View
236
Download
0
Embed Size (px)
Citation preview
Security Requirements• Confidentiality
– Requires information in a computer system only be accessible for reading by authorized parties
• Integrity– Assets can be modified by authorized parties
only
• Availability– Assets be available to authorized parties
• Authenticity– Requires that a computer system be able to
verify the identity of a user
Threats• Confidentiality
• Integrity
• Availability
• Authenticity
• Interception– Unauthorized access– wiretapping
• Modification– Change or Delete: Data,
Messages, Programs
• Interruption– Hardware destruction– Disable File
Management
• Fabrication– Create data,
messages ...
What it there to protect?• Hardware
– Accidental and deliberate damage– Tapping of Network lines– Overload of networks
• Software– Threats include deletion, alteration, damage
• Data– Involves files– Security concerns for availability, secrecy,
and integrity– Stealing of classified information
Protection
• Limit Sharing• Limit Communication • Encryption of data • Control access • Electronic Signatures• Intrusion detection
Examples of Protection • File systems
– Access control defined by user – Most system files are not accessible for user
• Access control– OS provides access control via Login and
Password
• User privileges – different user have different status (NT user
groups)
• Clean Memory Partitioning• Systematic backups
Sharing
• Sharing is the source of all evil!• No sharing: Separation in time or place• Share all or share nothing
– Owner of an object declares it public or private
• Share via access limitation– Operating system checks the
permissibility of each access by a specific user/process to a specific object
– Operating system acts as the guard
Memory issues• Bound registers for processes access to RAM• Delete vs. erase
– If you delete a file it is not really gone– OS only “forgot” that it was there– You can still retrieve the content
• If you really want to erase thing:– Reformat the device(not always possible)– Delete files and save useless things until drive is
full– Beware when your sell you used computer, there
may be traces of sensitive information
Message encryption: Artistic Math
• Encode content x y=F(x,k1) and send y• Receiver decodes the content with a
function x=D(x,k2)• Public key & private: 2 different keys are
used (PGP)• Secrete Key: k1=k2, D=F-1 ! Illusion of
safety• You can only read content if you know k2 • Simple letter replacement (Midterm)
– has about 4*10^26 possibilities but easy to guess
Electronic Signatures• Became very important recently due to e-
commerce• Example: You sent and email to buy a
stock• stock crashes 1 hour later, you deny ever
having sent the email• Legal issue: How to prove the authenticity
of electronic documents• Similar to encryption: You calculate a
complex function from the message text, decode it using your private and append it
Access Control Authentication
• Login– Requires both a user identifier (ID) and a
password– Only admit known and matching ID and
password• User based or computer based• Problems:
– Users can reveal their password to others either intentionally or accidentally
– Hackers are skillful at guessing passwords– ID/password file can be obtained (hard to
decode)
ID Provides Security• Determines whether the user is authorized
to gain access to a system• Determines the privileges accorded to the
user– Guest or anonymous accounts have mover
limited privileges than others
• ID is used for discretionary access control– A user may grant permission to files to others
by ID
Intrusion Techniques• Steal Id and Password
• Circumvent access control– Use a Trojan horse to bypass restrictions
on access
Techniques for Learning Passwords
• Try default password used with standard accounts shipped with computer
• Exhaustively try all short passwords license plates
• Try words in dictionary or a list of likely passwords
• Collect information about users and use these items as passwords– address, names, relatives, SSN, phone numbers
• In a study 86% of password could be guessed
Techniques for Stealing Passwords
• Tap the line between a remote user and the host system
• Watch user during login• Intercept emails that contain
passwords
Password Selection Strategies• Computer generated passwords :-(
– Hard to remember, user write them down
• Reactive password checking strategy :-(– System periodically runs password cracker to
find guessable passwords– System cancels passwords that are guessed
and notifies user– Consumes resources to do this, can be to late!
• Proactive password checker :-)– The system checks at the time of selection if
the password is allowable
Types of Attacks
• Intrusion – Somebody unauthorized manages to log
into your system
• Remote Attack– Somebody changes the behavior of your
computer without being logged in
Intrusion Prevention
• Firewalls around network• Limit the access type:
– telnet, ftp, http, ssh, rsh ….
• Limit access location– allow access only from designated
machines– Machine ID: IP address
Intrusion Detection• Assume the behavior of the intruder differs
from the legitimate user• Statistical anomaly detection
– Collect data related to the behavior of legitimate users over a period of time
– Statistical tests are used to determine if the behavior is not legitimate behavior
• Rule-based detection– Rules are developed to detect deviation form
previous usage pattern– Expert system searches for suspicious behavior
Intrusion Detection Data Collection
• Audit record– Native audit records
• All operating systems include accounting software that collects information on user activity
– Detection-specific audit records• Collection facility can be implemented that
generates audit records containing only that information required by the intrusion detection system
• Very common for Web services– I can tell exactly what you did on blackboard
2 Types of Malicious Programs
• Those that need a host program– Fragments of programs that cannot exist
independently of some application program, utility, or system program
• Independent– Self-contained programs that can be
scheduled and run by the operating system
Trojan Horse• Useful program that contains hidden code
that when invoked performs some unwanted or harmful function
• Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly– User may set file permission so everyone has
access– can do anything the user could do
• Example: new exciting freeware game• Does not need illegal access
Login Spoofing
• Setup a screen that looks exactly like login
• New user comes and tries to login• Program reads in login information
and mails is to intruder• Login fails, user thinks he misspelled
and logs in again
Logic Bomb• Code embedded in a legitimate program that
is set to “explode” when certain conditions are met– Presence or absence of certain files– Particular day of the week– Particular user running application
• Example: An employee had a program that checked whether his name appeared on payroll – After he was fired the bomb went off and
destroyed important software– Potential of blackmail
Worms• Use network connections to spread
form system to system• Electronic mail facility
– A worm mails a copy of itself to other systems
• Remote execution capability– A worm executes a copy of itself on another
system
• Remote log-in capability– A worm logs on to a remote system as a user
and then uses commands to copy itself from one system to the other
Zombie
• Program that secretly takes over another Internet-attached computer
• It uses that computer to launch attacks that are difficult to trace to the zombie’s creator
• Typical Windows NT problem: Recent case that attacked the White House server
Viruses
• Program that can “infect” other programs by modifying them– Modification includes copy of virus
program– The infected program can infect other
programs
Virus Stages
• Dormant phase– Virus is idle
• Propagation phase– Virus places an identical copy of itself
into other programs or into certain system areas on the disk
Virus Stages
• Triggering phase– Virus is activated to perform the function
for which it was intended– Caused by a variety of system events
• Execution phase– Function is performed
Types of Viruses• Parasitic
– Attaches itself to executable files and replicates
– When the infected program is executed, it looks for other executables to infect
• Memory-resident– Lodges in main memory as part of a
resident system program– Once in memory, it infects every
program that executes
Types of Viruses
• Boot sector– Infects boot record– Spreads when system is booted from the
disk containing the virus
• Stealth– Designed to hide itself form detection by
antivirus software– May use compression
Types of Viruses
• Polymorphic– Mutates with every infection, making
detection by the “signature” of the virus impossible
– Mutation engine creates a random encryption key to encrypt the remainder of the virus• The key is stored with the virus
Macro Viruses• A macro is an executable program
embedded in a word processing document or other type of file
• Autoexecuting macros in Word– Autoexecute
• Executes when Word is started
– Automacro• Executes when defined event occurs such as opening
or closing a document
– Command macro• Executed when user invokes a command (e.g., File
Save)
• Dominantly Windows problem
E-mail Virus: Windows Issue
• Activated when recipient opens the e-mail attachment
• Activated by open an e-mail that contains the virus
• Uses Visual Basic scripting language• Propagates itself to all of the e-mail
addresses known to the infected host• Protection: Use email program that has
very limited privileges (Beware Outlook and Explorer)
Antivirus Approaches
• Detection• Identification• Removal• Your antivirus program from yesterday
is useless for today’s virus!• Stern approach: Every time the user
logs in to his machine the computer downloads the most current version of antivirus software from the network
How does Antivirus software work?
• Virus signature scanner– Scan target code looking for known
viruses
• CPU emulator– Instructions in an executable file are
interpreted by the emulator rather than the processor
Internet Attacks• One way to attack internet services is to
create an overload for the server• Most server have a capacity that reflects
normal use requirements• Tojan horse or worms get distributed onto
many machines• At a specific time all infected machines start
sending requests to the same server• Server goes down• Big problem for online brokerage with time
sensitive information
Comparison UNIX to WINDOWS
• UNIX: targeted by access attacks since it is a – Multi-user environment– High degree of sharing– Constant network access– Sophisticated OS: hard to write malicious
programs
• WINDOWS: targeted by remote attacks– Singly user environment– Less sophisticated OS: easier to write malicious
programs– Switched off most of the time (used to be)
Security Design Principles
• Public system design– It creates a false illusion if you think nobody
knows you architecture
• Default: no access• Repetitive checks for current authority
– User might have forgotten to lock out, timeout
• Give the least privileges possible• Security should be build in the lowest
levels of the system, security as add-on does not work well
Summary
• There is no safe system!• Business decision
– How do I enforce save behavior from employees
– Security is very expensive– Security get more expensive, the more
flexibility , communication and sharing I allow
– Separate physical network for sensitive data– Hire an ex-hacker to break into my system to
test security