29
Computer Security Hugo Andrés López Summary

Computer Security

  • Upload
    kaden

  • View
    40

  • Download
    0

Embed Size (px)

DESCRIPTION

Computer Security . Hugo Andr és López Summary. Distributed System Security. Distributed systems – computers connected by a network • Communications (network) security – addresses security of the communications links • Computer security – addresses security of the end systems - PowerPoint PPT Presentation

Citation preview

Page 1: Computer Security

Computer Security

Hugo Andrés López

Summary

Page 2: Computer Security

Distributed System Security• Distributed systems• – computers connected by a network• • Communications (network) security• – addresses security of the communications links• • Computer security• – addresses security of the end systems• • Application security• – relies on both to provide services securely to end• users• • Security Management• – Not just the system but also the people!

Page 3: Computer Security

Computer Security

• OBJECTIVE:– Protect accessible resources in spite of malicious

intent and behaviour that involves information and communication technologies

• CAVEAT:– This course: an overview of techniques but beware

that most computer attacks involve some form of social engineering and user psychology

Page 4: Computer Security

Why Computer Security is different?

Are security bugs different from ordinary bugs?“On balance I claim that they are, not for a technical but for a social

reason.Consider a paradigmatic “ordinary” bug, such as library that wrongly

calculates the square root of 2 while apparently doing everything else right. After certain amount of hilarity the community response would be either to use a different library, or, more likely, to avoid taking the square root of 2.

If a security bug is found in a system there is a community of people who make their personal priority to make the wrong behavior happen, typically in other people’s computers.”

Roger Needham

Page 5: Computer Security

Dramatis Personae…• Users/agents and all that:

– In Computer Security and in Networks we often have some casting of characters:• Alice and Bob are the good users who wants to communicate or do some

other things • Eve, Charlie wants to disrupt it

– Dramatis personae is a comfortable simplification but it should be clear that it is a simplification

• CAVEAT:– we should not attribute human form to computer processes. The word “user” is

often used for a human being or a process acting on behalf (maybe) of a human being, or a process acting on behalf of a process, acting on behalf on a process…

• Terminology Principal– Some entity on a network or on a system that ask for some security relevant

services

Page 6: Computer Security

ISO 7498-2 Standard

• definitions of security terminology,• descriptions for security services and

mechanisms,• defines where in OSI reference model

security services may be provided,• introduces security management concepts.

Page 7: Computer Security

Security life-cycle

• Model is as follows:– define security policy,– analyse security threats (according to policy),– define security services to meet threats,– define security mechanisms to provide services,– provide on-going management of security.

Page 8: Computer Security

Threats, services and mechanisms

• security threat– a possible means by which a security policy may be

breached (e.g. loss of integrity or confidentiality).

• security service– a measure which can be put in place to address a

threat (e.g. provision of confidentiality).

• security mechanism– a means to provide a service (e.g. encryption, digital

signature).

Page 9: Computer Security

Security domains and policies

• In a secure system, the rules governing security behaviour should be made explicit in the form of a security policy.

• Security policy– the set of criteria for the provision of security

services• Security domain– the scope of a single security policy

Page 10: Computer Security

Generic security policy

• ISO 7498-2 generic authorisation policy:– ‘Information may not be given to, accessed by, nor

permitted to be inferred by, nor may any resource be used by, those not appropriately authorised.’

• Possible basis for more detailed policy.• N.B. does not cover availability (e.g. denial of service) issues.

Page 11: Computer Security

Security Policy Types

• identity-based– access to and use of resources determined on the

basis of the identities of users and resources,

• rule-based– resource access controlled by global rules imposed

on all users, e.g. using security labels.

Page 12: Computer Security

Security threats

• Threat– person, thing, event or idea which poses some danger to an

asset (in terms of confidentiality, integrity, availability or legitimate use).

• Attack– realisation of a threat.

• Safeguards– measures (e.g. controls, procedures) to protect against threats.

• Vulnerabilities– weaknesses in safeguards.

Page 13: Computer Security

Risk

• Risk– measure of the cost of a vulnerability– takes into account probability of a successful attack

• Risk analysis– determines whether expenditure on (new/better)

safeguards is warranted.

• Quality of Protection?– A missing concept in ISO

“Total Security will only be achieved when we are all dead”

Classroom thought

Page 14: Computer Security

Fundamental Threats

• Integrity violation– USA Today, falsified reports of missile attacks on Israel,

7/2002

• Denial of service– Yahoo, 2/2000, 1Gbps

• Information Leakage– Prince Charles mobile phone calls, 1993

• Illegitimate use– Vladimir Levin, Citibank, $3.7M, 1995

Page 15: Computer Security

Enabling threats

• Realisation of any of these threats can lead directly to a realisation of a fundamental threat:– Masquerade,– Bypassing controls,– Authorisation violation,– Trojan horse,– Trapdoor.

Page 16: Computer Security

Security Services classification

• Authentication– including entity authentication and origin authentication,

• Access control,• Data confidentiality,• Data integrity,• Non-repudiation.

Page 17: Computer Security

Authentication

• Entity authentication provides checking of a claimed identity at a point in time.– Typically used at start of a connection.– Addresses masquerade and replay threats.

• Origin authentication provides verification of source of data.– Does not protect against replay or delay.

• Password Authentication, Challenge-Response Protocols, OTPs…

Page 18: Computer Security

Access control

• Provides protection against unauthorised use of resource, including:– use of a communications resource,– reading, writing or deletion of an information

resource,– execution of a processing resource.

• Remote users• RBAC, White – Blacklisting …

Page 19: Computer Security

Data Confidentiality

• Protection against unauthorised disclosure of information.

• Four types:– Connection confidentiality (e-banking),– Connectionless confidentiality (p2p networks),– Selective field confidentiality (e-voting),– Traffic flow confidentiality.

• Ex: Internet banking session– Encrypting routers as part of Swift funds transfer

network

Page 20: Computer Security

Data Integrity

• Provides protection against active threats to the validity of data.

• Five types:– Connection integrity with recovery,– Connection integrity without recovery,– Selective field connection integrity,– Connectionless integrity,– Selective field connectionless integrity.

• Think of SQL injection and you’ll get an idea

Page 21: Computer Security

Non-repudiation

• Protects against a sender of data denying that data was sent (non-repudiation of origin).

• Protects against a receiver of data denying that data was received (non-repudiation of delivery).

• I.e.: Signed letter with a recorded delivery

Page 22: Computer Security

Security mechanisms

• They exist with a single purpose: Provide and Support Security services.

• Classes– Specific security mechanisms.– Pervasive security mechanisms (not specific from

a particular service)

Page 23: Computer Security

Specific Security Mechanisms

• Cyphering,• digital signature,• access control mechanisms,• data integrity mechanisms,• authentication exchanges,• traffic padding,• routing control,• Notarisation (Trusted 3rd Parties).

Page 24: Computer Security

Pervasive Security Mechanisms

• trusted functionality,• security labels,• event detection,• security audit trail,• security recovery.

Page 25: Computer Security

Examples on Pervasive Mechanisms

• Event detection– Includes detection of

• attempted security violations,• legitimate security-related activity.

– Can be used to trigger event reporting (alarms), event logging, automated recovery.

• Security audit trail– Log of past security-related events.– Permits detection and investigation of past security breaches.

• Security recovery– Includes mechanisms to handle requests to recover from security

failures.– May include immediate abort of operations, temporary invalidation of

an entity, addition of entity to a blacklist.

Page 26: Computer Security

Focus of Security Services?

Page 27: Computer Security

Where to focus security controls?

• The focus may be on data – operations – users • Data– e.g. integrity requirements may refer to rules on Format and

content of data items (internal consistency).– account balance is an integer

• Operations that may be performed on a data item– credit, debit, transfer, …

• Users who are allowed to access a data item– account holder and bank clerk have access to account

Page 28: Computer Security

Security Controls: Protection

Page 29: Computer Security

• Thanks:– To you, your groups and your performance.

To Fabio Massacci:For making wonderful slides I can reuse now.