Lecture01– TheSecurity

Mindset

StephenCheckoway

UniversityofIllinoisatChicago

CS487– Fall2017

AdaptedfromMichaelBailey’sECE422

AboutMe

• 2012Ph.D.fromUCSanDiegoinCS

• 2012–2015AssistantResearchProfessorat

JohnsHopkinsUniversity(yes,there’sansin

Johns)

• 2015– AssistantProfessoratUIC

AboutMe

• Researcharea:ComputerSecurity

• Somepriorresearch

– Votingmachinesecurity(changevotes)

– Automotivesecurity(remotecarhacks)

– Back-scatter,whole-bodyX-rayscanner(weapons)– iSight camera(disableindicatorLEDwhileon)

– Analysisofbackdoored PRNGinTLS/IPSEC• Lookingforstudents!

AboutMe

GoalsforthisCourse

• Criticalthinking

– Howtothinklikeanattacker

– Howtoreasonaboutthreatsandrisks

– Howtobalancesecuritycostsandbenefits

• Learntobeasecurity-consciouscitizen

Requirements

• 4or5Securityprojects(difficult!)

• Twoin-classexams

• Nofinal

Policies

• Attendance:notmandatory,butyoushould

comeanyway

• Latework:3latedays

• Collaboration:Workingroupsof2onprojects

• Communication:Don’temailme!UsePiazza

• Academicmisconduct:punishmentwillbe

basedonseverityuptoexpulsion(seriously)

Examplesofmisconduct

(nonexhaustive list)

• Claimingsomeoneelse’sworkasyourown

• Searchingforexistingsolutionstoassignments

• Falsifyingprogramoutput

• Collaboratingoutsideyourgroup

• Sharingcode/solutionsoutsideyourgroup

Projects

• Workingroupsof2(notrequired,highlyrecommended)

• Generallynotmuchprogrammingperproject

• Alotoftimethinking/tinkering/debugging

WhatisComputerSecurity?

• Securityisaproperty(ormoreaccuratelyacollectionofproperties)thatholdinagivensystemunderagivensetofconstraints– Whereasystemisanythingfromhardware,software,firmware,

andinformationbeingprocessed,stored,andcommunicated.

– andconstraintsdefineadversariesandtheircapabilities.

• Canalsomeanthemeasuresandcontrolsthatensuretheseproperties

• Securityisweird,aswedon’texplicitly studyotherproperties– Correctness

– Performance

MeettheAdversary

“Computersecuritystudieshowsystemsbehaveinthepresenceofanadversary.”

• Theadversary– a.k.a.theattacker

– a.k.a.thebadguy

* Anintelligencethatactivelytriestocausethesystemtomisbehave.

“Knowyourenemy.”

• Motives?

• Capabilities?

• Degreeofaccess?

ThinkingLikeanAttacker

• Lookforweakestlinks– easiesttoattack.

• Identifyassumptionsthatsecuritydependson.Aretheyfalse?

• Thinkoutsidethebox:Notconstrainedbysystemdesigner’sworldview.

Practicethinkinglikeanattacker:

Foreverysystemyouinteractwith,thinkaboutwhatitmeansforittobesecure,andimagehowitcould

beexploitedbyanattacker.

Exercises

Exercise

• Doorlock/intercom

– Occupantpresseskeywhichmakesatoneover

theintercom

– Lockisunlockedwhentoneisdetectedoverthe

intercom

• Howcananattacker

subvertthistogain

access?

ThinkingasaDefender

• Securitypolicy– Whatarewetryingtoprotect?

– Whatpropertiesarewetryingtoenforce?

• Threatmodel– Whoaretheattackers?

– WhataretheirCapabilities?Motivations?Access?

• Riskassessment– Whataretheweaknessesofthesystem?

– Howlikely?

• Countermeasures– Technicalvs.nontechnical?

– Howmuchdotheycost?

Challengeistothink

rationallyand

rigorouslyaboutrisk.

Rationalparanoia.

SecurityPolicies

• Whatassetsarewetryingtoprotect?

• Whatpropertiesarewetryingtoenforce?

– Confidentiality– Integrity– Availability– Privacy– Authenticity

…

ThreatModels

• Whoareouradversaries?– Motives?

– Capabilities?

– Access?

• Whatkindsofattacksdoweneedtoprevent?(Thinkliketheattacker!)

• Limits:Kindsofattacksweshouldignore?

AssessingRisk

• Whatwouldsecuritybreachescostus?

– Directcosts:Money,property,safety,...

– Indirectcosts:Reputation,futurebusiness,wellbeing,…

• Howlikelyarethesecosts?

– Probabilityofattacks?– Probabilityofsuccess?

• Remember:rationalparanoia

Countermeasures

• Technicalcountermeasures

• Nontechnicalcountermeasures

– Law,policy(government,institutional),

procedures,training,auditing,incentives,etc.

SecurityCosts

• Nosecuritymechanismisfree

– Directcosts:Design,implementation,

enforcement,falsepositives

– Indirectcosts:Lostproductivity,addedcomplexity

• Challengeisrationallyweighcostsvs.risk

– Humanpsychologymakesreasoningabouthigh

cost/lowprobabilityeventshard

Exercise

• Shouldyoulockyourbike?

– Assets?– Adversaries?– Riskassessment?

– Countermeasures?

– Costs/benefits?

TheSecurityMindset

• Thinkinglikeanattacker

– Understandtechniquesforcircumventingsecurity.

– Lookforwayssecuritycanbreak,notreasonswhyitwon’t.

• Thinkinglikeadefender

– Knowwhatyou’redefending,andagainstwhom.

–Weighbenefitsvs.costs:Nosystemisevercompletelysecure.

– “Rationalparanoia!”

Schneier’s law

• “Anyone,fromthemostcluelessamateurto

thebestcryptographer,cancreatean

algorithmthathehimselfcan'tbreak.”

• Replace“cryptographer”with“engineer”and

“algorithm”with“system”anditstillholds

true

ToLearnMore…

• TheSecurityMindset.https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html

• https://freedom-to-tinker.com/blog/felten/security-mindset-and-harmless-failures/

• https://cubist.cs.washington.edu/Security/2007/11/22/why-a-computer-security-course-blog/

Questions?