CSE2500 System Security and Privacy. CSE2500 System Security and Privacy Nandita&Srini 2 Lecturers Prof B Srinivasan Phone: 990 31333 Room No: C4.47

CSE2500 CSE2500 System Security and PrivacySystem Security and Privacy

CSE2500 System Security and PrivacyNandita&Srini

2

LecturersLecturers

Prof B SrinivasanPhone: 990 31333 Room No: C4.47 [email protected]

Ms Nandita BhattacharjeePhone: 990 32185/990 53293Room No [email protected]


3

Organisation and Evaluation Organisation and Evaluation

12 weeks of lectures 2 hours of tutorials per week – mainly

problem solving, starting from week 2 to week 12.


4

Weekly LecturesWeekly Lectures

Lectures Wednesdays 7p.m. to 9p.m. in Caulfield K

Block K3.21Alternative Lecture times?

Fridays 12 noon to 2p.m. in Caulfield – K block 3.09

Fridays 3p.m. to 5p.m. in Caulfield B block B2.13


5

TutorialsTutorials

Tutorials from week 2 to week 12:Wednesdays 10a.m. in Caulfield/B471Wednesdays 4p.m. in Caulfield/B471Wednesdays 4p.m. in Caulfield/B476Thursdays 10a.m. in Caulfield/A212Thursdays 2p.m. in Caulfield/B224Thursdays 6p.m. in Caulfield/F206 or Wednesday

5p.m in Caulfield/?? Pl use Allocate+ for allocating tutorials. If you have

any problems, please see us during the tutorial times next week.


6

AssessmentAssessment

Four assessment components Two 30 min tests during the tutorial sessions in

weeks 6 and 12, worth 15% each. Individual question solving during the tutorial session

from weeks 7 to 11, worth 10%• Each student will be assigned a time slot and a problem and

they have to make a presentation of the solution to the rest of the group.

Examination – 2 hours duration – worth 60%

You need to get at least 50% to pass this unit.


7

ReferencesReferences

Primary Reference book: Security in Computing – C P Pfleeger and S L

Pfleeger, Third Edition, 2003, Prentice HallSecondary Reference book:

Computer Security—Dieter Gollmann, 1999, John Wiley


8

Subject: CSE2500

Lecturers: Prof. Bala Srinivasan Mrs. Nandita Bhattacharjee

Prescribed Text: PfleegerSecurity in Computing 3e

Available from the University Bookshop


9

Where to look for the subject Where to look for the subject materials?materials?

http://www.csse.monash.edu.au/courseware/cse2500

http://beast.csse.monash.edu.au/cse2500 Please down load and print the lecture materials

before coming to the class as NO further photocopies of notes will be distributed in the class.

The lecture notes is complementary to the prescribed text.


10

SecuritySecurity

Why do you lock your house before you leave?

How do you choose the kind of lock for your house?

Any added devices (such as alarms, bull terrier, etc…)

What you do when you observe that things in the house are scattered around?


11

What are you protecting?What are you protecting?

Brick and wallsMoney and jewelleryMusic CDs and tapesEtc ….


12

Threats to Computer and Threats to Computer and Communications systemsCommunications systems

Domain of information and network security

Taxonomy of security attacksAims or services of securityModel of system/(inter)network securityMethods of defense


13

SecuritySecurity

Human nature physical, financial, mental,…, data and

information security


14

There are ProblemsThere are Problems

Theft - of equipment Theft – e.g. Copying of confidential material Modification - for gain – e.g. Adding false names

to payroll Modification - malicious – e.g. Virus infections Access - easy for ‘us’ and difficult for ‘them’ ….


15

Fact sheetFact sheet

bank robbery through computersindustrial espionage on corporate

information loss of individual privacy (email, mobile

phone/computer, fax, ...)information vandalismcomputer viruses(more can be found in “comp.risks”)


16

What we mean by Security?What we mean by Security?

Protection of assets - can take several forms: Prevention Detection Reaction


17

ReactionsReactions

active research in security & privacy(numerous conferences each year)

new lawseducationcollaborations between governments,

industries & academiaemployment of computer security

specialists


18

What that means for computer What that means for computer assets?assets?

What are the assets (for system security)?


19

Information SecurityInformation Security

Shift from the physical security to the protection of data (on systems) and to thwart hackers (by means of automated software tools) – called

System and information securitySystem and information security


20

Network SecurityNetwork Security

With the widespread use of distributed systems and the use of networks and communications require protection of data during transmission – called

network security


21

Internetwork securityInternetwork security

The term Network Security may be misleading, because virtually all businesses, govt., and academic organisations interconnect their data processing equipment with a collection of interconnected networks – probably we should call it as

(inter)network security


22

Aspects of System (and Aspects of System (and information) securityinformation) security

Security attack – any action that compromises the security of system and information.

Security mechanism – to detect, prevent, or recover from a security attack.

Security service – service that enhances and counters security attacks.


23

Other terminologyOther terminology

vulnerability a weakness in a computer system that might

be exploited to cause loss or harmattack

an action that exploits a vulnerabilitythreat

circumstances that have the potential to cause loss or harm

control - a protective measure


24

Security mechanismsSecurity mechanisms

No single mechanism that can provide the services mentioned in the previous slide. However one particular aspect that underlines most (if not all) of the security mechanism is the cryptographic techniques.

Encryption or encryption-like transformation of information are the most common means of providing security.


25

Why Security?Why Security?

Security is not simple as it might first appear. In developing a particular security measure one

has to consider potential counter measures. Because of the counter measures, the problem

itself becomes complex. Once you have designed the security measure,

it is necessary to decide where to use them. Security mechanisms usually involve more than

a particular algorithm or protocol.


26

Security and Cost AnalysisSecurity and Cost Analysis

cost

Security level

100%


27

Security Attacks - TaxonomySecurity Attacks - Taxonomy

Interruption – attack on availabilityInterception – attack on confidentialityModification – attack on integrityFabrication – attack on authenticity

Propertythat is

compromised


28

InterruptionInterruption

Also known as denial of services.Information resources (hardware,

software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction.

e.g: cutting a communication line, disabling a file management system, etc.


29

InterceptionInterception

Also known as un-authorised access.Difficult to trace as no traces of intrusion

might be left.e.g: illegal eavesdropping or wiretapping

or sniffing, illegal copying.


30

ModificationModification

Also known as tampering a resource.Resources can be data, programs,

hardware devices, etc.


31

FabricationFabrication

Also known as counterfeiting (of objects such as data, programs, devices, etc).

Allows to by pass the authenticity checks. e.g: insertion of spurious messages in a

network, adding a record to a file, counterfeit bank notes, fake cheques,…

impersonation/masqueradingto gain access to data, services etc.


32

Security Attacks - TaxonomySecurity Attacks - Taxonomy

InformationSource

InformationDestination

Normal

InformationSource


Interruption

InformationSource


Interception

InformationSource


Modification

InformationSource


Fabrication

Source and Destination - can be what is supposed to be andwhat you get


33

Attacks – Passive typesAttacks – Passive types

Passive (interception) – eavesdropping on, monitoring of, transmissions.

The goal is to obtain information that is being transmitted.

Types here are: release of message contents and traffic analysis.


34

Attacks – Active typesAttacks – Active types

Involve modification of the data stream or creation of a false stream and can be subdivided into – masquerade, replay, modification of messages and denial of service.


35

AttacksAttacks

Passive

Interception(confidentiality)

Release ofMessage contents

Trafficanalysis

Active

Modification(integrity)

Fabrication(integrity)

Interruption(availability)


36

Security threats (to maintain) areSecurity threats (to maintain) are

ConfidentialityIntegrityAvailability

to give us secure data (and information)Authenticity


37

ConfidentialityConfidentiality

Only accessible by authorised partiesNot revealedMore that just not readingConfidentiality is distinct from secrecy and

privacy ( ?)


38

IntegrityIntegrity

Associated with loss and corruptionData Integrity as

Computerised data same as external, source data

Data not exposed to alteration or destructionNo inappropriate modification


39

AvailabilityAvailability

The property of being accessible and useable (without delay) upon demand by an authorised entity

We want there to be no denial of service


40

Other issuesOther issues

AccountabilityReliabilitySafetyDependability


41

Security is defined asSecurity is defined as

Computer security deals with the prevention and detection of unauthorised actions by users of a computer system

Security deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others


42

The security dilemmaThe security dilemma

security deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others.

Security-unaware users have specific security requirements but (usually) no security expertise.

But


43

The security dilemmaThe security dilemma

The costs of additional resources to implement security mechanisms can be quantified.

Security mechanisms interfere with users, and can lead to loss of productivity.

Managing security also costs.Need to perform risk analysis (which will

be the next topic)


44

Principles of SecurityPrinciples of Security

Principle of easiest penetration an intruder will use any means of penetration

Principles of timeliness items only need to be protected until they

lose their valuePrinciples of effectiveness

controls must work, and they should be efficient, easy to use, and appropriate.


45

Layers of technology (and Onion Layers of technology (and Onion Model)Model)

In which layer should security mechanisms be placed ?

Should controls be placed in more that one layer ?

See slide 46 too.

Hardware

KernelOperating System

Services

Applications


46

LayersLayers

The presence of layers is a feature of technology

Separate layers often perform very different functions

Similar functions are combined in one layer The boundary between two layers is usually

easily defined Layers can often be independently implemented


47

Vulnerabilities Vulnerabilities

The three broad computing system resources arehardware

• interruption (denial of service), interception (theft) software

• interruption (deletion), interception, modificationdata

• interruption (loss), interception, modification and fabrication


48

One method of defenceOne method of defence

By controlsWhat should be the focus of the controls?

• For example: should protection mechanisms focus on data or operations on that data or on the users who use the data?

Since there are layers of technology, where controls should apply?

• Applications, services, operating systems, kernel, hardware.


49

ControlsControls

Can be applied at hardware, software, physical or polices.

Simple mechanisms or lots of features?Should defining and enforcing security

mechanism be a centralised function?How to prevent access to the layer below

the security mechanism?


50

Examples of ControlsExamples of Controls

Modern cryptologyEncryption, authentication code, digital

signature,etc.Software controls

Standard development tools (design, code, test, maintain,etc)

Operating systems controlsInternal program controls (e.g: access

controls to data in a database)Firewalls


51

Examples of Controls Examples of Controls

Hardware controlsSecurity devices, smart cards, …

Physical controlsLock, guards, backup of data and software, thick walls, ….

Security polices and proceduresUser educationLaw


52

Effectiveness of ControlsEffectiveness of Controls

Merely having controls does no good unless they are used properly. The factors that affect the effectiveness areAwareness of protectionLikelihood of usersOverlapping controlsPeriodic review


53

Model for network securityModel for network security

Information channel

MessageMessage

SecretInfo.

SecretInfo.

PrincipalPrincipal

Opponent – security threads and possible attacks

Trusted Third party

Gate Keeper

[Borrowed from Stallings]


54

Two questions to ponderTwo questions to ponder

Having backup copies of the data – is it a solution to security?

The internetwork security model (the previous slide) has the gate keeper at the receiver (or destination) end – why not at the sender (source)?

Documents

CSE2500 System Security and Privacy. CSE2500 System Security and Privacy Nandita&Srini 2 Lecturers Prof B Srinivasan Phone: 990 31333 Room No: C4.47