Cse497b Lecture 2 Overview

8/12/2019 Cse497b Lecture 2 Overview

1/19

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Lecture 2 - Security Overview

CSE497b - Spring 2007

Introduction Computer and Network SecurityProfessor Jaeger

www.cse.psu.edu/~tjaeger/cse497b-s07


2/19

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Readings

Books

Perlman et al Gollmann

Both are listed on calendar

Readings

Please check the calendar for the class readings

Today

Gollmann Chs. 1 and 2

Next, Perlman Ch. 10, Gollmann Ch. 3

2


3/19


What is security?

the property that a system behaves as expected

G. Spafford and many others ....

Note that this does not say what a system should or

should not do.

Implication -- there is no universal definition or test forsecurity (why?)

Apply this definition to the ATM

How do you think an ATM should behave?

What should it do? What should it not do?

We talk about expectations often in terms of

confidentiality, integrity, and availability.3


4/19


Risk

At-riskvalued resources that can be misused

Monetary

Data (loss or integrity)

Time

Confidence

Trust

What does being misused mean?

Confidentiality (privacy or communication)

Integrity (personal or communication)

Availability (existential or fidelity)

Q: What is at stake in yourlife?

4


5/19


Adversary

An adversaryis any entity trying to

circumvent the security infrastructure The curious and otherwise generally clueless (e.g., script-kiddies)

Casual attackers seeking to understand systems

Venal people with an ax to grind

Malicious groups of largely sophisticated users (e.g,chaos clubs)

Competitors (industrial espionage)

Governments (seeking to monitor activities)

5


6/19


Threats

A threatis a specific means by which a risk can berealized by an adversary Context specific (a fact of the environment)

An attack vectoris a specific threat (e.g., key logger)

A threat modelis a collection of threats that deemed

important for a particular environment E.g., should be addressed

A set of security requirements for a system

Q: What were (unaddressed) risks/threats in theintroductory examples? SQL Slammer

Yale/Princeton

6


7/19


Vulnerabilities (attack vectors)

A vulnerabilityis a systematic artifact that exposes

the user, data, or system to a threat E.g., buffer-overflow, WEP key leakage

What is the source of a vulnerability?

Bad software (or hardware)

Bad design, requirements

Bad policy/configuration

System Misuse

unintended purpose or environment

E.g., student IDs for liquor store

7


8/19


Are users adversaries?

Have you ever tried to circumvent the security of a

system you were authorized to access? Have you ever violated a security policy (knowingly

or through carelessness)?

8


9/19CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Attacks

An attackoccurs when someone attempts to exploit

a vulnerability Kinds of attacks Passive (e.g., eavesdropping)

Active (e.g., password guessing)

Denial of Service (DOS) Distributed DOS using many endpoints

A compromiseoccurs when an attack is successful Typically associated with taking over/altering resources

9



Participants

Participantsare expected system entities

Computers, agents, people, enterprises, Depending on context referred to as: servers, clients,

users, entities, hosts, routers,

Security is defined with respect to these entitles

Implication: every party may have unique view

A trusted trusted thirdparty

Trusted by all parties for some set of actions

Often used as introducer or arbiter

10



Trust

Trustrefers to the degree to

which an entity is expected to behave What the entity not expected to do?

E.g., not expose password

What the entity is expected to do (obligations)?

E.g., obtain permission, refresh

A trust modeldescribes, for a particular

environment, who is trusted to do what?

Note: you make trust decisions every day

Q: What are they?

Q: Whom do you trust?

11



Related Terminology

Reliability- property of a system that indicates it will

continue to function for long periods of time undervarying circumstances

Survivability - ability of a system to maintain function

during abnormal or environmentally troubling events

Privacy- the ability to stop information from

becoming known to people other than those they

choose to give the information

Assurance- confidence that system meets itssecurity requirements

as typically evidenced by some evaluation methodology

(FIPs 192, Common Criteria)

12



Security Model

A security modelis the combination of a trust and threatmodels that address the set of perceived risks The security requirements used to develop some cogent and

comprehensive design

Every design must have security model

LAN network or global information system

Java applet or operating system

The single biggest mistake seen in use of security is the lack of acoherent security model

It is veryhard to retrofit security(design time)

This class is going to talk a lot about security models

What are the security concerns (risks)? What are the threats?

Who are our adversaries?

Who do we trust and to do what?

Systems must be explicit about these things to be secure.

13



Review

An adversaryis a subject who tries to gain unauthorizedaccess

A threatis a mechanism that the adversary is capable ofemploying to gain unauthorized access

A riskis a loss due to an adversary gaining unauthorized

access A vulnerabilityis a flaw in a that enables a threat to allow

the adversary unauthorized access

A threat modeldescribes all the mechanisms available to

the adversaries A trust modeldescribes all the subjects that are trusted not

to have vulnerabilities that can be abused or be adversaries

A security modelconsists of a threat model and a trust

model (functional and security goals as well)14



Security Overview

Security can be separated into many ways, e.g.,

threats, sensitivity levels, domains This class will focus on three interrelated domains of

security that encompass nearly all security issues

1. Network Security

2. Systems Security

3. Program Security

There are other areas, e.g., physical security, privacy,

etc. that will notdirectly be covered.

15



Common problems in network security

Network security attempts to protect communication

between hosts carried by the (often untrusted)network.

Eavesdropping communication (confidentiality)

Modifying communication (integrity)

Preventing communication (availability)

Example: securing application traffic (Web)

Protecting on network (HTTP requests/responses)

As passing through intermediaries (proxies)

In server (from malicious requests)

Protecting the client (from malicious content)

16



Common problems in systems security

Systems security attempts to protect data held on

hosts and sometimes (sometimes untrusted) storage. Prevention of sensitive data leakage (confidentiality)

Also known as information flowgovernance

Prevention of data corruption (integrity)

Controlling data response (availability)

Systems Security: Controlling Data Leakage

on disk (key in clear -- encrypt with pass phrase)

provide pass-phrase (window manager)

memory of program

swap memory to swap space

17



Common problems in program security

Program security attempts to protect data received,

held, and output on a (sometimes untrusted) host. Prevention of sensitive data leakage (confidentiality)

Also known as information flowgovernance

Prevention of data corruption (integrity)

Controlling data access (availability)

Example: Handling A Remote Request

process user request (authenticate, authorize)

data-driven attack from request

buffer overflows

18


19/19

The remainder ....

The remaining weeks will explore the design and use

of these approaches Always ask yourself what tools are appropriate for a

particular environment.

For example, which of then proceeding is appropriate for

SPAM mitigation Authentication

Access Control

Transport/Data Security

Audit/Detection

What about protecting the confidentiality of your email?

Next week: Passwords and Authentication

Cse497b Lecture 2 Overview

Documents

Transcript of Cse497b Lecture 2 Overview