300 likes | 510 Views
Computer Security . Hugo Andr és López Summary. Distributed System Security. Distributed systems – computers connected by a network • Communications (network) security – addresses security of the communications links • Computer security – addresses security of the end systems
E N D
Computer Security Hugo Andrés López Summary
Distributed System Security • Distributed systems • – computers connected by a network • • Communications (network) security • – addresses security of the communications links • • Computer security • – addresses security of the end systems • • Application security • – relies on both to provide services securely to end • users • • Security Management • – Not just the system but also the people!
Computer Security • OBJECTIVE: • Protect accessible resources in spite of malicious intent and behaviour that involves information and communication technologies • CAVEAT: • This course: an overview of techniques but beware that most computer attacks involve some form of social engineering and user psychology
Why Computer Security is different? Are security bugs different from ordinary bugs? “On balance I claim that they are, not for a technical but for a social reason. Consider a paradigmatic “ordinary” bug, such as library thatwrongly calculates the square root of 2 while apparently doing everything else right. After certain amount of hilarity the community response would be either to use a different library, or, more likely, to avoid taking the square root of 2. If a security bug is found in a system there is a community of people who make their personal priority to make the wrong behavior happen, typically in other people’s computers.” Roger Needham
Dramatis Personae… • Users/agents and all that: • In Computer Security and in Networks we often have some casting of characters: • Alice and Bob are the good users who wants to communicate or do some other things • Eve, Charlie wants to disrupt it • Dramatis personae is a comfortable simplification but it should be clear that it is a simplification • CAVEAT: • we should not attribute human form to computer processes. The word “user” is often used for a human being or a process acting on behalf (maybe) of a human being, or a process acting on behalf of a process, acting on behalf on a process… • Terminology Principal • Some entity on a network or on a system that ask for some security relevant services
ISO 7498-2 Standard • definitions of security terminology, • descriptions for security services and mechanisms, • defines where in OSI reference model security services may be provided, • introduces security management concepts.
Security life-cycle • Model is as follows: • define security policy, • analyse security threats (according to policy), • define security services to meet threats, • define security mechanisms to provide services, • provide on-going management of security.
Threats, services and mechanisms • security threat • a possible means by which a security policymay be breached (e.g. loss of integrity orconfidentiality). • security service • a measure which can be put in place to addressa threat (e.g. provision of confidentiality). • security mechanism • a means to provide a service (e.g. encryption, digital signature).
Security domains and policies • In a secure system, the rules governing security behaviour should be made explicit in the form of a security policy. • Security policy • the set of criteria for the provision of security services • Security domain • the scope of a single security policy
Generic security policy • ISO 7498-2 generic authorisation policy: • ‘Information may not be given to, accessed by, nor permitted to be inferred by, nor may any resource be used by, those not appropriately authorised.’ • Possible basis for more detailed policy. • N.B. does not cover availability (e.g. denial of service) issues.
Security Policy Types • identity-based • access to and use of resources determined on the basis of the identities of users and resources, • rule-based • resource access controlled by global rules imposed on all users, e.g. using security labels.
Security threats • Threat • person, thing, event or idea which poses some danger toan asset (in terms of confidentiality, integrity, availability or legitimate use). • Attack • realisation of a threat. • Safeguards • measures (e.g. controls, procedures) to protect againstthreats. • Vulnerabilities • weaknesses in safeguards.
Risk “Total Security will only be achieved when we are all dead” Classroom thought • Risk • measure of the cost of a vulnerability • takes into account probability of a successful attack • Risk analysis • determines whether expenditure on (new/better)safeguards is warranted. • Quality of Protection? • A missing concept in ISO
Fundamental Threats • Integrity violation • USA Today, falsified reports of missile attacks on Israel, 7/2002 • Denial of service • Yahoo, 2/2000, 1Gbps • Information Leakage • Prince Charles mobile phone calls, 1993 • Illegitimate use • Vladimir Levin, Citibank, $3.7M, 1995
Enabling threats • Realisation of any of these threats can lead directly to a realisation of a fundamental threat: • Masquerade, • Bypassing controls, • Authorisation violation, • Trojan horse, • Trapdoor.
Security Services classification • Authentication • including entity authentication and origin authentication, • Access control, • Data confidentiality, • Data integrity, • Non-repudiation.
Authentication • Entity authentication provides checking of a claimed identity at a point in time. • Typically used at start of a connection. • Addresses masquerade and replay threats. • Origin authentication provides verification of source of data. • Does not protect against replay or delay. • Password Authentication, Challenge-Response Protocols, OTPs…
Access control • Provides protection against unauthorised use of resource, including: • use of a communications resource, • reading, writing or deletion of an information resource, • execution of a processing resource. • Remote users • RBAC, White – Blacklisting …
Data Confidentiality • Protection against unauthorised disclosure ofinformation. • Four types: • Connection confidentiality (e-banking), • Connectionless confidentiality (p2p networks), • Selective field confidentiality (e-voting), • Traffic flow confidentiality. • Ex:Internet banking session • Encrypting routers as part of Swift funds transfer network
Data Integrity • Provides protection against active threats to the validity of data. • Five types: • Connection integrity with recovery, • Connection integrity without recovery, • Selective field connection integrity, • Connectionless integrity, • Selective field connectionless integrity. • Think of SQL injection and you’ll get an idea
Non-repudiation • Protects against a sender of data denying that data was sent (non-repudiation of origin). • Protects against a receiver of data denying that data was received (non-repudiation of delivery). • I.e.: Signed letter with a recorded delivery
Security mechanisms • They exist with a single purpose: Provide and Support Security services. • Classes • Specific security mechanisms. • Pervasive security mechanisms (not specific from a particular service)
Specific Security Mechanisms • Cyphering, • digital signature, • access control mechanisms, • data integrity mechanisms, • authentication exchanges, • traffic padding, • routing control, • Notarisation (Trusted 3rd Parties).
Pervasive Security Mechanisms • trusted functionality, • security labels, • event detection, • security audit trail, • security recovery.
Examples on Pervasive Mechanisms • Event detection • Includes detection of • attempted security violations, • legitimate security-related activity. • Can be used to trigger event reporting (alarms), event logging, automated recovery. • Security audit trail • Log of past security-related events. • Permits detection and investigation of past security breaches. • Security recovery • Includes mechanisms to handle requests to recover from security failures. • May include immediate abort of operations, temporary invalidation of an entity, addition of entity to a blacklist.
Where to focus security controls? • The focus may be on data – operations – users • Data • e.g. integrity requirements may refer to rules on Format and content of data items (internal consistency). • account balance is an integer • Operations that may be performed on a data item • credit, debit, transfer, … • Users who are allowed to access a data item • account holder and bank clerk have access to account
Thanks: • To you, your groups and your performance. • To Fabio Massacci: • For making wonderful slides I can reuse now.