What is Computer Security? - PowerPoint PPT Presentation

what is computer security n.
Skip this Video
Loading SlideShow in 5 Seconds..
What is Computer Security? PowerPoint Presentation
Download Presentation
What is Computer Security?

play fullscreen
1 / 22
Download Presentation
What is Computer Security?
Download Presentation

What is Computer Security?

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. What is Computer Security? for Professor Ruan’s Class at Nankai University Clark Thomborson 2nd April 2007

  2. Questions to be (Partially) Answered • What is security? • What types of security can be handled by a computer? • But first... let me introduce myself.

  3. Clark Thom{p,bor}son • Clark Thompson: 1954-1986 • 1971-75: BS (Honors) Chemistry and MS CompSci/CompEng’g at Stanford. • 1976-9: PhD Computer Science at C-MU. • 1977-86: parallel algorithms, connection networks, VLSI complexity at UC Berkeley. • 1986: Thompson + Borske = Thomborson • 1986-96: VLSI algorithmics, randomized rounding, supercomputer performance at U Minnesota – Duluth. • 1996-present: software obfuscation, watermarking, tamperproofing, trusted computing at Auckland.

  4. NZ and Auckland • New Zealand is a South Pacific island nation, populated by • 600,000 “Maori”: the first people of NZ, about 800 years ago. • 300,000 “Asian” (Chinese, Indian, Iranian, ...) • 300,000 “Pacific” (Samoan, Fijian, Tongan, …) • 3,100,000 “European” (mostly emigrants from Great Britain) • 1,300,000 people live in the Auckland region. • Population density is very low almost everywhere else in NZ. • 4.3 million people in 270,000 km2 = 16 people / km2 • Tianjin: 11 million people in 11,000 km2 = 1000 people / km2 • The University of Auckland has 25,000 undergraduate students, 5,000 postgraduate students, and 4,000 staff. • 5,500 of our students are from other countries.

  5. Computer Science Department • We are the largest and most diversified computer science department in New Zealand: • 40 staff • 800 undergraduates • 100 postgraduates

  6. Secure Systems Group • Inventions: • Software obfuscation, • Software watermarking, • Tamperproofing, and • 3d object watermarking (subcontract: Cardiff U) • Secure systems development: • Applications of trusted computing, • Specification of security requirements, and • Security improvements • http://www.cs.auckland.ac.nz/research/groups/ssg/

  7. CSC PhD Scholarships • 20 PhD Scholarships per year from the China Scholarship Council and the University of Auckland • The CSC pays travel and living expenses. • The University of Auckland does not charge tuition fees (other PhD students pay NZD $5000/year ~ USD $3000/year) • Our PhD programme is 3 to 4 years of supervised research, with no coursework. • You must already have a research-oriented Master’s degree. • You must find a supervisor and define a topic before you are admitted. • See http://www.cs.auckland.ac.nz/phd/ and www.csc.edu.cn.

  8. What is Security?(A Taxonomic Overview) The first step in wisdom is to know the things themselves; this notion consists in having a true ideaof the objects; objects are distinguished and known by classifying them methodically and giving them appropriate names. Therefore, classification and name-giving will be the foundation of our science. Carolus Linnæus, Systema Naturæ, 1735 (from Lindqvist and Jonsson, “How to Systematically Classify Computer Security Intrusions”, 1997.)

  9. Standard Taxonomy of Security • Confidentiality: no one is allowed to read, unless they are authorised. • Integrity: no one is allowed to write, unless they are authorised. • Availability: all authorised reads and writes will be performed by the system. • Authorisation: giving someone the authority to do something. • Authentication: being assured of someone’s identity. • Identification: knowing someone’s name or ID#. • Auditing: maintaining (and reviewing) records of security decisions.

  10. A Multi-Level Hierarchy • “Static security”: the confidentiality, integrity, and availability properties of a system. • “Dynamic security”: the gold standard of Authentication, Authorisation, Audit. • These processes assure static security. • If these processes run too often, we have a “gold-plated” system design! (Infeasible – too expensive.) • Metaphorically, a security engineer should • Seal all security perimeters with an authenticating gold veneer (note: a veneer is a very thin sheet), • Sprinkle auditing gold-dust uniformly but very sparingly over the most important security areas, and • Place an authorising golden seal on the most important accesses, but not on any other accesses.

  11. Security Governance • Governance should be pro-active, not reactive. • Governors should constantly be asking questions, considering the answers, and revising plans. • Specification, or Policy (answering the question of what the system is supposed to do), • Implementation (answering the question of how to make the system do what it is supposed to do), and • Assurance (answering the question of whether the system is meeting its specifications). • Governors cannot be involved in the low-level decisions of static security, and they should not be heavily involved in dynamic security. • They should be security executives, not its operators.

  12. Generalized Static Security • Confidentiality, Integrity, and Availability only cover security for read and write operations. • What about security for executable objects? • Unix directories have “rwx” permission bits. • Do we need a fourth aspect of static security? • XXXX-ity: all executions must be authorised. • I don’t know a good name for this property. (Is there a good name for it in Chinese? gwi ju? => “guijuity”?) • At the top of a taxonomy we should combine, rather than divide. • Confidentiality, Integrity, and XXXX-ity are all Prohibitions. • Availability is a Permission.

  13. Prohibitions and Permissions • Prohibition: (try to) prevent something from happening. • Permission: (try to) allow something to happen. • There are two types of secure systems: • In a prohibitive system, all operations are prohibited by default. Permissions are granted in special cases, e.g. to authorised individuals. • In a permissive system, all operations are allowed by default. Prohibitions are special cases, e.g. when an individual attempts to access a secure system. • Prohibitive systems have permissive subsystems. • Permissive systems have prohibitive subsystems.

  14. P1 P2 Recursive Security; Allowances • Prohibitions, i.e. “Thou shalt not kill.” • General rule: An action (in some range R) is not allowed, with exceptions (permissions) P1, P2, P3, ... • Permissions, i.e. an entry visa. • General rule: An action in P is allowed, with exceptions (prohibitions) R1, R2, R3, ... • This leads to a hierarchy of controls on actions. P: allowed R2 R1: prohibited R3

  15. Is Our Taxonomy Complete? • Prohibitions and permissions are properties of hierarchicalsystems, such as a judicial system. • Most legal controls (“laws”) are prohibitive. A few are permissive. • Contracts are non-hierarchical: agreed between peers. • Obligations are promises to do something in the future. • Exemptions are exceptions to an obligation. • The contract must specify a dispute-resolution procedure. Often this is an obligation to submit to a legal judgement. • There are two types of peerages: obligatory and exemptive. • Obligatory peerages have exemptive subsystems. • Exemptive peerages have obligatory subsystems. • Can we have hierarchies within peerages, and peerages within hierarchies? • Yes, but the linkage is still obscure to me. I intend to keep working on this. Maybe you can help!

  16. Inactions and Actions; Requirements • Obligations are requirements on actions, e.g. “Honour thy father and mother.” Note: these are prohibitions on inactions. • Obligation rule: An action (in some range O) is required, with exemptions O1, O2, O3, ... • Exemptions are non-requirements on actions, e.g. “A trustee shall not be answerable for involuntary acts.” These are permissions on inactions. • Exemption rule: An action in E is notrequired, with obligations E1, E2, ... • We have added a new level to our hierarchy! • Our new taxonomy has more descriptive power than the CIA taxonomy. • I still want to see a “design win”. • Will these insights lead to better security in the real world?

  17. Reviewing our Questions • What is security? • Three layers: static, dynamic, governance. • Four types of static security rules: prohibitions, permissions, obligations, and exemptions. A taxonomic structure is (requirements, allowances) x (actions, inactions). • What types of security can be handled by a computer?

  18. Computer Security Systems • Definition. A computer system is a static security detector if it has • a set of static security rules, expressed as efficient computer programs, • reliable inputs, to determine when an action or an inaction is required or not allowed, and • a reliable output channel to an enforcement agent (computer or human). • Definition. A computer system is a static security enforcer if • its outputs effectively control the system’s compliance with its static security rules, and • its inputs are supplied by one or more static security detectors. • Computers can implement most of the dynamic layer of security: auditing, authorisation, authentication, identification. • Most level-2 operations are automated, but human oversight is necessary. • Computers can give very limited assistance at the governance layer. • Governors make tradeoffs among specification, implementation, and assurance activities. Human judgement is required! • Let’s briefly consider the primary methods of control.

  19. Governments make things legal or illegal. Legal Illegal Moral Inexpensive Expensive Immoral Our culture makes things moral or immoral. Easy Difficult Lessig’s Taxonomy of Control The world’s economy makes things inexpensive or expensive. Computers make things easy or difficult.

  20. Reviewing our Questions Questions: • What is security? • What types of security can be handled by a computer? Partial answers: • There are three layers of security: static, dynamic, and governance. • Computers can handle the first two layers.