Cse497b Lecture 2 Overview
Transcript of Cse497b Lecture 2 Overview
-
8/12/2019 Cse497b Lecture 2 Overview
1/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Lecture 2 - Security Overview
CSE497b - Spring 2007
Introduction Computer and Network SecurityProfessor Jaeger
www.cse.psu.edu/~tjaeger/cse497b-s07
-
8/12/2019 Cse497b Lecture 2 Overview
2/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Readings
Books
Perlman et al Gollmann
Both are listed on calendar
Readings
Please check the calendar for the class readings
Today
Gollmann Chs. 1 and 2
Next, Perlman Ch. 10, Gollmann Ch. 3
2
-
8/12/2019 Cse497b Lecture 2 Overview
3/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
What is security?
the property that a system behaves as expected
G. Spafford and many others ....
Note that this does not say what a system should or
should not do.
Implication -- there is no universal definition or test forsecurity (why?)
Apply this definition to the ATM
How do you think an ATM should behave?
What should it do? What should it not do?
We talk about expectations often in terms of
confidentiality, integrity, and availability.3
-
8/12/2019 Cse497b Lecture 2 Overview
4/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Risk
At-riskvalued resources that can be misused
Monetary
Data (loss or integrity)
Time
Confidence
Trust
What does being misused mean?
Confidentiality (privacy or communication)
Integrity (personal or communication)
Availability (existential or fidelity)
Q: What is at stake in yourlife?
4
-
8/12/2019 Cse497b Lecture 2 Overview
5/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Adversary
An adversaryis any entity trying to
circumvent the security infrastructure The curious and otherwise generally clueless (e.g., script-kiddies)
Casual attackers seeking to understand systems
Venal people with an ax to grind
Malicious groups of largely sophisticated users (e.g,chaos clubs)
Competitors (industrial espionage)
Governments (seeking to monitor activities)
5
-
8/12/2019 Cse497b Lecture 2 Overview
6/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Threats
A threatis a specific means by which a risk can berealized by an adversary Context specific (a fact of the environment)
An attack vectoris a specific threat (e.g., key logger)
A threat modelis a collection of threats that deemed
important for a particular environment E.g., should be addressed
A set of security requirements for a system
Q: What were (unaddressed) risks/threats in theintroductory examples? SQL Slammer
Yale/Princeton
6
-
8/12/2019 Cse497b Lecture 2 Overview
7/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Vulnerabilities (attack vectors)
A vulnerabilityis a systematic artifact that exposes
the user, data, or system to a threat E.g., buffer-overflow, WEP key leakage
What is the source of a vulnerability?
Bad software (or hardware)
Bad design, requirements
Bad policy/configuration
System Misuse
unintended purpose or environment
E.g., student IDs for liquor store
7
-
8/12/2019 Cse497b Lecture 2 Overview
8/19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Are users adversaries?
Have you ever tried to circumvent the security of a
system you were authorized to access? Have you ever violated a security policy (knowingly
or through carelessness)?
8
-
8/12/2019 Cse497b Lecture 2 Overview
9/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Attacks
An attackoccurs when someone attempts to exploit
a vulnerability Kinds of attacks Passive (e.g., eavesdropping)
Active (e.g., password guessing)
Denial of Service (DOS) Distributed DOS using many endpoints
A compromiseoccurs when an attack is successful Typically associated with taking over/altering resources
9
-
8/12/2019 Cse497b Lecture 2 Overview
10/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Participants
Participantsare expected system entities
Computers, agents, people, enterprises, Depending on context referred to as: servers, clients,
users, entities, hosts, routers,
Security is defined with respect to these entitles
Implication: every party may have unique view
A trusted trusted thirdparty
Trusted by all parties for some set of actions
Often used as introducer or arbiter
10
-
8/12/2019 Cse497b Lecture 2 Overview
11/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Trust
Trustrefers to the degree to
which an entity is expected to behave What the entity not expected to do?
E.g., not expose password
What the entity is expected to do (obligations)?
E.g., obtain permission, refresh
A trust modeldescribes, for a particular
environment, who is trusted to do what?
Note: you make trust decisions every day
Q: What are they?
Q: Whom do you trust?
11
-
8/12/2019 Cse497b Lecture 2 Overview
12/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Related Terminology
Reliability- property of a system that indicates it will
continue to function for long periods of time undervarying circumstances
Survivability - ability of a system to maintain function
during abnormal or environmentally troubling events
Privacy- the ability to stop information from
becoming known to people other than those they
choose to give the information
Assurance- confidence that system meets itssecurity requirements
as typically evidenced by some evaluation methodology
(FIPs 192, Common Criteria)
12
-
8/12/2019 Cse497b Lecture 2 Overview
13/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Security Model
A security modelis the combination of a trust and threatmodels that address the set of perceived risks The security requirements used to develop some cogent and
comprehensive design
Every design must have security model
LAN network or global information system
Java applet or operating system
The single biggest mistake seen in use of security is the lack of acoherent security model
It is veryhard to retrofit security(design time)
This class is going to talk a lot about security models
What are the security concerns (risks)? What are the threats?
Who are our adversaries?
Who do we trust and to do what?
Systems must be explicit about these things to be secure.
13
-
8/12/2019 Cse497b Lecture 2 Overview
14/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Review
An adversaryis a subject who tries to gain unauthorizedaccess
A threatis a mechanism that the adversary is capable ofemploying to gain unauthorized access
A riskis a loss due to an adversary gaining unauthorized
access A vulnerabilityis a flaw in a that enables a threat to allow
the adversary unauthorized access
A threat modeldescribes all the mechanisms available to
the adversaries A trust modeldescribes all the subjects that are trusted not
to have vulnerabilities that can be abused or be adversaries
A security modelconsists of a threat model and a trust
model (functional and security goals as well)14
-
8/12/2019 Cse497b Lecture 2 Overview
15/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Security Overview
Security can be separated into many ways, e.g.,
threats, sensitivity levels, domains This class will focus on three interrelated domains of
security that encompass nearly all security issues
1. Network Security
2. Systems Security
3. Program Security
There are other areas, e.g., physical security, privacy,
etc. that will notdirectly be covered.
15
-
8/12/2019 Cse497b Lecture 2 Overview
16/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Common problems in network security
Network security attempts to protect communication
between hosts carried by the (often untrusted)network.
Eavesdropping communication (confidentiality)
Modifying communication (integrity)
Preventing communication (availability)
Example: securing application traffic (Web)
Protecting on network (HTTP requests/responses)
As passing through intermediaries (proxies)
In server (from malicious requests)
Protecting the client (from malicious content)
16
-
8/12/2019 Cse497b Lecture 2 Overview
17/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Common problems in systems security
Systems security attempts to protect data held on
hosts and sometimes (sometimes untrusted) storage. Prevention of sensitive data leakage (confidentiality)
Also known as information flowgovernance
Prevention of data corruption (integrity)
Controlling data response (availability)
Systems Security: Controlling Data Leakage
on disk (key in clear -- encrypt with pass phrase)
provide pass-phrase (window manager)
memory of program
swap memory to swap space
17
-
8/12/2019 Cse497b Lecture 2 Overview
18/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Common problems in program security
Program security attempts to protect data received,
held, and output on a (sometimes untrusted) host. Prevention of sensitive data leakage (confidentiality)
Also known as information flowgovernance
Prevention of data corruption (integrity)
Controlling data access (availability)
Example: Handling A Remote Request
process user request (authenticate, authorize)
data-driven attack from request
buffer overflows
18
-
8/12/2019 Cse497b Lecture 2 Overview
19/19
The remainder ....
The remaining weeks will explore the design and use
of these approaches Always ask yourself what tools are appropriate for a
particular environment.
For example, which of then proceeding is appropriate for
SPAM mitigation Authentication
Access Control
Transport/Data Security
Audit/Detection
What about protecting the confidentiality of your email?
Next week: Passwords and Authentication