400 likes | 541 Views
Sicurezza Informatica. Prof. Stefano Bistarelli bista@dipmat.unipg.it http://www.sci.unich.it/ ~bista /. Chapter 1: Introduction. Outline. Security ( confidentiality, integrity, availability ) to protect from threats !!
E N D
Sicurezza Informatica Prof. Stefano Bistarelli bista@dipmat.unipg.it http://www.sci.unich.it/~bista/
Chapter 1: Introduction Prof. Stefano Bistarelli - Sicurezza Informatica
Outline • Security (confidentiality, integrity, availability) to protect from threats!! • Security policies identify threats and and define requirements (assumptions) • Security mechanisms are methods to detect/prevent/recover threats • Which security countermeasure we want to apply? • Security Risk analysis!! Prof. Stefano Bistarelli - Sicurezza Informatica
Sicurezza Informatica • abilità di un sistema di proteggere informazioni, risorse ed il sistema stesso, rispetto alle nozioni di • Confidentialità (confidentiality) • Integrità (integrity) e Autenticazione (authentication) • Disponibilità (availability) • Controllo degli Accessi (control access) • Non ripudio (no-repudiaton) • Privatezza (privacy) Prof. Stefano Bistarelli - Sicurezza Informatica
Alice, Bob, e … Trudy • “Hello-world” nel mondo della sicurezza • Bob e Alice hanno la necessità di comunicare tra loro in modo sicuro • Trudy, “intruder” è in grado di intercettare e modificare i messaggi Figure 7.1 goes here Prof. Stefano Bistarelli - Sicurezza Informatica
Main goals • Confidentialità (confidentiality) • Assicurare che le informazioni non siano accessibili ad utenti non autorizzati • Integrità (integrity) • Assicurare che le informazioni non siano alterabili da persona non autorizzate (in maniera invisibile agli utenti autorizzati) • Autenticazione (athentication) • Assicurare che gli utenti siano effettivamente chi dichiarano di essere • Disponibilità (availability) • Assicurare che un sistema sia operativo e funzionale in ogni momento (non deny-of-service) Prof. Stefano Bistarelli - Sicurezza Informatica
Additional goals • Controllo degli accessi (access control) • Assicurare che gli utenti abbiano accesso a tutte le risorse ed a tutti i servizi cui sono autorizzati e solo a questi • Non ripudio (non-repudiation) • Assicurare che il mittente di un messaggio non possa negare il fatto di aver spedito il messaggio • Privatezza (privacy) • Assicurare che gli utenti possano controllare quali informazioni su di lui vengono raccolte, come vengono usate, chi le usa, chi le mantiene, e per quale scopo vengono usate Prof. Stefano Bistarelli - Sicurezza Informatica
Security is not safety!! Prof. Stefano Bistarelli - Sicurezza Informatica
Security “is not” Safety • Reliability (affidabilità) • “non sbaglia!” • Availability (disponibilità) • “non da crash!” • Maintainability (manutenibilità) • “E’ facilmente gestibile” • Safety (sicurezza) • “non muore nessuno usandolo” Prof. Stefano Bistarelli - Sicurezza Informatica
Basic Components • Confidentiality, Integrity, Availability • Interpretation ALWAYS depends from the context!! Prof. Stefano Bistarelli - Sicurezza Informatica
Confidentiality • Keeping data (and resources) hidden • Military and commercial motivations! • Mechanisms: • Access control (cryptography) • System dependent mechanism • (safer when working … but may fail!!) • Assumptions and trust of the mechanisms!! • Confidentiality of content vs existence of data!! • For resource hiding: firewalls!! Prof. Stefano Bistarelli - Sicurezza Informatica
Integrity • Preventing improper/unauthorized changes • Trustworthiness of data • Data integrity (integrity) • Origin integrity (authentication) • Mechanisms: • Prevention • To change data • To change data in an unauthorized way • Difficult!! • Detection • Only detection • Provide explanation Prof. Stefano Bistarelli - Sicurezza Informatica
Availability • Enabling access to data and resources • Availability vs reliability ?? • (disponibilità vs affidabilità) • Threats: • Manipulate the use of the data/resource • Can be captured • Denial of Service • Difficult to capture!! Prof. Stefano Bistarelli - Sicurezza Informatica
Attack Vs Threat • A threat is a “potential” violation of security • The violation need not actually occur • The fact that the violation might occur makes it a threat • It is important to guard against threats and be prepared for the actual violation • The actual violation of security is called an attack Prof. Stefano Bistarelli - Sicurezza Informatica
Classes of Threats • Threat= potential violation of security. • Classes: • Disclosure (unauthorized access to information) • Deception (acceptance of false data) • Disruption (DoS) • Usurpation (unauthorized control of (part of) a system) Prof. Stefano Bistarelli - Sicurezza Informatica
Threats in comunications .. Prof. Stefano Bistarelli - Sicurezza Informatica
Classes of Threats, ex: • Snooping/sniffing • disclosure of data • Modification/Alteration • Deception of data • Disruption/usurpation of systems • Spoofing/masquerading (impersonation) • Deception/usurpation • Notice that “delegation”= authorized masquerading • Repudiation of origin/send/receipt • Inibition of service • Delay • denial of service Prof. Stefano Bistarelli - Sicurezza Informatica
Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Assumption: definition of the set of secure/insecure states! • Composition of policies (ex: for cooperation among sites) • If policies conflict, discrepancies may create security vulnerabilities • Mechanisms are methods/tools/procedure to enforce policies Prof. Stefano Bistarelli - Sicurezza Informatica
Mechanism for • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • 1: Stop attack, assess and repair damage • 2: Continue to function correctly even if attack succeeds • Retaliation as a form of recovery Prof. Stefano Bistarelli - Sicurezza Informatica
Trust and Assumptions • A policy correctly describe the required security for a site? The mechanism can enforce the policy needs? • Security rests on assumptions! • Ex: per aprire una porta occorre la chiave (assunzione) • Se c’e’ scassinatore, assunzione non valida! • A meno che lo scassinatore apra solo le porte dietro richiesta del proprietario! • Trust verso scassinatore! • Policies assumptions • Unambiguously partition system states (secure/non secure) • Correctly capture security requirements • Mechanisms Assumed to enforce policy • if mechanisms work correctly Prof. Stefano Bistarelli - Sicurezza Informatica
Types of Mechanisms • Let P be the set of all the reachable states • Let Q be a set of secure states identified by a policy: Q P • Let the set of states that an enforcement mechanism restricts a system to be R • The enforcement mechanism is • Secure if R Q • Precise if R= Q • Broad if there are some states in R that are not in Q Prof. Stefano Bistarelli - Sicurezza Informatica
Types of Mechanisms broad precise secure set R set Q (secure states) Prof. Stefano Bistarelli - Sicurezza Informatica
Assurance • Assurance • how well the system meets its requirements? • how much you can trust the system to do what it is supposed to do. • It does not say what the system is to do; • rather, it only covers how well the system does it. Prof. Stefano Bistarelli - Sicurezza Informatica
Assurance • To reach assurance: • Detailed Specification • Design of the HW and SW and show that does not violate specification • Implementation that satisfy the design • Proof that the implementation produce the desidered behavior (difficult!) • Test (easier) Prof. Stefano Bistarelli - Sicurezza Informatica
Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them? Prof. Stefano Bistarelli - Sicurezza Informatica
Human Issues • People are THE security problem!! • Organizational Problems • Power without responsibility (and viceversa) • Security officer make therule, system administrator is responsible … • No Financial benefits • Untrained users! • Password revealed • Outsiders and insiders • Social engineering Prof. Stefano Bistarelli - Sicurezza Informatica
Key Points • Policy defines security, and mechanisms enforce security • Confidentiality • Integrity • Availability • Trust and knowing assumptions • Importance of assurance • The human factor Prof. Stefano Bistarelli - Sicurezza Informatica
Discussion: Prof. Stefano Bistarelli - Sicurezza Informatica