common Criteria
• Method of returning to secure states• Fail-closed/secure or fail-open/insecure?
Attack success variants
• Derive/recover secret key– Total break
• Forge signature/tag on any message–Universal break
• Forge for some chosen messages– Selective break
• Forge for some (garbled?) message– Existential break
xkcd.com
Security mechanisms (incomplete list)
• Access control• Authentication• Separation of roles• Logging• Trusted components in the hands of
trustworthy parties
Questions?