220 likes | 238 Views
Understand the fundamental concepts of confidentiality, integrity, and availability in software security. Learn about threats, attacks, design principles, and preventative measures to safeguard your systems.
E N D
Security Basics CSCE 489/689 (Software Security) Fall 2018 Philip RitcheyDepartment of Computer Science and Engineering
If you remember nothing else… Remember these: • There is No Security without Physical Security • The Goals of Security: Confidentiality, Integrity, Availability • “Threat” is what could happen. “Attack” is what does happen. • Design Principles: Simplicity and Restriction
http://blog.securitymetrics.com/2014/10/physical-security-threat.htmlhttp://blog.securitymetrics.com/2014/10/physical-security-threat.html
The Basics: Fundamental Concepts C: Confidentiality I: Integrity A: Availability https://www.thesecurityawarenesscompany.com/2015/05/14/the-cia-triad/
Confidentiality The concealment of information or resources. • Applies to content and existence • Supported by access control mechanisms • Cryptography • File permissions • Whitelists / Blacklists • Enforcement relies on system services (e.g. kernel) • Assumptions and Trust
Integrity The trustworthiness of data or resources. • Data integrity and origin integrity • Origin “authentication” • Impacts credibility • Prevention mechanisms and detection mechanisms • Prevention: block unauthorized changes to the data (2 kinds) • Detection: report loss of trustworthiness of data’s integrity • Correctness and trustworthiness • Origin, transmission, storage
Availability The ability to use the information or resource desired. • An unavailable system is at least as bad as no system at all • Reliability • Example: compromised secondary, unavailable primary • DenialofService (DoS, DDoS) • Attempts to block availability • Difficult to detect and distinguish • The slashdot/digg/reddit effect
Examples • Confidentiality — An employee should not come to know the salary of another employee • Integrity — An employee should not be able to modify their own salary • Availability — Paychecks should be printed and delivered on time
The Basics: Threats and Attacks • Threat: potential violation of security • Attacks: actions that cause violations of security. • Attackers: those who execute attacks. • Assets: the objects of attack. • 4 classes of threat: • Disclosure: unauthorized access to information • Deception: acceptance of false data • Disruption: interruption or prevention of correct operation • Usurpation: unauthorized control of some part of a system
Garden Variety Threats • Snooping • Modification or Alteration • Masquerading or Spoofing • Repudiation of Origin • Denial of Receipt • Delay • Denial of Service Cause and Result are important, Intention is not.
Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs Snooping B A Attacker
Stop the flow of the message Delay and optionally modify the message Release the message again Modification B A Attacker
Unauthorized assumption of other’s identity Generate and distribute objects under this identity Spoofing B A Attacker: from A
Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource) A B Delay and Denial of Service
Intruder takes over identity of user (masquerading) logoff! fine! Man-In-The-Middle • Passive tapping • Listen to communication without altering contents. • Active wire tapping • Modify data being transmitted • Example: user attacker server logon! X
Impact of Attacks Theft of confidential information Unauthorized use of Network bandwidth Computing resource Spread of false information Disruption of legitimate services All attacks can be related and are dangerous!
The Basics: Design Principles • Simplicity • Less to go wrong • Fewer possible inconsistencies • Easy to understand • Restriction • Minimize access • Inhibit communication
The Basics: Design Principles • Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. • Fail-safe defaults: Base access decisions on permission rather than exclusion. • Economy of mechanism: Keep the design as simple and small as possible. • Complete mediation: Every access to every object must be checked for authority. • Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
The Basics: Design Principles • Open design: The design should not be secret. • Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users. • Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. • Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker. • Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.
Summary • No Security without Physical Security • The Security Triad: Confidentiality, Integrity, Availability • Also: Anonymity, Authenticity, Assurance, Authorization, Accounting, Auditing • Threats, Attacks, Attackers, Assets • Threat Classes: Disclosure, Deception, Disruption, Usurpation • Common Threats: Snooping, Spoofing, Modification, Denial of Service, MitM • Security Principles: Simplicity and Restriction • Economy of Mechanism, Fail-safe Defaults, Complete Mediation, Open Design, Separation of Privilege, Least Privilege, Least Common Mechanism, Psychological Acceptability
Thanks and Gig ‘em! WHOOP!