170 likes | 174 Views
Introduction. CSCI283/172 Fall 2008 GWU Sources: Bishop’s slides, Chapter 1. Introduction. Goals of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues. Basic Components. Confidentiality Keeping data and resources hidden
E N D
Introduction CSCI283/172 Fall 2008 GWU Sources: Bishop’s slides, Chapter 1
Introduction • Goals of computer security • Threats • Policies and mechanisms • The role of trust • Assurance • Operational Issues • Human Issues CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Basic Components • Confidentiality • Keeping data and resources hidden • Integrity • Data integrity (integrity) • Origin integrity (authentication) • Availability • Enabling access to data and resources CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Examples: Confidentiality • Secret communication • Salaries are kept confidential • Not exact value of data, but property of data is kept confidential • not how many with SARS in the neighborhood, but is there SARS at all • Not exact value of data but interest in, or knowledge of is kept confidential • why does this employee want to know about jobs at other places? • does the US govt. have a file on John Doe? • Confidentiality of resources: • what computer systems are used, what configurations, what high-end equipment is available CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Examples: Integrity Violation • When personal information is incorrectly maintained by a service provider (for example, a loan has been repaid but this is not noted in my credit rating) • When information is changed by an entity that does not have the authority to do so – can be malicious (origin and data integrity violation) • Libel/defamation • Incorrect source cited (Integrity violations can be prevented – more difficult – or detected) CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Examples: Availability Violation Denial of service attacks in: E-commerce, News sites, Government information, Remote electronic voting, Cryptographic protocols that require the participation of a specific entity or group of entities Can be caused at • origin (preventing server from accessing resources required to send info.) • destination (blocking communication from server) • Intermediate path (by dropping communication from either origin or destination) Difficult to detect because system behavior might be due to genuine system overload CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Classes of Threats (Potential Security Violations) • Disclosure • Snooping • Deception • Modification, spoofing (masquerading, identity theft), repudiation of origin, denial of receipt • Disruption • Modification • Usurpation: unauthorized control • Modification, spoofing, delay, denial of service CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Policies and MechanismsEg: system access control and DRM • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Can be in natural/machine-readable language, math • Mechanisms (technical or procedural, can use crypto) enforce policies • Composition of policies • If policies conflict, discrepancies may create security vulnerabilities CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Goals of Security • Prevention • Prevent attackers from violating security policy • Elaborate prevention can hamper legitimate use (e.g. DRM) • Detection • Detect attackers’ violation of security policy • Typically required because prevention is not always successful • Recovery • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Trust and Assumptions Underlie all aspects of security, include that: • Policies • Unambiguously partition system states into secure and nonsecure • Correctly capture security requirements • Mechanisms • Together enforce/implement policy (i.e. prevent entry into nonsecure state) • Are implemented, installed and administered correctly CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Types of Mechanisms secure broad precise set of reachable states set of secure states CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Definition 1.3 Let P be the set of all possible states. Let Q be the set of secure states specified by the security policy. Let the security mechanisms restrict the system to some set of states R. A security mechanism is Secure if Precise if Broad if Security policy characterizes Q, security mechanism prevents entry into P \ Q CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
AssuranceHow much a system can be trusted • First: Specification • Arises from a requirements analysis • Is a statement of desired functionality • Second: Design • How system will meet specification • Third: Implementation • Programs/systems that carry out design • Difficult to prove correctness of implementation All affect assurance CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? (What is the likelihood of a successful attack?) • Laws and Customs • Are desired security measures illegal? • Will people do them? CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Social engineering attacks CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Tying Together Threats Policy Specification Design Implementation Operation CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set
Example: E-Commerce Site CS283-172/Fall08/GWU/Vora/Lecture1 Many slides from Matt Bishop's slide set