information security privacy n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Security & Privacy PowerPoint Presentation
Download Presentation
Information Security & Privacy

play fullscreen
1 / 92

Information Security & Privacy

226 Views Download Presentation
Download Presentation

Information Security & Privacy

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Information Security & Privacy HIM-1460 CLINICAL EDUCATION 2 James Joshi Associate Professor, SIS May 21, 2010

  2. Topics overview • Security basics • Secure design principles • Access control model overview • Overview of cryptography and Network security • Privacy • Lectures 9 – 12 (small breaks) • Pizza Lunch 12 – 12:30 PM • Lab 12:30 – 2:00 PM • Closing discussion/test 2:15 – 3:00 PM

  3. What is Information Security? Overview of Computer Security

  4. Information Systems Security • Deals with • Security of (end) systems • Examples ? • Security of information in transit over a network • Examples ? Is it enough to have strong security for either one of these?

  5. Basic Components of Security • Confidentiality • What do you mean? • Prevention or detection? • Examples? • Integrity • What do you mean? • Data integrity vs Origin integrity • Prevention or detection? • Examples? • Availability • What do you mean? CIA

  6. CIA-based Model NSTISSC 4011 Security Model (CNSS 4011)

  7. Basic Components of Security • Additional from NIST (National Institute of Standards and Technology • Accountability • Assurance • Non-repudiation:

  8. Interdependencies confidentiality integrity Integrity confidentiality availability accountability Integrity confidentiality Integrity confidentiality

  9. Terminology Security Architecture Requirements Policies Requirements Policies Security Features or Services Resources Assets Information Attackers/Intruders/ Malfeasors Security Models/ Mechanisms

  10. Attack Vs Threat • A threat is a “potential” violation of security • The violation need not actually occur • The fact that the violation might occur makes it a threat • The actual violation of security is called an attack

  11. Common security threats/attacks • Interruption, delay, denial of service • Interception or snooping • Modification or alteration • Fabrication, masquerade, or spoofing • Repudiation of origin

  12. Classes of Threats (Shirley) • Disclosure: • Unauthorized access to information • Deception: • Acceptance of false data • Disruption: • Interruption/prevention of correct operation • Usurpation: • Unauthorized control of a system component

  13. Goals of Security • Prevention • To prevent someone from violating a security policy • Detection • To detect activities in violation of a security policy • Verify the efficacy of the prevention mechanism • (Response &) Recovery • Stop policy violations (attacks) • Assess and repair damage • Ensure availability in presence of an ongoing attack • Fix vulnerabilities for preventing future attack

  14. Information Assurance • What is information assurance? “Assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes” (NIST) • Assurance is to indicate “how much” to trust a system and is achieved by ensuring that • The required functionality is present and correctly implemented • There is sufficient protection against unintentional errors • There is sufficient resistance to intentional penetration or by-pass Specification – design - implementation

  15. Operational Issues • Cost-Benefit Analysis • Risk Analysis • Laws and Customs • Operational problems • People problem

  16. Secure Design Principles

  17. Design Principles for Security • Principles • Least Privilege • Fail-Safe Defaults • Economy of Mechanism • Complete Mediation • Open Design • Separation of Privilege • Least Common Mechanism • Psychological Acceptability • Simplicity • Restriction

  18. Least Privilege • A subject should be given only those privileges necessary to complete its task • Assignment of privileges based on • Function, Identity-based, … ? • Based on “Need to know”; “Relevance to situation” … • Examples?

  19. Fail-Safe Defaults • What should be the default action? • If action fails, how can we keep the system safe/secure? • When a file is created, what privileges are assigned to it? • In Unix? In Windows?

  20. Economy of Mechanism • Design and implementation of security mechanism • KISS Principle (Keep It Simple, Silly!) • Careful design of Interfaces and Interactions

  21. Complete Mediation • No caching of information • Mediate all accesses • Why? • How does Unix read operation work? • Any disadvantage of this principle?

  22. Open Design • Security should not depend on secrecy of design or implementation • Source code should be public? • “Security through obscurity” ?

  23. Separation of Privilege • Restrictive access • Use multiple conditions to grant privilege • Equivalent to Separation of duty • Example?

  24. Least Common Mechanism • Mechanisms should not be shared • What is the problem with shared resource? • Covert channels? • Isolation techniques • Virtual machine

  25. Psychological Acceptability • Security mechanisms should not add to difficulty of accessing resource • Hide complexity introduced by security mechanisms • Ease of installation, configuration, use • Human factors critical here • (e.g., Proper messages)

  26. Reference Validation Mechanism • Trusted Computing Base • Hardware and software for enforcing security rules • Reference monitor • Part of TCB • All system calls go through reference monitor for security checking • Reference validation mechanism – • Tamperproof • Never be bypassed • Small enough to be subject to analysis and testing – the completeness can be assured User space User process Kernel space OS kernel TCB Reference monitor Which principle(s)?

  27. Access Control

  28. Access Control Matrix Model • Access control matrix model • Describes the protection state of a system. • Elements indicate the access rights that subjects have on objects • ACM implementation • What is the disadvantage of maintaining a matrix? • Two ways implement: • Capability based • Access control list

  29. Access Control Matrix

  30. Confidentiality Policy • Also known as information flow policy • Integrity is secondary objective • Eg. Military mission “date” • Bell-LaPadula Model • Formally models military requirements • Information/objects: Classification level • Subjects: Clearance level

  31. “No Read Up” & “No Write dowb” Rules • Information is allowed to flow up, not down • Simple security property: A subject s can read an object o if and only if • Clearance of s is higher than or equal to the classification of object o • *property: s can write o if and only if • Classification of o is equal to or higher than the clearance of s

  32. Example • Tamara can read which objects? And write? • Claire cannot read which objects? And write? • Ulaley can read which objects? And write?

  33. Categories • Total order of classifications not flexible enough • Alice cleared for missiles; Bob cleared for warheads; Both cleared for targets • Solution: Categories • Use set of compartments • Power set of compartments • Enforce “need to know” principle • Security levels (security level, category set) • (Top Secret, {Nuc, Eur, Asi}) • (Top Secret, {Nuc, Asi})

  34. Biba’s Integrity Policy Model • Based on Bell-LaPadula • Subject, Objects have • Integrity Levels • Higher levels • More reliable/trustworthy • More accurate

  35. Biba’s model • Strict Policy (dual of Bell-LaPadula) • s can reado  i(s) ≤ i(o) (no read-down) • (s can read o if and only if integrity level of s is less than or equal to the integrity level of o) • s can writeoi(o) ≤ i(s) (no write-up) • Why? • s1can executes2i(s2) ≤ i(s1) • Why?

  36. Low-water-mark • Low-Water-Mark Policy • s can writeo i(o) ≤ i(s) • Why? • sreadso  i’(s) = min(i(s), i(o)) • i’(s) is the integrity level of s after “read” op • Why? • s1can executes2  i(s2) ≤ i(s1)

  37. General uses of MAC • What are the benefits? Problems?

  38. Access control in organizations is based on “roles that individual users take on as part of the organization” Access depends on function, not identity Example: A role is “is a collection of permissions” Role Based Access Control (RBAC)

  39. RBAC Total number Of assignments Possible? Total number Of assignments Possible?

  40. RBAC (NIST Standard) Permissions PA UA Users Roles Operations Objects user_sessions (one-to-many) role_sessions (many-to-many) Sessions What model entity would relate to the traditional notion of subject? Total number of subjects possible? Role vs Group?

  41. RBAC with Role Hierarchy RH (role hierarchy) Permissions PA UA Users Roles Operations Objects user_sessions (one-to-many) role_sessions (many-to-many) Sessions

  42. pp px, py px, py px, py px, py px, py px, py e1, e2 e3, e4 e5 e6, e7 e8, e9 e10 po pa, pb pm, pn px, py p1, p2 Example authorized_users(Employee)? authorized_users(Administrator)? authorized_permissions(Employee)? authorized_permissions(Administrator)?

  43. Constrained RBAC RH (role hierarchy) Static Separation of Duty Permissions PA UA Users Roles Operations Objects user_sessions (one-to-many) Dynamic Separation of Duty Sessions

  44. Advantages of RBAC • Allows Efficient Security Management • Administrative roles, Role hierarchy • Principle of least privilege allows minimizing damage • Separation of Duty constraints to prevent fraud • Allows grouping of objects / users • Policy-neutral - Provides generality • Encompasses DAC and MAC policies

  45. RBAC’s Benefits

  46. Overview of Cryptography and network security

  47. Message Message Secure Message Secure Message Secure Information Transmission(network security model) Trusted Third Party arbiter, distributer of secret information Sender Receiver Secret Information Secret Information Security related transformation Information channel Opponent

  48. Brief History • All encryption algorithms from BC till 1976 were secret key algorithms • Also called private key algorithms or symmetric key algorithms • Julius Caesar used a substitution cipher • Widespread use in World War II (enigma) • Public key algorithms were introduced in 1976 by Whitfield Diffie and Martin Hellman

  49. Cæsar cipher • Let k = 9, m = “VELVET” (21 4 11 21 4 19) • Ek(m) = (30 13 20 30 13 28) mod 26 =“4 13 20 4 13 2” = “ENUENC” • Dk(m) = (26 + c – k) mod 26 = (21 30 37 21 30 19) mod 26 = “21 4 11 21 4 19” = “VELVET”