1 / 22

Lecture 1: Computer security overview

Lecture 1: Computer security overview. Aalto University , autumn 2011. Outline. Timeline of computer security What is security anyway? Summary. Timeline of computer security. 70s. Multi-user operating systems  need for protection

zane-neal
Download Presentation

Lecture 1: Computer security overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 1:Computer security overview Aalto University, autumn 2011

  2. Outline • Timeline of computer security • What is security anyway? • Summary

  3. Timeline of computer security

  4. 70s • Multi-user operating systems  need for protection • Access control models: multi-level security, Bell-LaPadula 1976, BIBA 1977 • DES encryption algorithm 1976  cryptanalysis, need for key distribution • Public-key cryptosystems:Diffie-Hellman 1976, RSA 1978 • Key distribution:  certificates 1978 key exchange protocols: Needham-Schroeder 1978

  5. 80s • Orange Book 1985: mandatory access control • Accounting • Commercial security models from accounting and auditing rules: Clark-Wilson 1987 • X.509 PKI 1988 • IBM PC  software copy protection floppy virus 1987 • Internet Morris worm 1988

  6. 90s • Methodological approach to security research:  Information flow security  Secure operating systems: SEVMS –1996  Formal analysis of key exchange protocols • Wider availability of cryptography • Cellular networks: GSM 1991 • Open-source cryptography: PGP 1991 • Password sniffers  SSH 1995 • Commercial Internet  SSL ja VeriSign CA 1995 • RSA patent expired in 2000 • Spam: Cantor and Siegel 1994 • PKI criticism  trust management • User authentication beyond passwords • Intrusion detection • Macro virus: Melissa 1999 • DRM

  7. 2000s • Fast-spreading Internet worms: Code Red 2001  secure programming secure programming languages security analysis and testing tools • Botnets, spyware  malware analysis • Computer crime: phishing • Enterprise identity management • Security in mobility, Grid, ah-hoc networks, sensor networks • Social networks • Privacy concerns

  8. What is security

  9. What is security • When talking about security, we are concerned about bad events caused with malicious intent • Security vs. reliability • Terminology: • Threat = bad event that might happen • Attack = someone intentionally causes the bad thing to happen • Vulnerability = weakness in an information system that enables an attack • Exploit = implementation of an attack • Risk = probability of an attack × damage in dollars

  10. Security Goals • CIA = confidentiality, integrity, availability • Confidentiality— protection of secrets • Integrity — only authorized modification of data and system configuration • Availability— no denial of service, business continuity • Examples: secret agent names, web server • The CIA model is a good starting point but not all: • Access control — no unauthorized use of resources • Privacy — control of personal data and space • What else?

  11. Areas of IT security [Gollmann] • Computer security — security of end hosts and client/server systems • Focus: access control in operating systems • Example: access control lists for file systems • Network security — security of communication • Focus: protecting data on the wire • Example: encryption to prevent sniffing • Application security — security of services to end users and businesses • Focus: application-specific trust relations • Example: secure and legally binding bank transactions

  12. Viewpoints to security • Cryptography (mathematics) • Computer security (systems research) • Network security (computer networking) • Software security (software engineering, programming languages and tools) • Formal methods for security (theoretical CS) • Hardware security (HW engineering) • Human aspects of security (usability, sociology) • Security management (information-systems management, enterprise security) • Economics of security, laws and regulation You cannot be just a security expert! Need broader understanding of the systems and applications

  13. Security is a continuous process • Continuous race between attackers and defenders • Attackers are creative • No security mechanisms will stop all attacks; attackers just move to new paths and targets • Some types of attacks can be eliminated but others will take their place • Compare with crime statistics: Do locks or prison reduce crime in the long term? • Security mechanisms will fail and new threats will arise→ Monitoring and auditing for new attacks→Contingency planning: how to recover from a breach • Network security is more straightforward than application security, but difficult enough

  14. Cost vs. benefit • Rational attackers compare the cost of an attack with the gains from it • Attackers look for the weakest link; thus, little is gained by strengthening the already strong bits • Rational defenders compare the risk of an attack with the cost of implementing defenses • Lampson: “Perfect security is the enemy of good security” • But human behavior is not always rational: • Attackers follow each other and flock all to the same path • Defenders buy a peace of mind; avoid personal liability by doing what everyone else does → Many events are explained better by group behavior than rational choice

  15. Proactive vs. reactive security • Technical prevention: design systems to prevent, discourage and mitigate attacks • If attack cannot be prevented, increase its cost and control damage • Detection and reaction: detect attacks and take measures to stop them, or to punish the guilty • In open networks, attacks happen all the time • We can detect port scans, spam, phishing etc., yet can do little to stop it or to punish attackers → Technical prevention and mitigation must be the primary defence • However, detection is needed to monitor the effectiveness of the technical prevention

  16. Who is the attacker? • We partition the world into good and bad entities • Honest parties vs. attackers • Good ones follow specification, bad ones do not • Different partitions lead to different perspectives on the security of the same system • Typical attackers: • Curious or dishonest individuals — for personal gain • Hackers, crackers, script kiddies — for challenge and reputation • Companies — for economic intelligence and marketing • Security agencies — NSA, FAPSI, GCHQ, DGSE, etc. • Military SIGINT — strategic and tactical intelligence, cyber war • Organized criminals — for money • Often, not all types of attackers matter • E.g. who would you not want to read your diary?

  17. Security research • Security research often focuses on attacks • Engineers should focus on solutions BUT need to understand • how systems fail • how the attacker thinks • adversarial mindset • Security researchers spend most of their time looking for flaws in the work of others  not always welcomed by others; so be careful in how you express yourself

  18. Ethical considerations • Who is allowed to attack and when? • Violations of policy • Causing damage • Are security policies for us or against us? • University policy vs. active learning • Difference between research or QA and crime? • Privacy of human subjects • Getting work done vs. following rules • Ethics and software engineering: • Security can be a tool for bad, as well as good

  19. Summary

  20. Goals of information security • Security goals: confidentiality and integrity of information, availability of services • Authentication, access control, accounting • Protection of services and infrastructure in a hostile environment (e.g. Internet) • Control, monitoring or privacy • Business continuity

  21. Reading material • Dieter Gollmann: Computer Security, 2nd ed., chapters 1–2 • Matt Bishop: Introduction to computer security, chapter 1 (http://nob.cs.ucdavis.edu/book/book-intro/intro01.pdf) • Edward Amoroso: Fundamentals of Computer Security Technology, chapter 1 • Ross Anderson: Security Engineering, 2nd ed., chapter 1 (1st ed. http://www.cl.cam.ac.uk/~rja14/Papers/SE-01.pdf)

  22. Exercises • What security threats and goals are there in the postal (paper mail) system? • What different entities are there in the postal system? • Do they have the same of different security concerns? • Who could be the attacker? Does the answer change if you think from a different entity’s viewpoint? • Can you think of attacks where it is necessary for two or more malicious parties to collude? • What is role of laws and punishment in computer security? • Can the development of information security technology be unethical, or is engineering always value neutral? Give examples. • When is it (or when could it be) ok for you to attack against IT systems? Give examples. • How do the viewpoints of security practitioners (e.g. system admin or company security officer) and academic researchers differ?

More Related