USC CSci530Computer Security Systems Lecture notes – Spring 2011

Dr. Jelena Mirkovic (Y-Ellen-a)University of Southern CaliforniaInformation Sciences Institute

If you wish to enroll and do not have D clearance yet, send an email to CSci530@usc.edu with:oYour nameoWhich prerequisites you have completedoA phone number oRequest to receive a D clearance

I will contact and assess if space becomes available

Who gets in

http://ccss.usc.edu/530 oSyllabusoAssignmentsoNewsoLecture notes (also on Blackboard)

Class home page

http://ccss.usc.edu/530Lo1 of the 4 unitsoInstructor is David MorganoInstruction 4 – 4:50 Fridays in RTH105

WebCast via DEN Hands on work in the lab – exercising the

theoretical knowledge from class Some labs will be done remotely using DETER

testbed

Lab

Four reports, due as noted onlineEach discusses a paper of your choice from

a few top security conferences/journalsoSummary of the paper and its critiqueoYour ideas on the topico2-4 pages, submitted via BlackboardoYou can submit reports early if you like

One report from each student will be chosen for presentation in class

Total 20% of your grade, 4% eachLate policy: 48 h grace period divided over

all 4 assignments – must email ahead of deadline

Paper Reports

Class e-mail: csci530@usc.edu (TA and inst)

InstructoroDr. Jelena MirkovicoOffice hours Wed 3-4pm or by appt in SAL 234oContact via email (on class web page)

TAoLeslie Cheung oOffice hours Tu/Th 11am-noon, PHE 316oContact via email (on class web page)

Administration

Grading:oPaper reports/presentations: 20%oLab:  20%oQuizzes: 5%oParticipation:  5%oMidterm Exam: 20%oFinal Exam: 30%

Grades assigned using an absolute curve:

Administration

A A- B+ B B- C+ C C- D+ D D

93 90 86 83 80 76 73 70 66 63 60

DEN Blackboard system will host the class discussion boardoTo gain access and log in

https://blackboard.usc.edu/oContact webclass@usc.edu if you have

difficulty gaining access to the systemoI will check the discussion board once daily

but if you want a reliable response from me email me directly

Blackboard

Class participation is importantoAsk and answer questions in classoAsk, answer, participate on-line

Class participation carries 5% of your gradeoIf I don’t remember you from class, I look in the

web discussion forum to check participation Did you ask good questions Did you provide good answers Did you make good points in discussions

Class Participation

What is and is not OKoI encourage you to work with others to learn the

material but everyone must DO their work ALONE

oDo not to turn in the work of othersoDo not give others your work to use as their ownoDo not plagiarize from others (published or not)oDo not try to deceive the instructors

See section on web site and assignmentsoMore guidelines on academic integrityoLinks to university resourcesoDon’t just assume you know what is acceptable.

Academic Integrity

What Does Security Mean?

No one should be able to: o Break into my houseo Attack meo Steal my TVo Use my house to throw water balloons on

peopleo Damage my furnitureo Pretend to be my friend Bob and fool me o Waste my time with irrelevant thingso Prevent me from going to my favorite

restaurant

What Does Security Mean?… In Real Life

No one should be able to:o Break into my computero Attack my computero Steal my information o Use my computer to attack otherso Damage my computer or datao Use my resources without my permission

I want to talk to Aliceo Pretend to be Alice or myself or our computerso Prevent me from communicating with Alice

What Does Security Mean?… wrt Computers and Nets

An isolated computer has a security risk?o Computer security aims to protect a single,

connected, machine Networking = communication at all

times and in all scenarios!!!o Network security aims to protect the

communication and all its participants

Security = robustness or fault tolerance?

Computer vs. Network Security

Computer security Network security

Breaking into my computero Hackers

Break a password or sniff it off the network Exploit a vulnerability

Use social engineering Impersonate someone I trust

o Viruses and worms

What Are the Threats?

A vulnerability is a bug in the software that createsunexpected computer behavior when exploited, suchas enabling access without login, running unauthorizedcode or crashing the computer. An exploit is an input to the buggy program that makesuse of the existing vulnerability.

Attacking my computero Denial-of-service attacks

o Viruses and some worms

What Are the Threats?

A virus is a self-replicating program that requiresuser action to activate such as clicking on E-mail,downloading an infected file or inserting an infectedfloppy, CD, etc ..A worm is a self-replicating program that does notrequire user action to activate. It propagates itselfover the network, infects any vulnerable machine itfinds and then spreads from it further.

A DOS attack aims to disrupt a service by either exploiting a vulnerability or by sending a lot ofbogus messages to a computer offering a service

Stealing my information o From my computer or from communicationo I will use cryptography!

There are many ways to break ciphers There are many ways to divulge partial

information (e.g. who do you talk to)o I would also like to hide who I talk to and

when I will use anonymization techniques Anonymization hinders other security

approaches that build models of normal traffic patterns

What Are the Threats?

Using my machine to attack otherso E-mail viruseso Wormso Denial-of-service attacks (including reflector

attacks)o Spam, phishing

What Are the Threats?

Damaging my computer or datao I have to prevent break-inso I will also use cryptography to detect

tamperingo I must replicate data to recover from

tamperingo Denial-of-service attacks and worms can

sometimes damage computers

What Are the Threats?

Taking up my resources with irrelevant messageso Denial-of-service attackso Spam mail (takes time to read and fills

space)o Malicious mail (may contain a virus)o Viruses and worms

What Are the Threats?

Pretending to be Alice or myself or our computerso I want to be sure who I am talking to

(authentication and digital signatures)o It is hard to impersonate a computer in two-

way communication, such as TCP But it has been done

o Plain IP spoofing seems an extremely hard problem to solve

What Are the Threats?

IP spoofing means putting a fake IP address in thesender field of IP packets.

Preventing me from communicating with Aliceo Alice could be attackedo Routers could be overloaded or tampered

witho DNS servers could be attacked

What Are the Threats?

Confidentiality (C)oKeep data secret from non-participants

Integrity (I)oAka “authenticity”oKeep data from being modified

Availability (A)oKeep the system running and reachableoKeep it functioning properly

The Three Aspects of Security

No one should be able to:oBreak into my computer – A, C, IoAttack my computer – A, C, IoSteal my information - CoUse my computer to attack others – I?oDamage my computer or data - Io Use my resources without my permission - A

I want to talk to Aliceo Pretend to be Alice or myself or our computers – C,

Io Prevent me from communicating with Alice - A

What Does Security Mean?… wrt Computers and Nets

PolicyoDeciding what confidentiality, integrity and

availability meanMechanismoImplementing the policy

Orthogonal Aspects