13-1-Intro
Transcript of 13-1-Intro
-
8/11/2019 13-1-Intro
1/51
(An Introduction to Computer)
Security
Jerry den Hartog
Room: MF 6.063
http://www.win.tue.nl/~jhartog/CourseSecurity/
-
8/11/2019 13-1-Intro
2/51
What is Security?
Lets start with some freeassociation
-
8/11/2019 13-1-Intro
3/51
Network
IT Infrastructures & Security Goals
EHR
Privacy
AvailabilityIntegrity
Confidentiality
Course Overview
Goal
Challenge
Approach
Course
Schedule
-
8/11/2019 13-1-Intro
4/51
Network
Threats & Countermeasures
EPD
Course Overview
Goal
Challenge
Approach
Course
Schedule
-
8/11/2019 13-1-Intro
5/51
Course Overview
Goal
Challenge
Approach
ScheduleTopic Wednesday Topic Friday Lab session
Introduction Cryptography basics Web of Trust
Cryptography Network security basics HTTP basics, Sniffing
and tampering
Malware, web services
security
Hashes, Certificates,
etc.
SQL injection and XSS
Access Control (AC) Digital Rights
Management
AC and session
information stealing
Authentication
(Passwords,
Biometrics)
Authentication
(Hardware tokens)
Authentication Flaws,
Password cracking
Security Protocols Exercises: Security
Protocol and side
channel attack
Session stealing &
phishing
Privacy and Anonymity Exercises & Exam
Preparation
---
See www.win.tue.nl/~jhartog/CourseSecurity
http://www.win.tue.nl/~jhartog/CourseSecurityhttp://www.win.tue.nl/~jhartog/CourseSecurity -
8/11/2019 13-1-Intro
6/51
Security What-When-Why-How
What & When
Dependability ~ Security
Security Attributes
Security Policies
Why
attacks & attackers common security issues
Measuring security
How
Security approaches,
models & tools
Security trade-offs Security architectures &
engineering
Analysing a scenario
Security requirements
Conclusions
Security : What When Why How
Content
What
Why
When
How
-
8/11/2019 13-1-Intro
7/51
WhatThe Why of Security
How
Security: WWW H
Content
What
Why
When
How
-
8/11/2019 13-1-Intro
8/51
To get Security...
prevent disallowed usage ?
... and enable allowed usage ?
Difference Dependability and Security ?
Other options than prevention
The only truly secure system is one that ispowered off, cast in a block of concrete and
sealed in a lead-lined room with armed guardsE. Spafford
Security: WWW H
Content
What
Why
When
How
-
8/11/2019 13-1-Intro
9/51
Dependability vs. Security
Dependability Problem ?program x
only works half of the time
crashes the computer
may cause the computer to explode
no longer works with the firewall installed
can stop the firewall from working
posts all your emails on a public website
tracks all your online activities
changes the data used by program y
Security Problem ?
Security: WWW H
Content
What
Why
When
How
-
8/11/2019 13-1-Intro
10/51
Dependability
vs.Security (2)
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
The `What of securi ty - Securi ty Attributes
Confidentiality
Integrity
Availability
Privacy
AuthenticityNon-repudiation
Accountability
-
8/11/2019 13-1-Intro
11/51
The `What of securi ty - Securi ty Attributes
C-I-A
Privacy
Authenticity
Non-repudiation
Accountability
Privacy Online
Peter Steiner 1993 Nik Scott 2008
-
8/11/2019 13-1-Intro
12/51
Privacy
EU directives (e.g. 95/46/EC) to protect privacy.
College Bescherming Persoonsgegevens (CBP)
What is privacy?
Try to protect: Privacy Enhancing Technologies (PETs)
Users must be able to determine for themselves when, how,
to what extent and for what purpose information about them
is communicated to others (Definition PRIME, Europeanproject on privacy & ID management.)
Alice
The `What of security - Securi ty At tributes
C-I-A
Privacy
Authenticity
Non-repudiation
Accountability
-
8/11/2019 13-1-Intro
13/51
The What of securi ty - Security
Attributes
C-I-A
Privacy
Authenticity
Non-repudiationAccountability
EU Data Protection Directive
Personal data usage requirements:
Noticeof data being collected
Purposefor data use
Consentfor disclosure
Informed who is collecting their data
Kept secure Right to access & correctdata
Accountabilityof data collectors
-
8/11/2019 13-1-Intro
14/51
Other Security Attributes
Authenticity users or data are genuine
Prescription is real and issued by a genuine Md.
Non-repudiation
Cannot be denied (action/agreement/...)
Dr. cannot claim not issuing prescription
To achieve (means): (Digital) signatures
AccountabilityAbility to hold users accountable for their actions
Dr. can be identified, found and is liable for wrong
prescriptions
The `What of securi ty - Securi ty Attributes
C-I-A
Privacy
Authenticity
Non-repudiation
Accountability
-
8/11/2019 13-1-Intro
15/51
Security Policies & Models
Policy: Specifies allowed / disallowed Context; applies to ..., approved/imposed by ...
Usage; required enforcement, dealing with breaches
Different notions of `security policy: fromgeneral intention statement
Data shall only be available to those with a `need-to-know
to formal, detailed specification
drwxr-xr-x, access control list, XACML policy, etc.
Security Model
(Formal) Framework to express and interpret policies.
E.g. relations on Users - Objects - Permissions - Groups.
The When of security - Security pol icies
-
8/11/2019 13-1-Intro
16/51
Security Policies & Models
Policy: Specifies allowed / disallowed Context;
applies to ...,
approved/imposed by ...
Etc.
Usage;
required enforcement
dealing with breaches Different notions of `security policy
Security Model
The When of security - Security pol icies
-
8/11/2019 13-1-Intro
17/51
Security Policies & Models
Policy: Specifies allowed / disallowed
Different notions of `security policy:
fromgeneral intention statementData shall only be available to those with a `need-to-know
to formal, detailed specification
drwxr-xr-x, access control list, XACML policy, etc.
Security Model
The When of security - Security pol icies
-
8/11/2019 13-1-Intro
18/51
Security Policies & Models
Policy: Specifies allowed / disallowed
Different notions of `security policy:
Security Model
(Formal) Framework to express and interpret policies.
E.g. relations on Users - Objects - Permissions - Groups
The When of security - Security pol icies
-
8/11/2019 13-1-Intro
19/51
Summerizing the What & When
Security attributes what to achieve
Security Policies When to achieve them
Security Model Setting to interpret
policies
-
8/11/2019 13-1-Intro
20/51
WhatThe Why of Security
How
-
8/11/2019 13-1-Intro
21/51
A days worth of security news (2012)
Android-malware verstopt zich via steganografie
Microsoft: hang op als we bellen
Google mailt gebruikers over nieuw privacybeleid
OpenDNS laat Mac-gebruiker onzichtbaar internetten
"Google Chrome ruimt andermans rotzooi op Cybercriminelen vluchten naar Sovjet-Unie
FBI zet 15.000 euro op hoofd internetoplichter
Microsoft en Google samen tegen phishing
Leerlingen opgepakt wegens hacken schoolcijfers
DigiD offline wegens hash collision-lek
Rootkit infecteert pc via Windows Media Player
Android-malware besmet miljoenen gebruikersSource: Security.nl
-
8/11/2019 13-1-Intro
22/51
A days worth of security news (28-1-13) 58.000 toezichtcamera's open voor hackers
CBP: overheid weet veel te veel van ons
'WhatsApp schendt privacy gebruikers'
Autorun-worm houdt huis in Pakistan
200MB groot virus verrast onderzoekers
Pornosites veroorzaken piek in politievirussen
5 beveiligingstips voor WordPress-gebruikers
Afmeldlink e-mail blijft grootste bron van ergernis
Pentagon vervijfvoudigt aantal cybersoldaten 'Brussel moet privacy burgers beter beschermen'
Veel gemeenten lek door verouderde software
'Apple laat verwijderde iPhone sms'jes staan'
Oracle gaat veiligheid Java verbeteren Source: Security.nl
-
8/11/2019 13-1-Intro
23/51
Attackers & Attacks
(WHAT) Break Security goals (Attributes)
(WHY) Reach Attacker goals
(WHO) IBM Attacker classification I: Clever outsiders
II: Knowledgeable insiders
III: Funded Organisations
(WHO) CPA - CCA - etc. Formalization attack context
Attacker goals and capabilities
-
8/11/2019 13-1-Intro
24/51
Some common security issues
Security as an after thought Needs to be addressed from the start
Forgetting security depends on the whole system
Focusing where the risk isn't (...more below)
Single point of failure Breach of a security feature causes complete
breakdown of system
Security by obscurityObscurity may help but it is dangerous to have the
security design depend on it (Kerckhoffs principle)
-
8/11/2019 13-1-Intro
25/51
Some common security issues (2)
Lack of Security policies
Lack of Preventative management
Keep systems up to date (e.g. patching)
Practice failure situations
Lack of Use of security features
E.g. Windows XP included firewall but not active (pre SP2)
Only need to check single checkbox
Relying on users for security
expertise, awareness, prioritiesAliceBob
-
8/11/2019 13-1-Intro
26/51
Weakest Link Different
aspects of security
``A chain is as strong as its weakest link
Security needs to be addressed in its whole;
Looking at a single aspect is like looking at asingle link.
system design (security not addressed)
quality of software (bugs in code)
strength of encryption (bad algorithm, bad`randomness, length/chose of key)
system usage (bad passwords, not using security
features)
-
8/11/2019 13-1-Intro
27/51
A program is only as strong as its design
The WMF problem provides a prime example of a software security flaw. At its
heart, the WMF problem is caused by a software feature being used in
an unintended way. WMF files, designed in the late 1980s, allow imagefiles to contain code that can be executed as the image decodes. Microsoft put
this "feature" in on purpose. The problem is, nobody put on their black hat and
thought through what an attacker might be able to do with such an inherentlydangerous feature. Malicious hackers use WMF information to install rootkits,
spyware, and other malicious code on their victims' machines. Some security
experts estimate that at least a million computers have been compromised this
way.
Source: Gary McGraw at itarchitect.com
Even though Microsoft has spent hundreds of millions of dollars on software
security, company representatives still expressed great surprise when theWindows Metafile (WMF) vulnerability surfaced. There's a simple reason for
this. Microsoft's approach, commendable in many ways, involves an
overemphasis on code-level bugs and is thus subject to a major blind spot:
overlookingarchitectural flawssuch as the WMF problem.
-
8/11/2019 13-1-Intro
28/51
Weakest Link
``A chain is as strong as its weakest link
Security needs to be addressed in its whole;
Looking at a single aspect is like looking at asingle link.
system design (holes in security perimeter)
quality software (bugs in code)
strength of encryption (bad algorithm, bad`randomness, length/chose of key)
system usage (bad passwords, not using security
features)
-
8/11/2019 13-1-Intro
29/51
Programming flaws can lead to security holes
Buffer overloads: the big security hole
Last month, Microsoft reissued its buffer-overflow vulnerability announcement for
Simple Network Management Protocol(SNMP), ... buffer-overflow vulnerabilities in
ISAPI... buffer-overflow vulnerability in Oracle's supposedly unbreakable Oracle 8i
and Oracle 9i servers. ...
Source: ZDNet News
Another zero-day vulnerability reported in Windows 7
...This issue is caused by a buffer overflow error ... which could be exploited by
malicious users to crash an affected system or potentially execute arbitrary code
with kernel privileges.
Critical flaws in Windows, Internet Explorer
As part of this months Patch Tuesday schedule, Microsoft plans to ship a
dozen bulletins with fixes for 22 vulnerabilities, some serious enough to allow
hackers complete access to a vulnerable Windows machine. (Jan 2011)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-006.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-010.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-010.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-006.asp -
8/11/2019 13-1-Intro
30/51
Basic idea buffer overflowcall routine CheckPin
routine CheckPin
{ char pin[ 4 ];
pin
-
8/11/2019 13-1-Intro
31/51
Weakest Link
``A chain is as strong as its weakest link
Security needs to be addressed in its whole;
Looking at a single aspect is like looking at a
single link. system design (holes in security perimeter)
quality software (bugs in code)
strength of encryption (bad algorithm, bad
`randomness, length/chose of key)
system usage (bad passwords, not using security
features)
-
8/11/2019 13-1-Intro
32/51
Choose your crypto well...
IT: Mafia Boss Using Crook Crypto Captured
Posted by Zonkon Tuesday April 18, @11:13AM
from the never-heard-of-pgp-and-email dept.
boggis writes "Discovery is running a story on Bernardo
Provenzano, the recently arrested 'boss of bosses' of the
Sicilian Mafia. He apparently wrote notes to his henchmen
using a modified form of the Caesar Cipher, which was
easily cracked by the police and resulted in further arrestsof collaborators. Discovery's cryptography expert describes
it as a code that 'will keep your kid sister out'."
Source: Slashdot.org / Discovery channel
http://it.slashdot.org/http://slashdot.org/~Zonk/http://dsc.discovery.com/news/briefs/20060417/mafiaboss_tec.html?source=rsshttp://dsc.discovery.com/news/briefs/20060417/mafiaboss_tec.html?source=rsshttp://slashdot.org/search.pl?tid=93http://slashdot.org/search.pl?tid=93http://slashdot.org/~Zonk/http://it.slashdot.org/ -
8/11/2019 13-1-Intro
33/51
Weakest Link
``A chain is as strong as its weakest link
Security needs to be addressed in its whole;
Looking at a single aspect is like looking at a
single link.
system design (holes in security perimeter)
quality software (bugs in code)
strength of encryption (bad algorithm, bad`randomness, length/chose of key)
system usage (bad passwords, not using security
features)
-
8/11/2019 13-1-Intro
34/51
Memorystick, computer & diskettes
Het is de zoveelste keer dat vertrouwelijke informatie op straat is
terechtgekomen. ... landmachtkapitein een memorystick met geheime
militaire informatiein een huurauto had laten liggen. Op het
geheugenkaartje stonden onder meer instructies voor militairen inAfghanistan. ... een memorystick was kwijtgeraakt met daarop
vertrouwelijke informatie van de Militaire Inlichtingen- en
Veiligheidsdienst(MIVD).
... officier van justitie ... computer op straat, zonder de inhoud te wissen...
belandde het apparaat bij misdaadverslaggever Peter R. de Vries ...
medewerker van de veiligheidsdienst AIVD eind vorig jaar diskettesineen leaseauto liggen met daarop vertrouwelijke informatieover Pim
Fortuyn.Source: Elsevier website
Store your secrete data securely
(Dutch examples of loss of unencrypted data carriers with confidential information.)
-
8/11/2019 13-1-Intro
35/51
What
The Why of Security
How
prevention detection
correctionrepression
deterrence
-
8/11/2019 13-1-Intro
36/51
The How of Security
Techniques to address specific threats Cryptography
Identity Management, Access control
Security Protocols, Firewalls, Virus scanners
Physical security, Tamper resistant devices
Intrusion detection, auditing
Identify risk & threats, combine defenses
into complete security architecture:
Security Engineering
-
8/11/2019 13-1-Intro
37/51
How secure is it? Quantifying dependability:
Define tests, test coverage
If covers `common cases reasonable test dependability
not really suitable for security
Measuring security:Attackers typically using unexpected behaviour
Is 1 bug better than 5 bugs ?
1 exploitable error better that 5 ?
Which goal (attribute) is more important
How to reflect trade-offs in score
As much security as possible ?...truly secure system
is powered off...
-
8/11/2019 13-1-Intro
38/51
Measuring security?
Security of system ~ Costof breaking
Cost - Effort, Money, Expertise, ...Violate security goal / Reach attacker goal
Hard to measure in general
-
8/11/2019 13-1-Intro
39/51
40
CCWAPSS: Security Scoring
1. Authentication
2. Authorization
3. Input check4. Error handling
5. Password Quality
6. Privacy
7. Sessions
8. Patching9. Admin access
10. Encryption
11. Third parties
8.3/10
Criteria Checklist
(source: ccwapss 1.1 whitepaper)
-
8/11/2019 13-1-Intro
40/51
Security trade-offs No absolute securityThere will always be vulnerabilities in the system
design / implementation / usage / etc.
May not be desirable; allow for the unforeseen no access to `secure area ...
unless only exit during fire?
Need to make trade-offsConflicting requirements
easy to use secureConflicting securityrequirements
availability confidentiality
Conflicting goals of stakeholders
more usage information privacy user
...truly secure system
is powered off...
-
8/11/2019 13-1-Intro
41/51
Examples Security Trade-offs
Security - Performance:Increase key length in a public key crypto system
+ Increases protection against brute-force attack
- En/Decryption require more computation
Security UsabilityHave a user enter their password for every access+ Password does not have to be stored in memory
+ User away from machine
- Inconvenient for user
- Maybe less secure in the end; eavesdropping,
enter password in wrong place,
legit user may try to circumvent
-
8/11/2019 13-1-Intro
42/51
Examples Security Trade-offs (cont)
Security Cost Higher development time to achieve better security
Use of extra hardware, e.g. smartcard in credit/debitcard
Integrity Privacy:Gathering more information (e.g. logging)
may help prevent or detect misuse
decreases the privacy of the users
Access to a building: Open building privacy but low security
Check at entrance: Medium security but some privacy lost
Track users in the building: High security but no privacy
Etc..., etc...
Requirements
-
8/11/2019 13-1-Intro
43/51
Security Requirements
Security Requirement Engineering Methodology structured approach to finding security requirements
integration into system design
Integral part requirements elicitation process
E.g. SecureUML
Consider `misuse cases (in addition to use cases)
KOAS, NFR, i*Tropos Goal oriented (security goals as explicitly functionality)
Security Problem Frames
Problem patterns based (related to security goals)
q
Design
Concepts
Process
Attackers
Requirements
-
8/11/2019 13-1-Intro
44/51
i*/Tropos conceptsActor
Entity with intent: role, position, agent (human/software)
Goal (Soft goal)Strategic interest of an actor
Taskcourse of action to satisfy a goal
Resource
Physical or informational entity (without intent/goal)
Social dependency (between two actors)depends to reach goal, execute task, deliver resource
Agreement between two actors
q
Design
Concepts
Process
Attackers
Requirements
-
8/11/2019 13-1-Intro
45/51
Development Process
Identify stakeholders and their goals
For each actor & goal:
adopt it (this actor will achieve it; elaborate to tasks)
delegate it to an existing or new actor
decompose it into new subgoals
Finish when all goals have been adopted.
q
Design
Concepts
Process
Attackers
Requirements
-
8/11/2019 13-1-Intro
46/51
Attacker Analysis
Any actors can be a potential attacker
Assumed guilty until proven innocent
Attacker inherits the
intention, capabilities, relations
of legitimate actor
External attackers
Not necessarily linked to system actor
q
Design
Concepts
Process
Attackers
Requirements
-
8/11/2019 13-1-Intro
47/51
Requirements Elicitation
[Liu et al. 2003] Security and Privacy Requirements Analysis within a Social Setting.
q
Design
Concepts
Process
Attackers
-
8/11/2019 13-1-Intro
48/51
http://www.win.tue.nl/~jhartog/CourseSecurity(reading material, slides, exercises, assignments)
Preparation for Fridays lecture/Lab section look at 5thchapter of Security Engineering
Nice introduction to the topic of cryptography
(For all lab section); bring your laptop
Create a public key-private key pair (e.g. gpg4win) Install Firefox and Tamper data plug in
Follow up on this lecture: reading material: Check website for links, exercises, etc.
Article on security requirement engineering
1stchapter of Security Engineering by Anderson.
Exercise: Analyze security related news article.
http://www.win.tue.nl/~jhartog/CourseSecurityhttp://www.win.tue.nl/~jhartog/CourseSecurity -
8/11/2019 13-1-Intro
49/51
Literature: Listed on course page
Articles & book chapters - available online
Several chapters from Security Engineering
Interesting read but light on the (technical) details
Handbook of Applied Cryptography Useful information but very technical, limited to crypto.
Articles on selected subjects
Experiments, Exercises and notes
Still under development; feedback appreciated.
Links will be posted on course server
-
8/11/2019 13-1-Intro
50/51
Conclusions
Main Messages to take away from today Security is not an `add-on feature
Needs to be taken into account from the start
Security requires looking at the `complete picture
Consider whole system not just isolated parts
Try to place treated security techniques in
contextWhat is their role in an security architecture
What goals can they achieve
What trade-off need to be made
-
8/11/2019 13-1-Intro
51/51
Nieuws Item Analysis Find a security related news article and analyze it
what is the security issue in this article related to availability, confidentiality, integrity, etc.
Collect some background information when needed.
For a security incident What was the failure, why did it occur
How could it have been prevented how should it be solved For a solution/technology
What problem is solved, how can it be used, will it work
For an opinion/analysis/... Do you agree, what are possible other/counter arguments
For a more general article What is the issue you have identified
Did the article address this issue?
How well was the issue described does the article get the key points correct, did it miss any issues.