1 / 51

IT Security: General Trends and Research Directions

IT Security: General Trends and Research Directions. Sherif El-Kassas Department of Computer Science The American University in Cairo. Outline. Practical considerations Academic and research perspective National perspective. Practical considerations.

adah
Download Presentation

IT Security: General Trends and Research Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Security: General Trends and Research Directions Sherif El-Kassas Department of Computer Science The American University in Cairo

  2. Outline • Practical considerations • Academic and research perspective • National perspective

  3. Practical considerations • Types of attacks on the IT infrastructure • Technical • Physical • Social

  4. Technical Attacks • ~ 80% Considered the easiest to defend against (easiest doesn't mean easy) • The remaining ~ 20% are difficult! • Examples include forms of technical hacking, automated attacks, Malicious software, …etc.

  5. Typical attack Incident and Vulnerability Trends, http://www.cert.org/present/cert-overview-trends/

  6. Automated attacks viaWorms, Trojans, & Viruses

  7. The Slammer worm! • The fastest mass attack in history • It doubled in size each 8.5 seconds • It infected 90% of vulnerable systems in 10 minutes!

  8. Slammer after a few minutes D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003

  9. Geographic Distribution D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003

  10. Flash Worms “[…] infecting 95% of hosts in 510ms, and 99% in 1.2s.” Staniford and others, The Top Speed of Flash Worms, www.caida.org/outreach/papers/2004/topspeedworms/

  11. Google worms “inurl:id= filetype:asp site:gov” – 572,000 results The Hacking Evolution: New Trends in Exploits and Vulnerabilities, www.sans.org

  12. Physical Attacks • Combine physical and technical intrusions • High risk for attacker, but may provide quicker access to sensitive resources • Examples include: trashing, hardware loggers, …etc.

  13. http://keystroke-loggers.staticusers.net/ http://www.keyghost.com/ http://www.amecisco.com/hkstandalone.htm http://www.littlepc.com/products_wireless.htm

  14. Social & Semantic Attacks • Rely on attacking the users of the systems, using social engineering, and possibly assisted with technical tools • Reported to be the most effective and low risk (from the attacker’s point of view) • Examples include fake web sites, phishing, ..etc.

  15. Phishing & Semantic Attacks

  16. Please update your billing information by clicking […]: • <a href="http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand= RedirectToDomain&DomainUrl= http://goens.net/.www.ebay.com/" onMouseOut="status='';return true" target=_blank onMouseOver="status=‘ https://billing.ebay.com/';return true"> • https://billing.ebay.com/</a>

  17. http://avirubin.com/passport.html

  18. Technologies and Tools

  19. What are we doing about the threat! • Perspective to security: Prevention

  20. What are we doing about the threat! • Perspective to security: Security = Prevention + Detection + Response

  21. What are we doing about the threat! • Layered view of information security Data & Information Applications System Network

  22. Products are Necessary, but not Sufficient!

  23. Security is a Process

  24. A Security Process

  25. Security Quality Standards

  26. ISO17799 / BS 7799 • Business Continuity Planning • System Access Control • System Development and Maintenance • Physical and Environmental Security • Compliance • Personnel Security • Security Organization • Computer & Network Management • Asset Classification and Control • Security Policy

  27. Common Criteria for Information Technology Security Evaluation • Rooted in the Orange book or the DoD Trusted Computer System Evaluation Criteria • ISO 15408 http://csrc.nist.gov/cc/

  28. Academic & research perspective:Future Directions and Issues

  29. www.cra.org/Activities/grand.challenges/security/home.html

  30. www.cra.org/Activities/grand.challenges/security/home.html

  31. National Perspective

  32. T R U S T

  33. Ken Thompson: on Trusting Trust The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) […] A well installed microcode bug will be almost impossible to detect. www.acm.org/classics/sep95/

  34. http://www.iwm.org.uk/online/enigma/eni-intro.htm

  35. Research and Development

  36. Cryptology • Cryptography • Theoretical research: number theory, algebraic geometry, complexity theory, graph theory, …etc. • Research for the development of new (or bespoke) cryptographic algorithms and protocols • Cryptanalysis • tools research (e.g., grid computing)

  37. Security Policy Models • Fundamentals of security models (e.g., Multi level vs. multi lateral security) • National (possibly government) security policy models • Evaluating and auditing methodologies for national and established models (e.g., ISO 17799, and CC / ISO 15408)

  38. Computing models • Failure resistant systems • Digital immune systems (and anti virus systems) • http://www.research.ibm.com/antivirus/ • http://www.ibm.com/autonomic • AI and NN applications

  39. Security management and system development issues • Incremental and Agile development methods (Iterative, XP) • Threat modeling and risk analysis (threat trees, ..etc.) • Good opportunity for interdisciplinary research with economics • Applications and use of formal methods in security (BAN logic, B, Z, ..etc.)

  40. Hardware and physical security related issues • Engineering embedded hardware security devices (e.g., ARM processor core like systems) • Tamper resistant/evident systems • Emission and tempest security • Resisting High-power microwave

  41. Firewalls and network isolation • Distributed firewall systems • The use of agent technologies • Application level firewalls for Web services and similar technologies • Firewalls to face challenges paused by new technologies: IP telephony, wireless networks, …etc.

  42. Intrusion Detection and Prevention • High performance IDS systems • Applications of NNs, GAs, and other AI techniques • Applications of data mining • Statistical modeling and correlation

  43. Authentication and access control • Biometrics • Smartcards • Other systems (secure hardware!)

  44. Application security • Education • IDS/IPS for applications • Libraries and design patterns • More..

  45. Research aimed at better understanding attack technologies and trends • National Honynet like project • Large scale data collection and statistical trend analysis research • Vulnerability research

  46. Other issues • Computer Forensics • Telecommunications security • Systems, Metering, Signaling, Switching • Mobile phone security (cloning, GSM security, …etc.) • Secure hardware • PKI & PMI • Legal issues

  47. Conclusions • Security is a wide and challenging field • Developers: • Look for shifts • The phone is the computer • The application is the security problem • Web services and virtual computing • Think services • Researches: • Risk modeling • Fundamental issues • Don’t be swayed by fads • Government: • Adopt standards and security process • Diversify • Think in terms of threat pyramids • Manage trust • Encourage R&D

More Related