Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Lecture01– TheSecurity
Mindset
StephenCheckoway
UniversityofIllinoisatChicago
CS487– Fall2017
AdaptedfromMichaelBailey’sECE422
AboutMe
• 2012Ph.D.fromUCSanDiegoinCS
• 2012–2015AssistantResearchProfessorat
JohnsHopkinsUniversity(yes,there’sansin
Johns)
• 2015– AssistantProfessoratUIC
AboutMe
• Researcharea:ComputerSecurity
• Somepriorresearch
– Votingmachinesecurity(changevotes)
– Automotivesecurity(remotecarhacks)
– Back-scatter,whole-bodyX-rayscanner(weapons)– iSight camera(disableindicatorLEDwhileon)
– Analysisofbackdoored PRNGinTLS/IPSEC• Lookingforstudents!
AboutMe
GoalsforthisCourse
• Criticalthinking
– Howtothinklikeanattacker
– Howtoreasonaboutthreatsandrisks
– Howtobalancesecuritycostsandbenefits
• Learntobeasecurity-consciouscitizen
Requirements
• 4or5Securityprojects(difficult!)
• Twoin-classexams
• Nofinal
Policies
• Attendance:notmandatory,butyoushould
comeanyway
• Latework:3latedays
• Collaboration:Workingroupsof2onprojects
• Communication:Don’temailme!UsePiazza
• Academicmisconduct:punishmentwillbe
basedonseverityuptoexpulsion(seriously)
Examplesofmisconduct
(nonexhaustive list)
• Claimingsomeoneelse’sworkasyourown
• Searchingforexistingsolutionstoassignments
• Falsifyingprogramoutput
• Collaboratingoutsideyourgroup
• Sharingcode/solutionsoutsideyourgroup
Projects
• Workingroupsof2(notrequired,highlyrecommended)
• Generallynotmuchprogrammingperproject
• Alotoftimethinking/tinkering/debugging
WhatisComputerSecurity?
• Securityisaproperty(ormoreaccuratelyacollectionofproperties)thatholdinagivensystemunderagivensetofconstraints– Whereasystemisanythingfromhardware,software,firmware,
andinformationbeingprocessed,stored,andcommunicated.
– andconstraintsdefineadversariesandtheircapabilities.
• Canalsomeanthemeasuresandcontrolsthatensuretheseproperties
• Securityisweird,aswedon’texplicitly studyotherproperties– Correctness
– Performance
MeettheAdversary
“Computersecuritystudieshowsystemsbehaveinthepresenceofanadversary.”
• Theadversary– a.k.a.theattacker
– a.k.a.thebadguy
* Anintelligencethatactivelytriestocausethesystemtomisbehave.
“Knowyourenemy.”
• Motives?
• Capabilities?
• Degreeofaccess?
ThinkingLikeanAttacker
• Lookforweakestlinks– easiesttoattack.
• Identifyassumptionsthatsecuritydependson.Aretheyfalse?
• Thinkoutsidethebox:Notconstrainedbysystemdesigner’sworldview.
Practicethinkinglikeanattacker:
Foreverysystemyouinteractwith,thinkaboutwhatitmeansforittobesecure,andimagehowitcould
beexploitedbyanattacker.
Exercises
Exercise
• Doorlock/intercom
– Occupantpresseskeywhichmakesatoneover
theintercom
– Lockisunlockedwhentoneisdetectedoverthe
intercom
• Howcananattacker
subvertthistogain
access?
ThinkingasaDefender
• Securitypolicy– Whatarewetryingtoprotect?
– Whatpropertiesarewetryingtoenforce?
• Threatmodel– Whoaretheattackers?
– WhataretheirCapabilities?Motivations?Access?
• Riskassessment– Whataretheweaknessesofthesystem?
– Howlikely?
• Countermeasures– Technicalvs.nontechnical?
– Howmuchdotheycost?
Challengeistothink
rationallyand
rigorouslyaboutrisk.
Rationalparanoia.
SecurityPolicies
• Whatassetsarewetryingtoprotect?
• Whatpropertiesarewetryingtoenforce?
– Confidentiality– Integrity– Availability– Privacy– Authenticity
…
ThreatModels
• Whoareouradversaries?– Motives?
– Capabilities?
– Access?
• Whatkindsofattacksdoweneedtoprevent?(Thinkliketheattacker!)
• Limits:Kindsofattacksweshouldignore?
AssessingRisk
• Whatwouldsecuritybreachescostus?
– Directcosts:Money,property,safety,...
– Indirectcosts:Reputation,futurebusiness,wellbeing,…
• Howlikelyarethesecosts?
– Probabilityofattacks?– Probabilityofsuccess?
• Remember:rationalparanoia
Countermeasures
• Technicalcountermeasures
• Nontechnicalcountermeasures
– Law,policy(government,institutional),
procedures,training,auditing,incentives,etc.
SecurityCosts
• Nosecuritymechanismisfree
– Directcosts:Design,implementation,
enforcement,falsepositives
– Indirectcosts:Lostproductivity,addedcomplexity
• Challengeisrationallyweighcostsvs.risk
– Humanpsychologymakesreasoningabouthigh
cost/lowprobabilityeventshard
Exercise
• Shouldyoulockyourbike?
– Assets?– Adversaries?– Riskassessment?
– Countermeasures?
– Costs/benefits?
TheSecurityMindset
• Thinkinglikeanattacker
– Understandtechniquesforcircumventingsecurity.
– Lookforwayssecuritycanbreak,notreasonswhyitwon’t.
• Thinkinglikeadefender
– Knowwhatyou’redefending,andagainstwhom.
–Weighbenefitsvs.costs:Nosystemisevercompletelysecure.
– “Rationalparanoia!”
Schneier’s law
• “Anyone,fromthemostcluelessamateurto
thebestcryptographer,cancreatean
algorithmthathehimselfcan'tbreak.”
• Replace“cryptographer”with“engineer”and
“algorithm”with“system”anditstillholds
true
ToLearnMore…
• TheSecurityMindset.https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html
• https://freedom-to-tinker.com/blog/felten/security-mindset-and-harmless-failures/
• https://cubist.cs.washington.edu/Security/2007/11/22/why-a-computer-security-course-blog/
Questions?