1 / 34

USC CSci499 Security Systems Lecture notes – Spring 2013

USC CSci499 Security Systems Lecture notes – Spring 2013. Dr. Jelena Mirkovic University of Southern California Information Sciences Institute. Class home page. http ://ccss.usc.edu /499 Syllabus Assignments News Lecture notes Keep checking it!. Contact. Instructor

yaholo
Download Presentation

USC CSci499 Security Systems Lecture notes – Spring 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. USC CSci499Security Systems Lecture notes – Spring 2013 Dr. Jelena Mirkovic University of Southern California Information Sciences Institute

  2. Class home page • http://ccss.usc.edu/499 • Syllabus • Assignments • News • Lecture notes • Keep checking it!

  3. Contact • Instructor • Dr. Jelena Mirkovic • Office hours Fri 1-2pm or by apptin SAL214/216 • Contact via email (on class web page)

  4. Grading • Grading: • CTF exercises: 20% • Homeworks:  20% • Quizzes: 5% • Participation:  5% • Midterm Exam: 20% • Final Exam: 30% • Grades assigned using an absolute curve:

  5. Homeworks • Done on DeterLabtestbed • I will open an account for each of you after the class • You will get an automated email how to log on • Your assignment for the next class – read through the tutorial (at http://www.deterlab.net) and run a sample experiment to learn how to use DeterLab • We’ll have 4 homeworks, each carries 5% of your grade • Ask for help early • Do NOT email testbed ops, I can help with all DeterLab issues

  6. Capture-the-Flag Exercises • Done on DeterLabtestbed • Blue team develops some technology, Red team attacks it • Everyone will have a chance to be on both teams • Each exercise will be performed in class, each carries 10% of your grade • I’m not looking for extraordinary solutions (although they are welcome) but for good integration of what you learned in class and what you managed to learn off the Internet • Teamwork is important

  7. Quizzes • Done before each homework exercise • Repeated after the exercise • You MUST take each quiz • Total 5% of your grade

  8. Midterm and Final • Closed book, closed notes • Each last 1 h 20 min • We will have reviews in class before each

  9. Class Participation • Class participation is important • Ask and answer questions in class • Ask, answer, participate on-line • Class participation carries 5% of your grade

  10. DEN • DEN system will host the class discussion board • To gain access and log inhttps://mapp.usc.edu/ • Contact webclass@usc.edu if you have difficulty with the system • I will check the discussion board once daily but if you want a reliable response from me email me directly

  11. Academic Integrity • What is and is not OK • I encourage you to work with others to learn the material but everyone must DO their work ALONE • Do not to turn in the work of others • Do not give others your work to use as their own • Do not plagiarize from others (published or not) • Do not try to deceive the instructor • See the Web site • More guidelines on academic integrity • Links to university resources • Ask if in doubt • You can always ask me for help!

  12. What Does Security Mean?

  13. What Does Security Mean?… In Real Life • No one should be able to: • Break into my house • Attack me • Steal my TV • Use my house to throw water balloons on people • Damage my furniture • Pretend to be my friend Bob and fool me • Waste my time with irrelevant things • Prevent me from going to my favorite restaurant • Destroy my road, bridge, city ..

  14. What Does Security Mean?…wrt Computers and Nets • No one should be able to: • Break into my computer • Attack my computer • Steal my information • Use my computer to attack others • Damage my computer or data • Use my resources without my permission • Mess with my physical world • I want to talk to Alice • Pretend to be Alice or myself or our computers • Prevent me from communicating with Alice

  15. Computer vs. Network Security • An isolated computer has a security risk? • Computer security aims to protect a single, connected, machine • Networking = communication at all times and in all scenarios!!! • Network security aims to protect the communication and all its participants • Security = robustness or fault tolerance? Computer security Network security

  16. Security Properties • Confidentiality (C) • Keep data secret from non-participants • Integrity (I) • Aka “authenticity” • Keep data from being modified • Keep it functioning properly • Availability (A) • Keep the system running and reachable

  17. Orthogonal Aspects • Policy • Deciding what confidentiality, integrity and availability mean • Mechanism • Implementing the policy

  18. Security Goals • Attack prevention • It is impossible for the attack to succeed • Attack detection • Low false positives, false negatives and detection delay • Attack response • Retaliation, observation, recovery • Attack recovery • Remedy the effects of the attack or sustain it A false positive is when the system detects an attack, but the attack did not occur. A false negativeis when the attack is missed by the system.

  19. What Does Security Mean?…wrt Computers and Nets • No one should be able to: • Break into my computer – A, C, I • Attack my computer – A, C, I • Steal my information - C • Use my computer to attack others – I? • Damage my computer or data - I • Use my resources without my permission – A • Mess with my physical world – I, A • I want to talk to Alice • Pretend to be Alice or myself or our computers – C, I • Prevent me from communicating with Alice - A

  20. What Are the Threats? • Breaking into my computer • Hackers • Break a password or sniff it off the network • Exploit a vulnerability • Use social engineering • Impersonate someone I trust • Viruses and worms A vulnerability is a weakness in the system (its design, implementation or use procedures) that when exploitedmakes it behave in a way that system’s creator did not expect. An exploitis a set of steps that exercises the vulnerability

  21. What Are the Threats? • Attacking my computer • Denial-of-service attacks • Viruses and some worms A DOS attack aims to disrupt a service by either exploiting a vulnerability or by sending a lot ofbogus messages to a computer offering a service A virus is a self-replicating program that requiresuser action to activate such as clicking on E-mail,downloading an infected file or inserting an infectedfloppy, CD, etc ..A worm is a self-replicating program that does notrequire user action to activate. It propagates itselfover the network, infects any vulnerable machine itfinds and then spreads from it further.

  22. What Are the Threats? • Stealing my information • From my computer or from communication • I will use cryptography! • There are many ways to break ciphers • There are many ways to divulge partial information (e.g. who do you talk to) • I would also like to hide who I talk to and when • I will use anonymization techniques • Anonymization hinders other security approaches that build models of normal traffic patterns

  23. What Are the Threats? • Using my machine to attack others • E-mail viruses • Worms • Denial-of-service attacks (including reflector attacks) • Spam, phishing

  24. What Are the Threats? • Damaging my computer or data • I have to prevent break-ins • I will also use cryptography to detect tampering • I must replicate data to recover from tampering • Denial-of-service attacks and worms can sometimes damage computers

  25. What Are the Threats? • Taking up my resources with irrelevant messages • Denial-of-service attacks • Spam mail (takes time to read and fills space) • Viruses and worms

  26. What Are the Threats? • Messing up with my physical world • Cyber-physical attacks or collateral victims • Power systems, traffic control, utilities • Travel agencies • Medical devices • Smart vehicles

  27. What Are the Threats? • Pretending to be Alice or myself or our computers • I want to be sure who I am talking to (authentication and digital signatures) • It is hard to impersonate a computer in two-way communication, such as TCP • But it has been done • Plain IP spoofing seems an extremely hard problem to solve IP spoofing means putting a fake IP address in thesender field of IP packets.

  28. What Are the Threats? • Preventing me from communicating with Alice • Alice could be attacked • Routers could be overloaded or tampered with • DNS servers could be attacked

  29. Some Security Mechanisms • VPNs • Intrusion Detection • Intrusion Response • Virus scanners • Policy managers • Trusted hw • Encryption • Checksums • Key management • Authentication • Authorization • Accounting • Firewalls

  30. What Are the Challenges? • Your security frequently depends on others • Tragedy of the Commons • A good solution must • Handle the problem to a great extent • Handle future variations of the problem, too • Be inexpensive • Have economic incentive • Require a few deployment points • Require non-specific deployment points

  31. What Are the Challenges? • Fighting a live enemy • Security is an adversarial field • No problem is likely to be completely solved • New advances lead to improvement of attack techniques • Researchers must play a double role

  32. What Are the Challenges? • Attack patterns change • Often there is scarce attack data • Testing security systems requires reproducing or simulating legitimate and traffic • No agreement about realistic traffic patterns • No agreement about metrics • There is no standardized evaluation procedure • Some security problems require a lot of resources to be reproduced realistically

  33. Practical Considerations • Risk analysis and risk management • How important it is to enforce a policy • Which threats matter • Legislation may play a role • The role of trust • Assumptions are necessary • Human factors • The weakest link

  34. In The Shoes of an Attacker • Who are the attackers • Used to be teenage hackers (bragging rights) • Now organized criminal (for profit) • Political organizations • Risk to the attacker • Usually very small

More Related